Lucene search
K
VeracodeMost viewed

38355 matches found

Veracode
Veracode
added 2022/06/23 10:13 p.m.41 views

Use After Free

kernel is vulnerable to use after free. The vulnerability exists due to a memory corruption in the hsofreenetdevice function of drivers/net/usb/hso.c which allows an attacker to escalate their privileges on the system...

6.4CVSS7AI score0.00391EPSS
Exploits0References12Affected Software2
Veracode
Veracode
added 2022/06/22 7:29 a.m.41 views

Denial Of Service (DoS)

MariaDB is vulnerable to denial of service. The vulnerability exists due to a deadlock indsxbstream.cc, crashing the system when an error occurs streamctxt-destfile == NULL while executing the method xbstreamopen...

5.5CVSS5.5AI score0.00213EPSS
Exploits0References8Affected Software5
Veracode
Veracode
added 2022/06/02 8:55 p.m.41 views

Denial Of Service (DoS)

.NET and Visual Studio are vulnerable to denial of service. The vulnerability exists due to a flaw in dotnet allowing an attacker to crash the system by applying MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient...

7.5CVSS7.2AI score0.05041EPSS
Exploits0References12Affected Software2
Veracode
Veracode
added 2022/06/01 3:40 p.m.41 views

Path Traversal

firefox is vulnerable to Path Traversal. A remote attacker is able to use the % character in filenames to store the data outside of the intended directory using windows environment variables, such as %HOMEPATH% or %APPDATA%...

8.8CVSS8.8AI score0.00662EPSS
Exploits0References7Affected Software3
Veracode
Veracode
added 2022/05/27 2:24 p.m.42 views

Improper Access Control

github.com/awake1t/linglong is vulnerable to access control bypass. The vulnerability exists in the jwt.go due to the hard coded jwt token which allows an attacker to craft a malicious cookie and gain access to the system...

9.8CVSS8.9AI score0.01063EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2022/05/24 6:45 a.m.41 views

Cross-Site Request Forgery (CSRF)

XXL Job Core is vulnerable to cross-site request forgery. The vulnerability exists in xxl-job-admin component due to less restrictions of user permissions which allows an attacker to perform unauthorized actions...

8.8CVSS8.1AI score0.00446EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2022/05/20 4:1 a.m.41 views

Integer Overflow

org.springframework.security:spring-security-crypto is vulnerable to integer overflows. The encoder does not perform any salt rounds when the BCrypt class is used with the maximum work factor31, allowing a local authenticated attacker to cause an integer overflow error resulting in the attacker...

5.3CVSS7.1AI score0.02139EPSS
Exploits0References5Affected Software2
Veracode
Veracode
added 2022/05/19 6:45 a.m.41 views

Information Disclosure

moodle is vulnerable to information disclosure. The vulnerability exists due to the $hiddenfields not properly set in user/profile.php and in user/view.php allowing the description user field to be seen even when it is set to hidden...

5.3CVSS6.9AI score0.01213EPSS
Exploits0References9Affected Software1
Veracode
Veracode
added 2022/05/13 8:43 a.m.41 views

Denial Of Service (DoS)

openssl3 is vulnerable to denial of service. The vulnerability exists because the OPENSSLLHflush function reuses the memory occupied by the removed hash table entries, allowing an attacker to cause an application crash...

7.5CVSS8.2AI score0.02386EPSS
Exploits0References8Affected Software3
Veracode
Veracode
added 2022/05/13 7:20 a.m.41 views

Denial Of Service (DoS)

spring-messaging is vulnerable to denial of service. The vulnerability exists because the handleMessageInternal function of SimpleBrokerMessageHandler.java does not properly handle to ignore the invalid STOMP frames, allowing an attacker to cause an application crash through the WebSocket endpoin...

6.5CVSS2.6AI score0.02931EPSS
Exploits0References8Affected Software2
Veracode
Veracode
added 2022/05/05 2:55 a.m.41 views

Denial Of Service (DoS)

libxml2.so is vulnerable to denial of service. The xmlBufCreateSize function of buf.c does not properly check types of buffer sizes, allowing an attacker to crash the application by providing large multi-gigabyte buffers...

6.5CVSS4.5AI score0.0363EPSS
Exploits5References20Affected Software3
Veracode
Veracode
added 2022/04/26 7:3 a.m.41 views

Cross-Site Scripting (XSS)

Liferay Layout SEO Web is vulnerable to stored cross-site scripting. The vulnerability exists in getOpenGraphTag function in OpenGraphTopHeadDynamicInclude.java due to lack of html escaping which allows an attacker to inject and execute arbitrary javascript...

6.1CVSS1.4AI score0.00674EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2022/04/21 12:42 a.m.41 views

Remote Code Execution (RCE)

jenkins-2-plugins is vulnerable to remote code execution. The vulnerability exists due to a sandbox bypass allowing attackers to execute arbitrary code on the system...

8.8CVSS7.5AI score0.01541EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2022/04/10 12:42 a.m.41 views

Buffer Overflow

glibc is vulnerable to buffer overflow. The vulnerability exists due to a memory corruption when the size of the buffer is exactly 1 which allows an attacker to control the input buffer and size passed to getcwd in a setuid program...

7.8CVSS3.9AI score0.0072EPSS
Exploits1References11Affected Software2
Veracode
Veracode
added 2022/04/05 11:15 a.m.41 views

HTTP Request Smuggling (HRS)

twisted is vulnerable to http request smuggling. The vulnerability exists in twisted.web due to inconsistent interpretation of http requests which allows a remote attacker to conduct HTTP request smuggling attacks via a crafted request...

8.1CVSS4.5AI score0.028EPSS
Exploits0References9Affected Software4
Veracode
Veracode
added 2022/03/22 12:35 a.m.41 views

Denial Of Service (DoS)

.NET and Visual Studio are vulnerable to denial of service. The vulnerability exists due to a lack of sanitization allowing an attacker to crash the system...

7.5CVSS3.6AI score0.03228EPSS
Exploits0References12Affected Software2
Veracode
Veracode
added 2022/03/12 12:42 a.m.41 views

Privilege Escalation

kernel is vulnerable to privilege escalation. The vulnerability exists due to the lack of sanitization of access to the i915 Intel GPU...

7.8CVSS3.7AI score0.00379EPSS
Exploits0References6Affected Software3
Veracode
Veracode
added 2022/03/10 4:21 a.m.41 views

Denial Of Service (DoS)

firefox is vulnerable to denial of service. The vulnerability exists due to a lack of sanitization allowing an attacker to crash the system...

7.5CVSS3.2AI score0.00657EPSS
Exploits1References6Affected Software6
Veracode
Veracode
added 2022/02/20 5:48 a.m.41 views

Use After Free

chromium is vulnerable to use after free. The vulnerability exists in Optimization Guide which allows an attacker to cause a memory corruption...

8.8CVSS3.4AI score0.23546EPSS
Exploits0References3Affected Software3
Veracode
Veracode
added 2022/02/11 12:56 p.m.41 views

Denial Of Service (DoS)

Jenkins is vulnerable to denial of service. The vulnerability exists due to earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage...

7.5CVSS3.9AI score0.07934EPSS
Exploits1References7Affected Software1
Veracode
Veracode
added 2022/01/22 2:32 p.m.41 views

Buffer Overflow

mruby is vulnerable to Heap-based Buffer Overflow. The vulnerability exists due to a lack of sanitization...

9.8CVSS3.3AI score0.0141EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2022/01/19 7:13 p.m.41 views

Buffer Overflow

Slurm is vulnerable to buffer overflow. The vulnerability exists in the PMIx MPI plugin which causes a buffer overflow which leads to an application crash...

9.8CVSS3.2AI score0.02386EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2022/01/16 8:19 a.m.41 views

Cross-site Scripting (XSS)

WordPress is vulnerable to cross site scripting. The vulnerability exists due to an Inappropriate implementation allowed a remote privileged authenticated users to abuse content security policy...

8CVSS4.3AI score0.63418EPSS
Exploits0References9Affected Software1
Veracode
Veracode
added 2022/01/15 12:19 a.m.41 views

Authorization Bypass

Google Chrome is vulnerable to authorization bypass. This is because the insufficient policy enforcement in background fetch in prior to 96.0.4664.45 allows a remote attacker to bypass same origin policy via a crafted HTML page...

8.8CVSS3.4AI score0.00805EPSS
Exploits0References6Affected Software2
Veracode
Veracode
added 2022/01/07 6:54 a.m.41 views

Cross-site Scripting (XSS)

mermaid is vulnerable to cross-site scripting. The vulnerability exists in the sanitizeUrl function in the svgDraw.js, allowing an attacker to inject and execute malicious javascript through the malicious diagrams...

7.2CVSS2.9AI score0.00912EPSS
Exploits0References5Affected Software2
Veracode
Veracode
added 2021/12/28 10:7 a.m.41 views

Denial Of Service (DoS)

linux-oracle:hirsute is vulnerable to denial of service. A memory leak in the ccprunaesgcmcmdfunction in drivers/crypto/ccp/ccp-ops.c in the Linux kernel allows attackers to cause an application crash...

5.5CVSS4.8AI score0.0026EPSS
Exploits0References5Affected Software5
Veracode
Veracode
added 2021/12/10 7:36 a.m.41 views

Denial Of Service (DoS)

thunderbird and firefox are vulnerable to denial of service. The vulnerability exist due to an incorrect type conversion of sizes from 64bit to 32bit integers which allows an attacker to corrupt memory...

8.8CVSS5.8AI score0.0202EPSS
Exploits0References13Affected Software7
Veracode
Veracode
added 2021/11/26 12:41 a.m.41 views

Denial Of Service (DoS)

kernel-rt is vulnerable to denial of service DoS attacks. A flaw out of bounds memory access in the Linux kernel bluetooth subsystem was found in the way when some data being read about the bluetooth device with the hciextendedinquiryresultevt call. A local user could use this flaw to crash the...

7.1CVSS2.7AI score0.00536EPSS
Exploits1References9Affected Software2
Veracode
Veracode
added 2021/11/17 10:36 p.m.41 views

Information Disclosure

kernel is vulnerable to information disclosure. The vulnerability exists due to Insufficient control flow in certain data structures...

5.5CVSS2.2AI score0.01447EPSS
Exploits0References23Affected Software2
Veracode
Veracode
added 2021/11/14 11:48 p.m.41 views

Signature Verification Bypass

The exploitation of this flaw requires RPM's package verification level to be set to "digest" or "none". In addition, to exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM. It is strongly recommended to only use RPMs fr...

7.5CVSS1.7AI score0.01117EPSS
Exploits0References8Affected Software3
Veracode
Veracode
added 2021/11/09 3:0 p.m.41 views

Denial Of Service (DoS)

linux kernal ipc is vulnerable to denial of service. The vulnerability exists due to a memory overflow in the memcg subsystem which allows a attacker to cause an application crash...

5.5CVSS3.7AI score0.00345EPSS
Exploits0References6Affected Software5
Veracode
Veracode
added 2021/10/26 9:54 p.m.41 views

Improper Input Validation

Java SE is vulnerable to improper input validation. An attacker can perform service disruption through the utility component in the oracle GraalVM enterprise edition...

5.3CVSS3.2AI score0.06468EPSS
Exploits0References21Affected Software7
Veracode
Veracode
added 2021/10/13 5:26 p.m.41 views

HTTP Request Smuggling (HRS)

nodejs is vulnerable to HTTP Request Smuggling HRS. The vulnerability exists due to an error related to a space in headers which allows an attacker to poison the web cache, bypassing the web application...

6.5CVSS7.8AI score0.02936EPSS
Exploits1References4Affected Software5
Veracode
Veracode
added 2021/10/07 10:13 a.m.41 views

Arbitrary Code Execution

crossbeam-deque is vulnerable to remote code execution. The vulnerability exists due to a race condition in the "Stealer::steal", "Stealer::stealbatch" and "Stealer::stealbatchandpop" functions. A remote attacker can exploit the race and gain unauthorized access to sensitive information...

9.8CVSS4.9AI score0.01923EPSS
Exploits0References30Affected Software7
Veracode
Veracode
added 2021/10/01 4:59 a.m.41 views

Denial Of Service (DoS)

qemu:sid is vulnerable to denial of service. The vulnerability exists because the numbuffers being set after the virtqueue elem has been unmapped, allowing an attacker to crash the application through the use after free...

7.5CVSS3.1AI score0.00522EPSS
Exploits0References9Affected Software5
Veracode
Veracode
added 2021/09/28 4:28 a.m.41 views

Prototype Pollution

aurelia-path is vulnerable to prototype pollution. An attacker is able to modify object class Object by tricking an application to parse the following URL: https://aurelia.io/blog/?protoasdf=asdf...

9.1CVSS3.5AI score0.05052EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2021/09/17 9:34 p.m.41 views

Man-In-The-Middle Attack (MitM)

curl is vulnerable to Man in the middle attack. The vulnerability exists due to a lack of clearing of previous cached responses, treating them as valid and authenticated...

5.9CVSS2.6AI score0.02799EPSS
Exploits1References22Affected Software2
Veracode
Veracode
added 2021/08/03 4:29 a.m.41 views

Arbitrary Code Execution

chakracore is vulnerable to arbitrary code execution. A memory corruption vulnerability allows an attacker to execute arbitrary code on the host OS. This CVE ID is different from CVE-2020-17054...

4.2CVSS4.5AI score0.01913EPSS
Exploits0References3Affected Software2
Veracode
Veracode
added 2021/07/10 2:45 p.m.41 views

Man In The Middle (MitM)

ruby2.7 is vulnerable to Man In the Middle Attack. An attacker may bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a “StartTLS stripping attack.”...

7.4CVSS2.9AI score0.02909EPSS
Exploits1References9Affected Software11
Veracode
Veracode
added 2021/06/06 10:24 a.m.41 views

Privilege Escalation

kernel is vulnerable to privilege escalation. A refcount leak in llcpsockconnect results in a use-after-free bug which can lead to privilege escalation...

7.8CVSS3.3AI score0.00511EPSS
Exploits1References12Affected Software4
Veracode
Veracode
added 2021/06/03 5:59 a.m.41 views

Directory Traversal

django is vulnerable to Directory Traversal. Lack of path sanitation allows checking of existence of arbitrary files via the use of admindocs TemplateDetailView view by any staff members. Moreover, the default admindocs templates allows developers to customize in such a way that reveals the conte...

4.9CVSS6AI score0.02737EPSS
Exploits0References11Affected Software4
Veracode
Veracode
added 2021/05/27 4:25 a.m.41 views

Denial Of Service (DoS)

github.com/go-gitea/gitea and x/net/html of github.com/golang/go are vulnerable to Denial Of Service DoS. An infinite loop is caused when an attacker sends a malicious input to ParseFragment...

7.5CVSS4.2AI score0.07293EPSS
Exploits0References6Affected Software2
Veracode
Veracode
added 2021/05/22 7:17 p.m.41 views

Billion Laugh Attack

libxml2:sid is vulnerable to billion laugh attack via parameter entities expansion and following the line of the billion laugh attack...

6.5CVSS4.1AI score0.01861EPSS
Exploits0References4Affected Software17
Veracode
Veracode
added 2021/05/14 10:8 p.m.41 views

Information Disclosure

postgresql is vulnerable to information disclosure. The vulnerability exists through the use of an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, allowing arbitrary bytes of server memory to be read. The CREATE and TEMPORARY privileges on all databases and the CREATE...

6.5CVSS3.2AI score0.01449EPSS
Exploits0References8Affected Software10
Veracode
Veracode
added 2021/04/24 10:10 p.m.41 views

Authorization Bypass

java is vulnerable to Authorization Bypass. A difficult to exploit vulnerability allows unauthenticated attacker with network access to affect intgrity of the system. The attack requires human interaction from a person other than the attacker...

5.3CVSS5.8AI score0.03566EPSS
Exploits0References20Affected Software3
Veracode
Veracode
added 2021/04/19 6:15 a.m.41 views

Padding Oracle Attack

jose is vulnerable to padding oracle attack. A possible observable difference in timing when padding error occurs while decrypting the ciphertext allows an attacker to obtain the plaintext data without knowledge of the decryption key...

5.9CVSS4.5AI score0.01167EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2021/03/18 6:52 a.m.41 views

Denial Of Service (DoS)

etcd is vulnerable to denial of service. A panic occurs in decodeRecord method when a large slice is processed due to a lack of validation on the size of record...

6.5CVSS4.3AI score0.01291EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2021/03/03 5:51 a.m.41 views

Privilege Escalation

grub2 is vulnerable to privilege escalation. The vulnerability exists as variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with ...

6.7CVSS4.1AI score0.00573EPSS
Exploits0References6Affected Software3
Veracode
Veracode
added 2021/03/01 3:37 a.m.41 views

Denial Of Service(DoS)

Jetty is vulnerable to denial of service DoS. The use of multiple Accept headers with a large number of quality causes a high CPU usage, resulting in long durations of CPU processing and crashing of the application...

5.3CVSS1.8AI score0.7795EPSS
Exploits0References129Affected Software5
Veracode
Veracode
added 2021/02/15 1:20 a.m.41 views

Arbitrary Code Execution

qemu is vulnerable to arbitrary code execution. An out-of-bound heap buffer access via an interrupt ID field could potentially allow an attacker to execute arbitrary code on the host OS...

6CVSS5AI score0.00323EPSS
Exploits0References12Affected Software6
Total number of security vulnerabilities5000