Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2015/12/02 1:59 a.m.•36 views

Design/Logic Flaw

The match function in pcreexec.c in PCRE before 8.37 mishandles the /?:abcd|?:?:?:?:abc|?:abcdefbabcdefghiabc|ACCEPT/ pattern and related patterns involving ACCEPT, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service partially initialized...

6.4CVSS7AI score0.04072EPSS
Exploits1References9Affected Software1
Prion
Prion
•added 2015/10/21 11:59 p.m.•36 views

Design/Logic Flaw

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911...

5CVSS6AI score0.05288EPSS
Exploits0References35Affected Software3
Prion
Prion
•added 2015/09/03 2:59 p.m.•36 views

Design/Logic Flaw

The 1 mdare6448.sys, 2 mdare3248.sys, 3 mdare3252.sys, and 4 mdare6452.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C ioctl call...

2.1CVSS6.6AI score0.01011EPSS
Exploits2References8Affected Software1
Prion
Prion
•added 2015/05/01 10:59 a.m.•36 views

Design/Logic Flaw

Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause a denial of service or possibly have other impact via unknown vectors...

7.5CVSS7.4AI score0.01715EPSS
Exploits0References13Affected Software7
Prion
Prion
•added 2015/04/24 5:59 p.m.•36 views

Code injection

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service invalid free operation or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by...

7.5CVSS7.5AI score0.04852EPSS
Exploits0References15Affected Software6
Prion
Prion
•added 2015/01/21 6:59 p.m.•36 views

Design/Logic Flaw

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382...

4.3CVSS5.8AI score0.10066EPSS
Exploits0References18Affected Software17
Prion
Prion
•added 2015/01/21 3:28 p.m.•36 views

Design/Logic Flaw

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE...

4CVSS6.1AI score0.67234EPSS
Exploits5References27Affected Software3
Prion
Prion
•added 2015/01/15 3:59 p.m.•36 views

Crlf injection

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL...

4.3CVSS7.2AI score0.0681EPSS
Exploits0References24Affected Software3
Prion
Prion
•added 2015/01/09 2:59 a.m.•36 views

Code injection

The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message...

5CVSS6.9AI score0.06574EPSS
Exploits0References37Affected Software1
Prion
Prion
•added 2014/12/08 4:59 p.m.•36 views

Heap overflow

Heap-based buffer overflow in the Cirrus VGA emulator hw/display/cirrusvga.c in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320...

4.6CVSS7.7AI score0.00603EPSS
Exploits0References18Affected Software1
Prion
Prion
•added 2014/11/30 1:59 a.m.•36 views

Race condition

Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 allows L2 guest OS users to cause a denial of service L1 guest OS crash via a crafted instruction that triggers an L2 emulation failure report, a similar issue to CVE-2014-7842...

4.9CVSS6.5AI score0.00374EPSS
Exploits0References11Affected Software1
Prion
Prion
•added 2014/11/10 11:55 a.m.•36 views

Code injection

The sctpassoclookupasconfack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service panic via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter...

7.8CVSS6.8AI score0.08579EPSS
Exploits1References22Affected Software11
Prion
Prion
•added 2014/10/29 10:55 a.m.•36 views

Integer overflow

Integer overflow in the objectcustom function in ext/standard/varunserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via an argument to the unserialize function...

7.5CVSS8.7AI score0.28862EPSS
Exploits1References26Affected Software1
Prion
Prion
•added 2014/08/21 2:55 p.m.•36 views

Design/Logic Flaw

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

5.8CVSS6.7AI score0.09149EPSS
Exploits1References47Affected Software2
Prion
Prion
•added 2014/07/03 2:55 p.m.•36 views

Design/Logic Flaw

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service CPU consumption via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an...

5CVSS6.8AI score0.11814EPSS
Exploits2References22Affected Software3
Prion
Prion
•added 2014/06/11 4:56 a.m.•36 views

Memory corruption

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-1785, CVE-2014-275...

9.3CVSS7.7AI score0.30292EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2014/03/16 2:6 p.m.•36 views

Design/Logic Flaw

Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/rendererhost/websocketdispatcherhost.cc in the Web Sockets implementation in Google Chrome before 33.0.1750.149 might allow remote attackers to bypass the sandbox protection mechanism by leveraging...

7.5CVSS6.6AI score0.01475EPSS
Exploits0References7Affected Software1
Prion
Prion
•added 2014/01/26 4:58 p.m.•36 views

Xxe

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External...

6.8CVSS9.2AI score0.90455EPSS
Exploits2References7Affected Software1
Prion
Prion
•added 2013/08/19 11:55 p.m.•36 views

Design/Logic Flaw

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload...

1.9CVSS6.4AI score0.00533EPSS
Exploits0References16Affected Software5
Prion
Prion
•added 2013/04/17 12:19 p.m.•36 views

Design/Logic Flaw

Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types...

3.5CVSS5.6AI score0.01824EPSS
Exploits0References5Affected Software6
Prion
Prion
•added 2013/01/31 2:55 p.m.•36 views

Security feature bypass

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than...

5CVSS6AI score0.89987EPSS
Exploits8References19Affected Software2
Prion
Prion
•added 2012/11/23 8:55 p.m.•36 views

Authentication flaw

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication ...

6.8CVSS6.9AI score0.79415EPSS
Exploits31References11Affected Software4
Prion
Prion
•added 2012/10/17 12:55 a.m.•36 views

Design/Logic Flaw

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema...

9CVSS5.6AI score0.05096EPSS
Exploits0References13Affected Software21
Prion
Prion
•added 2012/09/14 10:33 a.m.•36 views

Design/Logic Flaw

ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service assertion failure and named daemon exit via a query for a long resource record...

7.8CVSS7AI score0.36798EPSS
Exploits0References26Affected Software1
Prion
Prion
•added 2012/07/22 5:55 p.m.•36 views

Integer overflow

Integer signedness error in the TIFFReadDirectory function in tifdirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion betwe...

7.5CVSS8.2AI score0.06459EPSS
Exploits0References12Affected Software1
Prion
Prion
•added 2012/06/22 2:55 p.m.•36 views

Race condition

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

6.4CVSS6.7AI score0.046EPSS
Exploits3References7Affected Software2
Prion
Prion
•added 2012/06/22 2:55 p.m.•36 views

Sql injection

The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query...

7.5CVSS7.8AI score0.04174EPSS
Exploits4References6Affected Software2
Prion
Prion
•added 2012/04/25 10:10 a.m.•36 views

Code injection

Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid 1 RSS or 2 Atom XML content...

4.3CVSS7AI score0.02246EPSS
Exploits0References15Affected Software5
Prion
Prion
•added 2012/04/18 10:33 a.m.•36 views

Directory traversal

envvars aka envvars-std in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl...

6.9CVSS6.8AI score0.00946EPSS
Exploits4References32Affected Software2
Prion
Prion
•added 2011/08/29 3:55 p.m.•36 views

Code injection

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service memory and CPU consumption via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different...

7.8CVSS6.7AI score0.98945EPSS
Exploits17References72Affected Software5
Prion
Prion
•added 2011/03/20 2:0 a.m.•36 views

Design/Logic Flaw

Unspecified vulnerability in the NumberFormatter::setSymbol aka numfmtsetsymbol function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service application crash via an invalid argument, a related issue to CVE-2010-4409...

5CVSS6.6AI score0.18878EPSS
Exploits6References8Affected Software1
Prion
Prion
•added 2010/07/28 12:48 p.m.•36 views

Design/Logic Flaw

BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation DLV, allows remote attackers to cause a denial of service infinite loop via a query for an RRSIG record whose answer is not in the cache, which causes BI...

2.6CVSS7AI score0.06524EPSS
Exploits1References9Affected Software1
Prion
Prion
•added 2010/05/20 5:30 p.m.•36 views

Format string

Format string vulnerability in the msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.3109 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request...

10CVSS7.9AI score0.20173EPSS
Exploits0References26Affected Software4
Prion
Prion
•added 2010/05/19 6:30 p.m.•36 views

Design/Logic Flaw

The Safe aka Safe.pm module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended 1...

8.5CVSS7.2AI score0.02797EPSS
Exploits2References20Affected Software1
Prion
Prion
•added 2010/04/28 10:30 p.m.•36 views

Input validation

The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET...

5CVSS6.7AI score0.79415EPSS
Exploits28References13Affected Software1
Prion
Prion
•added 2010/03/16 7:30 p.m.•36 views

Sql injection

The nfslock function in fs/nfs/file.c in the Linux kernel 2.6.9 does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service BUG and system crash by locking a file on an NFS filesystem and then changing this...

4.7CVSS5.9AI score0.00582EPSS
Exploits4References3Affected Software1
Prion
Prion
•added 2009/11/30 5:30 p.m.•36 views

Design/Logic Flaw

The vioverifycallback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificat...

6.8CVSS6.1AI score0.01766EPSS
Exploits2References12Affected Software1
Prion
Prion
•added 2009/11/30 5:30 p.m.•36 views

Design/Logic Flaw

sql/sqltable.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a 1 DATA DIRECTORY or 2...

6CVSS6AI score0.01768EPSS
Exploits3References14Affected Software1
Prion
Prion
•added 2009/11/12 11:30 p.m.•36 views

Default credentials

The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges...

7.5CVSS7.2AI score0.78995EPSS
Exploits10References26Affected Software1
Prion
Prion
•added 2009/07/30 7:30 p.m.•36 views

Code injection

Mozilla Network Security Services NSS before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to...

6.8CVSS8.9AI score0.05741EPSS
Exploits4References30Affected Software9
Prion
Prion
•added 2009/07/14 8:30 p.m.•36 views

Integer overflow

Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large 1 width and 2 height values, which triggers a heap-based buffer overflow in the a cvtwholeimage...

9.3CVSS8.3AI score0.04152EPSS
Exploits1References29Affected Software1
Prion
Prion
•added 2009/07/01 1:0 p.m.•36 views

Heap overflow

Array index error in the 1 dtoa implementation in dtoa.c aka pdtoa.c and the 2 gdtoa aka new dtoa implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x...

6.8CVSS8.5AI score0.28167EPSS
Exploits43References53Affected Software6
Prion
Prion
•added 2008/12/09 12:30 a.m.•36 views

Memory corruption

Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown...

7.2CVSS6.7AI score0.00462EPSS
Exploits1References10Affected Software5
Prion
Prion
•added 2008/02/19 12:0 a.m.•36 views

Unrestricted file upload

Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b C1 HFP1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in system/cache/pictures...

9.3CVSS8.2AI score0.05194EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2008/02/12 1:0 a.m.•36 views

Sql injection

SQL injection vulnerability in index.php in the mosDirectory comdirectory 2.3.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewcat action...

7.5CVSS9AI score0.09049EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2007/11/14 1:46 a.m.•36 views

Cross site scripting

Cross-site scripting XSS vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server WAS 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. NOTE: this might be the same issue as CVE-2006-3918, but there are...

4.3CVSS5.3AI score0.94281EPSS
Exploits7References7Affected Software1
Prion
Prion
•added 2007/07/16 11:30 p.m.•36 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-0447. Reason: This candidate is a duplicate of CVE-2007-0447. Notes: All CVE users should reference CVE-2007-0447 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

6.6AI score0.05957EPSS
Exploits1
Prion
Prion
•added 2006/09/28 6:7 p.m.•36 views

Design/Logic Flaw

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service infinite loop and memory consumption via malformed ASN.1 structures that trigger an improperly handled error condition...

7.8CVSS7.1AI score0.10629EPSS
Exploits1References136Affected Software1
Prion
Prion
•added 2006/02/25 11:2 a.m.•36 views

Sql injection

Eval injection vulnerability in sessions.inc in PHP Base Library PHPLib before 7.4a, when index.php3 from the PHPLib distribution is available on the server, allows remote attackers to execute arbitrary PHP code by including a base64-encoded representation of the code in a cookie. NOTE: this...

7.5CVSS8.2AI score0.03462EPSS
Exploits3References8Affected Software1
Prion
Prion
•added 2006/01/25 11:3 a.m.•36 views

Command injection

scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice...

4.6CVSS7.2AI score0.00474EPSS
Exploits1References64Affected Software1
Total number of security vulnerabilities5000