Lucene search
K
VeracodeMost viewed

38333 matches found

Veracode
Veracode
added 2021/03/30 9:24 p.m.47 views

Unauthorised Data Deletion

webkit2gtk is vulnerable to unauthorised data deletion. A user may be unable to fully delete browsing history. “Clear History and Website Data” did not clear the history in some circumstances...

3.3CVSS1.9AI score0.0036EPSS
Exploits0References9Affected Software17
Veracode
Veracode
added 2021/03/17 1:19 a.m.47 views

Arbitrary Code Execution

chromium is vulnerable to arbitrary code execution. A use-after-free in Blink allows a remote attacker to exploit a heap corruption via a malicious HTML page...

8.8CVSS4.6AI score0.0987EPSS
Exploits1References7Affected Software2
Veracode
Veracode
added 2020/12/10 4:32 p.m.47 views

Denial Of Service (DoS)

openldap is vulnerable to denial of service. An assertion in certificateListValidate function in servers/slapd/schemainit.c allows an attacker to crash the application with malicious input...

7.5CVSS3.7AI score0.02858EPSS
Exploits0References14Affected Software3
Veracode
Veracode
added 2020/12/06 4:39 a.m.47 views

HTTP Request Smuggling

nginx is vulnerable to HTTP request smuggling. A remote attacker is able to smuggle HTTP requests via the ngx.location.capture API...

7.5CVSS1.3AI score0.02599EPSS
Exploits0References6Affected Software3
Veracode
Veracode
added 2020/11/20 9:37 a.m.47 views

Denial Of Service (DoS)

firefox is vulnerable to denial of service DoS. The vulnerability exists when the Compact method was called on an nsTArray, allowing the array to be reallocated without updating other pointers...

8.8CVSS4.2AI score0.0155EPSS
Exploits0References5Affected Software8
Veracode
Veracode
added 2020/11/05 3:9 a.m.47 views

Denial Of Service (DoS)

kernel is vulnerable denial of service DoS. It mishandles invalid descriptors in drivers/media/usb/gspca/xirlinkcit.c...

7.1CVSS3.1AI score0.00487EPSS
Exploits0References15Affected Software2
Veracode
Veracode
added 2020/10/28 10:55 a.m.47 views

Use-after-free

kernel is vulnerable to use-after-free. Unprivileged users are able to create RAW sockets in AFIEEE802154 network protocol...

7.8CVSS4.8AI score0.00617EPSS
Exploits0References16Affected Software2
Veracode
Veracode
added 2020/10/25 12:34 p.m.47 views

Heap Buffer Overflow

FreeType is vulnerable to heap-based buffer overflow due to integer truncation in LoadSBitPng...

9.6CVSS3AI score0.5063EPSS
Exploits2References12Affected Software4
Veracode
Veracode
added 2020/10/19 7:31 a.m.47 views

Remote Code Execution (RCE)

github.com/gogs/gogs is vulnerable to remote code execution RCE. The vulnerability exists through git hooks which are enabled by default...

7.2CVSS2.5AI score0.87528EPSS
Exploits4References2Affected Software1
Veracode
Veracode
added 2020/10/01 3:52 a.m.47 views

Denial Of Service (DoS)

kernel-rt is vulnerable to denial of service. The vulnerability exists because of an incorrect way of handling connection tracking functionality on ipv6 port 1720, allowing an attacker to cause an application crash through the out-of-bounds memory write...

8.1CVSS7.6AI score0.05114EPSS
Exploits1References9Affected Software2
Veracode
Veracode
added 2020/09/21 6:25 a.m.47 views

Arbitrary Code Execution

SQLite is vulnerable to arbitrary code execution. A stack-based buffer overflow and integer overflow in the sqlite3VXPrintf function in printf.c allows an attacker to execute arbitrary code on the host OS due to improperly handling of precision and width values during floating-point conversions...

7.5CVSS6.8AI score0.05531EPSS
Exploits0References16Affected Software2
Veracode
Veracode
added 2020/09/21 6:19 a.m.47 views

Arbitrary Code Execution

gdb is vulnerable to arbitrary code execution. The vulnerability exists through a stack buffer overflow when printing bad bytes in Intel Hex objects...

9.8CVSS3.8AI score0.02284EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2020/09/21 6:18 a.m.47 views

Denial Of Service (DoS)

linux is vulnerable to denial of service DoS. The vulnerability exists in through a malicious USB device in the drivers/usb/class/cdc-acm.c driver...

4.6CVSS2.6AI score0.00426EPSS
Exploits0References6Affected Software3
Veracode
Veracode
added 2020/08/18 3:2 a.m.47 views

Authentication Bypass

shiro-web is vulnerable to authentication bypass. An ArrayIndexOutOfBoundsException in Base64decode causes an invalid session cookie to be parsed as valid...

7.5CVSS4.2AI score0.48019EPSS
Exploits3References33Affected Software2
Veracode
Veracode
added 2020/08/06 9:34 p.m.47 views

Denial Of Service (DoS)

clamav is vulnerable to denial of service DoS. The vulnerability exists through a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device...

7.5CVSS3.7AI score0.03204EPSS
Exploits0References9Affected Software1
Veracode
Veracode
added 2020/06/25 8:57 a.m.47 views

Insecure Direct Object Reference

telerik.web.ui is vulnerable to insecure direct object reference. User input is not validated and used directly by RadAsyncUpload without modification or validation. This can potentially result in arbitrary file uploads and executino of arbitrary code...

9.8CVSS3.9AI score0.75709EPSS
Exploits5References3Affected Software2
Veracode
Veracode
added 2020/06/17 4:31 a.m.47 views

Remote Code Execution

jackson-databind is vulnerable to remote code execution. It was possible to use the org.jsecurity gadget type as a serialization gadget through polymorphic typing and execute arbitrary code on the system...

8.1CVSS4.6AI score0.04511EPSS
Exploits0References9Affected Software245
Veracode
Veracode
added 2020/05/07 1:53 a.m.47 views

Denial Of Service (DoS)

Mozilla Firefox is vulnerable to denial of service attacks. It happens due to memory safety bugs fixed in Firefox...

9.8CVSS2.1AI score0.02259EPSS
Exploits0References9Affected Software7
Veracode
Veracode
added 2020/04/10 1:3 a.m.47 views

Denial Of Service (DoS)

php is vulnerable to denial of service DoS. The vulnerability exists as an insufficient input validation flaw, leading to a buffer over-read, was found in the PHP exif extension. A specially-crafted image file could cause the PHP interpreter to crash when a PHP script tries to extract Exchangeabl...

4.3CVSS1.5AI score0.09862EPSS
Exploits1References53Affected Software1
Veracode
Veracode
added 2020/04/10 12:49 a.m.47 views

Remote Code Execution (RCE)

Perl is vulnerable to Remote Code Execution RCE. The Safe module did not properly restrict the code of implicitly called methods such as DESTROY and AUTOLOAD on implicitly blessed objects returned as a result of unsafe code evaluation. These methods could have been executed unrestricted by Safe...

8.5CVSS2.3AI score0.02797EPSS
Exploits2References23Affected Software1
Veracode
Veracode
added 2020/04/10 12:26 a.m.47 views

Information Disclosure

xen is vulnerable to privilege escalation. A guest operating system could issue a block device request and read or write arbitrary memory locations, which could lead to privilege escalation...

4.7CVSS3.3AI score0.00369EPSS
Exploits0References24Affected Software1
Veracode
Veracode
added 2020/04/10 12:25 a.m.47 views

Arbitrary Code Execution

seamonkey is vulnerable to arbitrary code execution. The vulnerability exists as a web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey...

7.5CVSS4.8AI score0.04802EPSS
Exploits1References53Affected Software7
Veracode
Veracode
added 2020/04/10 12:24 a.m.47 views

Arbitrary Code Execution

xorg-x11-server is vulnerable to arbitrary code execution. The vulnerability exists as two integer overflow flaws were found in the X.Org server's EVI and MIT-SHM modules. A malicious authorized client could exploit these issues to cause a denial of service crash, or potentially execute arbitrary...

9.3CVSS5.9AI score0.02495EPSS
Exploits1References71Affected Software1
Veracode
Veracode
added 2020/02/25 5:38 a.m.47 views

HTTP Request Smuggling

tomcat-coyote is vulnerable to HTTP request smuggling. The vulnerability exists as the HTTP headers are improper parsed in Http11Processor...

4.8CVSS1AI score0.09386EPSS
Exploits0References31Affected Software5
Veracode
Veracode
added 2020/02/20 5:56 a.m.47 views

Remote Code Execution (RCE)

pyyaml is vulnerable to remote code execution RCE attacks. The application uses the unsafe function yaml.load, allowing a malicious user to inject and execute arbitrary code by passing a yaml file. This vulnerability exists due to an incomplete fix for CVE-2017-18342...

9.8CVSS4.6AI score0.06031EPSS
Exploits2References6Affected Software1
Veracode
Veracode
added 2020/01/10 3:2 a.m.47 views

HTTP Request Smuggling

github.com/kubernetes/ingress-nginx is vulnerable to HTTP request smuggling. The library does not use a named location for authSignURL, allowing a malicious user to read unauthorized web pages in environments where NGINX is being fronted by a load balancer...

5.3CVSS0.4AI score0.14961EPSS
Exploits3References12Affected Software1
Veracode
Veracode
added 2019/11/06 12:20 a.m.47 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists through an out-of-bound oob memory read in hsoprobe in drivers/net/usb/hso.c...

4.6CVSS3AI score0.00961EPSS
Exploits0References20Affected Software2
Veracode
Veracode
added 2019/10/24 7:13 a.m.47 views

XML External Entity (XXE)

Apache Poi is vulnerable to XML external entity XXE. During the use of XSSFExportToXml tool to convert user-provided Microsoft Excel documents, it is possible for an attacker to parse a malicious Microsoft Excel document containing a reference to an external entity and perform requests on behalf ...

5.5CVSS3.7AI score0.0099EPSS
Exploits0References19Affected Software1
Veracode
Veracode
added 2019/10/24 12:22 a.m.47 views

Privilege Escalation

Mozilla Firefox is vulnerable to privilege escalation. It allows an unintended access to a privileged JSONView object...

5.4CVSS3.8AI score0.00791EPSS
Exploits0References8Affected Software5
Veracode
Veracode
added 2019/10/16 12:21 a.m.47 views

Denial Of Service (DoS)

The kernel is vulnerable to denial of service. The attack exists because it causes heap-based buffer overflow in the function mwifiexuapparsetailies in drivers/net/wireless/marvell/mwifiex/ie.c, leading to a memory corruption and other consequences...

9.8CVSS9.5AI score0.06821EPSS
Exploits0References31Affected Software2
Veracode
Veracode
added 2019/09/11 12:6 a.m.47 views

Cross Origin Access

firefox is vulnerable to cross-origin access. The vulnerability exists due to not the adhering to the W3C's Navigation-Timing Level 2 which allows an attacker to do potential cross-origin information exposure of history via timing side-channel attacks...

3.7CVSS6.9AI score0.01798EPSS
Exploits1References16Affected Software5
Veracode
Veracode
added 2019/08/20 12:10 a.m.47 views

Buffer Under-read

PHP is vulnerable to buffer under-read. The attack is possible in phpstreamurlwraphttpex in httpfopenwrapper.c when parsing HTTP response, subsequently copying a large string...

9.8CVSS1.4AI score0.87883EPSS
Exploits3References15Affected Software3
Veracode
Veracode
added 2019/08/05 12:16 a.m.47 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. A NULL pointer dereference due to an anomalized NFS message sequence allows an attacker to cause a panic in the system and deny access to the NFS server...

7.5CVSS4.7AI score0.02779EPSS
Exploits0References16Affected Software2
Veracode
Veracode
added 2019/07/29 12:8 a.m.47 views

Authorization Bypass

openjdk is vulnerable to authorization bypass. An input validation flaw was found in the URL class implementation in the Networking component of OpenJDK which allows a remote attacker to perform unauthorized read, update, insert or delete actions...

4.8CVSS4.4AI score0.02296EPSS
Exploits0References16Affected Software6
Veracode
Veracode
added 2019/05/16 3:38 a.m.47 views

Denial Of Service

Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for ...

9.8CVSS7.6AI score0.90647EPSS
Exploits0References37Affected Software10
Veracode
Veracode
added 2019/05/16 2:59 a.m.47 views

Denial Of Service (DoS)

PHP is vulnerable to denial of serviceDoS attacks. An attacker could exploit a flaw in the PHAR archive handler by supplying a malicious archive file which may leads to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the pharparsepharfile function in...

9.1CVSS9AI score0.0471EPSS
Exploits1References12Affected Software1
Veracode
Veracode
added 2019/05/16 2:18 a.m.47 views

Information Disclosure

Oracle Java SE is vulnerable to information disclosure attacks. This is because the JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. A local attacker could possibly use thi...

6.8CVSS6.5AI score0.04532EPSS
Exploits0References22Affected Software4
Veracode
Veracode
added 2019/05/02 6:2 a.m.47 views

Buffer Overflow

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...

9.8CVSS9AI score0.36974EPSS
Exploits78References18Affected Software3
Veracode
Veracode
added 2019/05/02 6:2 a.m.47 views

XML External Entity (XXE)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...

9.8CVSS9AI score0.36974EPSS
Exploits78References16Affected Software3
Veracode
Veracode
added 2019/05/02 5:40 a.m.47 views

Buffer Overflow

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

10CVSS5.7AI score0.06181EPSS
Exploits0References23Affected Software2
Veracode
Veracode
added 2019/05/02 5:39 a.m.47 views

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interprete...

9.8CVSS9.1AI score0.50129EPSS
Exploits18References21Affected Software4
Veracode
Veracode
added 2019/05/02 5:39 a.m.47 views

Cross-Site Scripting (XSS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php54 packages provide a recent stable release of PHP with the PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a number of additional utilities. The php54 packages have been upgraded to...

6.1CVSS9.3AI score0.53166EPSS
Exploits43References20Affected Software6
Veracode
Veracode
added 2019/05/02 5:39 a.m.47 views

Privilege Escalation

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities. The php55 packages have been upgraded to...

7.5CVSS9.2AI score0.53166EPSS
Exploits32References17Affected Software6
Veracode
Veracode
added 2019/05/02 5:39 a.m.47 views

Information Disclosure

IBM Java SE is vulnerable to information disclosure. The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the...

5CVSS4.4AI score0.74006EPSS
Exploits0References105Affected Software4
Veracode
Veracode
added 2019/05/02 5:29 a.m.47 views

Authentication Bypass

openssh is vulnerable to authentication bypass. The OpenSSH client did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X serve...

9.8CVSS8.5AI score0.13736EPSS
Exploits0References19Affected Software1
Veracode
Veracode
added 2019/05/02 5:27 a.m.47 views

Arbitrary Code Execution

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrar...

9.8CVSS9.2AI score0.46801EPSS
Exploits8References8Affected Software1
Veracode
Veracode
added 2019/05/02 5:27 a.m.47 views

Out-Of-Bounds Read

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

9.8CVSS8.2AI score0.31046EPSS
Exploits9References25Affected Software2
Veracode
Veracode
added 2019/05/02 5:18 a.m.47 views

Cross-site Scripting (XSS)

jenkins is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into victim's browser to steal session tokens or perform unwanted actions on behalf of the user...

4.3CVSS7.1AI score0.01769EPSS
Exploits0References31Affected Software58
Veracode
Veracode
added 2019/05/02 5:11 a.m.47 views

Denial Of Service (DoS)

squid is vulnerable to denial of service DoS. The vulnerability exists in the HttpHdrRange.cc where range headers with unidentifiable byte-range values could cause DoS...

5CVSS5.7AI score0.5622EPSS
Exploits0References16Affected Software1
Veracode
Veracode
added 2019/05/02 4:56 a.m.47 views

Authorization Bypass

jenkins is vulnerable to authorization bypass. The vulnerability exists as remotely authenticated users with Job/CONFIGURE permission can bypass intended restrictions to create or destroy arbitrary jobs...

6CVSS9.1AI score0.05406EPSS
Exploits7References28Affected Software37
Total number of security vulnerabilities5000