Lucene search
+L
VeracodeMost viewed

38468 matches found

Veracode
Veracode
•added 2022/04/27 7:0 p.m.•61 views

Insecure File Lookup

Linux kernel is vulnerable to insecure file lookup . The vulnerability exists because it performs a regular lookup which allows an attacker to access potentially sensitive files, which results in Sensitive Information Disclosure...

3.3CVSS3.6AI score0.00397EPSS
Exploits0References12Affected Software4
Veracode
Veracode
•added 2021/10/15 8:23 a.m.•61 views

Denial Of Service (DoS)

tomcat-websocket is vulnerable to denial of service DoS attacks. An out of memory OOM occurs as the internal upgrade handler doesn't close the associated web connection on destroy causing an application crash...

7.5CVSS3.5AI score0.10997EPSS
Exploits0References13Affected Software5
Veracode
Veracode
•added 2021/09/03 3:37 a.m.•61 views

Prototype Pollution

immer is vulnerable prototype pollution. The vulnerability was introduced by the fix provided for CVE-2020-28477 which allows insecure modification of Object Prototype Attributes...

9.8CVSS3.9AI score0.02293EPSS
Exploits2References2Affected Software1
Veracode
Veracode
•added 2021/08/18 5:49 p.m.•61 views

Denial Of Service

linux is vulnerable to denial of service. The vulnerability exists due to an out-of-bounds write...

8.3CVSS2.5AI score0.78684EPSS
Exploits21References10Affected Software7
Veracode
Veracode
•added 2021/08/09 7:54 a.m.•61 views

Denial Of Service

mariadb is vulnerable to denial of service. The vulnerability exists due to the system allowing high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.4CVSS4.6AI score0.02956EPSS
Exploits0References11Affected Software6
Veracode
Veracode
•added 2021/06/06 10:24 a.m.•61 views

Denial Of Service (DoS)

linux is vulnerable to denial of service. The vulnerability exists due to a non-blocking socket in llcpsockconnect that leads to leak and eventually hanging-up the system...

5.5CVSS3.1AI score0.00479EPSS
Exploits1References10Affected Software4
Veracode
Veracode
•added 2021/05/24 9:29 a.m.•61 views

Denial Of Service (DoS)

linux kernel is vulnerable to denial of service. The vulnerability exists due to net/netfilter/xtables.c and include/linux/netfilter/xtables.h lacking a full memory barrier upon the assignment of a new table value...

5.5CVSS3.1AI score0.00413EPSS
Exploits0References11Affected Software5
Veracode
Veracode
•added 2020/12/02 9:50 a.m.•61 views

Denial Of Service (DoS)

PHP is vulnerable to deniall of service DoS. The vulnerability exists due to an out of bounds read in phpstriptagsex...

9.1CVSS2.3AI score0.07116EPSS
Exploits1References17Affected Software1
Veracode
Veracode
•added 2020/11/05 3:9 a.m.•61 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS.Lack of validation in getrawsocket in drivers/vhost/net.c of an skfamily field allows to attacker perform ioctl2 calls on the '/dev/vhost-net' device may use this flaw to crash the kernel...

5.3CVSS3.3AI score0.00962EPSS
Exploits1References18Affected Software2
Veracode
Veracode
•added 2020/08/03 4:22 a.m.•61 views

Improper SSL Certificate Verification

faye is vulnerable to improper SSL certificate validation. The vulnerability exists as it does not implement certificate verification by default, allowing any hostname in the wss: connection made by the Faye::WebSocket::Client to be made unvalidated...

8.7CVSS2.4AI score0.00864EPSS
Exploits1References3Affected Software2
Veracode
Veracode
•added 2020/05/10 11:28 p.m.•61 views

Remote Code Execution (RCE)

php is vulnerable to remote code execution. The FPM module write past allocated buffers and into space reserved for the FCGI protocol data. This can potentailly be exploited to execute arbitrary code on the system...

9.8CVSS5.6AI score0.9947EPSS
Exploits56References31Affected Software2
Veracode
Veracode
•added 2020/04/10 1:3 a.m.•61 views

Denial Of Service (DoS)

php is vulnerable to denial of service DoS. The vulnerability exists as a bug in the PHP Streams component caused the PHP interpreter to crash if an FTP wrapper connection was made through an HTTP proxy. A remote attacker could possibly trigger this issue if a PHP script accepted an untrusted URL...

4.3CVSS1AI score0.04336EPSS
Exploits2References12Affected Software1
Veracode
Veracode
•added 2020/04/10 1:2 a.m.•61 views

CRLF Injection

firefox is vulnerable to CRLF injection. A flaw was found in the way Firefox handled Location headers in redirect responses. Two copies of this header with different values could be a symptom of a CRLF injection attack against a vulnerable server. Firefox now treats two copies of the Location,...

4.3CVSS2.2AI score0.02018EPSS
Exploits0References17Affected Software3
Veracode
Veracode
•added 2020/04/10 12:43 a.m.•61 views

Denial Of Service (DoS)

Mozilla Firefox is vulnerable to Denial Of Service DoS. Flaws in the processing of malformed web content allows a web page to contain malicious content, causing Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox...

9.3CVSS5.3AI score0.04714EPSS
Exploits0References36Affected Software7
Veracode
Veracode
•added 2020/03/18 12:55 a.m.•61 views

Denial Of Service (DoS)

firefox is vulnerable to denial of service. The BodyStream::OnInputStreamReady was missing protections against a state confusion bug and allows an attacker to successfully crash the application...

8.8CVSS4.3AI score0.02543EPSS
Exploits0References9Affected Software6
Veracode
Veracode
•added 2019/12/23 7:27 a.m.•61 views

HTTP Request Smuggling

waitress is vulnerable HTTP request smuggling. The vulnerability exists because the library mishandled HTTP request header by not correctly parsing the Transfer-Encoding header, causing the parser to use Content-Length header instead to determine the HTTP message body size, ignoring the requests...

7.5CVSS0.6AI score0.02545EPSS
Exploits0References10Affected Software3
Veracode
Veracode
•added 2019/08/08 12:7 a.m.•61 views

Information Disclosure

udisks is vulnerable to information disclosure. The vulnerability exists through a format string vulnerability in udiskslog in udiskslogging.c...

7.8CVSS1.1AI score0.00622EPSS
Exploits1References8Affected Software1
Veracode
Veracode
•added 2019/05/16 2:59 a.m.•61 views

Use After Free

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php70-php 7.0.27. BZ1518843 Security Fixes: php: Heap overflow in mysqlnd when not receiving UNSIGNEDFLAG in BIT field CVE-2016-7412 php:...

9.8CVSS9.8AI score0.79949EPSS
Exploits20References10Affected Software1
Veracode
Veracode
•added 2019/05/02 5:39 a.m.•61 views

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php54 packages provide a recent stable release of PHP with the PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a number of additional utilities. The php54 packages have been upgraded to...

7.5CVSS9.2AI score0.53166EPSS
Exploits43References24Affected Software6
Veracode
Veracode
•added 2019/04/11 9:53 a.m.•61 views

Remote Code Execution (RCE)

apache tomcat is vulnerable to remote code execution. This is due to a bug in the way the JRE passes command line arguments to Windows when enableCmdLineArguments is enabled., allowing a remote attacker to inject arbitrary commands that are executed by the host. The CGI Servlet is disabled by...

8.1CVSS8.4AI score0.99652EPSS
Exploits10References51Affected Software9
Veracode
Veracode
•added 2018/12/04 12:50 p.m.•61 views

Remote Code Execution (RCE)

Microsoft ChakraCore is vulnerable to remote code execution. This is due to how the scripting engine handles objects in memory, which allows a remote attacker to execute arbitrary code in the context of the user. This CVE ID is different from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836,...

7.5CVSS7.5AI score0.65858EPSS
Exploits21References7Affected Software2
Veracode
Veracode
•added 2026/05/09 5:4 a.m.•60 views

Command Injection

github.com/gotenberg/gotenberg is vulnerable to Command Injection. The vulnerability is due to lack of validation of JSON metadata keys passed to ExifTool, which allows an attacker to inject arbitrary ExifTool arguments and execute operating system commands...

9.8CVSS6AI score0.0295EPSS
Exploits2References3Affected Software1
Veracode
Veracode
•added 2025/12/13 5:21 a.m.•60 views

Session Fixation

Jenkins Bitbucket OAuth Plugin is vulnerable to session fixation. The vulnerability is due to the plugin not invalidating the previous session on login, where an attacker can reuse an existing session and gain unauthorized access...

9.8CVSS7.3AI score0.01062EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2023/12/05 1:49 p.m.•60 views

Cross-site Scripting (XSS)

vite is vulnerable to Cross-Site Scripting. This vulnerability exists because it does not properly sanitize inline scripts in the server.transformIndexHtml function, allowing an attacker to inject and execute malicious JavaScript into the browser. This vulnerability is only exploitable if the...

6.1CVSS6.7AI score0.00997EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2023/05/24 5:29 a.m.•60 views

Open Redirect

tornado is vulnerable to Open Redirect. The vulnerability exists in the validateabsolutepath function of web.py because it does not properly validate the requests paths that start with double slashes"\", which allows an attacker to redirect users to malicious websites by providing a maliciously...

6.1CVSS6.6AI score0.01132EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2023/01/18 8:22 p.m.•60 views

Integer Overflow

git is vulnerable to integer overflows. When processing the padding operators, there is a integer overflow in pretty.c::formatandpadcommit where a sizet is stored improperly as an int, and then added as an offset to a memcpy. This overflow can be triggered directly by a user running a command whi...

9.8CVSS9.3AI score0.44268EPSS
Exploits0References10Affected Software3
Veracode
Veracode
•added 2023/01/17 5:3 p.m.•60 views

Use-After-Free

linux is vulnerable to Use-After-Free. net/bluetooth/l2capcore.c's l2capconnect and l2capleconnectreq functions may allow code execution and leak kernel memory remotely via Bluetooth, which allows a remote attacker to exploit the vulnerability via Bluetooth if they are within the proximity of the...

8.8CVSS8.6AI score0.02014EPSS
Exploits0References3Affected Software4
Veracode
Veracode
•added 2023/01/02 1:3 p.m.•60 views

Remote Code Execution (RCE)

topthink/framework is vulnerable to remote execution. The vulnerability exists because the lang parameter is not properly validated, which allows a remote attacker to inject and execute arbitrary commands...

9.8CVSS9.3AI score0.16378EPSS
Exploits2References4Affected Software1
Veracode
Veracode
•added 2022/12/14 5:26 a.m.•60 views

Denial Of Service (DoS)

hutool-json and json are vulnerable to Denial Of Service DoS. The vulnerability exists due to a stack-based overflow in the library which allows an attacker to cause an application crash via malicious JSON or XML data...

7.5CVSS7.4AI score0.01181EPSS
Exploits5References4Affected Software2
Veracode
Veracode
•added 2022/11/01 5:57 a.m.•60 views

Cross-Site Scripting (XSS)

processwire is vulnerable to cross-site scripting. The vulnerability is due to lack of sanitization in the search users and search pages functions which allows an attacker to inject and execute arbitrary JavaScript...

6.1CVSS6.2AI score0.00395EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2022/09/12 11:25 a.m.•60 views

Information Disclosure

github.com/moby/moby is vulnerable to information disclosure. The vulnerability exists in the getUser function in ocilinux.go due to a lack of input validation, allowing an attacker to read sensitive information in the system...

6.3CVSS5.8AI score0.00837EPSS
Exploits0References12Affected Software3
Veracode
Veracode
•added 2022/06/24 2:26 a.m.•60 views

Use-After-Free

busybox is vulnerable to use-after-free. The vulnerability exists in copyvar which allows an attacker to send crafted awk pattern crashing the application...

7.8CVSS7.4AI score0.0118EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2022/05/25 6:35 p.m.•60 views

Authentication Bypass

linux-aws is vulnerable to Authentication Bypass. The vulnerability exists due to the mishandles of seccomp permissions, allowing an attacker to bypass the intended restrictions on the PTSUSPENDSECCOMP flag through the PTRACESEIZEcode path...

7.8CVSS7.7AI score0.00798EPSS
Exploits1References10Affected Software4
Veracode
Veracode
•added 2022/05/16 1:23 p.m.•60 views

Privilege Escalation

runc is vulnerable to privilege escalation. The vulnerability exists due to a bug in the runc exec --cap created processes with non-empty inheritable Linux process capabilities allowing an attacker to gain unauthorized access permissions...

7.8CVSS7.6AI score0.0039EPSS
Exploits0References12Affected Software2
Veracode
Veracode
•added 2021/10/26 9:56 p.m.•60 views

Improper Input Validation

Java SE is vulnerable to improper input validation. an attacker can gain access to sensitive information through the JSSE component in the oracle GraalVM enterprise edition...

3.7CVSS3.2AI score0.04104EPSS
Exploits0References16Affected Software7
Veracode
Veracode
•added 2021/08/12 3:39 p.m.•60 views

Privilege Escalation

linux-oracle is vulnerable to privilege escalation. The vulnerability exists due to a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities...

7CVSS2.8AI score0.00431EPSS
Exploits1References16Affected Software6
Veracode
Veracode
•added 2021/08/12 3:38 p.m.•60 views

Privilege Escalation

kernel is vulnerable to Privilege Escalation. An out-of-bounds read and write in kernel/bpf/verifier.c due to incorrect limits enforcement for pointer arithmetic operations can be abused to escalate privileges to root...

7.8CVSS7.8AI score0.00377EPSS
Exploits0References10Affected Software3
Veracode
Veracode
•added 2021/08/12 3:37 p.m.•60 views

Privilege Escalation

linux-kvm is vulnerable to privilege escalation. The vulnerability exists due to the lack of proper validation of user-supplied eBPF programs prior to executing...

7CVSS3.7AI score0.01754EPSS
Exploits1References4Affected Software4
Veracode
Veracode
•added 2021/05/05 1:32 a.m.•60 views

Prototype Pollution

handlebars is vulnerable to Prototype Pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

9.8CVSS9.2AI score0.04506EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2020/10/26 2:41 a.m.•60 views

Privilege Escalation

jetty is vulnerable to privilege escalation. The vulnerability exists on Unix like systems where the system's temporary directory is shared between all users on that system, allowing a user to observe the process of creating a temporary sub-directory in the shared temporary directory, and race to...

7CVSS3.1AI score0.04352EPSS
Exploits1References274Affected Software72
Veracode
Veracode
•added 2020/06/25 9:22 a.m.•60 views

Remote Code Execution

telerik is vulnerable to remote code execution. A .NET JavaScriptSerializer Deserialization vulnerability through RadAsyncUpload allows an attacker to execute malicious code on the server in the context of the w3wp.exe process...

9.8CVSS4.8AI score0.99737EPSS
Exploits16References11Affected Software2
Veracode
Veracode
•added 2020/04/10 12:27 a.m.•60 views

Privilege Escalation

kernel is vulnerable to privilege escalation. The vulnerability exists as the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to...

6.9CVSS2.6AI score0.00406EPSS
Exploits1References47Affected Software1
Veracode
Veracode
•added 2020/04/10 12:24 a.m.•60 views

Spoofing Attack

firefox is vulnerable to spoofing attack. A flaw was found in the way Firefox displayed information about self-signed certificates. It was possible for a self-signed certificate to contain multiple alternate name entries, which were not all displayed to the user, allowing them to mistakenly exten...

4CVSS3AI score0.0124EPSS
Exploits1References65Affected Software6
Veracode
Veracode
•added 2020/02/11 2:42 a.m.•60 views

Remote Code Execution

jackson-databind is vulnerable to remote code execution. The vulnerability exists because it does not restrict the data sources for the org.apache.xbean.propertyeditor.JndiConverter object type, leading to deserialisation of arbitrary data from external untrusted sources which would allow an...

9.8CVSS5.7AI score0.26587EPSS
Exploits5References83Affected Software305
Veracode
Veracode
•added 2019/08/08 12:7 a.m.•60 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists through a use-after-free Read in vhosttransportsendpkt...

7CVSS2.8AI score0.00333EPSS
Exploits0References36Affected Software2
Veracode
Veracode
•added 2019/05/02 6:2 a.m.•60 views

Buffer Overflow

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...

9.8CVSS9AI score0.36974EPSS
Exploits78References17Affected Software3
Veracode
Veracode
•added 2019/05/02 6:2 a.m.•60 views

Stack-Based Buffer Overflow

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...

9.8CVSS9AI score0.36974EPSS
Exploits78References17Affected Software3
Veracode
Veracode
•added 2019/05/02 4:45 a.m.•60 views

Arbitrary File Upload

The httpd packages contain the Apache HTTP Server httpd, which is the namesake project of The Apache Software Foundation. Input sanitization flaws were found in the modnegotiation module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews...

4.3CVSS5.9AI score0.6477EPSS
Exploits4References47Affected Software1
Veracode
Veracode
•added 2019/01/15 9:17 a.m.•60 views

Remote Code Execution (RCE)

log4j is vulnerable to remote code execution RCE. A malicious user can pass a malicious binary to the system that when deserialized, executes arbitrary code. This only affects applications that are using the TCP socket server or the UDP socket server to receive log events from another application...

9.8CVSS9.8AI score0.8904EPSS
Exploits2References123Affected Software85
Veracode
Veracode
•added 2019/01/15 9:17 a.m.•60 views

Arbitrary Code Execution

glibc is vulnerable to arbitrary code execution. A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap or different memory region and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap,...

7.8CVSS7.9AI score0.02733EPSS
Exploits14References22Affected Software1
Total number of security vulnerabilities5000