Lucene search
K
VeracodeMost viewed

38354 matches found

Veracode
Veracode
•added 2021/12/21 8:11 a.m.•55 views

Denial Of Service (DoS)

apache2 is vulnerable to denial of service. An attacker is able to crash the system by sending a maliciously crafted URI sent to httpd configured as a forward proxy ProxyRequests on...

8.2CVSS1.3AI score0.82295EPSS
Exploits0References28Affected Software20
Veracode
Veracode
•added 2021/12/12 11:36 p.m.•55 views

Side-channel Attack

kernel is vulnerable to side-channel attack. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory...

5.5CVSS2.5AI score0.01071EPSS
Exploits0References21Affected Software2
Veracode
Veracode
•added 2021/12/02 10:1 a.m.•55 views

Authorization Bypass

elgg/elgg is vulnerablbe to authorization bypass. The vulnerability exists through the user-controlled key, userguid allowing unauthorized access to remote attackers...

5.9CVSS6.5AI score0.00779EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2021/11/17 10:37 p.m.•55 views

Packet Injection

kernel is vulnerable to packet injection. The vulnerability exists due to the lack of sanitization of the authenticity of the Message Integrity Check allowing an attacker to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol...

6.5CVSS3.5AI score0.03072EPSS
Exploits0References11Affected Software2
Veracode
Veracode
•added 2021/09/09 4:22 p.m.•55 views

Denial Of Service (DoS)

Kernel is vulnerable to denial of service. The vulnerability exists due to an Out-of-bounds Write Due To A Heap Buffer Overflow In hidinputchangeresolutionmultipliers Of Hid-input.c...

7.8CVSS2.7AI score0.00282EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2021/06/06 10:35 a.m.•55 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. A race condition getoldroot in fs/btrfs/ctree.c allows attackers to cause a denial of service due to the lack of locking on an extent buffer before a cloning operation...

4.7CVSS4.9AI score0.00267EPSS
Exploits0References11Affected Software3
Veracode
Veracode
•added 2021/05/20 3:27 p.m.•55 views

Denial Of Service (DoS)

unbound is vulnerable to denial of service. The vulnerability exists due to an integer overflow in regionalalloc function may lead to a buffer overflow of the allocated buffer if the size can be controlled by an attacker and can be big enough...

9.8CVSS3.9AI score0.02179EPSS
Exploits0References7Affected Software3
Veracode
Veracode
•added 2021/04/17 12:37 a.m.•55 views

Privilege Escalation

kernel is vulnerable to privilege escalation. A use-after-free in doepollctl and eploopcheckproc of eventpoll.c allows an attacker to obtain additional execution privileges...

7.8CVSS4.8AI score0.00268EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2021/03/30 9:40 p.m.•55 views

Sandbox Escape

webkitgtk is vulnerable to sandbox escape. Maliciously crafted web content may violate iframe sandboxing policy...

6.5CVSS1.9AI score0.01408EPSS
Exploits0References7Affected Software17
Veracode
Veracode
•added 2021/03/03 6:5 a.m.•55 views

Remote Code Execution

tomcat-catalina is vulnerable to remote code execution. If a remote attacker knows and is able to control the contents and name of a file, remote code execution can be achieved if the server is configured to use PersistenceManager with a FileStore and the PersistenceManager is configured with the...

7CVSS5.4AI score0.56636EPSS
Exploits15References30Affected Software2
Veracode
Veracode
•added 2020/11/05 3:10 a.m.•55 views

Integer Overflow

Linux kernel is vulnerable to Integer Overflow. A child process could send arbitrary signals to a privileged suidroot parent process which interferes with donotifyparent protection mechanism...

5.3CVSS4.9AI score0.00706EPSS
Exploits1References14Affected Software2
Veracode
Veracode
•added 2020/10/19 7:10 a.m.•55 views

Remote Code Execution (RCE)

github.com/go-gitea/gitea is vulnerable to remote code execution RCE. The vulnerability exists through git hooks which are enabled by default...

7.2CVSS2.5AI score0.93691EPSS
Exploits14References10Affected Software1
Veracode
Veracode
•added 2020/08/11 3:25 a.m.•55 views

Unauthorized Read

Openjdk 7 is vulnerable to unauthorised read. It is difficult to exploit vulnerability but it allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker...

3.1CVSS3.3AI score0.02708EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2020/08/06 9:34 p.m.•55 views

Denial Of Service (DoS)

mariadb is vulnerable to denial of service. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatabl...

5.9CVSS3.3AI score0.03485EPSS
Exploits0References7Affected Software7
Veracode
Veracode
•added 2020/07/30 2:2 a.m.•55 views

Arbitrary Code Execution

kernel is vulnerable to arbitrary code execution. The vulnerability exists through a use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver...

6.8CVSS4.5AI score0.00448EPSS
Exploits0References10Affected Software3
Veracode
Veracode
•added 2020/04/10 1:10 a.m.•55 views

Unauthorized Reverse Proxy Connection

The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9...

5CVSS2AI score0.90734EPSS
Exploits14References50Affected Software1
Veracode
Veracode
•added 2020/04/10 12:56 a.m.•55 views

Insecure TLS Configuration

openssl uses an insecure TLS configuration. A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to change the ciphersuite associated with a cached session stored on the server, if the server enabled the...

4.3CVSS3.2AI score0.09497EPSS
Exploits0References52Affected Software1
Veracode
Veracode
•added 2020/04/10 12:32 a.m.•55 views

Stack-based Buffer Overflow

The Network Time Protocol NTP is vulnerable to Stack-based Buffer Overflow. A buffer overflow flaw was found in the ntpq diagnostic command. A malicious, remote server could send a specially-crafted reply to an ntpq request that could crash ntpq or, potentially, execute arbitrary code with the...

6.8CVSS4.5AI score0.13228EPSS
Exploits1References49Affected Software1
Veracode
Veracode
•added 2020/04/03 12:40 a.m.•55 views

Denial Of Service (DoS)

The kernel is vulnerable to denial of service in arch/powerpc/kernel/signal32.c and arch/powerpc/kernel/signal64.c via sigreturn system call...

5.5CVSS3AI score0.00589EPSS
Exploits0References34Affected Software1
Veracode
Veracode
•added 2020/03/23 3:14 a.m.•55 views

Denial Of Service (DoS)

The JSON gem is vulnerable to denial of service. An attacker is able to create arbitrary objects in the target system using malicious JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects. This can potentially result in a denial of service condition. This...

7.5CVSS4.4AI score0.13911EPSS
Exploits0References32Affected Software6
Veracode
Veracode
•added 2019/10/02 2:25 a.m.•55 views

Remote Code Execution (RCE)

jackson-databind is vulnerable to remote code execution RCE. The vulnerability exists as it does not stop classes from the p6spy package from being used as deserialization gadgets...

9.8CVSS3.8AI score0.04861EPSS
Exploits0References38Affected Software3
Veracode
Veracode
•added 2019/05/02 5:19 a.m.•55 views

Authentication Bypass

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws t...

10CVSS7.6AI score0.09991EPSS
Exploits0References37Affected Software5
Veracode
Veracode
•added 2019/05/02 5:8 a.m.•55 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists in sound/core/control.c as it does not ensure possession of a read/write lock...

4.6CVSS5.6AI score0.00498EPSS
Exploits0References17Affected Software2
Veracode
Veracode
•added 2019/05/02 4:46 a.m.•55 views

Privilege Escalation

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

5.9CVSS7AI score0.15561EPSS
Exploits7References36Affected Software63
Veracode
Veracode
•added 2019/05/02 4:45 a.m.•55 views

Use-after-free

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

8.8CVSS8.2AI score0.69021EPSS
Exploits9References19Affected Software3
Veracode
Veracode
•added 2019/01/15 8:53 a.m.•55 views

Remote Code Execution (RCE)

php is vulnerable to remote code execution RCE attacks. The vulnerability exists as the asn1timetotimet function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse 1 notBefore and 2 notAfter timestamps in X.509 certificates, which...

7.5CVSS9.7AI score0.35635EPSS
Exploits8References23Affected Software2
Veracode
Veracode
•added 2017/02/07 12:45 a.m.•55 views

Denial Of Service (DoS) Through Memory Consumption

OpenSSL is vulnerable to denial of service DoS attacks. These attacks are possible because there is a memory leak in d1srtp.c which allows remote attackers to consume all the memory through a handshake message...

7.1CVSS4.3AI score0.37072EPSS
Exploits0References44Affected Software1
Veracode
Veracode
•added 2026/05/16 5:19 a.m.•54 views

Server-Side Request Forgery (SSRF)

n8n-mcp is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of webhook trigger tools, the n8n API client N8NAPIURL, and per-request URLs supplied through the x-n8n-url header in multi-tenant HTTP mode, which allows an authenticated attacker to send...

9.1CVSS5.8AI score0.00235EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2023/09/15 7:7 a.m.•54 views

Remote Code Execution

.NET is vulnerable to Remote Code Execution RCE. The vulnerability exists in Microsoft.DiaSymReader.Native.amd64.dll when reading a corrupted PDB file which may lead to RCE...

7.8CVSS7.4AI score0.01441EPSS
Exploits0References2Affected Software7
Veracode
Veracode
•added 2023/08/23 7:16 a.m.•54 views

Remote Code Execution (RCE)

craftcms/cms is vulnerable to Remote Code Execution. The vulnerability is due to a lack of file protocol removal in FileHelper.php which allows an attacker to upload and execute malicious PHP code into the system...

7.2CVSS7.7AI score0.01909EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2023/06/19 8:1 a.m.•54 views

Information Disclosure

umbracocms.identityextensions is vulnerable to Information Disclosure. A remote unauthenticated attacker is able to gain access to unauthorized endpoints because access tokens directly returns in the URL fragments, resulting in disclosure of sensitive information...

5.3CVSS7.2AI score0.00625EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2023/06/15 11:50 a.m.•54 views

Information Disclosure

com.google.guava, guava is vulnerable to Information Disclosure. The vulnerability exits due to incorrect default file permissions in FileBackedOutputStream, which allow an attacker to access the temporary directory...

7.1CVSS6.8AI score0.00248EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2023/06/07 10:17 a.m.•54 views

Improper Certificate Validation

libcurl.so is vulnerable to Improper Certificate Validation. In place of a library's built-in name matching function, Curl may utilize its own name matching function for TLS. IDN hosts could be mismatched by this private wildcard matching function since they are rendered in a weak form before...

5.9CVSS6.7AI score0.0181EPSS
Exploits1References16Affected Software1
Veracode
Veracode
•added 2023/05/08 7:11 a.m.•54 views

Weak Encryption

TrustWalletCore contains Weak Encryption implementations. The vulnerability exists in mt19937 seed generation which has only 32 bits of entropy resulting in only 4 billion mnemonics which allows an attacker to brute force the private key...

5.9CVSS5.8AI score0.00983EPSS
Exploits2References9Affected Software2
Veracode
Veracode
•added 2023/04/05 9:5 p.m.•54 views

Integer Overflow

linux is vulnerable to Integer Overflows. A local authenticated attacker is able to cause integer overflows in rndisqueryoid of drivers/net/wireless/rndiswlan.c...

7.8CVSS7.3AI score0.00302EPSS
Exploits0References7Affected Software2
Veracode
Veracode
•added 2023/02/18 7:44 p.m.•54 views

Information Disclosure

sequelize is vulnerable to Information Disclosure. A remote unauthenticated attacker is able to inject malicious queries due to improper input filtering, resulting in the disclosure of sensitive information...

7.5CVSS7.5AI score0.00582EPSS
Exploits2References6Affected Software2
Veracode
Veracode
•added 2023/01/21 12:15 p.m.•54 views

HTTP Response Splitting

apache2 is vulnerable to HTTP Response Splitting. A malicious backend may cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client...

5.3CVSS7AI score0.57941EPSS
Exploits0References7Affected Software6
Veracode
Veracode
•added 2022/11/03 5:17 a.m.•54 views

Arbitrary Code Execution

fluentd is vulnerable to remote code execution. The vulnerability exists in due to ojoptions.rb, where a non-default configuration allows unauthenticated attackers to execute arbitrary codes via specially crafted JSON payloads...

9.8CVSS9.6AI score0.44708EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2022/10/20 10:38 a.m.•54 views

Denial Of Service (DoS)

nginx is vulnerable to denial of service. The module ngxhttpmp4module allows a local attacker to cause a worker process to crash, trigger a memory disclosure by using a specially crafted audio or video file...

7.1CVSS6.7AI score0.01069EPSS
Exploits2References12Affected Software3
Veracode
Veracode
•added 2022/09/27 3:49 a.m.•54 views

Authentication Bypass

python-jwt is vulnerable to authentication bypass. An attacker can spoof the other user's identities and hijack their sessions by obtaining the JWT token and arbitrarily forging its contents without knowing the secret key through the verifyjwt function of init.py...

9.1CVSS8.9AI score0.0366EPSS
Exploits2References4Affected Software1
Veracode
Veracode
•added 2022/08/30 6:38 a.m.•54 views

Remote Code Execution

font-converter is vulnerable to remote code execution. The vulnerability exists due to the missing sanitizations of user input passed to the exec function, which allows remote attackers to inject and execute malicious code...

9.8CVSS9.6AI score0.02991EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2022/07/05 12:43 a.m.•54 views

Denial Of Service

kernel is vulnerable to denial of service. The vulnerability exists due to a race condition in perfeventopen which allows an attacker to gain root privileges and execute arbitrary codes and crash the system...

7CVSS7.8AI score0.0031EPSS
Exploits0References6Affected Software4
Veracode
Veracode
•added 2022/06/27 7:20 a.m.•54 views

SQL Injection

prestashop/blockwishlist is vulnerable to SQL injection. The vulnerability exists in getProductsOrCount function in WishListProductSearchProvider.php because order by and order way statements are not properly validated which allows an attacker to inject SQL queries...

8.8CVSS8.9AI score0.24146EPSS
Exploits6References5Affected Software1
Veracode
Veracode
•added 2022/06/02 8:55 p.m.•54 views

Denial Of Service (DoS)

.NET and Visual Studio are vulnerable to Denial Of Service DoS. The vulnerability exists due to a flaw in dotnet allowing an attacker to crash the system by sending MyCookie=chunks-2147483647 without the actual cookie chunks, causing large allocations, exceptions, and excess CPU utilization on th...

7.5CVSS7.3AI score0.04913EPSS
Exploits0References13Affected Software4
Veracode
Veracode
•added 2022/03/19 9:1 a.m.•54 views

Integer Overflow

MariaDB before 10.6.5 has a sqllex.cc integer overflow, leading to an application crash...

5.5CVSS4AI score0.00425EPSS
Exploits1References11Affected Software5
Veracode
Veracode
•added 2022/03/10 4:20 a.m.•54 views

Information Disclosure

firefox is vulnerable to information disclosure. The vulnerability exists due to a browser stores files in the /tmp folder, which is accessible by all local users...

6.5CVSS2.5AI score0.0068EPSS
Exploits1References5Affected Software6
Veracode
Veracode
•added 2022/02/22 5:15 p.m.•54 views

Buffer Overflow

The BPF subsystem in the Linux kernel is vulnerable to buffer overflow. The vulnerability exists in kernel/bpf/core.c and kernel/bpf/core.c because of mishandling situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF...

7.8CVSS3.3AI score0.00505EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2021/11/28 12:40 a.m.•54 views

Information Disclosure

kernel is vulnerable to information disclosure. The vulnerability exists in the transparent inter-process communication functionality in net/tipc/crypto.c, allowing an attacker to exploit insufficient validation of user-supplied sizes for the MSGCRYPTO message type...

9.8CVSS3.2AI score0.57853EPSS
Exploits2References11Affected Software3
Veracode
Veracode
•added 2021/11/17 10:37 p.m.•54 views

Packet Injection

kernel is vulnerable to packet injection. The vulnerability exists due to a flaw in Linux kernel's WiFi implementation which allows an attacker within the wireless range to abuse a logic flaw in the WiFi implementation by reassembling packets from multiple fragments under different keys, treating...

2.6CVSS6.4AI score0.02592EPSS
Exploits2References14Affected Software2
Veracode
Veracode
•added 2021/11/15 4:42 a.m.•54 views

Prototype Pollution

json-schema is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the checkObj function in validate.js and modify attributes such as proto. and constructor...

9.8CVSS4.5AI score0.03563EPSS
Exploits1References5Affected Software5
Total number of security vulnerabilities5000