Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2018/06/17 2:29 p.m.•32 views

Buffer overflow

Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h aka...

4.6CVSS9.2AI score0.02678EPSS
Exploits5References8Affected Software1
Prion
Prion
•added 2018/06/13 11:29 a.m.•32 views

Integer overflow

Exiv2 0.26 has integer overflows in LoaderTiff::getData in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp...

6.8CVSS8.4AI score0.02891EPSS
Exploits1References8Affected Software3
Prion
Prion
•added 2018/06/11 9:29 p.m.•32 views

Code injection

Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird 45.7, Firefox ESR 45....

5CVSS7.8AI score0.03399EPSS
Exploits1References13Affected Software10
Prion
Prion
•added 2018/06/07 2:29 a.m.•32 views

Code injection

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property tha...

4CVSS7.6AI score0.02413EPSS
Exploits2References3Affected Software2
Prion
Prion
•added 2018/06/04 1:29 p.m.•32 views

Design/Logic Flaw

In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of...

5CVSS6.7AI score0.01782EPSS
Exploits0References7Affected Software2
Prion
Prion
•added 2018/05/30 4:29 a.m.•32 views

Out-of-bounds

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory...

5CVSS7.3AI score0.04309EPSS
Exploits0References7Affected Software2
Prion
Prion
•added 2018/05/09 7:29 p.m.•32 views

Privilege escalation

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1,...

6.9CVSS6.8AI score0.73721EPSS
Exploits18References3Affected Software5
Prion
Prion
•added 2018/05/04 3:29 a.m.•32 views

Command injection

An issue was discovered on Dasan GPON home routers. Command Injection can occur via the desthost parameter in a diagaction=ping request to a GponForm/diagForm URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to...

7.5CVSS9.9AI score0.9995EPSS
Exploits7References3
Prion
Prion
•added 2018/04/20 5:29 p.m.•32 views

Path traversal

A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl framename and update parameters...

5CVSS5.3AI score0.09545EPSS
Exploits2References1Affected Software1
Prion
Prion
•added 2018/04/19 8:29 p.m.•32 views

Race condition

A vulnerability in the Secure Sockets Layer SSL packet reassembly functionality of the detection engine in Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the detection engine to consume excessive system memory on an affected device, which could cause a...

7.8CVSS8.3AI score0.02483EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2018/04/18 2:29 p.m.•32 views

Null pointer dereference

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, and SD 835, in a GNSS...

10CVSS9.5AI score0.01456EPSS
Exploits0References2
Prion
Prion
•added 2018/03/26 3:29 p.m.•32 views

Authentication flaw

In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed...

6.8CVSS9.2AI score0.15885EPSS
Exploits0References29Affected Software10
Prion
Prion
•added 2018/02/19 7:29 p.m.•32 views

Code injection

An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions e.g., passthru, exec, shellexec, or system with a non-blocking STDIN stream, causing this...

6.8CVSS7AI score0.04255EPSS
Exploits1References8Affected Software1
Prion
Prion
•added 2018/01/29 5:29 a.m.•32 views

Null pointer dereference

drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact because the port-exists value can change after it is validated...

7.2CVSS7.7AI score0.0042EPSS
Exploits0References6Affected Software2
Prion
Prion
•added 2018/01/26 2:29 a.m.•32 views

Design/Logic Flaw

Jenkins Swarm Plugin Client 3.4 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks...

4.3CVSS5.4AI score0.05844EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2018/01/18 2:29 a.m.•32 views

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

6.8CVSS6.3AI score0.03952EPSS
Exploits0References15Affected Software12
Prion
Prion
•added 2018/01/10 1:29 a.m.•32 views

Remote code execution

Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797...

9.3CVSS8.4AI score0.93289EPSS
Exploits7References7Affected Software3
Prion
Prion
•added 2017/12/18 1:29 a.m.•32 views

Design/Logic Flaw

elf/dl-load.c in the GNU C Library aka glibc or libc6 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged setuid or ATSECURE program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillinrpath...

9.3CVSS7.8AI score0.02698EPSS
Exploits0References6Affected Software4
Prion
Prion
•added 2017/11/22 6:29 p.m.•32 views

Privilege escalation

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE...

4CVSS6.9AI score0.06324EPSS
Exploits0References7Affected Software2
Prion
Prion
•added 2017/11/02 5:29 p.m.•32 views

Design/Logic Flaw

There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely...

4CVSS6.1AI score0.10133EPSS
Exploits0References27Affected Software1
Prion
Prion
•added 2017/10/19 5:29 p.m.•32 views

Design/Logic Flaw

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructur...

1.5CVSS4.2AI score0.00702EPSS
Exploits0References14Affected Software12
Prion
Prion
•added 2017/10/14 11:29 p.m.•32 views

Null pointer dereference

The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of addkey for a key that already exists but is uninstantiated, which allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via a crafted system call...

4.9CVSS6.3AI score0.00531EPSS
Exploits0References8Affected Software1
Prion
Prion
•added 2017/10/13 1:29 p.m.•32 views

Security feature bypass

Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."...

6.8CVSS7.8AI score0.59893EPSS
Exploits2References4Affected Software1
Prion
Prion
•added 2017/10/13 1:29 p.m.•32 views

Cross site scripting

Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting XSS vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka...

3.5CVSS5.2AI score0.02267EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2017/09/21 1:29 p.m.•32 views

Information disclosure

An out of bounds read in the function d2ulawarray in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values...

5.8CVSS7.6AI score0.02229EPSS
Exploits0References5Affected Software2
Prion
Prion
•added 2017/09/20 5:29 p.m.•32 views

Code injection

In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this...

5CVSS6.9AI score0.99461EPSS
Exploits23References7Affected Software1
Prion
Prion
•added 2017/09/19 7:29 p.m.•32 views

Code injection

CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available...

5CVSS7.1AI score0.37222EPSS
Exploits6References4Affected Software1
Prion
Prion
•added 2017/09/15 7:29 p.m.•32 views

Information disclosure

Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap...

6.4CVSS9.2AI score0.09718EPSS
Exploits1References13Affected Software1
Prion
Prion
•added 2017/09/14 7:29 p.m.•32 views

Remote code execution

A remote code execution vulnerability in the Android system bluetooth. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105...

8.3CVSS8.5AI score0.2285EPSS
Exploits13References4Affected Software1
Prion
Prion
•added 2017/08/31 8:29 p.m.•32 views

Command injection

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a query command...

5CVSS8AI score0.08491EPSS
Exploits1References12Affected Software8
Prion
Prion
•added 2017/08/18 6:29 p.m.•32 views

Buffer overflow

In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of a buffer length was missing in a PlayReady DRM routine...

10CVSS7.3AI score0.00836EPSS
Exploits0References2
Prion
Prion
•added 2017/08/08 9:29 p.m.•32 views

Privilege escalation

Windows Subsystem for Linux in Windows 10 1703 allows an elevation of privilege vulnerability when it fails to properly handle handles NT pipes, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability"...

7.2CVSS7.8AI score0.01303EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2017/07/21 2:29 p.m.•32 views

Command injection

The logconfigcommand function in ntpparser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service ntpd crash via crafted logconfig commands...

5CVSS6.8AI score0.05536EPSS
Exploits0References20Affected Software13
Prion
Prion
•added 2017/07/17 1:18 p.m.•32 views

Memory corruption

Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address disclosure...

4.3CVSS7.3AI score0.03748EPSS
Exploits0References5Affected Software2
Prion
Prion
•added 2017/07/13 4:29 p.m.•32 views

Design/Logic Flaw

In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in Proxy-Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by modauthdigest. Providing an initial key with no '=' assignment could reflect the stale...

6.4CVSS6.8AI score0.5677EPSS
Exploits0References46Affected Software13
Prion
Prion
•added 2017/07/11 9:29 p.m.•32 views

Memory corruption

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory...

7.6CVSS7.7AI score0.66911EPSS
Exploits7References3
Prion
Prion
•added 2017/07/10 2:29 p.m.•32 views

Design/Logic Flaw

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in...

5CVSS8.4AI score0.06164EPSS
Exploits0References12Affected Software1
Prion
Prion
•added 2017/07/10 2:29 p.m.•32 views

Information disclosure

In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the pharparsepharfile function in ext/phar/phar.c...

6.4CVSS9AI score0.0471EPSS
Exploits1References9Affected Software1
Prion
Prion
•added 2017/06/19 4:29 p.m.•32 views

Heap overflow

The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected...

7.2CVSS7.3AI score0.01828EPSS
Exploits5References17Affected Software1
Prion
Prion
•added 2017/06/19 4:29 p.m.•32 views

Design/Logic Flaw

glibc contains a vulnerability that allows specially crafted LDLIBRARYPATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap...

7.2CVSS7.6AI score0.02733EPSS
Exploits14References20Affected Software20
Prion
Prion
•added 2017/06/16 9:29 p.m.•32 views

Design/Logic Flaw

Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes...

5CVSS7.5AI score0.01383EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2017/06/15 1:29 a.m.•32 views

Remote code execution

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for...

9.3CVSS8.8AI score0.39019EPSS
Exploits2References6Affected Software8
Prion
Prion
•added 2017/05/12 2:29 p.m.•32 views

Remote code execution

The Microsoft Server Message Block 1.0 SMBv1 server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it...

6.8CVSS7.2AI score0.17121EPSS
Exploits0References4Affected Software3
Prion
Prion
•added 2017/05/12 2:29 p.m.•32 views

Information disclosure

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive information via a specially crafted...

1.9CVSS4.1AI score0.09659EPSS
Exploits3References4Affected Software4
Prion
Prion
•added 2017/05/12 2:29 p.m.•32 views

Remote code execution

Microsoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0254 and CVE-2017-0265...

9.3CVSS7.6AI score0.19817EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2017/05/12 2:29 p.m.•32 views

Remote code execution

A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript scripting engines handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234,...

7.6CVSS7.6AI score0.38115EPSS
Exploits2References2Affected Software1
Prion
Prion
•added 2017/05/04 7:29 p.m.•32 views

Design/Logic Flaw

In OpenSSL 1.1.0 before 1.1.0c, TLS connections using -CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS...

5CVSS6.7AI score0.32389EPSS
Exploits3References5Affected Software1
Prion
Prion
•added 2017/03/23 5:59 p.m.•32 views

Directory traversal

Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors...

5CVSS7AI score0.06534EPSS
Exploits0References6Affected Software2
Prion
Prion
•added 2017/03/23 4:59 p.m.•32 views

Out-of-bounds

The ip6greerr function in net/ipv6/ip6gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access...

7.5CVSS9AI score0.04953EPSS
Exploits0References7Affected Software3
Prion
Prion
•added 2017/03/17 12:59 a.m.•32 views

Information disclosure

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092,...

4.3CVSS4.3AI score0.42124EPSS
Exploits2References4Affected Software1
Total number of security vulnerabilities5000