Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2015/08/29 7:59 p.m.•34 views

Design/Logic Flaw

Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets CSS toke...

10CVSS8AI score0.08007EPSS
Exploits0References13Affected Software2
Prion
Prion
•added 2015/08/20 10:59 a.m.•34 views

Code injection

EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based...

5CVSS6.9AI score0.1653EPSS
Exploits1References4Affected Software3
Prion
Prion
•added 2015/08/20 10:59 a.m.•34 views

Code injection

EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar issue to CVE-2014-35...

5CVSS6.8AI score0.06574EPSS
Exploits2References2Affected Software2
Prion
Prion
•added 2015/08/11 2:59 p.m.•34 views

Heap overflow

Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service crash via vectors involving a command character in an href...

6.8CVSS7.5AI score0.04655EPSS
Exploits1References14Affected Software6
Prion
Prion
•added 2015/07/18 10:59 a.m.•34 views

Code injection

The TLS implementation in the Cavium cryptographic-module firmware, as distributed with Cisco Adaptive Security Appliance ASA Software 9.15.21 and other products, does not verify the MAC field, which allows man-in-the-middle attackers to spoof TLS content by modifying packets, aka Bug ID CSCuu529...

4.3CVSS6.9AI score0.00982EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2015/07/16 11:0 a.m.•34 views

Buffer overflow

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect integrity via unknown vectors...

2.6CVSS6.3AI score0.01792EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2015/06/10 1:59 a.m.•34 views

Memory corruption

Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Uninitialized Memory Use Vulnerability."...

9.3CVSS8AI score0.35105EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2015/05/21 12:59 a.m.•34 views

Code injection

The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHEEXPORT and then...

4.3CVSS6.8AI score0.9986EPSS
Exploits7References217Affected Software21
Prion
Prion
•added 2015/04/14 8:59 p.m.•34 views

Memory corruption

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute...

9.3CVSS8AI score0.97327EPSS
Exploits1References3Affected Software4
Prion
Prion
•added 2015/04/13 2:59 p.m.•34 views

Cross site scripting

Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error...

4.3CVSS6.1AI score0.02111EPSS
Exploits1References6Affected Software1
Prion
Prion
•added 2015/03/30 10:59 a.m.•34 views

Heap overflow

Heap-based buffer overflow in the enchantbrokerrequestdict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries...

7.5CVSS8.6AI score0.19332EPSS
Exploits1References23Affected Software1
Prion
Prion
•added 2015/03/30 10:59 a.m.•34 views

Design/Logic Flaw

Use-after-free vulnerability in the zendsharedmemdup function in zendsharedalloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

7.5CVSS7.8AI score0.08707EPSS
Exploits1References13Affected Software5
Prion
Prion
•added 2015/02/25 11:59 a.m.•34 views

Design/Logic Flaw

Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in 1 the current working...

6.9CVSS7.1AI score0.00328EPSS
Exploits0References10Affected Software5
Prion
Prion
•added 2014/12/25 9:59 p.m.•34 views

Path traversal

Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadata value...

7.5CVSS7.8AI score0.0372EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2014/12/10 3:59 p.m.•34 views

Out-of-bounds

The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System aka X11 or X X11R6.0 and X.Org Server aka xserver and xorg-server before 1.16.3 allows remote authenticated users to cause a denial of service out-of-bounds read or write or possibly execute arbitrary code via a...

6.5CVSS7.9AI score0.04618EPSS
Exploits0References11Affected Software3
Prion
Prion
•added 2014/11/18 3:59 p.m.•34 views

Code injection

The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted 1 description field or 2 issuelink attribute in an XML file, which is not properly handled when executing the pregreplace function with the e modifier...

7.5CVSS7.6AI score0.50561EPSS
Exploits8References8Affected Software1
Prion
Prion
•added 2014/09/22 10:55 a.m.•34 views

Information disclosure

The Harley-Davidson Visa aka com.usbank.icsmobile.harleydavidson application 1.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS6.4AI score0.00271EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2014/09/10 10:55 a.m.•34 views

Design/Logic Flaw

IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or...

4.9CVSS6.4AI score0.00927EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2014/08/26 2:55 p.m.•34 views

Crlf injection

The administrative interface contrib.admin in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a tofield...

3.5CVSS6AI score0.01984EPSS
Exploits1References7Affected Software2
Prion
Prion
•added 2014/05/29 2:19 p.m.•34 views

Sql injection

SQL injection vulnerability in Sharetronix before 3.4 allows remote authenticated users to execute arbitrary SQL commands via the inviteusers parameter to the /invite page for a group...

6.5CVSS8.1AI score0.01947EPSS
Exploits6References3Affected Software1
Prion
Prion
•added 2014/05/18 11:12 a.m.•34 views

Code injection

Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations...

4.4CVSS6.4AI score0.00389EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2014/03/31 2:58 p.m.•34 views

Buffer overflow

Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063...

6.5CVSS6.8AI score0.06666EPSS
Exploits2References17Affected Software1
Prion
Prion
•added 2014/03/25 1:25 p.m.•34 views

Design/Logic Flaw

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack...

1.9CVSS6.4AI score0.00942EPSS
Exploits1References64Affected Software1
Prion
Prion
•added 2014/03/19 1:15 a.m.•34 views

Design/Logic Flaw

The Java-based software in Cisco Hosted Collaboration Solution HCS allows remote attackers to cause a denial of service closing of TCP ports via unspecified vectors, aka Bug IDs CSCug77633, CSCug77667, CSCug78266, CSCug82795, and CSCuh58643...

5CVSS7.2AI score0.02963EPSS
Exploits1References3
Prion
Prion
•added 2014/02/06 5:44 a.m.•34 views

Authentication flaw

Mozilla Network Security Services NSS before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote...

4.3CVSS7AI score0.04664EPSS
Exploits1References32Affected Software14
Prion
Prion
•added 2014/01/05 8:55 p.m.•34 views

Sql injection

Google Chrome before 21.0.1180.82 on iOS on iPad devices allows remote attackers to spoof the Omnibox URL via vectors involving SSL error messages, a related issue to CVE-2012-0674...

5CVSS6.3AI score0.01595EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2013/12/11 3:55 p.m.•34 views

Memory corruption

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...

10CVSS8.6AI score0.06511EPSS
Exploits1References20Affected Software9
Prion
Prion
•added 2013/12/07 12:55 a.m.•34 views

Cross site scripting

Cross-site scripting XSS vulnerability in the numbertocurrency helper in actionpack/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter...

4.3CVSS6AI score0.03171EPSS
Exploits0References15Affected Software2
Prion
Prion
•added 2013/11/23 7:55 p.m.•34 views

Heap overflow

Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a string that is converted to...

6.8CVSS8.4AI score0.34968EPSS
Exploits3References22Affected Software1
Prion
Prion
•added 2013/07/10 7:55 p.m.•34 views

Code injection

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966...

9.3CVSS7.5AI score0.72778EPSS
Exploits11References4Affected Software1
Prion
Prion
•added 2013/02/26 4:55 p.m.•34 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the balancerhandler function in the manager interface in modproxybalancer.c in the modproxybalancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML vi...

4.3CVSS5.8AI score0.22913EPSS
Exploits2References36Affected Software1
Prion
Prion
•added 2013/02/14 10:55 p.m.•34 views

Design/Logic Flaw

The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests...

4.7CVSS6.8AI score0.00411EPSS
Exploits0References13Affected Software1
Prion
Prion
•added 2013/02/08 7:55 p.m.•34 views

Design/Logic Flaw

The TLS implementation in Mozilla Network Security Services NSS does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attac...

4.3CVSS6.8AI score0.35584EPSS
Exploits1References19Affected Software15
Prion
Prion
•added 2013/02/08 7:55 p.m.•34 views

Code injection

crypto/evp/eaescbchmacsha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service application crash via crafted CBC data...

5CVSS6.8AI score0.39593EPSS
Exploits2References12Affected Software1
Prion
Prion
•added 2013/02/08 7:55 p.m.•34 views

Code injection

Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169...

4.3CVSS6.7AI score0.35584EPSS
Exploits1References4Affected Software1
Prion
Prion
•added 2013/02/08 7:55 p.m.•34 views

Design/Logic Flaw

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

2.6CVSS7.4AI score0.35584EPSS
Exploits1References55Affected Software3
Prion
Prion
•added 2013/01/19 9:55 p.m.•34 views

Input validation

The opensslencrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of input data...

5CVSS6.6AI score0.0254EPSS
Exploits1References5Affected Software1
Prion
Prion
•added 2012/12/03 12:49 p.m.•34 views

Command injection

Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service mysqld crash via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements...

4CVSS6.5AI score0.13175EPSS
Exploits2References11Affected Software7
Prion
Prion
•added 2012/10/09 11:55 p.m.•34 views

Privilege escalation

MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified 1 DATA DIRECTORY or 2 INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point...

2.1CVSS6.5AI score0.00429EPSS
Exploits3References4Affected Software1
Prion
Prion
•added 2012/08/21 10:46 a.m.•34 views

Design/Logic Flaw

IBM Global Security Kit aka GSKit, as used in IBM HTTP Server in IBM WebSphere Application Server WAS 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1, allows remote attackers to cause a denial of service daemon crash via a crafted ClientHello message i...

5CVSS6.6AI score0.02371EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2012/06/18 7:55 p.m.•34 views

Design/Logic Flaw

Use-after-free vulnerability in the nsHTMLSelectElement function in nsHTMLSelectElement.cpp in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allows remote attackers to execute arbitrary code via vectors involving removal of the parent node of an element...

7.5CVSS8AI score0.01846EPSS
Exploits0References2Affected Software3
Prion
Prion
•added 2012/01/19 4:1 a.m.•34 views

Design/Logic Flaw

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service CPU consumption via a request that contains many parameters and parameter values, a different vulnerability...

5CVSS6.7AI score0.80318EPSS
Exploits6References32Affected Software1
Prion
Prion
•added 2012/01/18 10:55 p.m.•34 views

Design/Logic Flaw

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102...

4CVSS5.5AI score0.03006EPSS
Exploits0References11Affected Software1
Prion
Prion
•added 2011/11/30 4:5 a.m.•34 views

Design/Logic Flaw

The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which...

4.3CVSS6.8AI score0.90734EPSS
Exploits14References33Affected Software1
Prion
Prion
•added 2011/11/30 4:5 a.m.•34 views

Design/Logic Flaw

The modproxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to...

4.3CVSS6.9AI score0.90734EPSS
Exploits13References4Affected Software1
Prion
Prion
•added 2011/08/25 2:22 p.m.•34 views

Default credentials

cryptblowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash...

5CVSS6.8AI score0.04972EPSS
Exploits0References22Affected Software3
Prion
Prion
•added 2011/07/21 11:55 p.m.•34 views

Memory corruption

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1...

9.3CVSS8.2AI score0.03923EPSS
Exploits2References6Affected Software1
Prion
Prion
•added 2011/06/14 6:55 p.m.•34 views

Design/Logic Flaw

Multiple unspecified vulnerabilities in the Java Runtime Environment JRE component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.231 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...

10CVSS8.3AI score0.06277EPSS
Exploits0References34Affected Software2
Prion
Prion
•added 2011/02/17 7:0 p.m.•34 views

Code injection

Unspecified vulnerability in the Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.229 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors...

2.6CVSS7.9AI score0.02407EPSS
Exploits0References21Affected Software3
Prion
Prion
•added 2011/02/14 9:0 p.m.•34 views

Cross site request forgery (csrf)

Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged 1 AJAX or 2 API requests that...

6.8CVSS6.8AI score0.01589EPSS
Exploits1References12Affected Software1
Total number of security vulnerabilities5000