Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2016/07/21 10:14 a.m.•35 views

Buffer overflow

Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610...

9.3CVSS8.3AI score0.0669EPSS
Exploits0References26Affected Software3
Prion
Prion
•added 2016/07/21 10:14 a.m.•35 views

Design/Logic Flaw

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR...

4CVSS6AI score0.03703EPSS
Exploits0References19Affected Software12
Prion
Prion
•added 2016/06/03 2:59 p.m.•35 views

Design/Logic Flaw

The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 6.0.16.25, 6 R1 before SR8 FP25 6.1.8.25, 7 before SR9 FP40 7.0.9.40, 7 R1 before SR3 FP40 7.1.3.40, and 8 before SR3 8.0.3.0 uses the invoke method of the java.lang.reflect.Method class in an...

6.8CVSS8.3AI score0.04382EPSS
Exploits0References22Affected Software13
Prion
Prion
•added 2016/05/22 1:59 a.m.•35 views

Directory traversal

Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/phpzip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/extzip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive...

4.3CVSS7AI score0.04542EPSS
Exploits1References14Affected Software2
Prion
Prion
•added 2016/05/16 10:59 a.m.•35 views

Type confusion

PHP before 5.6.7 might allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in 1 ext/soap/phpencoding.c, 2 ext/soap/phphttp.c, and 3 ext/soap/soap.c, a different issue than...

10CVSS9.8AI score0.10724EPSS
Exploits5References8Affected Software7
Prion
Prion
•added 2016/05/16 10:59 a.m.•35 views

Null pointer dereference

The xslextfunctionphp function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking,...

5CVSS7.3AI score0.07276EPSS
Exploits0References6Affected Software2
Prion
Prion
•added 2016/05/16 10:59 a.m.•35 views

Design/Logic Flaw

Use-after-free vulnerability in the splptrheapinsert function in ext/spl/splheap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation...

7.5CVSS8.1AI score0.05466EPSS
Exploits1References5Affected Software2
Prion
Prion
•added 2016/05/16 10:59 a.m.•35 views

Sql injection

ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152...

4.3CVSS6.8AI score0.07083EPSS
Exploits1References9Affected Software1
Prion
Prion
•added 2016/05/11 9:59 p.m.•35 views

Design/Logic Flaw

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue...

7.2CVSS7.5AI score0.00916EPSS
Exploits0References22Affected Software15
Prion
Prion
•added 2016/03/13 6:59 p.m.•35 views

Code injection

The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy CSP violation report, which allows remote attackers to cause a denial of service data...

6.8CVSS7.5AI score0.02339EPSS
Exploits0References23Affected Software7
Prion
Prion
•added 2016/03/03 8:59 p.m.•35 views

Out-of-bounds

The doaproutch function in crypto/bio/bprint.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service out-of-bounds write or memory consumption or possibly have unspecified other...

10CVSS9.7AI score0.53655EPSS
Exploits1References27Affected Software1
Prion
Prion
•added 2016/03/03 8:59 p.m.•35 views

Double free

Double free vulnerability in the dsaprivdecode function in crypto/dsa/dsaameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via a malformed DSA private key...

10CVSS9.7AI score0.26335EPSS
Exploits1References57Affected Software5
Prion
Prion
•added 2016/02/25 1:59 a.m.•35 views

Directory traversal

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web...

4CVSS6.5AI score0.12555EPSS
Exploits0References47Affected Software3
Prion
Prion
•added 2016/02/01 11:59 p.m.•35 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-0728. Reason: This candidate is a duplicate of CVE-2016-0728. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2016-0728 instead of this candidate. All references and descriptions in this...

7AI score0.03646EPSS
Exploits14
Prion
Prion
•added 2015/12/02 1:59 a.m.•35 views

Design/Logic Flaw

The match function in pcreexec.c in PCRE before 8.37 mishandles the /?:abcd|?:?:?:?:abc|?:abcdefbabcdefghiabc|ACCEPT/ pattern and related patterns involving ACCEPT, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service partially initialized...

6.4CVSS7AI score0.04072EPSS
Exploits1References9Affected Software1
Prion
Prion
•added 2015/12/02 1:59 a.m.•35 views

Buffer overflow

PCRE before 8.38 mishandles the /?J?'d'?'d'\gd/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScri...

7.5CVSS7.6AI score0.03558EPSS
Exploits0References6Affected Software1
Prion
Prion
•added 2015/10/19 10:59 a.m.•35 views

Race condition

Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipcaddid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c...

6.9CVSS6.1AI score0.00412EPSS
Exploits1References26Affected Software1
Prion
Prion
•added 2015/08/26 7:59 p.m.•35 views

Information disclosure

The slirpsmb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service instantiation failure by creating /tmp/qemu-smb.- files before the program...

1.9CVSS6.3AI score0.00372EPSS
Exploits0References14Affected Software1
Prion
Prion
•added 2015/08/20 10:59 a.m.•35 views

Code injection

EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar issue to CVE-2014-35...

5CVSS6.8AI score0.06574EPSS
Exploits2References2Affected Software2
Prion
Prion
•added 2015/07/26 10:59 p.m.•35 views

Cross site request forgery (csrf)

request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelistedips protection mechanism via a crafted request...

4.3CVSS6.9AI score0.44984EPSS
Exploits6References5Affected Software1
Prion
Prion
•added 2015/06/10 1:59 a.m.•35 views

Memory corruption

Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Uninitialized Memory Use Vulnerability."...

9.3CVSS8AI score0.35105EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2015/06/09 6:59 p.m.•35 views

Code injection

The phphandler function in sapi/apache2handler/sapiapache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via pipelined HTTP...

6.8CVSS8.4AI score0.14077EPSS
Exploits1References21Affected Software11
Prion
Prion
•added 2015/05/14 10:59 a.m.•35 views

Memory corruption

Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via a document containing crafted text in...

6.8CVSS8AI score0.03985EPSS
Exploits0References17Affected Software7
Prion
Prion
•added 2015/05/01 10:59 a.m.•35 views

Design/Logic Flaw

Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause a denial of service or possibly have other impact via unknown vectors...

7.5CVSS7.4AI score0.01715EPSS
Exploits0References13Affected Software7
Prion
Prion
•added 2015/04/14 8:59 p.m.•35 views

Memory corruption

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute...

9.3CVSS8AI score0.97327EPSS
Exploits1References3Affected Software4
Prion
Prion
•added 2015/03/30 10:59 a.m.•35 views

Heap overflow

Heap-based buffer overflow in the enchantbrokerrequestdict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries...

7.5CVSS8.6AI score0.19332EPSS
Exploits1References23Affected Software1
Prion
Prion
•added 2015/03/30 10:59 a.m.•35 views

Integer overflow

Integer overflow in the zipcdirnew function in zipdirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service application crash or possibly execute...

7.5CVSS8.9AI score0.27869EPSS
Exploits1References21Affected Software5
Prion
Prion
•added 2015/03/30 10:59 a.m.•35 views

Design/Logic Flaw

Use-after-free vulnerability in the zendsharedmemdup function in zendsharedalloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

7.5CVSS7.8AI score0.08707EPSS
Exploits1References13Affected Software5
Prion
Prion
•added 2015/02/25 11:59 a.m.•35 views

Design/Logic Flaw

Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in 1 the current working...

6.9CVSS7.1AI score0.00328EPSS
Exploits0References10Affected Software5
Prion
Prion
•added 2015/01/21 6:59 p.m.•35 views

Design/Logic Flaw

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382...

4.3CVSS5.8AI score0.10066EPSS
Exploits0References18Affected Software17
Prion
Prion
•added 2014/12/10 3:59 p.m.•35 views

Out-of-bounds

The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System aka X11 or X X11R6.0 and X.Org Server aka xserver and xorg-server before 1.16.3 allows remote authenticated users to cause a denial of service out-of-bounds read or write or possibly execute arbitrary code via a...

6.5CVSS7.9AI score0.04618EPSS
Exploits0References11Affected Software3
Prion
Prion
•added 2014/12/08 4:59 p.m.•35 views

Heap overflow

Heap-based buffer overflow in the Cirrus VGA emulator hw/display/cirrusvga.c in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320...

4.6CVSS7.7AI score0.00603EPSS
Exploits0References18Affected Software1
Prion
Prion
•added 2014/11/30 1:59 a.m.•35 views

Race condition

Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 allows L2 guest OS users to cause a denial of service L1 guest OS crash via a crafted instruction that triggers an L2 emulation failure report, a similar issue to CVE-2014-7842...

4.9CVSS6.5AI score0.00374EPSS
Exploits0References11Affected Software1
Prion
Prion
•added 2014/11/18 3:59 p.m.•35 views

Code injection

The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted 1 description field or 2 issuelink attribute in an XML file, which is not properly handled when executing the pregreplace function with the e modifier...

7.5CVSS7.6AI score0.50561EPSS
Exploits8References8Affected Software1
Prion
Prion
•added 2014/09/22 10:55 a.m.•35 views

Information disclosure

The Harley-Davidson Visa aka com.usbank.icsmobile.harleydavidson application 1.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS6.4AI score0.00271EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2014/09/01 1:55 a.m.•35 views

Memory corruption

The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to 1 cause a denial of service host OS memory corruption or possibly have unspecified other impact by...

4.3CVSS7.7AI score0.01168EPSS
Exploits1References13Affected Software6
Prion
Prion
•added 2014/07/17 5:10 a.m.•35 views

Design/Logic Flaw

Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4208...

5CVSS5.9AI score0.03192EPSS
Exploits0References23Affected Software2
Prion
Prion
•added 2014/07/03 2:55 p.m.•35 views

Memory corruption

Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site that triggers improper processing of CElement objects, aka "Internet Explorer Memory Corruption Vulnerability," a...

9.3CVSS7.7AI score0.20344EPSS
Exploits3References3Affected Software1
Prion
Prion
•added 2014/06/11 4:56 a.m.•35 views

Memory corruption

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-1785, CVE-2014-275...

9.3CVSS7.7AI score0.30292EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2014/05/19 2:55 p.m.•35 views

Code injection

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service CPU consumptio...

4.3CVSS6.6AI score0.0506EPSS
Exploits3References6Affected Software2
Prion
Prion
•added 2014/05/11 9:55 p.m.•35 views

Design/Logic Flaw

The rawcmdcopyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to...

2.1CVSS6.2AI score0.00524EPSS
Exploits0References18Affected Software8
Prion
Prion
•added 2014/04/17 2:55 p.m.•35 views

Xxe

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML Extern...

6.8CVSS7.1AI score0.91354EPSS
Exploits2References5Affected Software1
Prion
Prion
•added 2014/03/24 4:43 p.m.•35 views

Input validation

The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors...

5CVSS6.9AI score0.04432EPSS
Exploits0References12Affected Software1
Prion
Prion
•added 2014/03/24 4:40 p.m.•35 views

Design/Logic Flaw

net/netfilter/nfconntrackprotodccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service system crash or possibly execute arbitrary code via a DCCP packet that triggers a call to the 1 dccpnew, 2 dccppacket, or 3...

10CVSS8.3AI score0.10385EPSS
Exploits1References11Affected Software2
Prion
Prion
•added 2014/03/18 5:18 a.m.•35 views

Directory traversal

Directory traversal vulnerability in the R-Company Unzipper application 1.0.1 and earlier for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename...

5.8CVSS7.2AI score0.01496EPSS
Exploits1References5Affected Software1
Prion
Prion
•added 2014/03/16 2:6 p.m.•35 views

Design/Logic Flaw

Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/rendererhost/websocketdispatcherhost.cc in the Web Sockets implementation in Google Chrome before 33.0.1750.149 might allow remote attackers to bypass the sandbox protection mechanism by leveraging...

7.5CVSS6.6AI score0.01475EPSS
Exploits0References7Affected Software1
Prion
Prion
•added 2014/02/06 5:44 a.m.•35 views

Authentication flaw

Mozilla Network Security Services NSS before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote...

4.3CVSS7AI score0.04664EPSS
Exploits1References32Affected Software14
Prion
Prion
•added 2013/12/11 3:55 p.m.•35 views

Memory corruption

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...

10CVSS8.6AI score0.06511EPSS
Exploits1References20Affected Software9
Prion
Prion
•added 2013/12/07 12:55 a.m.•35 views

Cross site scripting

Cross-site scripting XSS vulnerability in the numbertocurrency helper in actionpack/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter...

4.3CVSS6AI score0.03171EPSS
Exploits0References15Affected Software2
Prion
Prion
•added 2013/11/23 7:55 p.m.•35 views

Heap overflow

Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a string that is converted to...

6.8CVSS8.4AI score0.34968EPSS
Exploits3References22Affected Software1
Total number of security vulnerabilities5000