Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2015/10/19 10:59 a.m.•35 views

Race condition

Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipcaddid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c...

6.9CVSS6.1AI score0.00412EPSS
Exploits1References26Affected Software1
Prion
Prion
•added 2015/08/26 7:59 p.m.•35 views

Information disclosure

The slirpsmb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service instantiation failure by creating /tmp/qemu-smb.- files before the program...

1.9CVSS6.3AI score0.00372EPSS
Exploits0References14Affected Software1
Prion
Prion
•added 2015/08/20 10:59 a.m.•35 views

Code injection

EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar issue to CVE-2014-35...

5CVSS6.8AI score0.06574EPSS
Exploits2References2Affected Software2
Prion
Prion
•added 2015/07/26 10:59 p.m.•35 views

Cross site request forgery (csrf)

request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelistedips protection mechanism via a crafted request...

4.3CVSS6.9AI score0.44984EPSS
Exploits6References5Affected Software1
Prion
Prion
•added 2015/06/10 1:59 a.m.•35 views

Memory corruption

Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Uninitialized Memory Use Vulnerability."...

9.3CVSS8AI score0.35105EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2015/06/09 6:59 p.m.•35 views

Code injection

The phphandler function in sapi/apache2handler/sapiapache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via pipelined HTTP...

6.8CVSS8.4AI score0.14077EPSS
Exploits1References21Affected Software11
Prion
Prion
•added 2015/05/14 10:59 a.m.•35 views

Memory corruption

Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via a document containing crafted text in...

6.8CVSS8AI score0.03985EPSS
Exploits0References17Affected Software7
Prion
Prion
•added 2015/04/14 8:59 p.m.•35 views

Memory corruption

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute...

9.3CVSS8AI score0.97327EPSS
Exploits1References3Affected Software4
Prion
Prion
•added 2015/03/30 10:59 a.m.•35 views

Heap overflow

Heap-based buffer overflow in the enchantbrokerrequestdict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries...

7.5CVSS8.6AI score0.19332EPSS
Exploits1References23Affected Software1
Prion
Prion
•added 2015/03/30 10:59 a.m.•35 views

Integer overflow

Integer overflow in the zipcdirnew function in zipdirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service application crash or possibly execute...

7.5CVSS8.9AI score0.27869EPSS
Exploits1References21Affected Software5
Prion
Prion
•added 2015/03/30 10:59 a.m.•35 views

Design/Logic Flaw

Use-after-free vulnerability in the zendsharedmemdup function in zendsharedalloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

7.5CVSS7.8AI score0.08707EPSS
Exploits1References13Affected Software5
Prion
Prion
•added 2015/02/25 11:59 a.m.•35 views

Design/Logic Flaw

Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in 1 the current working...

6.9CVSS7.1AI score0.00328EPSS
Exploits0References10Affected Software5
Prion
Prion
•added 2014/12/10 3:59 p.m.•35 views

Out-of-bounds

The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System aka X11 or X X11R6.0 and X.Org Server aka xserver and xorg-server before 1.16.3 allows remote authenticated users to cause a denial of service out-of-bounds read or write or possibly execute arbitrary code via a...

6.5CVSS7.9AI score0.04618EPSS
Exploits0References11Affected Software3
Prion
Prion
•added 2014/11/18 3:59 p.m.•35 views

Code injection

The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted 1 description field or 2 issuelink attribute in an XML file, which is not properly handled when executing the pregreplace function with the e modifier...

7.5CVSS7.6AI score0.50561EPSS
Exploits8References8Affected Software1
Prion
Prion
•added 2014/09/22 10:55 a.m.•35 views

Information disclosure

The Harley-Davidson Visa aka com.usbank.icsmobile.harleydavidson application 1.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS6.4AI score0.00271EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2014/09/01 1:55 a.m.•35 views

Memory corruption

The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to 1 cause a denial of service host OS memory corruption or possibly have unspecified other impact by...

4.3CVSS7.7AI score0.01168EPSS
Exploits1References13Affected Software6
Prion
Prion
•added 2014/07/17 5:10 a.m.•35 views

Design/Logic Flaw

Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4208...

5CVSS5.9AI score0.03192EPSS
Exploits0References23Affected Software2
Prion
Prion
•added 2014/07/03 2:55 p.m.•35 views

Memory corruption

Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site that triggers improper processing of CElement objects, aka "Internet Explorer Memory Corruption Vulnerability," a...

9.3CVSS7.7AI score0.20344EPSS
Exploits3References3Affected Software1
Prion
Prion
•added 2014/05/19 2:55 p.m.•35 views

Code injection

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service CPU consumptio...

4.3CVSS6.6AI score0.0506EPSS
Exploits3References6Affected Software2
Prion
Prion
•added 2014/05/11 9:55 p.m.•35 views

Design/Logic Flaw

The rawcmdcopyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to...

2.1CVSS6.2AI score0.00524EPSS
Exploits0References18Affected Software8
Prion
Prion
•added 2014/04/17 2:55 p.m.•35 views

Xxe

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML Extern...

6.8CVSS7.1AI score0.91354EPSS
Exploits2References5Affected Software1
Prion
Prion
•added 2014/03/24 4:43 p.m.•35 views

Input validation

The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors...

5CVSS6.9AI score0.04432EPSS
Exploits0References12Affected Software1
Prion
Prion
•added 2014/03/24 4:40 p.m.•35 views

Design/Logic Flaw

net/netfilter/nfconntrackprotodccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service system crash or possibly execute arbitrary code via a DCCP packet that triggers a call to the 1 dccpnew, 2 dccppacket, or 3...

10CVSS8.3AI score0.10385EPSS
Exploits1References11Affected Software2
Prion
Prion
•added 2014/03/18 5:18 a.m.•35 views

Directory traversal

Directory traversal vulnerability in the R-Company Unzipper application 1.0.1 and earlier for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename...

5.8CVSS7.2AI score0.01496EPSS
Exploits1References5Affected Software1
Prion
Prion
•added 2014/02/06 5:44 a.m.•35 views

Authentication flaw

Mozilla Network Security Services NSS before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote...

4.3CVSS7AI score0.04664EPSS
Exploits1References32Affected Software14
Prion
Prion
•added 2013/12/11 3:55 p.m.•35 views

Memory corruption

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...

10CVSS8.6AI score0.06511EPSS
Exploits1References20Affected Software9
Prion
Prion
•added 2013/12/07 12:55 a.m.•35 views

Cross site scripting

Cross-site scripting XSS vulnerability in the numbertocurrency helper in actionpack/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter...

4.3CVSS6AI score0.03171EPSS
Exploits0References15Affected Software2
Prion
Prion
•added 2013/11/23 7:55 p.m.•35 views

Heap overflow

Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a string that is converted to...

6.8CVSS8.4AI score0.34968EPSS
Exploits3References22Affected Software1
Prion
Prion
•added 2013/08/19 11:55 p.m.•36 views

Code injection

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

6.4CVSS6.9AI score0.06322EPSS
Exploits0References21Affected Software6
Prion
Prion
•added 2013/07/08 8:55 p.m.•35 views

Server side request forgery (ssrf)

The HTTP API in WordPress before 3.5.2 allows remote attackers to send HTTP requests to intranet servers via unspecified vectors, related to a Server-Side Request Forgery SSRF issue, a similar vulnerability to CVE-2013-0235...

4.3CVSS7.3AI score0.28857EPSS
Exploits3References4Affected Software1
Prion
Prion
•added 2013/04/17 12:19 p.m.•35 views

Design/Logic Flaw

Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types...

3.5CVSS5.6AI score0.01824EPSS
Exploits0References5Affected Software6
Prion
Prion
•added 2013/02/24 8:55 p.m.•35 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in jforum.page in JForum 2.1.9 allow remote attackers to inject arbitrary web script or HTML via the 1 action, 2 matchtype, 3 sortby, or 4 start parameters...

4.3CVSS6AI score0.02519EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2013/02/13 1:55 a.m.•35 views

Sql injection

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

7.5CVSS7.8AI score0.13911EPSS
Exploits0References23Affected Software1
Prion
Prion
•added 2013/02/02 12:55 a.m.•35 views

Design/Logic Flaw

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vecto...

10CVSS5.8AI score0.08087EPSS
Exploits0References27Affected Software2
Prion
Prion
•added 2013/01/31 2:55 p.m.•35 views

Security feature bypass

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than...

5CVSS6AI score0.89987EPSS
Exploits8References19Affected Software2
Prion
Prion
•added 2013/01/19 9:55 p.m.•35 views

Input validation

The opensslencrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of input data...

5CVSS6.6AI score0.0254EPSS
Exploits1References5Affected Software1
Prion
Prion
•added 2013/01/17 12:55 a.m.•35 views

Authentication flaw

administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as...

10CVSS8.6AI score0.93691EPSS
Exploits11References3Affected Software1
Prion
Prion
•added 2012/11/14 12:30 p.m.•35 views

Design/Logic Flaw

Untrusted search path vulnerability in VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows allows host OS users to gain host OS privileges via a Trojan horse DLL in a "system folder."...

7.9CVSS7.1AI score0.00606EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2012/10/10 5:55 p.m.•35 views

Cross site scripting

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting XSS attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and...

4.3CVSS5.9AI score0.02388EPSS
Exploits0References16Affected Software13
Prion
Prion
•added 2012/10/09 11:55 p.m.•35 views

Privilege escalation

MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified 1 DATA DIRECTORY or 2 INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point...

2.1CVSS6.5AI score0.00429EPSS
Exploits3References4Affected Software1
Prion
Prion
•added 2012/06/22 2:55 p.m.•35 views

Race condition

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

6.4CVSS6.7AI score0.046EPSS
Exploits3References7Affected Software2
Prion
Prion
•added 2012/05/14 10:55 p.m.•35 views

Sql injection

SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature...

7.5CVSS8.8AI score0.02056EPSS
Exploits0References6Affected Software1
Prion
Prion
•added 2012/01/10 11:55 a.m.•35 views

Directory traversal

Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on the HP LaserJet P3015 printer with firmware before 07.080.3, LaserJet 4650 printer with firmware 07.006.0, and LaserJet 2430 printer with firmware 08.113.0I35128 allows remote attackers to read arbitrary files via unspecified...

7.8CVSS7AI score0.03698EPSS
Exploits0References7Affected Software1
Prion
Prion
•added 2011/12/30 1:55 a.m.•35 views

Authentication flaw

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."...

8.5CVSS6.5AI score0.45576EPSS
Exploits2References3Affected Software4
Prion
Prion
•added 2011/11/30 4:5 a.m.•35 views

Design/Logic Flaw

The modproxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to...

4.3CVSS6.9AI score0.90734EPSS
Exploits13References4Affected Software1
Prion
Prion
•added 2011/11/30 4:5 a.m.•35 views

Design/Logic Flaw

The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which...

4.3CVSS6.8AI score0.90734EPSS
Exploits14References33Affected Software1
Prion
Prion
•added 2011/10/02 8:55 p.m.•35 views

Integer overflow

Integer signedness error in the decoderesidualinter function in cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service incorrect write operation and application crash via an invalid bitstream in a Chinese AVS video aka CAVS file,...

5CVSS6.7AI score0.03409EPSS
Exploits0References6Affected Software1
Prion
Prion
•added 2011/08/29 6:55 p.m.•35 views

Code injection

The tos method in actionpack/lib/actiondispatch/middleware/remoteip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address...

4.3CVSS7.1AI score0.06661EPSS
Exploits1References9Affected Software1
Prion
Prion
•added 2011/08/25 6:55 p.m.•35 views

Buffer overflow

Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483...

10CVSS7AI score0.05719EPSS
Exploits0References9Affected Software1
Prion
Prion
•added 2011/08/25 2:22 p.m.•35 views

Default credentials

cryptblowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash...

5CVSS6.8AI score0.04972EPSS
Exploits0References22Affected Software3
Total number of security vulnerabilities5000