Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2018/03/14 2:29 a.m.•35 views

Null pointer dereference

An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file...

4.3CVSS6.3AI score0.0174EPSS
Exploits0References6Affected Software2
Prion
Prion
•added 2018/02/01 4:29 a.m.•35 views

Buffer overflow

A buffer overflow in glibc 2.5 released on September 29, 2006 and can be triggered through the LDLIBRARYPATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366...

6.9CVSS7.3AI score0.02733EPSS
Exploits15References3Affected Software1
Prion
Prion
•added 2018/01/31 8:29 p.m.•35 views

Integer overflow

Integer overflow in the macro ROUNDUP n, d in Quick Emulator Qemu allows a user to cause a denial of service Qemu process crash...

2.1CVSS7AI score0.00451EPSS
Exploits0References6Affected Software3
Prion
Prion
•added 2018/01/12 11:29 p.m.•35 views

Privilege escalation

A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel...

7.2CVSS7.2AI score0.00308EPSS
Exploits0References7
Prion
Prion
•added 2018/01/10 6:29 p.m.•35 views

Design/Logic Flaw

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...

7.5CVSS9.4AI score0.49727EPSS
Exploits7References24Affected Software5
Prion
Prion
•added 2018/01/10 1:29 a.m.•35 views

Denial of service

Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from...

5CVSS7.3AI score0.08885EPSS
Exploits0References4Affected Software3
Prion
Prion
•added 2018/01/01 8:29 a.m.•35 views

Null pointer dereference

In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tifprint.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash...

4.3CVSS6.4AI score0.02924EPSS
Exploits1References8Affected Software1
Prion
Prion
•added 2017/12/12 9:29 p.m.•35 views

Information disclosure

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due ...

2.6CVSS5AI score0.25116EPSS
Exploits4References3Affected Software1
Prion
Prion
•added 2017/12/11 9:29 p.m.•35 views

Denial of service

The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic...

6.1CVSS7AI score0.01216EPSS
Exploits0References17Affected Software10
Prion
Prion
•added 2017/11/20 3:29 p.m.•35 views

Design/Logic Flaw

In the addmatch function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code...

6.5CVSS8.5AI score0.0624EPSS
Exploits12References20Affected Software4
Prion
Prion
•added 2017/11/17 7:29 p.m.•35 views

Code injection

On BIG-IP versions 11.6.0-11.6.2 fixed in 11.6.2 HF1, 12.0.0-12.1.2 HF1 fixed in 12.1.2 HF2, or 13.0.0-13.0.0 HF2 fixed in 13.0.0 HF3 a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack against RSA, which when...

4.3CVSS7.2AI score0.21552EPSS
Exploits1References5Affected Software9
Prion
Prion
•added 2017/11/17 4:29 a.m.•35 views

Design/Logic Flaw

British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the setstatusheader common function under Apache resulting in HTTP Header Injection flaws...

5CVSS7.7AI score0.00931EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2017/10/19 10:29 p.m.•35 views

Remote code execution

An active network attacker MiTM can achieve remote code execution on a machine that runs IKARUS Anti Virus 2.16.7. IKARUS AV for Windows uses cleartext HTTP for updates along with a CRC32 checksum and an update value for verification of the downloaded files. The attacker first forces the client t...

7.6CVSS7.8AI score0.06137EPSS
Exploits4References2Affected Software1
Prion
Prion
•added 2017/10/13 1:29 p.m.•35 views

Memory corruption

ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This...

9.3CVSS7.6AI score0.69163EPSS
Exploits16References3Affected Software1
Prion
Prion
•added 2017/10/03 1:29 a.m.•35 views

Information disclosure

dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests...

4.3CVSS7.1AI score0.67549EPSS
Exploits5References20Affected Software7
Prion
Prion
•added 2017/09/13 4:29 p.m.•35 views

Open redirect

Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence...

5.8CVSS6.9AI score0.01376EPSS
Exploits0References6Affected Software2
Prion
Prion
•added 2017/09/13 1:29 a.m.•35 views

Information disclosure

The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objec...

1.9CVSS4.4AI score0.03677EPSS
Exploits2References4Affected Software4
Prion
Prion
•added 2017/09/13 1:29 a.m.•35 views

Information disclosure

The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objec...

1.9CVSS4.4AI score0.03677EPSS
Exploits2References3Affected Software3
Prion
Prion
•added 2017/08/25 6:29 p.m.•35 views

Crlf injection

CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware before 3.4.1110 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks and resulting web cache poisoning or cross-site scripting XSS attack...

4.3CVSS6AI score0.01131EPSS
Exploits0References2
Prion
Prion
•added 2017/08/24 8:29 p.m.•35 views

Code injection

Array index error in the scanstring function in the json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the rawdecode function...

4.3CVSS6.7AI score0.08125EPSS
Exploits1References9Affected Software3
Prion
Prion
•added 2017/08/23 2:29 p.m.•35 views

Cross site scripting

DOM based Cross-site scripting XSS vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript...

4.3CVSS6.1AI score0.01192EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2017/08/08 9:29 p.m.•35 views

Memory corruption

Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that...

7.6CVSS7.8AI score0.72116EPSS
Exploits38References8Affected Software1
Prion
Prion
•added 2017/08/07 5:29 p.m.•35 views

Directory traversal

Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink...

5CVSS6.8AI score0.07176EPSS
Exploits3References9Affected Software3
Prion
Prion
•added 2017/08/01 4:29 p.m.•35 views

Design/Logic Flaw

The DNS stub resolver in the GNU C Library aka glibc or libc6 before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation...

4.3CVSS7AI score0.01897EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2017/06/20 1:29 a.m.•35 views

Input validation

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows apfindtoken to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to...

5CVSS8.2AI score0.57472EPSS
Exploits1References35Affected Software10
Prion
Prion
•added 2017/06/19 4:29 p.m.•35 views

Design/Logic Flaw

The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMITSTACK/RLIMINFINITY 1/4 of the size, but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel version...

7.2CVSS7.3AI score0.00899EPSS
Exploits0References5Affected Software1
Prion
Prion
•added 2017/06/08 8:29 p.m.•35 views

Input validation

/ext/phar/pharobject.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833...

7.5CVSS8AI score0.07753EPSS
Exploits1References4Affected Software3
Prion
Prion
•added 2017/05/12 2:29 p.m.•35 views

Remote code execution

Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0281...

9.3CVSS7.8AI score0.80734EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2017/05/06 12:29 a.m.•35 views

Authentication flaw

An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 ...

7.5CVSS9.6AI score0.99998EPSS
Exploits11References4
Prion
Prion
•added 2017/04/24 7:59 p.m.•35 views

Integer overflow

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Pluggable Auth. Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to...

7.8CVSS7.3AI score0.89924EPSS
Exploits7References7Affected Software1
Prion
Prion
•added 2017/04/24 6:59 a.m.•35 views

Memory corruption

The Regular Expressions package in International Components for Unicode ICU for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of...

7.5CVSS7.6AI score0.02422EPSS
Exploits0References9Affected Software2
Prion
Prion
•added 2017/04/17 4:59 p.m.•35 views

Server side request forgery (ssrf)

A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. Thi...

5CVSS7.4AI score0.1684EPSS
Exploits0References34Affected Software1
Prion
Prion
•added 2017/04/11 6:59 p.m.•35 views

Design/Logic Flaw

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues ...

7.5CVSS6.8AI score0.13736EPSS
Exploits0References12Affected Software9
Prion
Prion
•added 2017/04/06 5:59 p.m.•35 views

Command injection

A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00AAQT.4b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the router, such ...

9CVSS8.9AI score0.37634EPSS
Exploits5References1Affected Software1
Prion
Prion
•added 2017/04/02 1:59 a.m.•35 views

Memory corruption

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Security" component. It allows remote attackers to execute arbitrary code or cause a denial of...

9.3CVSS8.4AI score0.03019EPSS
Exploits0References7Affected Software4
Prion
Prion
•added 2017/03/17 12:59 a.m.•35 views

Information disclosure

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0092, CVE-2017-0111,...

4.3CVSS4.3AI score0.42124EPSS
Exploits2References4Affected Software1
Prion
Prion
•added 2017/01/24 9:59 p.m.•35 views

Integer overflow

The exifconvertanytoint function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service application crash via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1...

5CVSS7AI score0.07763EPSS
Exploits0References11Affected Software1
Prion
Prion
•added 2017/01/18 5:59 p.m.•35 views

Out-of-bounds

MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service out-of-bounds read via a crafted file...

4.3CVSS6.7AI score0.03566EPSS
Exploits0References7Affected Software2
Prion
Prion
•added 2017/01/11 6:59 a.m.•35 views

Design/Logic Flaw

Zend/zendexceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service infinite loop via a crafted Exception object in serialized data, a related issue to CVE-2015-8876...

5CVSS9AI score0.42401EPSS
Exploits2References6Affected Software1
Prion
Prion
•added 2017/01/04 8:59 p.m.•35 views

Design/Logic Flaw

Use-after-free vulnerability in the CURLFile implementation in ext/curl/curlfile.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during wakeup processing...

7.5CVSS8AI score0.05363EPSS
Exploits1References8Affected Software1
Prion
Prion
•added 2016/12/28 7:59 a.m.•35 views

Memory corruption

The socksetsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sksndbuf and skrcvbuf, which allows local users to cause a denial of service memory corruption and system crash or possibly have unspecified other impact by leveraging the CAPNETADMIN...

7.2CVSS7.5AI score0.01566EPSS
Exploits8References12Affected Software1
Prion
Prion
•added 2016/11/01 10:59 p.m.•35 views

Design/Logic Flaw

Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016...

9.3CVSS8.3AI score0.25198EPSS
Exploits0References7Affected Software4
Prion
Prion
•added 2016/10/16 9:59 p.m.•35 views

Design/Logic Flaw

The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service stack consumption and panic or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a relat...

7.8CVSS8AI score0.07613EPSS
Exploits0References11Affected Software3
Prion
Prion
•added 2016/09/16 5:59 a.m.•35 views

Design/Logic Flaw

The tlsdecryptticket function in ssl/t1lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short...

5CVSS6.9AI score0.26441EPSS
Exploits1References26Affected Software3
Prion
Prion
•added 2016/08/07 10:59 a.m.•35 views

Double free

Double free vulnerability in the phpmbregexeregreplaceexec function in phpmbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service application crash by leveraging a callback...

7.5CVSS8.3AI score0.0963EPSS
Exploits1References14Affected Software1
Prion
Prion
•added 2016/08/05 1:59 a.m.•35 views

Design/Logic Flaw

Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service heap memory corruption and application crash by leveraging keyboard access to use the Alt...

7.5CVSS8.1AI score0.02953EPSS
Exploits0References11Affected Software3
Prion
Prion
•added 2016/08/02 2:59 p.m.•35 views

Directory traversal

1 cpan/Archive-Tar/bin/ptar, 2 cpan/Archive-Tar/bin/ptardiff, 3 cpan/Archive-Tar/bin/ptargrep, 4 cpan/CPAN/scripts/cpan, 5 cpan/Digest-SHA/shasum, 6 cpan/Encode/bin/enc2xs, 7 cpan/Encode/bin/encguess, 8 cpan/Encode/bin/piconv, 9 cpan/Encode/bin/ucmlint, 10 cpan/Encode/bin/unidump, 11...

7.2CVSS6.8AI score0.00779EPSS
Exploits0References15Affected Software5
Prion
Prion
•added 2016/07/21 10:14 a.m.•35 views

Buffer overflow

Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610...

9.3CVSS8.3AI score0.0669EPSS
Exploits0References26Affected Software3
Prion
Prion
•added 2016/07/21 10:14 a.m.•35 views

Design/Logic Flaw

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR...

4CVSS6AI score0.03703EPSS
Exploits0References19Affected Software12
Prion
Prion
•added 2016/06/03 2:59 p.m.•35 views

Design/Logic Flaw

The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 6.0.16.25, 6 R1 before SR8 FP25 6.1.8.25, 7 before SR9 FP40 7.0.9.40, 7 R1 before SR3 FP40 7.1.3.40, and 8 before SR3 8.0.3.0 uses the invoke method of the java.lang.reflect.Method class in an...

6.8CVSS8.3AI score0.04382EPSS
Exploits0References22Affected Software13
Total number of security vulnerabilities5000