Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2018/07/18 1:29 p.m.•34 views

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

4CVSS4.8AI score0.03461EPSS
Exploits0References6Affected Software2
Prion
Prion
•added 2018/07/18 1:29 p.m.•34 views

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4CVSS2.7AI score0.01354EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2018/07/10 2:29 p.m.•34 views

Authentication flaw

It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions...

5.4CVSS7.9AI score0.01374EPSS
Exploits0References12Affected Software10
Prion
Prion
•added 2018/05/18 4:29 p.m.•34 views

Buffer overflow

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library aka glibc or libc6 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in mempcpyavx512novzeroupper...

4.6CVSS8.7AI score0.00858EPSS
Exploits3References9Affected Software8
Prion
Prion
•added 2018/05/09 7:29 p.m.•34 views

Privilege escalation

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1,...

6.9CVSS6.8AI score0.73721EPSS
Exploits18References2Affected Software5
Prion
Prion
•added 2018/04/23 7:29 p.m.•34 views

Design/Logic Flaw

curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable...

6.8CVSS6.7AI score0.02674EPSS
Exploits0References6Affected Software1
Prion
Prion
•added 2018/04/18 1:29 a.m.•34 views

Authorization

undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the...

4.3CVSS7.1AI score0.02049EPSS
Exploits0References9Affected Software4
Prion
Prion
•added 2018/04/03 10:29 p.m.•34 views

Directory traversal

Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. dot dot in the prefix argument...

5CVSS8.3AI score0.10552EPSS
Exploits0References17Affected Software4
Prion
Prion
•added 2018/04/03 10:29 p.m.•34 views

Design/Logic Flaw

Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick...

5CVSS6.2AI score0.0576EPSS
Exploits0References20Affected Software2
Prion
Prion
•added 2018/03/27 9:29 p.m.•34 views

Design/Logic Flaw

In the flushtmregstothread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory TM...

4.9CVSS5.8AI score0.00417EPSS
Exploits0References8Affected Software1
Prion
Prion
•added 2018/03/14 5:29 p.m.•34 views

Information disclosure

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way...

2.1CVSS4.4AI score0.02866EPSS
Exploits17References3Affected Software5
Prion
Prion
•added 2018/03/14 2:29 a.m.•34 views

Null pointer dereference

An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file...

4.3CVSS6.3AI score0.0174EPSS
Exploits0References6Affected Software2
Prion
Prion
•added 2018/03/02 3:29 p.m.•34 views

Design/Logic Flaw

A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected...

6.5CVSS7.4AI score0.14142EPSS
Exploits1References7Affected Software3
Prion
Prion
•added 2018/02/26 3:29 p.m.•34 views

Design/Logic Flaw

FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of th...

7.5CVSS9.4AI score0.37925EPSS
Exploits7References28Affected Software5
Prion
Prion
•added 2018/02/24 6:29 a.m.•34 views

Null pointer dereference

A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tifprint.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to...

4.3CVSS7.2AI score0.03069EPSS
Exploits2References10Affected Software3
Prion
Prion
•added 2018/02/06 9:29 p.m.•34 views

Design/Logic Flaw

A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the...

7.5CVSS9.5AI score0.89618EPSS
Exploits19References14Affected Software4
Prion
Prion
•added 2018/02/01 4:29 a.m.•34 views

Buffer overflow

A buffer overflow in glibc 2.5 released on September 29, 2006 and can be triggered through the LDLIBRARYPATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366...

6.9CVSS7.3AI score0.02733EPSS
Exploits15References3Affected Software1
Prion
Prion
•added 2018/01/31 8:29 p.m.•34 views

Integer overflow

Integer overflow in the macro ROUNDUP n, d in Quick Emulator Qemu allows a user to cause a denial of service Qemu process crash...

2.1CVSS7AI score0.00451EPSS
Exploits0References6Affected Software3
Prion
Prion
•added 2018/01/29 5:29 p.m.•34 views

Remote code execution

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java SignedObject object to the Jenkins CLI, that would be deserialized...

7.5CVSS9.8AI score0.99686EPSS
Exploits36References5Affected Software2
Prion
Prion
•added 2018/01/18 2:29 a.m.•34 views

Design/Logic Flaw

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JNDI. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker...

5.1CVSS7.9AI score0.0565EPSS
Exploits0References22Affected Software16
Prion
Prion
•added 2018/01/11 7:29 a.m.•34 views

Null pointer dereference

In the Linux kernel through 4.14.13, the rdscmsgatomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rdsatomicfreeop NULL pointer dereference...

4.9CVSS5.9AI score0.07679EPSS
Exploits5References15Affected Software3
Prion
Prion
•added 2018/01/10 1:29 a.m.•34 views

Denial of service

Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from...

5CVSS7.3AI score0.08885EPSS
Exploits0References4Affected Software3
Prion
Prion
•added 2018/01/01 8:29 a.m.•34 views

Null pointer dereference

In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tifprint.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash...

4.3CVSS6.4AI score0.02924EPSS
Exploits1References8Affected Software1
Prion
Prion
•added 2017/12/05 9:29 a.m.•34 views

Design/Logic Flaw

The dccpdisconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service use-after-free via an AFUNSPEC connect system call during the DCCPLISTEN state...

7.2CVSS6AI score0.01355EPSS
Exploits5References24Affected Software1
Prion
Prion
•added 2017/11/20 3:29 p.m.•34 views

Design/Logic Flaw

In the addmatch function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code...

6.5CVSS8.5AI score0.0624EPSS
Exploits12References20Affected Software4
Prion
Prion
•added 2017/11/17 7:29 p.m.•34 views

Code injection

On BIG-IP versions 11.6.0-11.6.2 fixed in 11.6.2 HF1, 12.0.0-12.1.2 HF1 fixed in 12.1.2 HF2, or 13.0.0-13.0.0 HF2 fixed in 13.0.0 HF3 a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack against RSA, which when...

4.3CVSS7.2AI score0.21552EPSS
Exploits1References5Affected Software9
Prion
Prion
•added 2017/11/09 5:29 p.m.•34 views

Input validation

Red Hat JBoss A-MQ 6.x; BPM Suite BPMS 6.x; BRMS 6.x and 5.x; Data Grid JDG 6.x; Data Virtualization JDV 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works FSW 6.x; Operations Network JBoss ON 3.x; Portal 6.x; SOA Platform SOA-P 5.x; Web Server JWS 3.x;...

10CVSS7.9AI score0.83274EPSS
Exploits8References28Affected Software15
Prion
Prion
•added 2017/10/13 1:29 p.m.•34 views

Memory corruption

ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This...

9.3CVSS7.6AI score0.69163EPSS
Exploits16References3Affected Software1
Prion
Prion
•added 2017/10/05 1:29 a.m.•34 views

Stack overflow

Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 committed on April 14, 2015. This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 backported to Linux 3.10.7...

7.2CVSS7.3AI score0.10695EPSS
Exploits5References13Affected Software3
Prion
Prion
•added 2017/09/13 4:29 p.m.•34 views

Open redirect

Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence...

5.8CVSS6.9AI score0.01376EPSS
Exploits0References6Affected Software2
Prion
Prion
•added 2017/09/13 1:29 a.m.•34 views

Information disclosure

The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objec...

1.9CVSS4.4AI score0.03677EPSS
Exploits2References3Affected Software3
Prion
Prion
•added 2017/08/24 8:29 p.m.•34 views

Code injection

Array index error in the scanstring function in the json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the rawdecode function...

4.3CVSS6.7AI score0.08125EPSS
Exploits1References9Affected Software3
Prion
Prion
•added 2017/08/07 5:29 p.m.•34 views

Directory traversal

Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink...

5CVSS6.8AI score0.07176EPSS
Exploits3References9Affected Software3
Prion
Prion
•added 2017/07/27 9:29 p.m.•34 views

Input validation

In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to modauthdigest can cause the server to crash, and each instance continues to crash even for subsequently valid requests...

5CVSS6.7AI score0.20952EPSS
Exploits0References27Affected Software1
Prion
Prion
•added 2017/06/20 1:29 a.m.•34 views

Input validation

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows apfindtoken to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to...

5CVSS8.2AI score0.57472EPSS
Exploits1References35Affected Software10
Prion
Prion
•added 2017/06/19 4:29 p.m.•34 views

Design/Logic Flaw

The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2li...

7.2CVSS7.3AI score0.02428EPSS
Exploits9References6Affected Software1
Prion
Prion
•added 2017/05/12 2:29 p.m.•34 views

Remote code execution

Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0281...

9.3CVSS7.8AI score0.80734EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2017/05/12 2:29 p.m.•34 views

Remote code execution

A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230,...

7.6CVSS7.7AI score0.38115EPSS
Exploits2References3
Prion
Prion
•added 2017/05/06 12:29 a.m.•34 views

Authentication flaw

An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 ...

7.5CVSS9.6AI score0.99998EPSS
Exploits11References4
Prion
Prion
•added 2017/05/04 8:29 p.m.•34 views

Design/Logic Flaw

There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is...

2.6CVSS7.5AI score0.14225EPSS
Exploits1References15Affected Software2
Prion
Prion
•added 2017/04/24 6:59 a.m.•34 views

Memory corruption

Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service memory consumption by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability...

4.9CVSS7AI score0.00464EPSS
Exploits0References5Affected Software1
Prion
Prion
•added 2017/04/24 6:59 a.m.•34 views

Memory corruption

The Regular Expressions package in International Components for Unicode ICU for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of...

7.5CVSS7.6AI score0.02422EPSS
Exploits0References9Affected Software2
Prion
Prion
•added 2017/04/12 2:59 p.m.•34 views

Remote code execution

Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability."...

7.2CVSS7.6AI score0.17848EPSS
Exploits2References4Affected Software1
Prion
Prion
•added 2017/03/17 12:59 a.m.•34 views

Remote code execution

Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remo...

7.4CVSS7.8AI score0.1267EPSS
Exploits0References3Affected Software3
Prion
Prion
•added 2017/03/17 12:59 a.m.•34 views

Memory corruption

Microsoft Office Compatibility Pack SP3, Excel 2007 SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."...

9.3CVSS7.7AI score0.26316EPSS
Exploits0References3Affected Software2
Prion
Prion
•added 2017/03/12 5:59 a.m.•34 views

Privilege escalation

An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the locked bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disabledmverity' command. Having dm-verity disabled, the kernel will not verify the system...

10CVSS9.4AI score0.02673EPSS
Exploits3References1Affected Software1
Prion
Prion
•added 2017/02/17 7:59 a.m.•34 views

Design/Logic Flaw

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the f...

5CVSS7.2AI score0.39633EPSS
Exploits6References17Affected Software2
Prion
Prion
•added 2017/01/18 5:59 p.m.•34 views

Out-of-bounds

MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service out-of-bounds read via a crafted file...

4.3CVSS6.7AI score0.03566EPSS
Exploits0References7Affected Software2
Prion
Prion
•added 2017/01/11 6:59 a.m.•34 views

Design/Logic Flaw

Zend/zendexceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service infinite loop via a crafted Exception object in serialized data, a related issue to CVE-2015-8876...

5CVSS9AI score0.42401EPSS
Exploits2References6Affected Software1
Prion
Prion
•added 2017/01/04 8:59 p.m.•34 views

Null pointer dereference

ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service NULL pointer dereference via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string...

5CVSS7AI score0.06845EPSS
Exploits0References10Affected Software1
Total number of security vulnerabilities5000