Lucene search
K
VeracodeMost viewed

38355 matches found

Veracode
Veracode
•added 2020/02/10 8:28 a.m.•41 views

HTTP Request Smuggling

Node is vulnerable to HTTP request smuggling. Failure to validate malformed HTTP requests allows an attacker to smuggle HTTP requests using malicious Transfer-Encoding header...

9.8CVSS1AI score0.57132EPSS
Exploits0References25Affected Software4
Veracode
Veracode
•added 2020/01/22 12:30 a.m.•41 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists due to a use-after-free error in fs/xfs/xfssuper.c...

7.8CVSS2.9AI score0.00607EPSS
Exploits0References18Affected Software2
Veracode
Veracode
•added 2020/01/17 4:31 a.m.•41 views

Cross-Site Request Forgery (CSRF)

spring-web is vulnerable to cross-site request forgery CSRF. The CORS preflight requests does not validate the Origin header and allows for CSRF attacks. Non-authenticated endpoints are vulnerable except for Chrome-based browsers using client certificates authentication...

5.3CVSS3.2AI score0.02382EPSS
Exploits1References9Affected Software1
Veracode
Veracode
•added 2020/01/17 3:59 a.m.•41 views

Reflected File Download

spring-web is vulnerable to reflected file download. The filename attribute that is derived from the user-supplied Content-Disposition header is not validated and sanitized, potentially resulting in the downloaded content of the response to be saved and executed as a file by the user's browser...

7.5CVSS2.8AI score0.88077EPSS
Exploits2References80Affected Software3
Veracode
Veracode
•added 2019/12/19 8:29 a.m.•41 views

Session Fixation

Apache Tomcat Catalina is vulnerable to session fixation attack. The vulnerability exists because there is a flaw in checking whether an authentication information authType and principal are cached for a session and the validity of a session token in request when cache==false, allowing an attacke...

7.5CVSS4.4AI score0.10687EPSS
Exploits0References31Affected Software4
Veracode
Veracode
•added 2019/12/06 12:16 a.m.•41 views

Denial Of Service (DoS)

Mozilla firefox is vulnerable to denial of service DoS. The vulnerability exists due to ,emory safety bugs fixed in Firefox 71 and Firefox ESR 68.3...

8.8CVSS2.6AI score0.01976EPSS
Exploits0References15Affected Software5
Veracode
Veracode
•added 2019/12/05 7:43 a.m.•41 views

Remote Code Execution (RCE)

solr-velocity is vulnerable to remote code execution RCE. The vulnerability can be caused by loading custom Velocity templates containing malicious code since the solr resource loader in VelocityResponseWriter.java was on by default...

7.5CVSS2.7AI score0.98567EPSS
Exploits12References57Affected Software1
Veracode
Veracode
•added 2019/11/06 12:20 a.m.•41 views

Denial Of Service (DoS)

kernel is vulnerable to arbitrary code execution. Lack of size checks from the reading of extra descriptor in the function usbgetextradescriptor in drivers/usb/core/usb.c leads to an application crash, and potentially allows an attacker to exploit the vulnerability to execute arbitrary code in th...

6.8CVSS4.6AI score0.00586EPSS
Exploits0References28Affected Software2
Veracode
Veracode
•added 2019/10/17 12:22 a.m.•41 views

Denial Of Service (DoS)

OpenJDK is vulnerable to denial of service DoS. The vulnerability exists through an unexpected exception thrown by XPath processing crafted XPath expression...

3.7CVSS3.1AI score0.03749EPSS
Exploits0References24Affected Software4
Veracode
Veracode
•added 2019/10/16 12:21 a.m.•41 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists through a heap overflow in mwifiexupdatebssdescwithie function in marvell/mwifiex/scan.c...

8.8CVSS2.4AI score0.05649EPSS
Exploits1References34Affected Software2
Veracode
Veracode
•added 2019/10/16 12:21 a.m.•41 views

Use-after-Free

Kernel is vulnerable to use-after-free in blkdrainqueue function in block/blk-core.c...

7.8CVSS2AI score0.00707EPSS
Exploits0References25Affected Software2
Veracode
Veracode
•added 2019/09/16 7:25 a.m.•41 views

Deserialization Of Untrusted Data

FasterXML jackson-databind is vulnerable to deserialization of untrusted data . The vulnerability exists because there is a polymorphic typing issue because there are more than one association gadget types related to com.zaxxer.hikari.HikariConfig by default which allows an attacker to perform...

9.8CVSS9.5AI score0.10676EPSS
Exploits1References52Affected Software3
Veracode
Veracode
•added 2019/08/20 12:10 a.m.•41 views

Information Disclosure

php is vulnerable to information disclosure. An out-of-bounds read in the function base64decodexmlrpc in ext/xmlrpc/libxmlrpc/base64.c causes PHP to read memory outside of the allocated buffers...

7.5CVSS2.4AI score0.0712EPSS
Exploits1References13Affected Software3
Veracode
Veracode
•added 2019/08/20 12:10 a.m.•41 views

Denial Of Service (Dos)

php is vulnerable to denial of service. An out-of-bounds read due to integer overflow in the function iconvmimedecodeheaders can lead to information disclosure or allow an attacker to crash the application...

9.1CVSS3.2AI score0.0313EPSS
Exploits1References9Affected Software2
Veracode
Veracode
•added 2019/08/20 12:10 a.m.•41 views

Denial Of Service (DoS)

PHP is vulnerable to denial of service DoS. A NULL pointer dereference is possible due to mishandling of ldapgetdn return value, allowing DoS via malicious LDAP server reply...

7.5CVSS2.7AI score0.08677EPSS
Exploits0References16Affected Software1
Veracode
Veracode
•added 2019/08/20 12:10 a.m.•41 views

Denial Of Service (DoS)

PHP is vulnerable to denial of service DoS. An infinite loop is possible in ext/iconv/iconv.c when streaming filter with convert.incov on invalid sequence, leading to an application crash...

7.5CVSS2.6AI score0.10433EPSS
Exploits0References13Affected Software2
Veracode
Veracode
•added 2019/08/08 12:7 a.m.•41 views

Authorization Bypass

httpd is vulnerable to authorization bypass. The vulnerability exists as modauthdigest has an access control bypass issue due to race condition...

7.5CVSS2.5AI score0.17666EPSS
Exploits0References57Affected Software10
Veracode
Veracode
•added 2019/08/08 12:7 a.m.•41 views

Authorization Bypass

glibc is vulnerable to authorization bypass. Successful parsing of strings containing an IPv4 address appended with whitespace and arbitrary characters causes applications using glibc to parse incorrectly validated strings. This can potentially lead to circumvention of validation and authorizatio...

5.3CVSS4.9AI score0.00479EPSS
Exploits0References26Affected Software1
Veracode
Veracode
•added 2019/08/08 12:7 a.m.•41 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists through a NULL pointer dereference in drivers/scsi/megaraid/megaraidsasbase.c leading to DoS...

7.5CVSS2.9AI score0.05789EPSS
Exploits0References43Affected Software2
Veracode
Veracode
•added 2019/08/08 12:7 a.m.•41 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists through a memory leak in drivers/net/wireless/mac80211hwsim.c:hwsimnewradionl can lead to potential denial of service...

5.5CVSS3AI score0.00485EPSS
Exploits0References35Affected Software2
Veracode
Veracode
•added 2019/08/08 12:7 a.m.•41 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. The vulnerability exists in alarmtimernsleep function of alarmtimer.c due to an integer overflow which allows an attacker to crash the application via malicious input...

3.3CVSS6.4AI score0.00513EPSS
Exploits0References34Affected Software2
Veracode
Veracode
•added 2019/07/11 10:12 a.m.•41 views

Denial Of Service (DoS)

libpng.so is vulnerable to denial of service. Failure to check the length of chunks against the user limit leads to a buffer overflow vulnerability that allows an attacker to crash the process or potentially execute arbitrary code on the system...

9.8CVSS9.6AI score0.04113EPSS
Exploits0References7Affected Software2
Veracode
Veracode
•added 2019/05/27 12:40 a.m.•41 views

CRLF Injection

Python is vulnerable to CRLF Injection. Remote unauthenticated attacker could exploit the flaw by controling a url parameter, as demonstrated in the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? character followed by an HTTP header or a Redis comman...

6.1CVSS7.7AI score0.05328EPSS
Exploits1References38Affected Software8
Veracode
Veracode
•added 2019/05/27 12:39 a.m.•41 views

Information Disclosure

firefox/thunderbird is vulnerable to information disclosure. Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method...

4.3CVSS6.4AI score0.01622EPSS
Exploits0References21Affected Software2
Veracode
Veracode
•added 2019/05/16 2:59 a.m.•41 views

Denial Of Service (DoS)

PHP is vulnerable to denial of serviceDoS attacks. This occurs in the pharparsepharfile function in ext/phar/phar.c which allows remote attackers to cause a memory consumption or application crash via a truncated manifest entry in a PHAR archive...

7.5CVSS8.1AI score0.07618EPSS
Exploits0References13Affected Software1
Veracode
Veracode
•added 2019/05/16 2:54 a.m.•41 views

Denial Of Service (DoS)

Oracle Java SE is vulnerable to denial of service DoS attacks. The vulnerability exists in an unknown functionality of the subcomponent JMX. An unauthenticated attacker with network access via multiple protocols could compromise Java SE, Java SE Embedded, JRockit causing a partial denial of servi...

5.3CVSS6AI score0.078EPSS
Exploits0References29Affected Software4
Veracode
Veracode
•added 2019/05/16 2:50 a.m.•41 views

Privilege Escalation

Linux kernel is vulnerable to privilege escalation vulnerability. The vulnerability exists in the xc2028setconfig function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel. Local users could cause a denial of service via vectors involving omission of the firmware name from a certain dat...

7.8CVSS7.9AI score0.02156EPSS
Exploits0References27Affected Software2
Veracode
Veracode
•added 2019/05/02 6:45 a.m.•41 views

Denial Of Service (DoS)

Apache httpd is vulnerable to denial of serviceDoS attacks. A remote user could send a specially crafted sequence of request headers to trigger a buffer overread error in apfindtoken and cause a segmentation fault which leads application to a crash...

7.5CVSS8.2AI score0.57472EPSS
Exploits1References57Affected Software2
Veracode
Veracode
•added 2019/05/02 6:2 a.m.•41 views

Information Disclosure

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...

9.8CVSS9AI score0.36974EPSS
Exploits78References13Affected Software3
Veracode
Veracode
•added 2019/05/02 6:2 a.m.•41 views

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...

9.8CVSS9AI score0.36974EPSS
Exploits78References15Affected Software3
Veracode
Veracode
•added 2019/05/02 6:2 a.m.•41 views

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...

9.8CVSS9AI score0.36974EPSS
Exploits78References9Affected Software3
Veracode
Veracode
•added 2019/05/02 6:1 a.m.•41 views

Denial Of Service (DoS)

KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A heap-based buffer overflow flaw was discovered in the way QEMU's AMD PC-Net II Ethernet...

9CVSS9.1AI score0.0773EPSS
Exploits1References20Affected Software2
Veracode
Veracode
•added 2019/05/02 5:51 a.m.•41 views

Information Disclosure

The libxml2 library is a development toolbox providing the implementation of various XML standards. Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or...

7.1CVSS9.1AI score0.0721EPSS
Exploits2References33Affected Software1
Veracode
Veracode
•added 2019/05/02 5:50 a.m.•41 views

Information Disclosure

Oracle Java SE and Java SE Embedded are vulnerable to information disclosure. A remote user can exploit a flaw in the Networking component to access sensitive information...

5.9CVSS6.8AI score0.03937EPSS
Exploits0References23Affected Software6
Veracode
Veracode
•added 2019/05/02 5:40 a.m.•41 views

Sandbox Restrictions Bypass

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Ja...

9.8CVSS4.6AI score0.9986EPSS
Exploits1References29Affected Software4
Veracode
Veracode
•added 2019/05/02 5:39 a.m.•41 views

Sensitive Information Leakage

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic acce...

5.5CVSS6.6AI score0.03742EPSS
Exploits4References32Affected Software1
Veracode
Veracode
•added 2019/05/02 5:39 a.m.•41 views

Denial Of Service (DoS)

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic acce...

5.5CVSS6.6AI score0.03742EPSS
Exploits4References12Affected Software1
Veracode
Veracode
•added 2019/05/02 5:39 a.m.•41 views

Arbitrary File Read And Write

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php54 packages provide a recent stable release of PHP with the PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a number of additional utilities. The php54 packages have been upgraded to...

6.5CVSS9.2AI score0.53166EPSS
Exploits43References24Affected Software6
Veracode
Veracode
•added 2019/05/02 5:34 a.m.•41 views

Denial Of Service (DoS)

mysql is vulnerable to denial of service DoS. The vulnerability exists similarly to Server : InnoDB...

3.5CVSS6.3AI score0.03764EPSS
Exploits0References20Affected Software2
Veracode
Veracode
•added 2019/05/02 5:29 a.m.•41 views

Denial Of Service (DoS)

file is vulnerable to denial of service. Multiple flaws were found in the way file parsed Executable and Linkable Format ELF files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources...

5CVSS9AI score0.05926EPSS
Exploits0References23Affected Software1
Veracode
Veracode
•added 2019/05/02 5:27 a.m.•41 views

CRLF Injection

OpenSSH is vulnerable to CRLF injection. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions...

6.4CVSS6.7AI score0.37016EPSS
Exploits13References27Affected Software1
Veracode
Veracode
•added 2019/05/02 5:27 a.m.•41 views

Denial Of Service (DoS)

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. A denial of...

8.6CVSS7.4AI score0.621EPSS
Exploits0References32Affected Software2
Veracode
Veracode
•added 2019/05/02 5:27 a.m.•41 views

Use-After-Free

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

9.8CVSS8.2AI score0.31046EPSS
Exploits9References27Affected Software2
Veracode
Veracode
•added 2019/05/02 5:21 a.m.•42 views

Man-In-The-Middle (MitM)

OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not...

9.8CVSS8.7AI score0.86829EPSS
Exploits12References40Affected Software53
Veracode
Veracode
•added 2019/05/02 5:21 a.m.•41 views

Path Traversal

OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not...

9.8CVSS8.6AI score0.86829EPSS
Exploits12References40Affected Software53
Veracode
Veracode
•added 2019/05/02 5:21 a.m.•41 views

Sensitive Information Disclosure

OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not...

9.8CVSS8.6AI score0.86829EPSS
Exploits12References40Affected Software53
Veracode
Veracode
•added 2019/05/02 5:21 a.m.•41 views

XML External Entity (XXE)

OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not...

9.8CVSS8.6AI score0.86829EPSS
Exploits12References40Affected Software53
Veracode
Veracode
•added 2019/05/02 5:20 a.m.•41 views

Sandbox Restrictions Bypass

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to...

5.9CVSS6.7AI score0.14714EPSS
Exploits0References28Affected Software5
Veracode
Veracode
•added 2019/05/02 5:18 a.m.•41 views

Denial Of Service (DoS)

jenkins is vulnerable to denial of service. A remotely authenticated user is able to cause a denial of service condition caused by improper plug-in and tool installation via malicious update center data...

3.5CVSS7.1AI score0.01577EPSS
Exploits0References35Affected Software58
Veracode
Veracode
•added 2019/05/02 5:17 a.m.•41 views

Denial Of Service (DoS)

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...

5.7CVSS6.3AI score0.09984EPSS
Exploits0References21Affected Software3
Total number of security vulnerabilities5000