Lucene search
+L
VeracodeMost viewed

38468 matches found

Veracode
Veracode
•added 2019/01/15 9:20 a.m.•35 views

Remote Code Execution (RCE)

github.com/golang/go is vulnerable to remote code execution RCE. If custom domains are used, a malicious user can set a domain example.com/proj1 to point to a subversion repository and another domain example.com/proj1/proj2 to point to a git repository. When the go get command is run, arbitrary...

9.8CVSS9.7AI score0.08944EPSS
Exploits0References11Affected Software5
Veracode
Veracode
•added 2019/01/15 9:19 a.m.•35 views

Remote Code Execution (RCE)

kernel is vulnerable to remote code execution RCE attacks. The vulnerability exists as the native Bluetooth stack in the Linux Kernel BlueZ, starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP...

8CVSS8.2AI score0.16181EPSS
Exploits12References23Affected Software2
Veracode
Veracode
•added 2019/01/15 9:19 a.m.•35 views

Denial Of Service (DoS)

kernel-rt is vulnerable to denial of service DoS attacks. The vulnerability exists as the pivotroot implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service...

5.5CVSS5.5AI score0.00673EPSS
Exploits1References52Affected Software1
Veracode
Veracode
•added 2019/01/15 9:19 a.m.•35 views

Denial Of Service (DoS)

kernel-rt is vulnerable to denial of service DoS attacks. The vulnerability exists as crypto/algifskcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AFALG socket before an accept system call is processed, which allows local users to cause ...

5.5CVSS5.4AI score0.00504EPSS
Exploits0References15Affected Software2
Veracode
Veracode
•added 2019/01/15 9:18 a.m.•35 views

Arbitrary Code Execution

kernel is vulnerable to arbitrary code execution attacks. The vulnerability exists as Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 committed on April 14, 2015. This kernel vulnerability was fixed in...

7.8CVSS7.8AI score0.10695EPSS
Exploits5References15Affected Software1
Veracode
Veracode
•added 2019/01/15 9:17 a.m.•35 views

Arbitrary Code Execution

kernel is vulnerable to arbitrary code execution attacks. The vulnerability exists as the NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have...

9.8CVSS9.7AI score0.1081EPSS
Exploits0References17Affected Software2
Veracode
Veracode
•added 2019/01/15 9:16 a.m.•35 views

Privilege Escalation

kernel is vulnerable to privilege escalation attacks. The vulnerability exists as an elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate becau...

7CVSS7.5AI score0.02341EPSS
Exploits0References8Affected Software2
Veracode
Veracode
•added 2019/01/15 9:16 a.m.•35 views

Privilege Escalation

openssh is vulnerable to privilege escalation. It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configurations with UseLogin=yes and the pamenv PAM module configured to read user environment settings, a local user could use this...

7.6CVSS8.2AI score0.01284EPSS
Exploits0References16Affected Software1
Veracode
Veracode
•added 2019/01/15 9:12 a.m.•35 views

Authorization Bypass

httpd is vulnerable to authorization bypass. It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for...

7.5CVSS7.3AI score0.18802EPSS
Exploits0References40Affected Software1
Veracode
Veracode
•added 2019/01/15 9:11 a.m.•35 views

Deserialization Of Untrusted Data

Apache ActiveMQ allows for deserialization of objects both in the Broker and in any applications which process ObjectMessage messages, specifically by using ObjectMessagegetObject. Broker deserialization happens in HTTP, Stop, Web Console, and other components. The deserialization in versions 5.0...

9.8CVSS8.4AI score0.38191EPSS
Exploits4References42Affected Software19
Veracode
Veracode
•added 2019/01/15 9:7 a.m.•35 views

Denial Of Service (DoS)

httpd is vulnerable to denial of service. The modlua httpd module improperly processed certain WebSocket Ping requests, allowing a remote attacker to cause the httpd child process to crash via a malicious WebSocket Ping request...

5CVSS8.7AI score0.18812EPSS
Exploits0References42Affected Software1
Veracode
Veracode
•added 2019/01/15 9:5 a.m.•35 views

Information Disclosure

PostgreSQL is vulnerable to information disclosure. An information leak occurs when the server handles certain error messages, allowing an authenticated database user could to obtain results of a query they did not have privileges to execute, by observing the constraint violation error messages...

4.3CVSS6.1AI score0.0251EPSS
Exploits0References9Affected Software2
Veracode
Veracode
•added 2019/01/15 9:1 a.m.•35 views

Denial Of Service (DoS)

perl is vulnerable to denial of service DoS attacks. The vulnerability exists through a heap-based buffer overflow in the Perlrepeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service...

7.5CVSS7.3AI score0.04877EPSS
Exploits1References18Affected Software1
Veracode
Veracode
•added 2019/01/15 9:0 a.m.•35 views

Denial Of Service (DoS)

krb5 is vulnerable to denial of service DoS attacks. The vulnerability exists as the pkinitserverreturnpadata function in plugins/preauth/pkinit/pkinitsrv.c in the PKINIT implementation in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.10.4 attempts to find an agility KDF...

5CVSS5.6AI score0.02576EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2019/01/15 8:59 a.m.•35 views

Authorization Bypass

RealtimeKit is vulnerable to authorization bypass. It does not properly use D-Bus for communications with a polkit authority. A race condition in the PolkitUnixProcess PolkitSubject allows a local user to bypass access restrictions via a setuid or pkexec process. This is a related issue to...

7.2CVSS6.3AI score0.00374EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2019/01/15 8:56 a.m.•35 views

Denial Of Service (DoS)

MySQL is vulnerable to denial of service. An unspecified vulnerability allows remote attackers to crash the service via vectors related to Error Handling...

2.6CVSS8.6AI score0.0467EPSS
Exploits0References22Affected Software2
Veracode
Veracode
•added 2019/01/15 8:56 a.m.•35 views

Remote Code Execution (RCE)

glibc is vulnerable to remote code execution RCE attacks. The vulnerability exists through multiple integer overflows in the 1 strtod, 2 strtof, 3 strtold, 4 strtodl, and other unspecified "related functions" in stdlib in GNU C Library aka glibc or libc6 2.16 allow local users to cause a denial o...

4.6CVSS8.1AI score0.00993EPSS
Exploits0References24Affected Software1
Veracode
Veracode
•added 2019/01/15 8:55 a.m.•35 views

Denial Of Service (Dos)

libxml2 is vulnerable to denial of service. An attacker is able to crash the application via a malicious XML document containing malformed XPath expressions...

4.3CVSS6.5AI score0.07533EPSS
Exploits2References34Affected Software3
Veracode
Veracode
•added 2019/01/15 8:54 a.m.•35 views

Denial Of Service (DoS)

krb5 is vulnerable to denial of service DoS attacks. The vulnerability exists as schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 aka krb5 before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service CPU and...

5CVSS5.2AI score0.06485EPSS
Exploits0References14Affected Software1
Veracode
Veracode
•added 2019/01/15 8:53 a.m.•35 views

Remote Code Execution (RCE)

php is vulnerable to remote code execution RCE attacks. The vulnerability exists through a format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information memory contents and possibly execute arbitrary cod...

6.8CVSS7.1AI score0.12652EPSS
Exploits2References15Affected Software2
Veracode
Veracode
•added 2019/01/15 8:51 a.m.•35 views

Authentication Bypass

libcurl.so is vulnerable to authentication bypasses. The library re-uses NTLM connections, allowing a malicious user to reuse a connection to bypass authentication...

4CVSS7.3AI score0.05599EPSS
Exploits1References31Affected Software2
Veracode
Veracode
•added 2019/01/15 8:51 a.m.•35 views

Cross-site Scripting (XSS)

The sanitizecss method in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle newline characters, which makes it easier for remote attackers to condu...

4.3CVSS5.3AI score0.0264EPSS
Exploits1References16Affected Software13
Veracode
Veracode
•added 2018/12/28 4:2 a.m.•35 views

Deserialization Of Untrusted Data

jackson-databind is susceptible to deserialization of untrusted data. It is due to an incomplete fix for the CVE-2017-7525 which has classes which perform general-purpose data-binding functionality and tree-model for untrusted data...

9.8CVSS9.2AI score0.37925EPSS
Exploits7References42Affected Software4
Veracode
Veracode
•added 2018/11/23 1:41 a.m.•35 views

Arbitrary Code Execution

intelliants/subrion is vulnerable to arbitrary code execution attacks. The vulnerability exists due to the lack of blacklist against .pht or .phar files in /panel/uploads, allowing such files to be uploaded and subsequently executed...

7.2CVSS7.5AI score0.64261EPSS
Exploits10References3Affected Software1
Veracode
Veracode
•added 2018/11/16 6:2 a.m.•35 views

Remote Code Execution (RCE)

Microsoft.PowerShell.EditorServices.Protocol is vulnerable to remote code execution. Improper processing of local connections allow a remote attacker to execute arbitrary commands in the context of the authenticated user...

9.8CVSS5.5AI score0.21173EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2018/11/16 2:45 a.m.•35 views

Remote Code Execution (RCE)

Microsoft Chakracore is vulnerable to remote code execution. The scripting engine does not properly handle objects in memory, which would allow an attacker to execute arbitrary commands in the context of the authenticated user. This CVE ID is different from CVE-2017-11886, CVE-2017-11889,...

7.5CVSS7.9AI score0.68491EPSS
Exploits28References7Affected Software2
Veracode
Veracode
•added 2018/11/13 6:27 a.m.•35 views

Directory Traversal

tomcat-util is vulnerable to directory traversal attacks. The vulnerability exists due to the ability to include ../, ..\, and ..%5C characters in the URL, allowing directory traversal attacks...

5CVSS6AI score0.90768EPSS
Exploits2References63Affected Software4
Veracode
Veracode
•added 2018/11/13 5:51 a.m.•35 views

Denial Of Service (DoS)

Apache Tomcat is vulnerable to denial of service DoS. Simultaneous requests to a directory containing a large number of files causes heavy CPU consumption, resulting in a denial of service condition...

5CVSS5.7AI score0.05954EPSS
Exploits0References26Affected Software3
Veracode
Veracode
•added 2018/09/14 6:26 a.m.•35 views

Denial Of Service (DoS)

libglusterfs.so is vulnerable to a denial of service DoS attack or information disclosures. The library does not restrict the ../ characters from being passed in pathnames, allowing a malicious user to gain access to file statuses or crash the application with a malformed filename...

8.1CVSS8.1AI score0.02771EPSS
Exploits0References9Affected Software7
Veracode
Veracode
•added 2018/08/14 3:5 a.m.•35 views

Exposed API

Apache's spark contains an exposed API due to the default value of spark.master.rest.enabled being set to true. This allows remote attackers to connect to the API without authentication and run driver programs but not launch executors...

4.2CVSS5AI score0.6583EPSS
Exploits2References6Affected Software4
Veracode
Veracode
•added 2018/08/13 3:0 a.m.•35 views

Same Origin Policy Bypass

libcurl.so is vulnerable to same origin policy bypass. This is due to the libcurl's cookie parser having no public suffix awareness, which could allow for cookies to be set for arbitrary sites by setting a cookie for a top-level domain...

5CVSS7.3AI score0.04876EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2018/08/07 6:10 a.m.•35 views

Side-Channel Attack

libgcrypt.so is vulnerable to side-channel attacks. The elliptic-point curve multiplication during decryption is not properly performed, which allows attackers within close proximity to extract the secret decryption key within seconds by measuring electromagnetic emanations...

2CVSS4.5AI score0.00429EPSS
Exploits0References12Affected Software1
Veracode
Veracode
•added 2018/08/01 6:37 a.m.•35 views

Denial Of Service (DoS)

libtiff.so is vulnerable to denial of service DoS attacks. A malicious user can pass a TIFF image to the TIFFRGBAImageOK function in tifgetimage.c to cause an out-of-bounds read that can crash the application...

5.5CVSS6AI score0.02857EPSS
Exploits0References2Affected Software2
Veracode
Veracode
•added 2018/08/01 2:43 a.m.•35 views

Denial Of Service (DoS)

libgd.so is vulnerable to denial of service DoS attacks. The library contains a memory leak during interpolation, allowing a malicious user to cause a DoS condition by calling the gdImageScaleTwoPass function in gdinterpolation.c...

7.5CVSS7.8AI score0.03647EPSS
Exploits1References2Affected Software4
Veracode
Veracode
•added 2018/07/27 3:40 a.m.•35 views

Arbitrary File Write

wildfly-deployment-repository is vulnerable to the zip-slip vulnerability. The library does not validate the target path when extracting and deploying .war files, leading to arbitrary file writes outside of the intended target directory...

5.5CVSS6.7AI score0.01262EPSS
Exploits0References12Affected Software1
Veracode
Veracode
•added 2018/07/24 8:0 a.m.•35 views

Denial Of Service (DoS)

libtiff.so is vulnerable to denial of service DoS attacks. The vulnerability exists due to a heap-based buffer overflow that occurs in the PackBitsDecode function of tifpackbits.c, causing a DoS attack when parsing an invalid bmp file...

6.5CVSS7.3AI score0.0374EPSS
Exploits0References2Affected Software2
Veracode
Veracode
•added 2018/07/20 9:53 a.m.•35 views

Denial Of Service (DoS)

ImageMagick is vulnerable to denial of service DoS attacks. A malicious user can pass an .mpc file to the WriteMPCImage function in mpc.c, causing a memory leak that can crash the application or consume resources...

6.5CVSS7.2AI score0.02774EPSS
Exploits1References4Affected Software4
Veracode
Veracode
•added 2018/07/20 8:31 a.m.•35 views

TLS Session Resumption Client Certificate Bypass

libcurl.so is vulnerable to TLS session resumption client certificate bypass attacks. The vulnerability exists in Curlclonesslconfig of lib/vtls/vtls.c where libcurl.so does not prevent the TLS session resumption if the client certificate has been replaced...

7.5CVSS7.6AI score0.15063EPSS
Exploits0References21Affected Software1
Veracode
Veracode
•added 2018/07/19 2:58 a.m.•35 views

Denial Of Service (DoS)

libxml2 is affected by a denial-of-service DoS vulnerability. In xpath.c:xmlXPathCompOpEval, the cases XPATHOPAND and XPATHOPOR does not check for NULL values when assigning valuePopctxt which can result in a NULL pointer deference leading to a denial of service condition...

7.5CVSS7.3AI score0.03681EPSS
Exploits0References9Affected Software3
Veracode
Veracode
•added 2018/05/28 5:12 p.m.•35 views

Remote Code Execution (RCE)

icu4c is vulnerable to remote code execution RCE attacks. A malicious user can pass a string to the ucnvUTF8FromUTF8 function in ucnvu8.cpp to cause a buffer overflow that can crash the application or cause arbitrary code to be executed...

9.8CVSS9.8AI score0.04605EPSS
Exploits1References7Affected Software1
Veracode
Veracode
•added 2018/05/23 8:3 a.m.•35 views

Denial Of Service (DoS)

libxml2.so is vulnerable to denial of service. The vulnerability exists in the xmlParserEntityCheck and xmlParseAttValueComplex functions that calls xmlStringDecodeEntities recursively without incrementing the depth counter, causing a stack buffer overflow attack which then lead to an application...

7.5CVSS8.2AI score0.05103EPSS
Exploits0References20Affected Software2
Veracode
Veracode
•added 2018/05/21 8:51 a.m.•35 views

Information Disclosure

libcurl.so is vulnerable to information disclosures. When running with the --write-out command, the application skips the end of the string zero byte if the string ends with % or \\ , causing the application to read out of the buffer and disclose sensitive information...

2.4CVSS6AI score0.00581EPSS
Exploits0References6Affected Software5
Veracode
Veracode
•added 2018/04/06 5:24 a.m.•35 views

Denial Of Service (DoS) Through Uninitialized Memory Leak

http-proxy-agent is susceptible to denial of service DoS. auth parameters are passed to the buffer constructor without proper sanitization, leading to DoS via uninitialized memory leak...

9.8CVSS9AI score0.01392EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2017/09/08 12:51 a.m.•35 views

Denial Of Service (DoS)

FFmpeg is vulnerable to denial of service DoS attacks. A malicious user can pass a file which contains a large itemnum value to bypass the large value checking, causing the file to consume a large amount of memory that can lead to memory exhaustion in the system...

8.8CVSS8.3AI score0.02575EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2017/08/22 12:5 a.m.•35 views

Denial Of Service (DoS) Through Heap Based Buffer Overflow

ImageMagick is vulnerable to denial of service DoS attacks through heap-based buffer overflows and possibly other attacks. A malicious user can pass a SFW file to the system to cause a heap-based buffer overflow, causing the application to crash...

8.8CVSS8.6AI score0.0244EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2017/07/31 6:6 p.m.•35 views

Denial Of Service (DoS) Through Memory Leak

ImageMagick is vulnerable to denial of service DoS attacks. These attacks are possible through the WritePICONImage function and can be triggered using a mishandled OpenPixelCache call...

6.5CVSS5.9AI score0.0151EPSS
Exploits0References1Affected Software1
Veracode
Veracode
•added 2017/07/21 8:32 a.m.•35 views

SQL Injection

Moodle is vulnerable to SQL injection attacks. The attacks exist because the application does not filter null bytes \0 characters in query strings, leading to SQL statements failing and causing error to the Microsoft SQL driver. This can allow a malicious user to inject and execute SQL queries...

7.5CVSS7.2AI score0.01206EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2017/05/17 7:6 a.m.•35 views

Copy-Paste Vulnerability (CPV) Through Libxslt

nokogiri has a copied version of the libxslt library. The copy that nokogiri includes is vulnerable to the following issues: 1. CVE-2016-1683 - Denial of Service DoS via an out-of-bounds heap memory access. This is caused by libxslt mishandling namespace nodes leading to out-of-bounds heap memory...

8.1AI score0.02142EPSS
Exploits0
Veracode
Veracode
•added 2017/04/27 9:16 a.m.•35 views

Privilege Escalation

github.com/openshift/origin is vulnerable to privilege escalation attacks. The vulnerability exists because it does not prevent the unauthorised users to edit a build configuration to use a restricted strategy...

10CVSS9.2AI score0.04843EPSS
Exploits0References7Affected Software36
Veracode
Veracode
•added 2017/03/27 2:4 a.m.•35 views

Remote Code Execution (RCE)

ffmpeg is vulnerable to remote code execution RCE attacks. A heap-based buffer overflow in libavformat/rtmppkt.c is caused by the failure to check for RTMP packet size mismatches. The resulted buffer overflow can be exploited by aligning chunks and by using a white-what-where condition to launch...

9.8CVSS9.8AI score0.07457EPSS
Exploits1References3Affected Software2
Total number of security vulnerabilities5000