Lucene search
K
VeracodeMost viewed

38332 matches found

Veracode
Veracode
added 2017/03/17 8:5 a.m.186 views

Denial Of Service (DoS) Through Out Of Bounds Read

OpenSSL is vulnerable to denial of service DoS attacks. The vulnerability exists when a truncated packet causes an out-of-bounds OOB read on an SSL/TLS server/client on a 32-bit host using a specific cipher such as CHACHA20/POLY1305 or RC4-MD5 cipher...

7.5CVSS7.3AI score0.57595EPSS
Exploits1References20Affected Software14
Veracode
Veracode
added 2019/05/16 3:18 a.m.185 views

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of serviceDoS attacks. This is because of the way Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted...

7.5CVSS6.1AI score0.24575EPSS
Exploits1References57Affected Software2
Veracode
Veracode
added 2023/07/26 11:27 a.m.182 views

Stored XSS

Grafana is vulnerable to Stored XSS. The vulnerability is due to not sanitizing the SVG image output displayed on the browser leading to arbitrary JavaScript to be executed in the context of the currently authorized user. The attacker with an editor role can achieve vertical privilege escalation ...

7.3CVSS7AI score0.02179EPSS
Exploits0References8Affected Software1
Veracode
Veracode
added 2019/09/11 7:19 a.m.182 views

Side-Channel Attack

openssl is vulnerable to side channel attacks. The library falls back to non-side channel resistant code paths when an OpenSSL EC group is constructed without a cofactor present, using explicit parameters instead of a named curve. This can result in the recovery of the full key during an ECDSA...

4.7CVSS3.6AI score0.01188EPSS
Exploits0References43Affected Software1
Veracode
Veracode
added 2023/03/15 2:27 a.m.181 views

Sensitive Information Disclosure

webpack is vulnerable to Sensitive Information Disclosure. The vulnerability exists because ImportParserPlugin.js does not restrict cross-realm object access and mishandles the magic comment feature, allowing an attacker who controls a property of an untrusted object to obtain access to the real...

9.8CVSS8.7AI score0.01421EPSS
Exploits0References10Affected Software1
Veracode
Veracode
added 2022/07/21 9:43 a.m.181 views

Use-After-Free

chromium is vulnerable to use-after-free. The vulnerability is possible because of a flaw in the Service Worker API component, which leads to heap use-after-free...

8.8CVSS8.3AI score0.17864EPSS
Exploits0References9Affected Software2
Veracode
Veracode
added 2019/05/02 5:43 a.m.181 views

Unauthenticated Access

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...

7.5CVSS6.4AI score0.10066EPSS
Exploits0References17Affected Software4
Veracode
Veracode
added 2018/08/02 9:30 a.m.180 views

Denial Of Service (DoS)

libcurl.so is vulnerable to denial of service DoS. The vulnerability is due to a flaw in the 'globbing' feature, which causes integer overflow and out-of-bounds read if the input is a malicious one...

9.8CVSS8.8AI score0.04413EPSS
Exploits0References8Affected Software5
Veracode
Veracode
added 2025/04/14 10:49 a.m.179 views

Improper Verification Of Cryptographic Signature

github.com/minio/minio is vulnerable to authorization bypass. The vulnerability is due to improper signature verification due to the ability to use arbitrary secrets to upload objects if the attacker has prior WRITE permissions and access to the access key and bucket name...

8.7CVSS6.5AI score0.02327EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2023/04/06 5:49 a.m.179 views

Regular Expression Denial Of Service (ReDoS)

angular is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability exists due to inefficient regular expression complexity in the angular.copy function. which allows an attacker to crash the application by submitting maliciously crafted input...

5.3CVSS7.2AI score0.01695EPSS
Exploits1References4Affected Software2
Veracode
Veracode
added 2021/06/03 4:29 a.m.178 views

Server-Side Request Forgery (SSRF)

django is vulnerable to server-side request forgery. The vulnerability exists due to the inadequate validation of leading zeroes in IPv4 addresses in the validateipv4address function...

7.5CVSS3AI score0.03058EPSS
Exploits0References10Affected Software5
Veracode
Veracode
added 2024/06/13 11:49 a.m.177 views

Improper Authorization

github.com/hashicorp/vault is vulnerable to Improper Authorization. The vulnerability is due to the JWT auth method improperly validating the audience and role-bound claims, allowing invalid logins to succeed when they should have been rejected...

2.6CVSS6.8AI score0.00343EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2020/08/06 9:29 p.m.177 views

Denial Of Service (DoS)

python3 is vulnerable to denial of service. An attacker is able to craft a TAR archive that results in an infinite loop when parsed in tarfile.open due to a lack of header validation in procpax...

7.5CVSS3.6AI score0.06304EPSS
Exploits0References41Affected Software13
Veracode
Veracode
added 2017/04/27 9:1 a.m.177 views

Information Disclosure

github.com/openshift/origin is vulnerable to information disclosure. The vulnerability is possible because kubernetes watch cache does not return the correct data in a multi tenant environment, revealing the data of a user to another user...

6.8CVSS5.9AI score0.02464EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2019/01/15 8:51 a.m.176 views

Arbitrary Code Execution

php-cgi is susceptible to arbitrary code execution. An attacker can inject arbitrary script because it does not properly handle the query strings without an = equals sign character, leading to malicious code execution with the privileges of the PHP interpreter...

9.8CVSS7.2AI score0.99998EPSS
Exploits42References31Affected Software2
Veracode
Veracode
added 2019/05/16 3:18 a.m.175 views

Denial Of Service (DoS)

Python is vulnerable to denial of serviceDoS attacks. This is because the implementation of catastrophic backtracking. A remote authenticated user could trigger a denial of service condition via backtracking in 'difflib.ISLINEJUNK' method in difflib which may leads to a application crash...

7.5CVSS7.7AI score0.04979EPSS
Exploits0References29Affected Software6
Veracode
Veracode
added 2017/01/26 9:1 a.m.175 views

Arbitrary Code Execution Or Denial Of Service (DoS)

OpenSSL is vulnerable to arbitrary code execution or denial of service attacks. Due to a flaw, an attacker can use a certificate which leads to a crash or execution of arbitrary code upon verification or re-encoding of certificate by OpenSSL...

10CVSS9.6AI score0.77906EPSS
Exploits1References61Affected Software2
Veracode
Veracode
added 2021/10/08 9:8 p.m.173 views

Path Traversal

Apache HTTP Server is vulnerable to path traversal attacks. An attacker could use a path traversal attack to map URLs to the files outside of the document root are not protected by the “require all denied” directive in the Apache configuration file...

9.8CVSS2.3AI score0.99964EPSS
Exploits62References36Affected Software1
Veracode
Veracode
added 2025/11/20 8:39 a.m.171 views

Denial-of-service (DoS)

github.com/argoproj/argo-cd is vulnerable to a Denial-of-service DoS. The vulnerability is due to improper handling of malformed Bitbucket Server webhook payloads—specifically a non-array repository.links.clone field—which allows an attacker to send a single unauthenticated malicious request that...

7.5CVSS7.1AI score0.00549EPSS
Exploits1References5Affected Software3
Veracode
Veracode
added 2022/07/18 4:33 a.m.171 views

Path Traversal

aws-java-sdk-s3 is vulnerable to path traversal. The vulnerability exists due to the insufficient guard logic used for the download directory in the leavesRoot function of TransferManager.java, allowing an attacker to access files from the S3 bucket that is one level up in the file system by...

7.9CVSS6.5AI score0.01193EPSS
Exploits1References2Affected Software2
Veracode
Veracode
added 2021/10/05 12:6 p.m.171 views

Remote Code Execution (RCE)

Redis is vulnerable to remote code execution. The vulnerability exists due to heap-based Lua stack to be overflowed. An attacker is able to crash the system by sending a maliciously crafted script to the system...

8.8CVSS4AI score0.15126EPSS
Exploits0References19Affected Software2
Veracode
Veracode
added 2017/07/23 10:40 p.m.171 views

Denial Of Service (DoS) Through Memory Leak

ImageMagick is vulnerable to denial of service DoS attacks. Leveraging a flaw in the ReadDIBImage function, attackers can pass a dib file to the application to cause memory leaks...

6.5CVSS6.7AI score0.01876EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2022/10/03 5:46 p.m.170 views

Remote Code Execution (RCE)

Joplin is vulnerable to remote code execution. The vulnerability is due to the application not validating the schema or protocol of existing links. An attacker can upload a malicious markdown file with links, which will be opened by shell.openExternal when a user opens the markdown file, resultin...

7.8CVSS7.9AI score0.00494EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2023/08/06 11:40 p.m.169 views

Same-Origin Policy Bypass

chromium is vulnerable to Same-Origin Policy Bypass. The vulnerability exists due to the insufficient policy enforcement in Intents of the library, allowing an attacker to bypass same origin policy via a maliciously crafted HTML page...

6.5CVSS6.6AI score0.00459EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2022/03/16 9:55 a.m.169 views

Denial Of Service (DoS)

libressl is vulnerable to denial of service. The vulnerability exists due to a bug in the BNmodsqrt function which goes into an infinite loop which then causes an application crash...

7.5CVSS2.4AI score0.70561EPSS
Exploits2References43Affected Software23
Veracode
Veracode
added 2023/10/29 1:25 p.m.165 views

Privilege Escalation

open-vm-tools is vulnerable to Privilege Escalation. The vulnerability is a file descriptor hijack within the vmware-user-suid-wrapper allowing a malicious attacker to simulate user inputs...

7.4CVSS7AI score0.00402EPSS
Exploits0References12Affected Software1
Veracode
Veracode
added 2022/01/11 12:30 p.m.165 views

Open Redirect

rails is vulnerable to open redirect. A remote attacker is able to redirect users to a malicious websites via a crafted X-Forwarded-Host header in combination with a certain "allowed host" format in host authorization middleware...

6.1CVSS5.1AI score0.04182EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2019/01/15 9:9 a.m.165 views

Directory Traversal

Tomcat is vulnerable to directory traversal. The methods getResource, getResourceAsStream, and getResourcePaths in ServletContext do not correctly validate that the paths given to them do not contain "/..". However the impact of the directory traversal is limited as "/../" is rejected. This allow...

4.3CVSS6.5AI score0.12555EPSS
Exploits0References50Affected Software82
Veracode
Veracode
added 2020/08/06 9:28 p.m.164 views

Arbitrary Code Execution

ppp is vulnerable to arbitrary code execution. eap.c has an rhostname buffer overflow in the eaprequest and eapresponse functions, allowing an attacker to execute arbitrary code on the host OS via the vulnerability...

9.8CVSS4.7AI score0.19431EPSS
Exploits3References24Affected Software4
Veracode
Veracode
added 2020/05/10 11:22 p.m.164 views

Access Control Bypass

rsync is vulnerable to access control bypass. A remote attacker is able to bypass access restrictions as the daemon does not check for fnamecmp filenames in the daemonfilterlist data structure in recvfiles function in receiver.c. The sanitizepaths protection mechanism is also not applied to...

9.8CVSS5.8AI score0.03362EPSS
Exploits0References7Affected Software1
Veracode
Veracode
added 2018/05/31 4:53 a.m.163 views

Cross-site Scripting (XSS)

bootstrap is vulnerable to Cross-site Scripting XSS. The library does not properly sanitize the parent variable in collapse.js, allowing a malicious user to inject and execute arbitrary Javascript...

6.1CVSS6.7AI score0.04135EPSS
Exploits1References26Affected Software6
Veracode
Veracode
added 2021/08/12 11:13 p.m.162 views

Remote Code Execution (RCE)

Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing input validation of host names returned by Domain Name Servers in the Node.js DNS library which can lead to output of wrong hostnames leading to Domain Hijacking and injection vulnerabilities in applications...

5.3CVSS4AI score0.1473EPSS
Exploits1References10Affected Software3
Veracode
Veracode
added 2021/10/05 3:6 a.m.160 views

Privilege Escalation

github.com/moby/moby is vulnerable to privilege escalation. The vulnerability exists due to insecure permission which allows an attacker to traverse directory contents and execute programs...

6.3CVSS6.1AI score0.02693EPSS
Exploits3References7Affected Software6
Veracode
Veracode
added 2020/10/04 4:48 a.m.160 views

Directory Traversal

ruby is vulnerable to directory traversal. It mishandles path checking within File.fnmatch functions...

6.5CVSS3.5AI score0.03289EPSS
Exploits0References9Affected Software3
Veracode
Veracode
added 2023/03/02 7:11 p.m.159 views

Cross-site Scripting (XSS)

org.keycloak:keycloak-services is vulnerable to Cross-site Scripting XSS attacks. A remote attacker is able to insert an arbitrary URI into an error page via the oob OAuth endpoint due to incorrect null-byte handling...

8.1CVSS2.6AI score0.01149EPSS
Exploits0References9Affected Software2
Veracode
Veracode
added 2022/04/30 4:24 p.m.157 views

Time-of-check To Time-of-use (TOCTOU)

networkd-dispatcher is vulnerable to time-of-check-time-of-use. The vulnerability exists in the vulnerable systemd unit which allows an attacker to replace scripts that elieves to be owned by root user...

4.7CVSS3.2AI score0.06406EPSS
Exploits2References2Affected Software3
Veracode
Veracode
added 2021/09/01 2:4 a.m.156 views

Remote Code Execution (RCE)

tar is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization on the path of the entries when extracting tar files which allows an attacker to execute remote codes...

8.6CVSS6.9AI score0.01263EPSS
Exploits0References5Affected Software2
Veracode
Veracode
added 2019/08/08 12:7 a.m.156 views

Denial Of Service (Dos)

python is vulnerable to denial of service. A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enabl...

7.5CVSS4.2AI score0.20743EPSS
Exploits1References14Affected Software5
Veracode
Veracode
added 2026/01/14 9:15 a.m.154 views

Cross-site Scripting (XSS)

React Router is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of untrusted input in the meta / APIs during server-side rendering, which allows an attacker to inject malicious script content into generated script:ld+json tags and execute arbitrary JavaScript...

7.6CVSS6.8AI score0.00448EPSS
Exploits0References10Affected Software2
Veracode
Veracode
added 2019/11/07 4:56 a.m.154 views

Authentication Bypass

cxf-rt-rs-security-oauth2 is vulnerable to authentication bypass. The vulnerability exists as the access token services does not validate that the authenticated principal is equal to that of the supplied clientId parameter in the request. An attacker with a an authorization code that is issued to...

9.8CVSS4AI score0.13836EPSS
Exploits0References26Affected Software1
Veracode
Veracode
added 2019/12/10 6:8 a.m.153 views

Integer Overflow

OpenSSL is vulnerable to integer overflows. It exists due to a mishandling of overflow in rsaz512sqr for the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli...

5.3CVSS3.9AI score0.14298EPSS
Exploits0References32Affected Software14
Veracode
Veracode
added 2024/02/26 5:35 a.m.152 views

Server Side Request Forgery (SSRF)

org.springframework:spring-web is vulnerable to Open Redirect. The vulnerability is due to insufficient validation checks of the host URL within UriComponentsBuilder.java. If an application utilizes the host validation checks, an attacker can perform an open redirect or Server-Side Request Forger...

8.1CVSS6.7AI score0.03967EPSS
Exploits1References7Affected Software1
Veracode
Veracode
added 2023/11/13 7:20 a.m.152 views

Privilege Escalation

froxlor/froxlor is vulnerable to Privilege Escalation. The vulnerability is caused by improper handling of symbolic links. An attacker could write arbitrary data to the home directory and escalate privileges...

9.9CVSS7.4AI score0.00836EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2022/07/22 7:16 p.m.151 views

Privilege Escalation

openjdk is vulnerable to privilege escalation. The vulnerability exists due to a network access via multiple protocols to compromise which allows an attacker to upgrade their privilege and to gain elevated access to resources that are normally protected from an application or user...

5.3CVSS6.9AI score0.0296EPSS
Exploits0References14Affected Software8
Veracode
Veracode
added 2022/05/13 4:14 a.m.151 views

Denial Of Service (DoS)

org.apache.tomcat:tomcat is vulnerable to denial of service attacks. A malicious user is able to cause denial of service conditions, when running over an untrusted network because EncryptInterceptor does not provide protection against DoS attacks...

7.5CVSS2.8AI score0.71653EPSS
Exploits5References13Affected Software2
Veracode
Veracode
added 2023/04/06 7:39 a.m.149 views

Regular Expression Denial Of Service (ReDoS)

angular is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability exists due to inefficient regular expression complexity in the resource service which allows an attacker to crash the application by submitting maliciously crafted input...

5.3CVSS7.1AI score0.01695EPSS
Exploits1References4Affected Software2
Veracode
Veracode
added 2019/01/15 9:13 a.m.149 views

Arbitrary Code Execution

mariadb-galera is vulnerable to arbitrary code execution attacks. The vulnerability exists as Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before...

9.8CVSS9.1AI score0.6773EPSS
Exploits16References32Affected Software12
Veracode
Veracode
added 2023/01/05 7:22 a.m.148 views

Prototype Pollution

json5 is vulnerable to prototype pollution. The vulnerability exists in the internalize function in parse.js due to not restricting keys named proto which allows an attacker to inject specially crafted strings to pollute the prototype of the resulting object...

8.8CVSS8.6AI score0.09304EPSS
Exploits1References9Affected Software7
Veracode
Veracode
added 2022/03/17 8:4 a.m.148 views

Remote Code Execution (RCE)

ckeditor4 is vulnerable to remote code execution. The vulnerability exists due to lack of sanitization malformed HTML allowing an attacker to inject maliciously crafted script...

5.4CVSS2.3AI score0.01162EPSS
Exploits0References9Affected Software2
Veracode
Veracode
added 2021/12/07 12:10 p.m.148 views

Integer Overflow

github.com/opencontainers/runc is vulnerable to integer overflows. The vulnerability exists in containerlinux.go due to insecure handling of null bytes in mount sources which allows an attacker to bypass the namespace restrictions of the container by adding their ownNetlink payload which disables...

6CVSS3.2AI score0.01663EPSS
Exploits1References7Affected Software2
Total number of security vulnerabilities5000