Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
added 2014/06/11 4:56 a.m.36 views

Memory corruption

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-1785, CVE-2014-275...

9.3CVSS7.7AI score0.30292EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2014/03/16 2:6 p.m.36 views

Design/Logic Flaw

Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/rendererhost/websocketdispatcherhost.cc in the Web Sockets implementation in Google Chrome before 33.0.1750.149 might allow remote attackers to bypass the sandbox protection mechanism by leveraging...

7.5CVSS6.6AI score0.01475EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2014/03/12 5:15 a.m.36 views

Memory corruption

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0305 and CVE-2014-0311...

9.3CVSS7.8AI score0.20501EPSS
Exploits3References1Affected Software1
Prion
Prion
added 2014/01/26 4:58 p.m.36 views

Xxe

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External...

6.8CVSS9.2AI score0.90455EPSS
Exploits2References7Affected Software1
Prion
Prion
added 2013/10/27 12:55 a.m.36 views

Default configuration

The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the 1 access.log and 2 error.log files, which allows local users to obtain sensitive information by reading the files...

7.5CVSS6.2AI score0.01906EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2013/08/19 11:55 p.m.36 views

Design/Logic Flaw

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload...

1.9CVSS6.4AI score0.00533EPSS
Exploits0References16Affected Software5
Prion
Prion
added 2012/11/23 8:55 p.m.36 views

Authentication flaw

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication ...

6.8CVSS6.9AI score0.79415EPSS
Exploits31References11Affected Software4
Prion
Prion
added 2012/10/17 12:55 a.m.36 views

Design/Logic Flaw

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema...

9CVSS5.6AI score0.05096EPSS
Exploits0References13Affected Software21
Prion
Prion
added 2012/09/14 10:33 a.m.36 views

Design/Logic Flaw

ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service assertion failure and named daemon exit via a query for a long resource record...

7.8CVSS7AI score0.36798EPSS
Exploits0References26Affected Software1
Prion
Prion
added 2012/07/22 5:55 p.m.36 views

Integer overflow

Integer signedness error in the TIFFReadDirectory function in tifdirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion betwe...

7.5CVSS8.2AI score0.06459EPSS
Exploits0References12Affected Software1
Prion
Prion
added 2012/06/22 2:55 p.m.36 views

Sql injection

The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query...

7.5CVSS7.8AI score0.04174EPSS
Exploits4References6Affected Software2
Prion
Prion
added 2012/04/25 10:10 a.m.36 views

Code injection

Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid 1 RSS or 2 Atom XML content...

4.3CVSS7AI score0.02246EPSS
Exploits0References15Affected Software5
Prion
Prion
added 2012/04/18 10:33 a.m.36 views

Directory traversal

envvars aka envvars-std in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl...

6.9CVSS6.8AI score0.00946EPSS
Exploits4References32Affected Software2
Prion
Prion
added 2011/08/29 3:55 p.m.36 views

Code injection

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service memory and CPU consumption via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different...

7.8CVSS6.7AI score0.98945EPSS
Exploits17References72Affected Software5
Prion
Prion
added 2011/03/20 2:0 a.m.36 views

Design/Logic Flaw

Unspecified vulnerability in the NumberFormatter::setSymbol aka numfmtsetsymbol function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service application crash via an invalid argument, a related issue to CVE-2010-4409...

5CVSS6.6AI score0.18878EPSS
Exploits6References8Affected Software1
Prion
Prion
added 2010/10/21 7:0 p.m.36 views

Memory corruption

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...

9.3CVSS8.7AI score0.03726EPSS
Exploits0References19Affected Software2
Prion
Prion
added 2010/07/28 12:48 p.m.36 views

Design/Logic Flaw

BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation DLV, allows remote attackers to cause a denial of service infinite loop via a query for an RRSIG record whose answer is not in the cache, which causes BI...

2.6CVSS7AI score0.06524EPSS
Exploits1References9Affected Software1
Prion
Prion
added 2010/05/20 5:30 p.m.36 views

Format string

Format string vulnerability in the msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.3109 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request...

10CVSS7.9AI score0.20173EPSS
Exploits0References26Affected Software4
Prion
Prion
added 2010/05/19 6:30 p.m.36 views

Design/Logic Flaw

The Safe aka Safe.pm module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended 1...

8.5CVSS7.2AI score0.02797EPSS
Exploits2References20Affected Software1
Prion
Prion
added 2010/04/28 10:30 p.m.36 views

Input validation

The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET...

5CVSS6.7AI score0.79415EPSS
Exploits28References13Affected Software1
Prion
Prion
added 2010/03/16 7:30 p.m.36 views

Sql injection

The nfslock function in fs/nfs/file.c in the Linux kernel 2.6.9 does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service BUG and system crash by locking a file on an NFS filesystem and then changing this...

4.7CVSS5.9AI score0.00582EPSS
Exploits4References3Affected Software1
Prion
Prion
added 2009/11/30 5:30 p.m.36 views

Design/Logic Flaw

The vioverifycallback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificat...

6.8CVSS6.1AI score0.01766EPSS
Exploits2References12Affected Software1
Prion
Prion
added 2009/11/30 5:30 p.m.36 views

Design/Logic Flaw

sql/sqltable.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a 1 DATA DIRECTORY or 2...

6CVSS6AI score0.01768EPSS
Exploits3References14Affected Software1
Prion
Prion
added 2009/11/12 11:30 p.m.36 views

Default credentials

The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges...

7.5CVSS7.2AI score0.78995EPSS
Exploits10References26Affected Software1
Prion
Prion
added 2009/07/30 7:30 p.m.36 views

Code injection

Mozilla Network Security Services NSS before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to...

6.8CVSS8.9AI score0.05741EPSS
Exploits4References30Affected Software9
Prion
Prion
added 2009/07/14 8:30 p.m.36 views

Integer overflow

Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large 1 width and 2 height values, which triggers a heap-based buffer overflow in the a cvtwholeimage...

9.3CVSS8.3AI score0.04152EPSS
Exploits1References29Affected Software1
Prion
Prion
added 2009/07/01 1:0 p.m.36 views

Heap overflow

Array index error in the 1 dtoa implementation in dtoa.c aka pdtoa.c and the 2 gdtoa aka new dtoa implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x...

6.8CVSS8.5AI score0.28167EPSS
Exploits43References53Affected Software6
Prion
Prion
added 2008/12/09 12:30 a.m.36 views

Memory corruption

Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown...

7.2CVSS6.7AI score0.00462EPSS
Exploits1References10Affected Software5
Prion
Prion
added 2008/02/19 12:0 a.m.36 views

Unrestricted file upload

Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b C1 HFP1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in system/cache/pictures...

9.3CVSS8.2AI score0.05194EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2008/02/12 1:0 a.m.36 views

Sql injection

SQL injection vulnerability in index.php in the mosDirectory comdirectory 2.3.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewcat action...

7.5CVSS9AI score0.09049EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2007/11/14 1:46 a.m.36 views

Cross site scripting

Cross-site scripting XSS vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server WAS 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. NOTE: this might be the same issue as CVE-2006-3918, but there are...

4.3CVSS5.3AI score0.94281EPSS
Exploits7References7Affected Software1
Prion
Prion
added 2007/07/16 11:30 p.m.36 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-0447. Reason: This candidate is a duplicate of CVE-2007-0447. Notes: All CVE users should reference CVE-2007-0447 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

6.6AI score0.05957EPSS
Exploits1
Prion
Prion
added 2006/09/28 6:7 p.m.36 views

Design/Logic Flaw

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service infinite loop and memory consumption via malformed ASN.1 structures that trigger an improperly handled error condition...

7.8CVSS7.1AI score0.10629EPSS
Exploits1References136Affected Software1
Prion
Prion
added 2006/02/25 11:2 a.m.36 views

Sql injection

Eval injection vulnerability in sessions.inc in PHP Base Library PHPLib before 7.4a, when index.php3 from the PHPLib distribution is available on the server, allows remote attackers to execute arbitrary PHP code by including a base64-encoded representation of the code in a cookie. NOTE: this...

7.5CVSS8.2AI score0.03462EPSS
Exploits3References8Affected Software1
Prion
Prion
added 2006/01/25 11:3 a.m.36 views

Command injection

scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice...

4.6CVSS7.2AI score0.00474EPSS
Exploits1References64Affected Software1
Prion
Prion
added 2024/03/15 12:17 a.m.35 views

Authorization

A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization...

7.2AI score0.00745EPSS
Exploits1References2
Prion
Prion
added 2024/03/14 10:54 p.m.35 views

CVE-2024-28746

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

7.2AI score0.01332EPSS
Exploits0
Prion
Prion
added 2024/03/14 10:54 p.m.35 views

CVE-2024-28418

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

7.3AI score0.0044EPSS
Exploits1
Prion
Prion
added 2024/03/14 10:53 p.m.36 views

Design/Logic Flaw

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.8.0 and prior to version 1.40.4, Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An aut...

7.1AI score0.00594EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2024/03/14 10:53 p.m.35 views

Design/Logic Flaw

Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints GetRepositoryByName, DeleteRepositoryByName, and GetArtifactByName to access any repository in the database, irrespective of who owns the repo and any permissions present. The databas...

6.8AI score0.00666EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2024/03/14 10:52 p.m.35 views

Design/Logic Flaw

An issue in zuoxingdong lagom v.0.1.2 allows a local attacker to execute arbitrary code via the pickleload function of the serialize.py file...

8AI score0.00306EPSS
Exploits0References1
Prion
Prion
added 2024/03/14 10:46 p.m.35 views

CVE-2024-1222

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

7.5CVSS7.5AI score0.63984EPSS
Exploits0
Prion
Prion
added 2024/03/12 5:15 p.m.35 views

Spoofing

Azure SDK Spoofing Vulnerability...

5CVSS7.1AI score0.01838EPSS
Exploits0References1
Prion
Prion
added 2024/03/12 9:15 a.m.35 views

Command injection

An unauthenticated remote attacker can perform a command injection in the OCPP Service with limited privileges due to improper input validation...

7.5CVSS7.4AI score0.0147EPSS
Exploits0References1
Prion
Prion
added 2024/03/11 6:15 p.m.35 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: arm64/sme: Always exit smealloc early with existing storage When smealloc is called with existing storage and we are not flushing we will always allocate new storage, both leaking the existing storage and corrupting the state. Fi...

7.2AI score0.00239EPSS
Exploits0References3
Prion
Prion
added 2024/03/11 6:15 p.m.35 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix a memory corruption iwlfwinitriggertlv::data is a pointer to a le32, which means that if we copy to iwlfwinitriggertlv::data + offset while offset is in bytes, we'll write past the buffer...

7.2AI score0.00307EPSS
Exploits0References6
Prion
Prion
added 2024/03/11 6:15 p.m.35 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: drm: Don't unref the same fb many times by mistake due to deadlock handling If we get a deadlock after the fb lookup in drmmodepageflipioctl we proceed to unref the fb and then retry the whole thing from the top. But we forget to...

7AI score0.0022EPSS
Exploits0References8
Prion
Prion
added 2024/03/09 7:15 a.m.35 views

Code injection

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the epsendattendeesemail function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with...

4CVSS6.8AI score0.00321EPSS
Exploits0References2
Prion
Prion
added 2024/03/09 1:15 a.m.35 views

Code injection

jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens JWT, JSON Web Signature JWS, JSON Web Encryption JWE, JSON Web Key JWK, JSON Web Key Set JWKS, and more. A vulnerability has been identified in the JSON Web Encryption JWE decryption interfaces...

3.3CVSS5.1AI score0.02085EPSS
Exploits0References3
Prion
Prion
added 2024/03/06 7:15 a.m.35 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbAdjTree Currently there is a bound check missing in the dbAdjTree while accessing the dmtstree. To add the required check added the bool isctl which is required to determine the size as...

7AI score0.00249EPSS
Exploits0References8
Total number of security vulnerabilities5000