Lucene search
+L
VeracodeMost viewed

38468 matches found

Veracode
Veracode
•added 2021/07/27 6:48 a.m.•66 views

Regular Expression Denial Of Service (ReDoS)

glob-parent is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to an incorrect regex implementation on the enclosure variable. This vulnerability is caused by an incomplete fix of CVE-2020-28469...

7.5CVSS8.5AI score0.04579EPSS
Exploits2References4Affected Software8
Veracode
Veracode
•added 2020/08/20 2:25 a.m.•66 views

Denial Of Service (DoS)

mysql is vulnerable to denial of service DoS. The vulnerability exists in InnoDB allows an attacker cause a hang or frequently repeatable crash in the application...

4.4CVSS2.6AI score0.02985EPSS
Exploits0References14Affected Software5
Veracode
Veracode
•added 2019/07/23 4:48 a.m.•66 views

Remote Code Execution (RCE)

DNN.Platform is vulnerable to remote code execution RCE. This is due to the application storing profile information for users in the DNNPersonalization cookie as XML and the structure includes a type attribute that instructs the server the type of object to create upon deserialization. The...

8.8CVSS9.2AI score0.94789EPSS
Exploits6References5Affected Software2
Veracode
Veracode
•added 2019/05/16 3:18 a.m.•66 views

Memory Corruption And Code Execution

Linux kernel is vulnerable to memory corruption vulnerability. The vulnerability exists in the function cdromioctlmediachanged of the file drivers/cdrom/cdrom.c. A privileged user could use an incorrect bounds check in the CDROM driver CDROMMEDIACHANGED ioctl to read out some kernel memory conten...

5.5CVSS6.4AI score0.00683EPSS
Exploits1References37Affected Software2
Veracode
Veracode
•added 2019/05/02 5:40 a.m.•66 views

Privilege Escalation

The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way Linux kernel's Transparent Huge Pages THP implementation handled non-huge page migration. A local, unprivileged user could use this flaw to crash the kernel by migrating transparent...

6.2CVSS6.9AI score0.04517EPSS
Exploits1References42Affected Software1
Veracode
Veracode
•added 2019/01/15 9:21 a.m.•66 views

Denial Of Service (DoS)

memcached is vulnerable to denial of service. The UDP support of the server allows spoofed traffic amplification denial of service. A remote attacker is able to exploit the vulnerability and crash the application via a network flood to UDP port 11211...

7.5CVSS7.1AI score0.88368EPSS
Exploits3References23Affected Software25
Veracode
Veracode
•added 2018/08/22 5:36 p.m.•66 views

Remote Code Execution (RCE)

struts2-core is vulnerable to remote code execution RCE attacks. These attacks are possible when using a namespace or url tag which doesn't have a value and action set and where its upper action configuration is using a wildcard namespace or has no namespace...

8.1CVSS8.4AI score0.99993EPSS
Exploits41References22Affected Software3
Veracode
Veracode
•added 2023/08/06 2:35 p.m.•65 views

Server-Side Request Forgery (SSRF)

gitlab is vulnerable to Server-Side Request Forgery SSRF . This vulnerability occurs due to a flaw in the way that GitLab handles requests to the internal network for webhooks. An attacker can exploit this vulnerability to make HTTP requests to arbitrary domains of the attacker's choosing...

8.6CVSS6.7AI score0.27806EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2023/07/28 12:50 p.m.•65 views

Race Condition

libcurl.so is vulnerable to a Race Condition. The library is susceptible to a TOCTOU race condition when it saves cookies, HSTS, and alt-svc data to a file. A victim might use the data for an intended purpose, but an attacker may overwrite the protected file...

6.8AI score
Exploits0References5Affected Software2
Veracode
Veracode
•added 2023/05/24 2:21 a.m.•65 views

Unintended Leaks Of Proxy-Authorization Header

requests is vulnerable to Unintended Leaks Of Proxy-Authorization Header. The vulnerability exists in the rebuildproxies function of sessions.py when the credentials are supplied in the URL user information component such as https://username:password@proxy:8080, which allows an attacker to gain...

6.1CVSS6.9AI score0.02974EPSS
Exploits1References8Affected Software5
Veracode
Veracode
•added 2023/05/02 4:31 a.m.•65 views

Information Disclosure

github.com/grafana/grafana is vulnerable to Information Disclosure. The vulnerability exists in the initContextWithJWT function of authjwt.go because the JWT URL-login flow leaks tokens to data sources through request parameters in proxy requests...

7.5CVSS7.2AI score0.01504EPSS
Exploits1References8Affected Software1
Veracode
Veracode
•added 2023/03/23 12:53 a.m.•65 views

Remote Code Execution (RCE)

knplabs/knp-snappy is vulnerable to Remote Code Execution RCE. The vulnerability is due to the library not checking the file type during upload, which allows an attacker to upload a phar:// file which will be deserialized during the fileexists function because it fails to check the file type,...

9.8CVSS9.4AI score0.0276EPSS
Exploits1References7Affected Software1
Veracode
Veracode
•added 2023/03/03 4:39 a.m.•65 views

Stored Cross-site Scripting (XSS)

github.com/grafana/grafana is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to map attributes in the Geomap plugin which library does not properly sanitize, allowing an attacker with an editor role to inject and execute malicious JavaScript. If an admin user clicks on the m...

7.3CVSS5.4AI score0.1546EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2023/03/01 10:14 a.m.•65 views

Deserialization Of Untrusted Object

litedb is vulnerable to Deserialization Of Untrusted Objects. The vulnerability is caused by differing types in JSON documents, when a JSON document contains BsonDocument types, the library converts them to POCO. If an attacker can send a plain JSON string, they can inject and execute arbitrary...

9.8CVSS9.3AI score0.00699EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2023/02/17 10:23 a.m.•65 views

Incorrect Calculation Of Buffer Size

PHP is vulnerable to Incorrect Calculation of Buffer Size. The vulnerability exists because the core path resolution function allocates a buffer one byte too small when resolving paths with lengths close to the system MAXPATHLEN setting, leading to the byte after the allocated buffer being...

8.1CVSS8AI score0.01242EPSS
Exploits1References4Affected Software8
Veracode
Veracode
•added 2023/01/20 6:55 a.m.•65 views

Denial Of Service (DoS)

apache2 is vulnerable to Denial of ServiceDoS attacks. A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool memory location beyond the header value sent, causing the application to crash...

7.5CVSS8.1AI score0.03546EPSS
Exploits0References7Affected Software3
Veracode
Veracode
•added 2022/11/04 3:18 a.m.•65 views

Information Disclosure

OpenCart is vulnerable to information disclosure. The vulnerability exists in multiple functions of backup.php, allowing an attacker to obtain database information or read server files by injecting and executing malicious SQL queries...

4.9CVSS5.5AI score0.00726EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2022/04/16 7:23 p.m.•65 views

Access Restriction Bypass

nginx is vulnerable to access restriction bypass. The vulnerability exists because TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates which allows an attacker to gain access to the system and perform unauthorized actions...

7.4CVSS6.9AI score0.02037EPSS
Exploits0References9Affected Software5
Veracode
Veracode
•added 2021/12/10 7:49 a.m.•65 views

HTTP Request Smuggling

io.netty:netty-codec-http is vulnerable to HTTP request smuggling. Improper validation of control chars, when they are present at the beginning and/or end of the header name leads to HTTP request smuggling which allows an attacker to exploit other remote systems when these headers are used as a...

6.5CVSS3.2AI score0.02682EPSS
Exploits0References7Affected Software29
Veracode
Veracode
•added 2021/05/06 6:56 a.m.•65 views

Cross-Site Scripting (XSS)

highcharts is vulnerable to cross-site scripting. The vulnerability exists because the chart options structure is not validated and sanitized when using useHTML flag, potentially allowing an attacker to inject and execute arbitrary Javascript in a user's browser...

7.6CVSS6AI score0.00867EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2021/01/20 4:41 p.m.•65 views

Buffer Overflow

dnsmasq is vulnerable to buffer overflow. An attacker may forge malicious DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine...

8.1CVSS3.9AI score0.81191EPSS
Exploits0References10Affected Software6
Veracode
Veracode
•added 2020/04/10 12:16 a.m.•65 views

Arbitrary Code Execution

php is vulnerable to arbitrary code execution. A number of buffer overflow flaws were found in the PHP session extension; the strreplace function; and the imapmailcompose function. If very long strings were passed to the strreplace function, an integer overflow could occur in memory allocation. I...

7.5CVSS1.9AI score0.0549EPSS
Exploits0References57Affected Software1
Veracode
Veracode
•added 2019/07/29 1:48 a.m.•65 views

Directory Traversal

werkzeug is vulnerable to directory traversal. An attacker is able to access arbitrary files through the SharedDataMiddleware due to the way Python's os.path.join function works on Windows...

7.5CVSS5AI score0.55526EPSS
Exploits7References3Affected Software1
Veracode
Veracode
•added 2019/05/02 6:2 a.m.•65 views

Null Pointer Dereference

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...

9.8CVSS9AI score0.36974EPSS
Exploits78References16Affected Software3
Veracode
Veracode
•added 2019/05/02 5:39 a.m.•65 views

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

7.5CVSS8.6AI score0.07417EPSS
Exploits0References21Affected Software2
Veracode
Veracode
•added 2019/05/02 4:53 a.m.•65 views

Denial Of Service (DoS)

httpd is vulnerable to denial of service. It was discovered that modproxyajp, when used in configurations with modproxy in load balancer mode, would mark a back-end server as failed when request processing timed out, even when a previous AJP Apache JServ Protocol CPing request was responded to by...

5CVSS5.8AI score0.1747EPSS
Exploits1References51Affected Software35
Veracode
Veracode
•added 2019/05/02 4:46 a.m.•65 views

Information Disclosure

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

5.9CVSS7AI score0.15561EPSS
Exploits7References42Affected Software63
Veracode
Veracode
•added 2019/01/15 9:20 a.m.•65 views

Information Disclosure

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known, are vulnerable to information disclosure. A local unprivileged attacker is able to perform a side-channel analysis known as Speculative...

7.5CVSS7AI score0.05966EPSS
Exploits0References18Affected Software103
Veracode
Veracode
•added 2019/01/15 9:2 a.m.•65 views

Buffer Overflow

php is vulnerable to denial of service DoS attacks. The vulnerability exists as an integer overflow in the objectcustom function in ext/standard/varunserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service application cra...

7.5CVSS8.5AI score0.28862EPSS
Exploits1References29Affected Software4
Veracode
Veracode
•added 2017/10/23 5:5 a.m.•65 views

Regular Expression Denial Of Service (ReDoS)

moment is vulnerable to denial of service DoS attacks. These attacks are possible because the regular expression that is used for matching dates takes awhile for long strings...

7.5CVSS7.5AI score0.03673EPSS
Exploits0References4Affected Software3
Veracode
Veracode
•added 2026/06/18 7:54 a.m.•64 views

NoSQL Injection

Spring Data MongoDB is vulnerable to NoSQL Injection. The vulnerability is due to insufficient validation of parameters bound to regular expressions in @Query-annotated repository methods, where attacker-controlled input can break out of the intended regex quoting e.g., ^\Q?0\E$ and manipulate...

5.9CVSS5.3AI score0.00262EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2023/11/20 10:39 a.m.•64 views

Json Web Token (JWT) Bypass

json-web-token is vulnerable to Json Web Token JWT Bypass. The vulnerability is due to an insecure mechanism used while verifying the signature of a JWT. The library blindly trusts the algorithm listed in the token without further verification. An attacker can forge a token using the HS256...

7.5CVSS7.2AI score0.00304EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2023/07/25 2:12 a.m.•64 views

Server-Side Template Injection (SSTI)

spring-boot-admin-server is vulnerable to Server-Side Template Injection SSTI. The vulnerability exists because the mailNotifierTemplateEngine function of AdminServerNotifierAutoConfiguration.java does not properly implement the configuration for ClasspathResourceLoader, which allows an attacker ...

7.5CVSS7.2AI score0.00966EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2023/06/06 4:48 a.m.•64 views

Privilege Escalation

cassandra-all is vulnerable to Privilege Escalation. The vulnerability exists when enabling FQL/Audit logs, which allows an attacker with JMX access to run arbitrary commands...

7.8CVSS6.9AI score0.00344EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2023/03/09 12:49 p.m.•64 views

Remote Code Execution (RCE)

org.apache.dubbo:dubbo-common is vulnerable to Remote Code Execution RCE. The vulnerability is due to a lack of class validation when deserializing untrusted user input which allows an attacker to upload and execute malicious code...

9.8CVSS9.4AI score0.04847EPSS
Exploits3References8Affected Software1
Veracode
Veracode
•added 2023/03/06 8:47 p.m.•64 views

NULL Pointer Dereference

openssl is vulnerable to NULL Pointer Dereference. The vulnerability exists because there is a missing check network subcomponent in the Linux kernel, which later leads to invalid usage of the digest api most likely leading to a crash...

5.5CVSS6.4AI score0.01016EPSS
Exploits0References5Affected Software4
Veracode
Veracode
•added 2023/02/22 7:42 a.m.•64 views

Cross-site Scripting (XSS)

phpmyadmin/phpmyadmin is vulnerable to Cross-site Scripting XSS. An authenticated user is able to execute malicious code on a victim's browser by uploading a specially-crafted .sql file through the drag-and-drop interface...

5.4CVSS5.6AI score0.01163EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2022/10/23 6:37 p.m.•64 views

Improper Access Control

openjdk is vulnerable to improper access control. The vulnerability allows an attacker to perform unauthorized updates, insertions or deletions of some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data...

5.3CVSS6AI score0.02038EPSS
Exploits0References17Affected Software6
Veracode
Veracode
•added 2022/07/22 6:54 p.m.•64 views

Remote Code Execution (RCE)

openjdk17 is vulnerable to remote code execution. The vulnerability exists in Oracle Java SE and Oracle GraalVM Enterprise Edition which allows an unauthenticated attacker to update, insert or delete Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data...

5.3CVSS6.7AI score0.02253EPSS
Exploits0References10Affected Software5
Veracode
Veracode
•added 2022/07/04 4:24 a.m.•64 views

Regular Expression Denial Of Service (ReDoS)

scss-tokenizer is vulnerable to regular expression denial of service. The vulnerability exists in the loadAnnotation function of previous-map.js due to the insecure regex pattern used in the match attribute, allowing an attacker to crash the application by providing malicious input...

7.5CVSS7.3AI score0.01949EPSS
Exploits1References1Affected Software1
Veracode
Veracode
•added 2022/06/13 4:36 p.m.•64 views

Out-of-Bounds Read

pcre2 is vulnerable to out of bounds read. The vulnerability exists due to a memory corruption in the compilexclassmatchingpath function of the pcre2jitcompile.c file which allows an attacker to cause an application crash...

9.1CVSS8.9AI score0.03193EPSS
Exploits0References18Affected Software1
Veracode
Veracode
•added 2022/05/16 3:11 p.m.•64 views

SQL Injection

postgresql is vulnerable to sql injection. The vulnerability exists incomplete efforts to operate safely when a privileged user is maintaining another user's objects which allows an attacker to inject and execute arbitrary sql functions...

8.8CVSS8.9AI score0.12403EPSS
Exploits0References7Affected Software11
Veracode
Veracode
•added 2021/09/30 1:40 p.m.•64 views

Privilege Escalation

Linux kernel is vulnerable to Privilege Escalation. An attacker may exploit the vulnerability by triggering a free of kernel buffer by using the IORINGOPPROVIDEBUFFERS in the looprwiter in fs/iouring.c...

7.8CVSS7.4AI score0.01719EPSS
Exploits2References10Affected Software1
Veracode
Veracode
•added 2021/08/11 7:40 a.m.•64 views

Domain Hijacking

c-ares is vulnerable to Domain Hijacking. Missing input validation of host names returned by Domain Name Servers in the c-ares library can lead to output of wrong hostnames leading to Domain Hijacking...

5.6CVSS6.4AI score0.02617EPSS
Exploits1References6Affected Software7
Veracode
Veracode
•added 2020/10/28 11:4 a.m.•64 views

Path Traversal

jenkins-2-plugins/blueocean is vulnerable to Path traversal vulnerability. It could allow to read arbitrary files...

6.5CVSS4.1AI score0.02126EPSS
Exploits0References4Affected Software5
Veracode
Veracode
•added 2020/09/21 6:40 a.m.•64 views

Authorization Bypass

squid is vulnerable to authorization bypass. When handling a URN request, the corresponding HTTP request that is made does not go through the access checks, allowing an attacker to bypass access checks and gain access to restricted HTTP servers such as HTTP servers listening on localhost...

9.1CVSS3.9AI score0.04302EPSS
Exploits0References11Affected Software4
Veracode
Veracode
•added 2019/11/06 3:51 a.m.•64 views

Denial Of Service (DoS)

handlebars is vulnerable to denial of service. A bug in matching of templates can cause an infinite loop due to greedy matching of raw-block-contents. This could potentially be abused by submitting malicious templates to cause a denial of service condition when system resources are exhausted...

7.8CVSS2.6AI score0.03793EPSS
Exploits0References3Affected Software3
Veracode
Veracode
•added 2019/05/02 5:39 a.m.•64 views

Null Pointer Dereference

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities. The php55 packages have been upgraded to...

7.5CVSS9.2AI score0.53166EPSS
Exploits32References16Affected Software2
Veracode
Veracode
•added 2019/05/02 4:46 a.m.•64 views

Cross Site Scripting (XSS)

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

5.9CVSS7AI score0.15561EPSS
Exploits7References43Affected Software63
Veracode
Veracode
•added 2017/01/26 3:40 a.m.•64 views

Denial Of Service (DoS)

OpenSSL is vulnerable to to Denial of Service DoS attacks. The doaproutch function in crypto/bio/bprint.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g, found in the affected versions of OpenSSL, does not verify that certain memory allocations succeed, allowing a malicious user to cause ...

10CVSS8.7AI score0.53655EPSS
Exploits0References3Affected Software4
Total number of security vulnerabilities5000