Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2018/10/10 1:29 p.m.•38 views

Remote code execution

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1,...

7.7CVSS8.4AI score0.04126EPSS
Exploits0References3Affected Software5
Prion
Prion
•added 2018/10/04 1:29 p.m.•38 views

Design/Logic Flaw

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory e.g. redirecting to '/foo/' when the user requested '/foo' a specially crafted URL could be used to cause the redirect to be generated to any URI of the...

4.3CVSS4.6AI score0.94494EPSS
Exploits3References39Affected Software14
Prion
Prion
•added 2018/09/13 8:29 p.m.•38 views

Design/Logic Flaw

admin/index.php in Monstra CMS 3.0.4 allows XSS via the pagemetatitle parameter in an editpage&name=error404 action, a different vulnerability than CVE-2018-10121...

3.5CVSS4.8AI score0.00696EPSS
Exploits2References1Affected Software1
Prion
Prion
•added 2018/09/11 2:29 p.m.•38 views

Server side request forgery (ssrf)

A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilegeCPL level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate...

4.6CVSS7.4AI score0.0047EPSS
Exploits0References15Affected Software3
Prion
Prion
•added 2018/08/09 7:29 p.m.•38 views

Remote code execution

In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...

6.8CVSS8.2AI score0.76814EPSS
Exploits11References2Affected Software1
Prion
Prion
•added 2018/07/18 3:29 p.m.•38 views

Design/Logic Flaw

Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4extdroprefs function when operating on a crafted ext4 filesystem image...

6.8CVSS6.3AI score0.02252EPSS
Exploits0References12Affected Software4
Prion
Prion
•added 2018/06/14 12:29 p.m.•38 views

Security feature bypass

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...

4.6CVSS5.2AI score0.02048EPSS
Exploits0References3Affected Software2
Prion
Prion
•added 2018/06/11 9:29 p.m.•38 views

Heap overflow

A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash. This vulnerability affects Firefox 58...

5CVSS8.1AI score0.20024EPSS
Exploits0References5Affected Software2
Prion
Prion
•added 2018/05/31 8:29 p.m.•38 views

Code injection

Since "algorithm" isn't enforced in jwt.decodein jwt-simple 0.3.0 and earlier, a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key...

4CVSS6.9AI score0.04898EPSS
Exploits2References4Affected Software1
Prion
Prion
•added 2018/05/09 7:29 p.m.•38 views

Privilege escalation

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124,...

7.2CVSS6.8AI score0.73721EPSS
Exploits18References4Affected Software2
Prion
Prion
•added 2018/05/02 6:29 p.m.•38 views

Design/Logic Flaw

The dogetmempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service use-after-free or possibly have unspecified other impact via crafted system calls...

7.2CVSS7.5AI score0.00434EPSS
Exploits0References18Affected Software9
Prion
Prion
•added 2018/04/29 9:29 p.m.•38 views

Information disclosure

An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpmunix.c makes a PRSETDUMPABLE prctl call, allowing one user in a multiuser environment to obtain sensitive...

1.9CVSS6AI score0.00831EPSS
Exploits0References13Affected Software3
Prion
Prion
•added 2018/03/14 5:29 p.m.•38 views

Privilege escalation

The Desktop Bridge Virtual File System VFS in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how file paths are managed, aka "Windows Desktop Bridge VFS Elevation of Privilege Vulnerability"...

7.2CVSS7.6AI score0.0348EPSS
Exploits2References4Affected Software2
Prion
Prion
•added 2018/03/06 8:29 p.m.•38 views

Null pointer dereference

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service NULL pointer dereference or bypass a DN container check by supplying tagged data that is internal to the database module...

6.5CVSS4.8AI score0.026EPSS
Exploits0References10Affected Software6
Prion
Prion
•added 2018/03/01 7:29 p.m.•38 views

Stack overflow

In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the phpstreamurlwraphttpex function in ext/standard/httpfopenwrapper.c. This subsequently results in copying a large string...

7.5CVSS9.4AI score0.87883EPSS
Exploits3References14Affected Software3
Prion
Prion
•added 2018/01/23 4:29 p.m.•38 views

Design/Logic Flaw

A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist...

5CVSS7.4AI score0.02697EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2018/01/22 4:29 a.m.•38 views

Remote code execution

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist...

6.8CVSS9.5AI score0.49727EPSS
Exploits7References12Affected Software7
Prion
Prion
•added 2018/01/03 8:29 p.m.•38 views

Remote code execution

Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution...

7.5CVSS9.6AI score0.94104EPSS
Exploits6References4Affected Software1
Prion
Prion
•added 2017/12/27 5:8 p.m.•38 views

Memory corruption

The checkaluop function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging incorrect sign extension...

7.2CVSS7.5AI score0.30052EPSS
Exploits16References14Affected Software3
Prion
Prion
•added 2017/11/29 6:29 p.m.•38 views

Out-of-bounds

The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service out-of-bounds read and application crash or possibly have unspecified other impact via a string that ends with an '' character...

7.5CVSS9.5AI score0.11175EPSS
Exploits0References8Affected Software3
Prion
Prion
•added 2017/11/27 10:29 a.m.•38 views

Design/Logic Flaw

Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117...

9.3CVSS8.6AI score0.77823EPSS
Exploits12References7Affected Software3
Prion
Prion
•added 2017/11/15 3:29 a.m.•38 views

Memory corruption

Microsoft Excel 2016 Click-to-Run C2R allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11882...

9.3CVSS7.9AI score0.99945EPSS
Exploits33References3Affected Software1
Prion
Prion
•added 2017/06/20 1:29 a.m.•38 views

Authentication flaw

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed...

7.5CVSS9.4AI score0.20231EPSS
Exploits0References38Affected Software11
Prion
Prion
•added 2017/04/24 7:59 p.m.•38 views

Design/Logic Flaw

Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks...

4.4CVSS6.5AI score0.00415EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2017/04/12 2:59 p.m.•38 views

Denial of service

A denial of service vulnerability exists when Microsoft Hyper-V running on Windows 10, Windows 10 1511, Windows 10 1607, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denia...

5.2CVSS5.4AI score0.05673EPSS
Exploits0References2Affected Software2
Prion
Prion
•added 2017/03/17 12:59 a.m.•38 views

Remote code execution

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka...

9.3CVSS8.5AI score0.99373EPSS
Exploits92References11Affected Software1
Prion
Prion
•added 2017/01/04 8:59 p.m.•38 views

Code injection

PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::toString with DateInterval::wakeup...

7.5CVSS8AI score0.03864EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2016/12/30 6:59 p.m.•38 views

Code injection

The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNELDS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service use-after-free by leveraging access to a...

6.9CVSS7.4AI score0.00437EPSS
Exploits0References9Affected Software1
Prion
Prion
•added 2016/11/10 6:59 a.m.•38 views

Privilege escalation

The Common Log File System CLFS driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted...

9.3CVSS7.4AI score0.12625EPSS
Exploits0References3Affected Software3
Prion
Prion
•added 2016/11/04 10:59 a.m.•38 views

Directory traversal

Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. dot dot in the URI...

5CVSS7.1AI score0.05074EPSS
Exploits1References4Affected Software1
Prion
Prion
•added 2016/10/06 2:59 p.m.•38 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5387. Reason: This candidate is a duplicate of CVE-2016-5387. Notes: All CVE users should reference CVE-2016-5387 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

8.2AI score0.55724EPSS
Exploits0
Prion
Prion
•added 2016/08/07 10:59 a.m.•38 views

Integer overflow

Integer overflow in the phpescapehtmlentitiesex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from a FILTERSANITIZEFULLSPECIALCHARS...

7.5CVSS9.2AI score0.0464EPSS
Exploits0References6Affected Software1
Prion
Prion
•added 2016/05/16 10:59 a.m.•38 views

Design/Logic Flaw

PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls 1 a DOMDocument save method or 2 the GD imagepsloadfont function...

7.5CVSS7.1AI score0.03917EPSS
Exploits0References12Affected Software8
Prion
Prion
•added 2016/05/16 10:59 a.m.•38 views

Stack overflow

Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted TAR archive...

10CVSS8.3AI score0.10997EPSS
Exploits1References10Affected Software1
Prion
Prion
•added 2016/05/10 7:59 p.m.•38 views

Design/Logic Flaw

mimeheader.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue...

5CVSS6.9AI score0.38893EPSS
Exploits0References17Affected Software3
Prion
Prion
•added 2016/01/19 5:59 a.m.•38 views

Stack overflow

Stack-based buffer overflow in the pharfixfilepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling...

7.5CVSS8.4AI score0.04633EPSS
Exploits1References6Affected Software1
Prion
Prion
•added 2016/01/12 7:59 p.m.•38 views

Design/Logic Flaw

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service memory and CPU consumption via a large 1 websocket payload or 2 HTTP headers section...

7.8CVSS6.7AI score0.07393EPSS
Exploits0References17Affected Software11
Prion
Prion
•added 2015/12/15 9:59 p.m.•38 views

Code injection

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted XML data, a different vulnerability than CVE-2014-3660...

7.1CVSS6.6AI score0.04537EPSS
Exploits1References25Affected Software13
Prion
Prion
•added 2015/12/02 1:59 a.m.•38 views

Code injection

The pcrecompile function in pcrecompile.c in PCRE before 8.38 mishandles certain : nesting, which allows remote attackers to cause a denial of service CPU consumption or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object...

9CVSS7.8AI score0.06404EPSS
Exploits0References13Affected Software10
Prion
Prion
•added 2015/09/24 4:59 a.m.•38 views

Code injection

updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service...

6.6CVSS6.8AI score0.00294EPSS
Exploits0References7Affected Software2
Prion
Prion
•added 2015/05/08 2:59 p.m.•38 views

Out-of-bounds

The tcprequest function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setupreply function, which allows remote attackers to read process memory and cause a denial of service out-of-bounds read and crash via a malformed DNS request...

6.4CVSS6.8AI score0.04456EPSS
Exploits1References11Affected Software2
Prion
Prion
•added 2015/03/30 10:59 a.m.•38 views

Design/Logic Flaw

Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an...

7.5CVSS8.2AI score0.42593EPSS
Exploits10References21Affected Software9
Prion
Prion
•added 2015/03/30 10:59 a.m.•38 views

Design/Logic Flaw

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service uninitialized memor...

7.5CVSS7.7AI score0.04681EPSS
Exploits0References15Affected Software3
Prion
Prion
•added 2014/12/12 11:59 a.m.•38 views

Design/Logic Flaw

The HTTP clients in the 1 httplib, 2 urllib, 3 urllib2, and 4 xmlrpclib libraries in CPython aka Python 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not a check the certificate against a trust store or verify that the server hostname matches a domain name in the subject'...

5.8CVSS6.8AI score0.03269EPSS
Exploits1References13Affected Software2
Prion
Prion
•added 2014/12/01 3:59 p.m.•38 views

Server side request forgery (ssrf)

Server-side request forgery SSRF vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter...

5CVSS7.3AI score0.01888EPSS
Exploits2References2Affected Software1
Prion
Prion
•added 2014/11/11 10:55 p.m.•38 views

Remote code execution

OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as...

9.3CVSS8.5AI score0.94996EPSS
Exploits39References16Affected Software5
Prion
Prion
•added 2014/11/10 11:55 a.m.•38 views

Code injection

The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service system crash via a malformed ASCONF chunk, related to net/sctp/smmakechunk.c and net/sctp/smstatefuns.c...

7.8CVSS6.8AI score0.07461EPSS
Exploits1References20Affected Software10
Prion
Prion
•added 2014/07/20 11:12 a.m.•38 views

Race condition

Race condition in the modstatus module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service heap-based buffer overflow, or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard...

6.8CVSS8.2AI score0.85744EPSS
Exploits4References53Affected Software5
Prion
Prion
•added 2014/06/05 9:55 p.m.•38 views

Design/Logic Flaw

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessio...

5.8CVSS6.8AI score0.95326EPSS
Exploits9References303Affected Software16
Prion
Prion
•added 2014/05/14 11:13 a.m.•38 views

Denial of service

Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allow remote attackers to cause a denial of service iSCSI service outage by sending many crafted packets, aka "iSCSI Target Remote Denial of Service Vulnerability."...

5CVSS7AI score0.41784EPSS
Exploits0References1Affected Software2
Total number of security vulnerabilities5000