Lucene search
K
VeracodeMost viewed

38355 matches found

Veracode
Veracode
•added 2021/02/10 6:5 a.m.•41 views

Privilege Escalation

kernel is vulnerable to privilege escalation. An attacker may exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device with zero interfaces that is mishandled in usbaudioprobe in sound/usb/card.c...

7.8CVSS3.5AI score0.00564EPSS
Exploits0References22Affected Software1
Veracode
Veracode
•added 2021/01/21 7:51 p.m.•41 views

Buffer Overflow

github.com/python/cpython is vulnerable to buffer overflow. The vulnerability exists because of the use sprintf which does not sanitize the input and its boundaries...

9.8CVSS4AI score0.23293EPSS
Exploits1References44Affected Software21
Veracode
Veracode
•added 2021/01/07 7:9 p.m.•41 views

Denial Of Service (DoS)

openjpeg is vulnerable to denial of service. The vulnerability exists in opjt2encodepacket function of t2.c due to a null pointer dereference which allows an attacker to crash the application via malicious input...

5.5CVSS6.1AI score0.01443EPSS
Exploits0References11Affected Software3
Veracode
Veracode
•added 2020/12/17 4:12 a.m.•41 views

Arbitrary File Deletion

xstream is vulnerable to arbitrary file deletion. XStream's default blacklist of the Security Framework does not blacklist the internal JAX-WS type ReadAllStream.FileStream and therefore, allows the deserialization of XML containing those untrusted type, subsequently leading to an arbitrary file...

6.8CVSS1.8AI score0.82392EPSS
Exploits5References14Affected Software3
Veracode
Veracode
•added 2020/12/06 4:38 a.m.•41 views

Arbitrary Code Execution

SQLite is vulnerable to arbitrary code execution. A remote attacker is able to execute arbitrary code via a buffer overflow when the FTS3 extension is enabled...

8.1CVSS6.4AI score0.09683EPSS
Exploits1References36Affected Software3
Veracode
Veracode
•added 2020/12/06 4:18 a.m.•41 views

Arbitrary Code Execution

lighttpd is vulnerable to arbitrary code execution. A signed integer overflow allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code on the host OS malicious HTTP GET request due to mishandling of /%2F? in burlnormalize2Ftoslashfix in burl.c...

9.8CVSS6.4AI score0.73762EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2020/11/19 6:14 a.m.•41 views

Command Injection

cmd/go in github.com/golang/go is vulnerable to command injection. An attacker is able to inject malicious command via cgoflags compiler flag argument...

7.5CVSS3.9AI score0.02369EPSS
Exploits0References13Affected Software5
Veracode
Veracode
•added 2020/11/16 4:56 a.m.•41 views

Denial Of Service (DoS)

linux kernel is vulnerable to denial of service. An out-of-bounds error in scalar32minmaxor in kernel/bpf/verifier.c during the use of 64-bit values allows an attacker to crash the kernel...

5.5CVSS3.4AI score0.02018EPSS
Exploits5References2Affected Software1
Veracode
Veracode
•added 2020/11/05 3:9 a.m.•41 views

Privilege Escalation

kernel is vulnerable to privilege escalation. A use-after-free flaw was found in the way the Linux kernel's filesystem subsystem handled a race condition in the cdevget of chardev.c function.This flaw allows a privileged local user to starve the resources, causing potentially escalating their...

6.4CVSS3.6AI score0.00168EPSS
Exploits0References6Affected Software2
Veracode
Veracode
•added 2020/10/18 1:45 a.m.•41 views

Denial Of Service (DoS)

linux is vulnerable to denial of service DoS. The vulnerability exists through a memory out-of-bounds read flaw in the ext3/ext4 file system, in the way it accesses a directory with broken indexing, allowing a local user to crash the system if the directory exists...

5.5CVSS3.3AI score0.00356EPSS
Exploits0References11Affected Software5
Veracode
Veracode
•added 2020/10/01 3:52 a.m.•41 views

Arbitrary Code Execution

webkitgtk4 is vulnerable to arbitrary code execution. The vulnerabiltiy exists through memory errors...

8.8CVSS6.3AI score0.0192EPSS
Exploits0References10Affected Software28
Veracode
Veracode
•added 2020/10/01 3:52 a.m.•41 views

Arbitrary Code Execution

webkitgtk4 is vulnerable to arbitrary code execution. The vulnerability exists through memory corruption when parsing web content...

6.1CVSS6AI score0.00983EPSS
Exploits0References5Affected Software28
Veracode
Veracode
•added 2020/10/01 3:46 a.m.•41 views

Information Disclosure

foreman is vulnerable to information disclosre. It is possible due to unauthorized cache read on RPM-based installations through local user...

8.8CVSS1.2AI score0.00315EPSS
Exploits0References5Affected Software242
Veracode
Veracode
•added 2020/09/21 6:36 a.m.•41 views

Information Disclosure

kernel is vulnerable to information disclosure. An info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusbdec.c driver allows an attacker to obtain confidential information...

2.4CVSS2.8AI score0.0046EPSS
Exploits0References6Affected Software4
Veracode
Veracode
•added 2020/09/21 6:33 a.m.•41 views

Open Redirection

Squid is vulnerable to Open Redirection. When certain web browsers are used, HTML in the hostname parameter is mishandled to cachemgr.cgi...

6.1CVSS7.5AI score0.055EPSS
Exploits0References6Affected Software5
Veracode
Veracode
•added 2020/09/21 6:26 a.m.•41 views

Arbitrary Code Execution

firefox is vulnerable to arbitrary code execution. The vulnerability exists through memory safety bugs...

8.8CVSS3.9AI score0.02455EPSS
Exploits1References25Affected Software4
Veracode
Veracode
•added 2020/09/21 6:26 a.m.•41 views

Denial Of Service (DoS)

busybox is vulnerable to denial of service DoS. The vulnerability exists through an integer overflow issue in the DHCP client udhcpc...

7.5CVSS3.3AI score0.08055EPSS
Exploits4References14Affected Software3
Veracode
Veracode
•added 2020/09/21 6:25 a.m.•41 views

Denial Of Service (DoS)

graphicsmagick is vulnerable to denial of service DoS. The vulnerability exists through a NULL pointer dereference in ReadPNMImage in coders/pnm.c...

6.5CVSS2.9AI score0.02358EPSS
Exploits0References12Affected Software1
Veracode
Veracode
•added 2020/08/11 3:31 a.m.•41 views

Unauthorized Modification And Access

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

5.9CVSS2.3AI score0.02638EPSS
Exploits0References6Affected Software2
Veracode
Veracode
•added 2020/08/06 9:27 p.m.•41 views

Denial Of Service (DoS)

samba is vulnerable to denial of service. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an attacker is able to cause a stack overflow leading to an application crash...

7.5CVSS2.9AI score0.03455EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2020/07/17 5:55 a.m.•41 views

Sandbox Restrictions Bypass

openjdk is vulnerable to sandbox restrictions bypass. Bypass of boundary checks in nio.Buffer via concurrent access allows an attacker to escape the sandbox and obtain higher privileges...

8.3CVSS4.3AI score0.04029EPSS
Exploits0References21Affected Software6
Veracode
Veracode
•added 2020/06/25 5:10 a.m.•41 views

Authorization Bypass

actionpack is vulnerable to authorization bypass. An attacker is be able to execute any migrations that are pending for a Rails app running in production mode...

6.5CVSS4.5AI score0.02181EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2020/06/09 2:45 a.m.•41 views

Denial Of Service (DoS)

unbound is vulnerable to Denial of Service DoS. The attack exists because of an Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...

7.5CVSS3.6AI score0.03171EPSS
Exploits0References17Affected Software4
Veracode
Veracode
•added 2020/05/26 9:37 a.m.•41 views

Remote Code Execution (RCE)

Microsoft Chakracore is vulnerable to remote code execution RCE. It does not properly handle the JIT bails out when there is an object marked as temporary during an implicit call, allowing objects stored on the stack to be used outside of the function during the DeadStore pass of GlobOpt...

7.5CVSS2.7AI score0.07681EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2020/05/10 11:23 p.m.•41 views

Denial Of Service (DoS)

ghostscript is vulnerable to denial of service DoS. The vulnerability exists as the memgetbitsrectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted file...

5.5CVSS4.9AI score0.01852EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2020/05/10 11:21 p.m.•41 views

Remote Code Execution (RCE)

udp.c in the Linux kernel is vulnerable Remote Code Execution RCE. It allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSGPEEK flag...

9.8CVSS8.2AI score0.12791EPSS
Exploits1References8Affected Software3
Veracode
Veracode
•added 2020/05/06 3:17 a.m.•41 views

Man-in-the-Middle (MitM)

kenrel is vulnerable to man-in-the-middle attack. Certain ipv6 protocols are not encrypted over ipsec tunnel, allowing an attacker to intercept and modify network traffic...

7.5CVSS4.2AI score0.0124EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2020/05/06 3:14 a.m.•41 views

Denial Of Service (DoS)

openjdk is vulnerable to regex denial of service. A regular expression DoS in Scanner allows an attacker to crash the application...

5.3CVSS3.5AI score0.04948EPSS
Exploits0References18Affected Software7
Veracode
Veracode
•added 2020/05/04 4:16 a.m.•41 views

Insecure Password Reset Mechanism

wordpress uses an insecure password reset mechanism. A user's password reset link does not become invalidated upon a successful password change. This would allow an attacker to reset the user's password again if the password reset link was discovered...

8.1CVSS1.5AI score0.13625EPSS
Exploits3References5Affected Software1
Veracode
Veracode
•added 2020/04/10 1:9 a.m.•41 views

Information Disclosure

openssl is vulnerable to information disclosure. It was discovered that the Datagram Transport Layer Security DTLS protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the...

4.3CVSS2.1AI score0.15757EPSS
Exploits0References27Affected Software1
Veracode
Veracode
•added 2020/04/10 1:8 a.m.•42 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the way CIFS shares with DFS referrals at their root were handled. An attacker on the local network who is able to deploy a malicious CIFS server could create a CIFS network share that, when mounted,...

6.5CVSS1.7AI score0.00844EPSS
Exploits0References9Affected Software2
Veracode
Veracode
•added 2020/04/10 1:6 a.m.•41 views

Denial Of Service (DoS)

pidgin is vulnerable to denial of service. An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime OSCAR protocol plug-in in Pidgin, used by the AOL ICQ and AIM instant messaging systems, escaped certain UTF-8 characters. A remote attacker could use this...

5CVSS3.6AI score0.04697EPSS
Exploits1References15Affected Software1
Veracode
Veracode
•added 2020/04/10 1:2 a.m.•41 views

Brute-force Attack

postgresql is vulnerable to brute-force attacks. The vulnerability exists as a signedness issue was found in the way the crypt function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII...

5CVSS3.1AI score0.04972EPSS
Exploits0References25Affected Software3
Veracode
Veracode
•added 2020/04/10 1:2 a.m.•41 views

Access Control Bypass

firefox is vulnerable to access controls restrictions bypass. A flaw was found in the way Firefox processed the "Enter" keypress event. A malicious web page could present a download dialog while the key is pressed, activating the default "Open" action. A remote attacker could exploit this...

3.5CVSS3.4AI score0.00921EPSS
Exploits0References19Affected Software3
Veracode
Veracode
•added 2020/04/10 12:58 a.m.•41 views

Arbitrary Code Execution

thunderbird/firefox is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...

10CVSS2.9AI score0.05572EPSS
Exploits0References18Affected Software4
Veracode
Veracode
•added 2020/04/10 12:56 a.m.•41 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as a heap overflow flaw in the Linux kernel's EFI GUID Partition Table GPT implementation could allow a local attacker to cause a denial of service by mounting a disk that contains specially-crafted partition tables...

4.9CVSS2.5AI score0.00423EPSS
Exploits1References15Affected Software2
Veracode
Veracode
•added 2020/04/10 12:56 a.m.•41 views

Information Disclosure

kernel is vulnerable to information disclosure. The vulnerability exists as a buffer overflow flaw in the DEC Alpha OSF partition implementation in the Linux kernel could allow a local attacker to cause an information leak by mounting a disk that contains specially-crafted partition tables...

2.1CVSS2.2AI score0.00414EPSS
Exploits2References18Affected Software2
Veracode
Veracode
•added 2020/04/10 12:53 a.m.•41 views

Arbitrary Code Execution

webkitgtk is vulnerable to arbitrary code execution. Multiple memory corruption flaws were found in WebKit. Malicious web content could cause an application using WebKitGTK+ to crash or, potentially, execute arbitrary code with the privileges of the user running the application...

9.3CVSS4.6AI score0.06084EPSS
Exploits0References22Affected Software1
Veracode
Veracode
•added 2020/04/10 12:52 a.m.•41 views

Privilege Escalation

java-1.6.0-ibm is vulnerable to privilege escalation. The vulnerability exists in the IBM Java 2 Runtime Environment...

6.8CVSS3.7AI score0.03337EPSS
Exploits0References38Affected Software2
Veracode
Veracode
•added 2020/04/10 12:50 a.m.•41 views

Arbitrary Code Execution

firefox is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox...

9.3CVSS4.6AI score0.10118EPSS
Exploits0References23Affected Software4
Veracode
Veracode
•added 2020/04/10 12:48 a.m.•41 views

Arbitrary Code Execution

firefox is vulnerable to arbitrary code execution. The vulnerability exists as a web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox...

9.3CVSS5.1AI score0.05719EPSS
Exploits0References17Affected Software6
Veracode
Veracode
•added 2020/04/10 12:47 a.m.•41 views

Privilege Escalation

kernel is vulnerable to privilege escalation. A miscalculation of the size of the free space of the initial directory entry in a directory leaf block was found in the Linux kernel Global File System 2 GFS2 implementation. A local, unprivileged user with write access to a GFS2-mounted file system...

7.8CVSS3.5AI score0.00414EPSS
Exploits0References25Affected Software1
Veracode
Veracode
•added 2020/04/10 12:40 a.m.•41 views

Denial Of Service (DoS)

java is vulnerable to denial of service DoS. The vulnerability exists in in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit...

5CVSS3.6AI score0.03409EPSS
Exploits0References23Affected Software2
Veracode
Veracode
•added 2020/04/10 12:39 a.m.•41 views

Privilege Escalation

The kernel is vulnerable to Privilege Escalation.A system with SELinux enforced was more permissive in allowing local users in the unconfinedt domain to map low memory areas even if the mmapminaddr restriction was enabled. This could aid in the local exploitation of NULL pointer dereference bugs...

7.2CVSS4.2AI score0.00512EPSS
Exploits2References48Affected Software2
Veracode
Veracode
•added 2020/04/10 12:28 a.m.•41 views

Privilege Escalation

kernel is vulnerable to privilege escalation. The vulnerability exists due to missing boundary checks in the Virtual Dynamic Shared Objects vDSO implementation. This could allow a local unprivileged user to cause a denial of service or escalate privileges...

4.6CVSS3.9AI score0.00377EPSS
Exploits2References14Affected Software1
Veracode
Veracode
•added 2020/04/10 12:27 a.m.•41 views

Arbitrary Code Execution

firefox is vulnerable to arbitrary code execution. The vulnerability exists as several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox...

10CVSS3.9AI score0.03839EPSS
Exploits0References41Affected Software7
Veracode
Veracode
•added 2020/04/10 12:22 a.m.•41 views

Arbitrary Command Execution

php is vulnerable to arbitrary command execution. The vulnerability exists as it was discovered that the PHP escapeshellcmd function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions...

10CVSS2.7AI score0.03102EPSS
Exploits0References46Affected Software14
Veracode
Veracode
•added 2020/04/10 12:21 a.m.•41 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the handling of zombie processes. A local user could create processes that would not be properly reaped, possibly causing a denial of service...

2.1CVSS2.2AI score0.00461EPSS
Exploits1References11Affected Software1
Veracode
Veracode
•added 2020/04/10 12:19 a.m.•41 views

Privilege Escalation

kernel is vulnerable to privilege escalation. A flaw in the ISDN CAPI subsystem that allowed a remote user to cause a denial of service or potential remote access. Exploitation would require the attacker to be able to send arbitrary frames over the ISDN network to the victim's machine...

6.9CVSS5.4AI score0.00372EPSS
Exploits0References22Affected Software1
Veracode
Veracode
•added 2020/03/26 2:15 a.m.•41 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. An out-of-bounds array access in xfrmpolicyunlink allows an attacker to crash the OS due to the way directory validation are handled...

4.4CVSS3.2AI score0.0173EPSS
Exploits0References18Affected Software1
Total number of security vulnerabilities5000