Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2017/05/12 2:29 p.m.•38 views

Privilege escalation

Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a speciall...

1.9CVSS5.6AI score0.84138EPSS
Exploits14References4Affected Software3
Prion
Prion
•added 2017/04/24 7:59 p.m.•38 views

Design/Logic Flaw

Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks...

4.4CVSS6.5AI score0.00415EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2017/04/12 2:59 p.m.•38 views

Denial of service

A denial of service vulnerability exists when Microsoft Hyper-V running on Windows 10, Windows 10 1511, Windows 10 1607, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denia...

5.2CVSS5.4AI score0.05673EPSS
Exploits0References2Affected Software2
Prion
Prion
•added 2017/03/17 12:59 a.m.•38 views

Remote code execution

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka...

9.3CVSS8.5AI score0.99373EPSS
Exploits92References11Affected Software1
Prion
Prion
•added 2017/01/04 8:59 p.m.•38 views

Code injection

PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::toString with DateInterval::wakeup...

7.5CVSS8AI score0.03864EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2016/11/10 9:59 p.m.•38 views

Race condition

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write COW feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."...

7.2CVSS6.9AI score0.83524EPSS
Exploits81References126Affected Software8
Prion
Prion
•added 2016/11/10 6:59 a.m.•38 views

Privilege escalation

The Common Log File System CLFS driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted...

9.3CVSS7.4AI score0.12625EPSS
Exploits0References3Affected Software3
Prion
Prion
•added 2016/11/04 10:59 a.m.•38 views

Directory traversal

Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. dot dot in the URI...

5CVSS7.1AI score0.05074EPSS
Exploits1References4Affected Software1
Prion
Prion
•added 2016/10/06 2:59 p.m.•38 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5387. Reason: This candidate is a duplicate of CVE-2016-5387. Notes: All CVE users should reference CVE-2016-5387 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

8.2AI score0.55724EPSS
Exploits0
Prion
Prion
•added 2016/08/07 10:59 a.m.•38 views

Integer overflow

Integer overflow in the phpescapehtmlentitiesex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from a FILTERSANITIZEFULLSPECIALCHARS...

7.5CVSS9.2AI score0.0464EPSS
Exploits0References6Affected Software1
Prion
Prion
•added 2016/05/16 10:59 a.m.•38 views

Design/Logic Flaw

PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls 1 a DOMDocument save method or 2 the GD imagepsloadfont function...

7.5CVSS7.1AI score0.03917EPSS
Exploits0References12Affected Software8
Prion
Prion
•added 2016/05/10 7:59 p.m.•38 views

Design/Logic Flaw

mimeheader.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue...

5CVSS6.9AI score0.38893EPSS
Exploits0References17Affected Software3
Prion
Prion
•added 2016/01/19 5:59 a.m.•38 views

Stack overflow

Stack-based buffer overflow in the pharfixfilepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling...

7.5CVSS8.4AI score0.04633EPSS
Exploits1References6Affected Software1
Prion
Prion
•added 2016/01/12 7:59 p.m.•38 views

Design/Logic Flaw

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service memory and CPU consumption via a large 1 websocket payload or 2 HTTP headers section...

7.8CVSS6.7AI score0.07393EPSS
Exploits0References17Affected Software11
Prion
Prion
•added 2015/12/15 9:59 p.m.•38 views

Code injection

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted XML data, a different vulnerability than CVE-2014-3660...

7.1CVSS6.6AI score0.04537EPSS
Exploits1References25Affected Software13
Prion
Prion
•added 2015/07/16 11:0 a.m.•38 views

Design/Logic Flaw

Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-2583, CVE-2015-2624,...

6.9CVSS5.5AI score0.00417EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2015/05/08 2:59 p.m.•38 views

Out-of-bounds

The tcprequest function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setupreply function, which allows remote attackers to read process memory and cause a denial of service out-of-bounds read and crash via a malformed DNS request...

6.4CVSS6.8AI score0.04456EPSS
Exploits1References11Affected Software2
Prion
Prion
•added 2015/03/30 10:59 a.m.•38 views

Design/Logic Flaw

Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an...

7.5CVSS8.2AI score0.42593EPSS
Exploits10References21Affected Software9
Prion
Prion
•added 2014/12/12 11:59 a.m.•38 views

Design/Logic Flaw

The HTTP clients in the 1 httplib, 2 urllib, 3 urllib2, and 4 xmlrpclib libraries in CPython aka Python 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not a check the certificate against a trust store or verify that the server hostname matches a domain name in the subject'...

5.8CVSS6.8AI score0.03269EPSS
Exploits1References13Affected Software2
Prion
Prion
•added 2014/12/01 3:59 p.m.•38 views

Server side request forgery (ssrf)

Server-side request forgery SSRF vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter...

5CVSS7.3AI score0.01888EPSS
Exploits2References2Affected Software1
Prion
Prion
•added 2014/11/10 11:55 a.m.•38 views

Design/Logic Flaw

The dwalk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of renamelock, which allows local users to cause a denial of service deadlock and system hang via a crafted application...

4.9CVSS6.3AI score0.00738EPSS
Exploits1References31Affected Software10
Prion
Prion
•added 2014/06/11 10:57 a.m.•38 views

Design/Logic Flaw

Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service heap memory...

10CVSS8.1AI score0.03747EPSS
Exploits0References36Affected Software3
Prion
Prion
•added 2014/06/05 9:55 p.m.•38 views

Design/Logic Flaw

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessio...

5.8CVSS6.8AI score0.95326EPSS
Exploits9References303Affected Software16
Prion
Prion
•added 2014/05/14 11:13 a.m.•38 views

Denial of service

Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allow remote attackers to cause a denial of service iSCSI service outage by sending many crafted packets, aka "iSCSI Target Remote Denial of Service Vulnerability."...

5CVSS7AI score0.41784EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2014/04/30 10:49 a.m.•38 views

Heap overflow

Heap-based buffer overflow in the readu32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted JPEG image...

4.3CVSS7.3AI score0.0316EPSS
Exploits0References22Affected Software16
Prion
Prion
•added 2013/12/20 9:55 p.m.•39 views

Code injection

GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not...

2.1CVSS6.5AI score0.00451EPSS
Exploits0References12Affected Software1
Prion
Prion
•added 2013/11/22 1:55 a.m.•38 views

Memory corruption

The MLDP implementation in Cisco IOS 15.33S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service chunk corruption and device reload by establishing many multicast flows, aka Bug ID CSCue22345...

5.4CVSS7.3AI score0.01127EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2013/07/16 6:55 p.m.•38 views

Code injection

Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135...

9.3CVSS7.5AI score0.70211EPSS
Exploits1References7Affected Software1
Prion
Prion
•added 2013/02/13 1:55 a.m.•38 views

Code injection

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML...

10CVSS8.1AI score0.07497EPSS
Exploits1References11Affected Software2
Prion
Prion
•added 2013/01/04 4:46 a.m.•38 views

Sql injection

The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe findbyid method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secrettoken value, as...

5CVSS7.7AI score0.04458EPSS
Exploits3References4Affected Software1
Prion
Prion
•added 2012/06/22 2:55 p.m.•38 views

Sql injection

The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query...

5CVSS7.8AI score0.04174EPSS
Exploits4References5Affected Software2
Prion
Prion
•added 2012/06/16 12:55 a.m.•38 views

Heap overflow

Heap-based buffer overflow in the LookupMarkMarkPos function in the HarfBuzz module harfbuzz-gpos.c, as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted font file...

9.3CVSS8.4AI score0.07543EPSS
Exploits0References28Affected Software8
Prion
Prion
•added 2012/05/16 12:55 a.m.•38 views

Code injection

Google Chrome before 19.0.1084.46 on Linux does not properly mitigate an unspecified flaw in an NVIDIA driver, which has unknown impact and attack vectors. NOTE: see CVE-2012-3105 for the related MFSA 2012-34 issue in Mozilla products...

10CVSS6.8AI score0.0366EPSS
Exploits0References12Affected Software1
Prion
Prion
•added 2012/04/21 11:55 p.m.•38 views

Cross site scripting

Cross-site scripting XSS vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different...

10CVSS5.8AI score0.09088EPSS
Exploits10References15Affected Software1
Prion
Prion
•added 2012/02/08 4:11 a.m.•38 views

Authentication flaw

Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in certain configurations using Forms Authentication, allows remote authenticated users to obtain WebAdmins access by leveraging Edit Mode privileges, a different vulnerability than CVE-2011-3416 and CVE-2011-3417...

6CVSS6.2AI score0.45576EPSS
Exploits3References4Affected Software1
Prion
Prion
•added 2011/11/01 10:55 p.m.•38 views

Sql injection

SQL injection vulnerability in ogpshow.php in esoftpro Online Guestbook Pro 5.1 allows remote attackers to execute arbitrary SQL commands via the search parameter...

7.5CVSS9.1AI score0.01023EPSS
Exploits1References4Affected Software1
Prion
Prion
•added 2011/08/12 6:55 p.m.•38 views

Integer overflow

Multiple integer overflows in tools/libxc/xcdombzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers 1 a buffer overflow during a decompression loop or 2 an...

6.9CVSS8.1AI score0.00705EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2011/07/08 8:55 p.m.•38 views

Code injection

Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone RPZ contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service named daemon crash via an unspecified query...

2.6CVSS7.1AI score0.0888EPSS
Exploits1References10Affected Software1
Prion
Prion
•added 2011/03/02 8:0 p.m.•38 views

Design/Logic Flaw

The glob implementation in the GNU C Library aka glibc or libc6 allows remote authenticated users to cause a denial of service CPU and memory consumption via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a differen...

4CVSS6.5AI score0.32357EPSS
Exploits11References5
Prion
Prion
•added 2011/03/02 8:0 p.m.•38 views

Design/Logic Flaw

The vsffilenamepassesfilter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service CPU consumption and process slot exhaustion via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632...

4CVSS6.5AI score0.7332EPSS
Exploits18References25Affected Software6
Prion
Prion
•added 2010/11/10 3:0 a.m.•38 views

Stack overflow

Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overfl...

9.3CVSS8.7AI score0.89497EPSS
Exploits14References10Affected Software1
Prion
Prion
•added 2010/11/09 1:0 a.m.•38 views

Null pointer dereference

The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service NULL pointer dereference and application crash via a crafted ZIP archive...

4.3CVSS6.7AI score0.13333EPSS
Exploits6References26Affected Software2
Prion
Prion
•added 2009/12/04 9:30 p.m.•39 views

Buffer overflow

The big2toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service application crash via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlo...

5CVSS6.6AI score0.3038EPSS
Exploits5References58Affected Software2
Prion
Prion
•added 2009/11/23 5:30 p.m.•38 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in PHD Help Desk 1.43 allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to area.php; the 2 pagina, 3 sentido, 4 qregistros, and 5 orden parameters to area.php; 6 the qregistros parameter to solicdisplay.php; 7 the...

4.3CVSS6AI score0.01943EPSS
Exploits1References8Affected Software1
Prion
Prion
•added 2009/07/14 8:30 p.m.•38 views

Integer overflow

Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large 1 width and 2 height values, which triggers a heap-based buffer overflow in the a cvtwholeimage...

9.3CVSS8.3AI score0.04152EPSS
Exploits1References29Affected Software1
Prion
Prion
•added 2009/07/07 11:30 p.m.•38 views

Cross site scripting

Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Refresh header or 2 specifying the content of a Refresh header...

4.3CVSS5.7AI score0.14381EPSS
Exploits1References5Affected Software1
Prion
Prion
•added 2009/05/28 2:30 p.m.•38 views

Unrestricted file upload

Unrestricted file upload vulnerability in imageupload.php in the SimpleBoard comsimpleboard component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direc...

6.8CVSS7.9AI score0.03548EPSS
Exploits2References3Affected Software1
Prion
Prion
•added 2008/09/03 2:12 p.m.•38 views

Design/Logic Flaw

Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880,...

10CVSS6.5AI score0.03912EPSS
Exploits1References18Affected Software4
Prion
Prion
•added 2008/08/20 4:41 p.m.•38 views

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in PHPizabi before 848 Core HotFix Pack 3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a blogs.search action...

4.3CVSS6.1AI score0.01068EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2008/05/16 12:54 p.m.•38 views

Integer overflow

Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service crash or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow...

9.3CVSS8.1AI score0.08126EPSS
Exploits1References24Affected Software1
Total number of security vulnerabilities5000