Lucene search
K
VeracodeMost viewed

38355 matches found

Veracode
Veracode
•added 2019/05/02 5:17 a.m.•41 views

Denial Of Service (DoS)

The unzip utility is used to list, test, or extract files from a zip archive. A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with...

7.8CVSS8.3AI score0.11562EPSS
Exploits0References16Affected Software1
Veracode
Veracode
•added 2019/05/02 5:13 a.m.•41 views

Sandbox Protection Bypass

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause t...

10CVSS5.5AI score0.07224EPSS
Exploits1References12Affected Software1
Veracode
Veracode
•added 2019/05/02 5:12 a.m.•41 views

Denial Of Service (DoS)

The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled simultaneous connections between the same hosts. A remote attacker could u...

7.8CVSS7.2AI score0.05794EPSS
Exploits5References37Affected Software1
Veracode
Veracode
•added 2019/05/02 5:12 a.m.•41 views

Denial Of Service (DoS)

The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled simultaneous connections between the same hosts. A remote attacker could u...

7.8CVSS7.2AI score0.05794EPSS
Exploits5References42Affected Software1
Veracode
Veracode
•added 2019/05/02 5:12 a.m.•41 views

NULL Pointer Dereference

FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handl...

7.5CVSS8.7AI score0.0571EPSS
Exploits13References16Affected Software1
Veracode
Veracode
•added 2019/05/02 5:4 a.m.•41 views

Denial Of Service (DoS)

php is vulnerable to denial of service DoS. The vulnerability exists in the donote function in readelf.c where a parsing a ELF file can cause DoS...

5CVSS6.8AI score0.14013EPSS
Exploits0References36Affected Software5
Veracode
Veracode
•added 2019/05/02 5:1 a.m.•41 views

Arbitrary Code Execution

Red Hat CloudForms Management Engine delivers the insight, control, and automation enterprises need to address the challenges of managing virtual environments, which are far more complex than physical ones. This technology enables enterprises with existing virtual infrastructures to improve...

7.5CVSS7.1AI score0.34968EPSS
Exploits3References8Affected Software6
Veracode
Veracode
•added 2019/05/02 5:1 a.m.•41 views

Arbitrary Code Execution

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

10CVSS5.5AI score0.08383EPSS
Exploits3References24Affected Software1
Veracode
Veracode
•added 2019/05/02 4:59 a.m.•41 views

Sensitive Information Disclosure

The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload UFO feature was enabled. A remot...

6.2CVSS6.9AI score0.03181EPSS
Exploits8References36Affected Software1
Veracode
Veracode
•added 2019/05/02 4:57 a.m.•41 views

Denial Of Service (DoS)

KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Multiple integer...

8.6CVSS7.3AI score0.01002EPSS
Exploits3References10Affected Software2
Veracode
Veracode
•added 2019/05/02 4:56 a.m.•41 views

Arbitrary Code Execution

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way IP packets with an Internet Header Length ihl of zero were processed in the skbflowdissect function in the Linux kernel. A remote attacker could use this flaw to trigger an infinit...

7.1CVSS6.9AI score0.09408EPSS
Exploits6References19Affected Software2
Veracode
Veracode
•added 2019/05/02 4:56 a.m.•41 views

Denial Of Service (DoS)

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...

7.5CVSS9.9AI score0.06353EPSS
Exploits0References21Affected Software2
Veracode
Veracode
•added 2019/05/02 4:56 a.m.•41 views

Denial Of Service (DoS)

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...

7.5CVSS9.9AI score0.06353EPSS
Exploits0References21Affected Software2
Veracode
Veracode
•added 2019/05/02 4:54 a.m.•41 views

Use-After-Free

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

6.5CVSS7.9AI score0.10893EPSS
Exploits5References18Affected Software3
Veracode
Veracode
•added 2019/05/02 4:52 a.m.•41 views

Cross-Site Scripting (XSS)

Red Hat OpenShift Enterprise is a cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. Refer to the Red Hat OpenShift Enterprise 1.1 Release Notes for information about the changes in this release. The Release Notes will be available shortly fr...

7.5CVSS6.7AI score0.04458EPSS
Exploits2References45Affected Software20
Veracode
Veracode
•added 2019/05/02 4:52 a.m.•41 views

Denial Of Service (DoS)

libxml2 is vulnerable to denial of service. Multiple flaws were found in the way libxml2 parsed certain XPath XML Path Language expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run...

7.5CVSS8.4AI score0.01991EPSS
Exploits0References14Affected Software2
Veracode
Veracode
•added 2019/05/02 4:46 a.m.•41 views

Privilege Escalation

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

5.9CVSS7AI score0.15561EPSS
Exploits7References34Affected Software63
Veracode
Veracode
•added 2019/05/02 4:46 a.m.•41 views

Privilege Escalation

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

9.8CVSS6.5AI score0.98704EPSS
Exploits23References27Affected Software1
Veracode
Veracode
•added 2019/05/02 4:45 a.m.•41 views

Memory Corruption

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

10CVSS6.6AI score0.73364EPSS
Exploits18References20Affected Software3
Veracode
Veracode
•added 2019/05/02 4:44 a.m.•41 views

Improper Access Control

Oracle Java SE is vulnerable to improper access control. Remote unauthenticated attackers could bypass Java sandbox restrictions via the vulnerable component RMI...

10CVSS9AI score0.06788EPSS
Exploits0References36Affected Software3
Veracode
Veracode
•added 2019/05/02 4:43 a.m.•41 views

Cross-site Scripting (XSS)

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

9.3CVSS9.8AI score0.42609EPSS
Exploits5References18Affected Software3
Veracode
Veracode
•added 2019/05/02 4:43 a.m.•41 views

Memory Corruption

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

10CVSS9.1AI score0.11515EPSS
Exploits0References23Affected Software1
Veracode
Veracode
•added 2019/05/02 4:42 a.m.•41 views

Denial Of Service (DoS) Or Directory Traversal

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user...

9.8CVSS6.3AI score0.99998EPSS
Exploits56References23Affected Software2
Veracode
Veracode
•added 2019/05/02 4:41 a.m.•41 views

Denial Of Service (DoS) Or Remote Code Execution (RCE)

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

10CVSS9.4AI score0.04899EPSS
Exploits1References7Affected Software3
Veracode
Veracode
•added 2019/05/02 4:41 a.m.•41 views

Remote Code Execution (RCE)

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

8.8CVSS9.3AI score0.11079EPSS
Exploits10References30Affected Software3
Veracode
Veracode
•added 2019/05/02 4:41 a.m.•41 views

Denial Of Service (DoS)

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...

9CVSS6AI score0.05096EPSS
Exploits1References20Affected Software1
Veracode
Veracode
•added 2019/01/15 9:27 a.m.•41 views

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of service. Local users are able to exploit a race condition in the ALSA subsystem to crash the application via malicious /dev/snd/seq ioctl calls. The crash is a result of a use-after-free UAF bug in sndseqioctlcreateport...

7CVSS6.7AI score0.00377EPSS
Exploits0References23Affected Software2
Veracode
Veracode
•added 2019/01/15 9:24 a.m.•41 views

Remote Code Execution (RCE)

openslp is vulnerable to remote code execution RCE attacks. The vulnerability exists as OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability...

9.8CVSS9.7AI score0.0389EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2019/01/15 9:23 a.m.•41 views

Denial Of Service (DoS)

kernel-rt is vulnerable to denial of service DoS attacks. The vulnerability exists as net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX or less, which allows local users to cause a...

7CVSS7AI score0.00406EPSS
Exploits0References11Affected Software2
Veracode
Veracode
•added 2019/01/15 9:21 a.m.•41 views

Denial Of Service (DoS)

qemu-kvm-rhev is vulnerable to denial of service DoS attacks. The vulnerability exists as QEMU aka Quick Emulator, when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service out-of-bounds read and QEMU process crash via vectors involving...

5.5CVSS5.9AI score0.11931EPSS
Exploits5References20Affected Software2
Veracode
Veracode
•added 2019/01/15 9:19 a.m.•41 views

Remote Code Execution (RCE)

lucene-queryparser is vulnerable to remote code execution. This is possible through the use of an XML external entity expansion XXE attack and the Config API with add-listener command...

9.8CVSS9.6AI score0.91896EPSS
Exploits11References31Affected Software14
Veracode
Veracode
•added 2019/01/15 9:12 a.m.•41 views

TCP Session Hijack

kernel-rt is vulnerable to TCP session hijack attacks. The vulnerability exists as net/ipv4/tcpinput.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack...

4.8CVSS5.7AI score0.15073EPSS
Exploits3References34Affected Software1
Veracode
Veracode
•added 2019/01/15 9:7 a.m.•41 views

Denial Of Service (DoS)

qemu-kvm-rhev is vulnerable to denial of service DoS attacks. The vulnerability exists through buffer overflow in the vncrefreshserversurface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service heap memory corruption and process crash or...

7.2CVSS7.3AI score0.00533EPSS
Exploits0References18Affected Software1
Veracode
Veracode
•added 2019/01/15 9:1 a.m.•41 views

Database Authorization Bypass

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...

6.4CVSS7.2AI score0.05673EPSS
Exploits1References14Affected Software1
Veracode
Veracode
•added 2019/01/15 9:0 a.m.•41 views

Information Disclosure Through Buffer Over-read

OpenSSL is vulnerable to information disclosure. OpenSSL does not correctly handle Heartbeat Extension packets, attackers can leverage this flaw to read sensitive information by triggering a buffer over-read. This is also known as Heartbleed...

7.5CVSS7.2AI score0.99999EPSS
Exploits87References135Affected Software1
Veracode
Veracode
•added 2019/01/15 8:58 a.m.•41 views

Denial Of Service (DoS)

libxml2 is vulnerable to denial of service DoS attacks. The vulnerability exists as libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service CPU and memory consumption via an XML file containing an entity declaration with long replacement text and many references ...

4.3CVSS7.5AI score0.02856EPSS
Exploits0References14Affected Software1
Veracode
Veracode
•added 2019/01/15 8:54 a.m.•41 views

XML Encryption Backwards Compatibility Attack

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

6.4CVSS5.9AI score0.06322EPSS
Exploits0References30Affected Software142
Veracode
Veracode
•added 2019/01/15 8:50 a.m.•41 views

Denial Of Service (DoS) Through Memory Consumption And Buffer Overflow

OpenSSL is vulnerable to denial of service DoS attacks and possible other attacks. These attacks are possible because the asn1d2ireadbio function doesn't correctly interpret integer data which can be leveraged to do buffer overflow attacks or cause memory consumption...

7.5CVSS8.4AI score0.48298EPSS
Exploits8References41Affected Software2
Veracode
Veracode
•added 2018/11/09 7:23 a.m.•41 views

Directory Traversal

catalina is vulnerable to directory traversal attacks. The vulnerability exists due to an improper path normalization on the URI, allowing directory traversal attacks...

5CVSS5.2AI score0.52716EPSS
Exploits1References65Affected Software3
Veracode
Veracode
•added 2018/11/09 1:31 a.m.•41 views

Directory Traversal

tomcat-coyote is vulnerable to directory traversal attacks. The vulnerability exists as the JVM does not correctly decode UTF-8 encoded URLs, and when a context is configured with allowLinking="true", allowing directory traversal attacks...

4.3CVSS6AI score0.99708EPSS
Exploits22References48Affected Software5
Veracode
Veracode
•added 2018/10/16 3:4 a.m.•41 views

Copy-Paste Vulnerability (CPV) Through Libxml2

nokogiri is vulnerable to denial of service DoS attacks. The library uses a vulnerable version of libxml2, causing it to be vulnerable to the following CVEs: 1. CVE-2016-9318: XML External Entity XXE through a crafted document. 2. CVE-2017-16932: Infinite Recursion during parsing. 3...

5.5CVSS6.3AI score0.05928EPSS
Exploits1
Veracode
Veracode
•added 2018/09/13 6:12 a.m.•41 views

Man-in-the-Middle (MitM)

postgresql is vulnerable to man-in-the-middle. Hostname verification for non-default SSL factories are not performed if the hostname verifier is not provided to the driver. This allows an attacker to masquerade as a trusted server by providing a certificate signed by a trusted CA...

8.1CVSS7.7AI score0.0291EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2018/08/13 3:31 a.m.•41 views

Denial Of Service (DoS)

libkrb5.so is vulnerable to denial of service DoS attacks. The vulnerability exists in the krb5gssprocesscontexttoken function of lib/gssapi/krb5/processcontexttoken.c where a terminated security-context handle could be used by authenticated users to cause a Denial of Service DoS attack...

9CVSS5.5AI score0.06213EPSS
Exploits0References14Affected Software1
Veracode
Veracode
•added 2018/07/17 10:32 a.m.•41 views

Denial Of Service (DoS)

libxslt.so is vulnerable to denial of service attacks. The application does not properly handle i format token for xsl:number data, allowing a malicious user to pass a file to the application to cause a integer overflow that can crash the application or cause arbitrary code to be executed...

7.5CVSS8.2AI score0.01838EPSS
Exploits0References27Affected Software1
Veracode
Veracode
•added 2018/07/05 1:40 a.m.•41 views

Denial Of Service (DoS)

.NET Core is vulnerable to denial of service DoS. This is due to the way the .NET applications process XML documents which could lead to a denial of service condition when a specially crafted request is submitted...

7.5CVSS7.2AI score0.077EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2018/05/17 4:40 a.m.•41 views

Insecure Defaults

Apache Tomcat is vulnerable to insecure defaults. The CORS filter provided by default is insecure as it enables supportsCredentials for all origins. This can allow a malicious user unauthorized access to sensitive resources...

9.8CVSS9.1AI score0.21979EPSS
Exploits0References52Affected Software1
Veracode
Veracode
•added 2018/04/27 2:51 a.m.•41 views

Denial Of Service (DoS)

Guava is vulnerable to Denial Of Service DoS. The attacks are possible because AtomicDoubleArray and CompoundOrdering classes perform memory allocations without checking user provided data and its size...

5.9CVSS6.1AI score0.05119EPSS
Exploits0References88Affected Software1
Veracode
Veracode
•added 2018/04/26 10:18 a.m.•41 views

Remote Code Execution (RCE)

drupal is vulnerable to remote code execution RCE attacks. The library does not properly sanitize URL endpoints where array objects can be supplied to request parameters, allowing a potential compromise of the PHP application, and even the underlying operating system OS. This vulnerability is...

9.8CVSS9.7AI score0.99993EPSS
Exploits58References8Affected Software2
Veracode
Veracode
•added 2018/02/05 1:6 a.m.•41 views

Cross-site Scripting (XSS)

dijit is vulnerable to cross-site scripting XSS attacks. Attackers can execute arbitrary webscript through the onload attributes of SVG elements...

6.1CVSS6AI score0.0115EPSS
Exploits1References3Affected Software2
Veracode
Veracode
•added 2018/01/29 4:14 a.m.•41 views

Denial Of Service (DoS)

Apache poi is vulnerable to denial of service DoS attacks. Attackers can cause infinite loops, when parsing WMF, EMF, MSG and macro files. They can also cause Out-of-Memory OOM exceptions to occur when parsing DOC, PPT and XLS files...

7.5CVSS8.1AI score0.10248EPSS
Exploits3References22Affected Software2
Total number of security vulnerabilities5000