Lucene search
K
VeracodeMost viewed

38355 matches found

Veracode
Veracode
•added 2023/04/11 11:40 p.m.•40 views

Denial Of Service (DoS)

github.com/golang/go is vulnerable to Denial of Service DoS attacks. A malicious user is able to cause an infinite loop via integer overflows when calling any of the Parse functions which contain //line directives with very large line numbers, which can cause the application to crash...

7.5CVSS8.3AI score0.01412EPSS
Exploits0References7Affected Software14
Veracode
Veracode
•added 2023/04/10 8:1 a.m.•40 views

Remote Code Execution (RCE)

net.sourceforge.htmlunit:htmlunit is vulnerable to Remote Code Execution RCE. The vulnerability exists in the transform function in XSLTProcessor.java, which allows an attacker to upload and execute malicious code on the system...

9.8CVSS9.5AI score0.02513EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2023/03/21 12:30 a.m.•40 views

Double Free

curl is vulnerable to Double Free. Two threads sharing the same HSTS data could end up doing a double-free or use-after-free due to missing mutexes or thread locks. This was introduced without consideration for sharing across separate threads, which could lead to a double-free or use-after-free...

5.9CVSS7.5AI score0.01856EPSS
Exploits1References7Affected Software2
Veracode
Veracode
•added 2023/03/18 1:47 p.m.•40 views

Authentication Bypass

Google Chrome is vulnerable to Authentication Bypass. The vulnerability exists due to the insufficient policy enforcement in Web Payments API, which allows an attacker to bypass navigation restrictions via a crafted HTML page...

4.3CVSS6AI score0.00444EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2023/03/13 5:57 a.m.•40 views

Remote Code Execution (RCE)

SPIP is vulnerable to Remote Code Execution RCE. The vulnerability exists because of the improper sanitization of form values in the public area, allowing an attacker to inject and execute malicious code...

9.8CVSS9.3AI score0.99637EPSS
Exploits23References9Affected Software1
Veracode
Veracode
•added 2023/02/18 6:51 p.m.•40 views

Denial Of Service (DoS)

go is vulnerable to Denial of Service DoS attacks. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files, causing the application to crash...

7.5CVSS7.5AI score0.01231EPSS
Exploits0References7Affected Software14
Veracode
Veracode
•added 2023/02/17 8:54 a.m.•40 views

Privilege Escalation

github.com/containerd/containerd is vulnerable to Privilege Escalation. An authenticated attacker is able to use supplementary group access to bypass primary group restrictions in some cases where supplementary groups are not set up properly inside a container, which allows the attackers to acqui...

7.8CVSS7.5AI score0.00542EPSS
Exploits1References14Affected Software5
Veracode
Veracode
•added 2023/02/14 5:57 a.m.•40 views

Heap-Based Buffer Overflow

ring:sid is vulnerable to Heap-Based Buffer Overflow. An attacker is able to cause buffer over read by parsing a specially crafted STUN message with unknown attribute via multiple functions. This only affects applications using STUN including PJNATH and PJSUA-LIB...

9.8CVSS8.8AI score0.00945EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2023/02/08 10:17 a.m.•40 views

Regular Expression Denial Of Service (ReDoS)

http-cache-semantics is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists in the index.js because of insufficient regular expression complexity which allows an attacker to cause an application crash...

7.5CVSS7.8AI score0.01613EPSS
Exploits1References4Affected Software3
Veracode
Veracode
•added 2023/02/03 11:1 p.m.•40 views

Use-After-Free

openssl is vulnerable to Use-After-Free. The vulnerability exists because there is a missing check for the return value from the initialization function which allows an attacker to cause an application crash...

5.5CVSS6.5AI score0.0028EPSS
Exploits0References12Affected Software2
Veracode
Veracode
•added 2023/02/03 10:17 p.m.•40 views

Denial Of Service (DoS)

kernel-rt is vulnerable to Denial Of Service DoS. The vulnerability exists due to the incorrect TLB flush issue in the library, which leads to random memory corruption or data leaks, allowing an attacker to cause an application crash...

7.8CVSS7.9AI score0.00252EPSS
Exploits0References5Affected Software3
Veracode
Veracode
•added 2023/01/31 1:33 p.m.•40 views

Use-after-free

kernel is vulnerable to Use-after-free. A race condition between the VTDISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free resulting in an application crash...

5.1CVSS6.1AI score0.00196EPSS
Exploits0References6Affected Software3
Veracode
Veracode
•added 2023/01/19 4:36 a.m.•40 views

Authentication Bypass

github.com/KubeOperator/KubeOperator is vulnerable to Authentication Bypass. The vulnerability exists because the V1 function of v1api.go does not properly handle the online application routing permissions, allowing an attacker to bypass the system's preset permission settings to access some API...

9.8CVSS8.6AI score0.66768EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2023/01/17 5:2 p.m.•40 views

Integer Wraparound

linux is vulnerable to an Integer Wraparound. The issue was discovered in l2capconfigreq in net/bluetooth/l2capcore.c which has an integer wraparound via L2CAPCONFREQ packets...

7.8CVSS8.1AI score0.00747EPSS
Exploits0References8Affected Software2
Veracode
Veracode
•added 2022/12/23 7:14 p.m.•40 views

Information Disclosure

curl is vulnerable to Information Disclosure. An attacker may force the library to use an insecure clear-text HTTP step even when HTTPS is provided in the URL. The HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts ...

7.5CVSS7.4AI score0.1654EPSS
Exploits1References10Affected Software3
Veracode
Veracode
•added 2022/12/12 12:46 a.m.•40 views

Information Disclosure

kernel is vulnerable to Information Disclosure. This vulnerability occurs in some IntelR processors due to return predictor targets being shared non-transparently between contexts. This allows a potential attacker to view and disclose sensitive information through local access...

5.5CVSS6.1AI score0.0035EPSS
Exploits0References9Affected Software2
Veracode
Veracode
•added 2022/12/08 3:39 a.m.•40 views

Cross-Origin Resource Sharing (CORS)

quarkus-vertx-http is vulnerable to an insecure cross-origin resource sharing CORS policy. The vulnerability exists because the XMLHttpRequest has no event listeners registered on the object returned by the XMLHttpRequest upload property, allowing an attacker to send malicious GET and POST reques...

7.5CVSS7.9AI score0.00577EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2022/12/01 4:41 a.m.•40 views

Information Disclosure

github.com/grafana/synthetic-monitoring-agent is vulnerable to information disclosure.The vulnerability exists in multiple functions due to default installation of synthetic-monitoring-agent which allows an attacker to communicate with the Synthetic Monitoring API via a debugging endpoint...

7.2CVSS5.6AI score0.00473EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2022/11/30 3:28 a.m.•40 views

Authentication Bypass

github.com/prometheus/exporter-toolkit is vulnerable to authentication bypass. It is possible to bypass the security mechanisms by poisoning the built-in authentication cache when an attacker has access to the web.yml file and user's hashed bcrypted passwords...

8.8CVSS8.6AI score0.01166EPSS
Exploits1References18Affected Software3
Veracode
Veracode
•added 2022/11/25 3:39 a.m.•40 views

Remote Code Execution

yiisoft/yii is vulnerable to remote code execution. The vulnerability exists in the wakeup function of CDbCriteria.php, due to improper deserialization of untrusted user input, which allows the attacker to control the state or the flow of execution...

9.8CVSS9.4AI score0.01133EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2022/11/20 11:5 p.m.•40 views

Denial Of Service (DoS)

grub2 is vulnerable to Denial Of Service DoS. The vulnerability exists in grub2 package because of the unicode sequences not properly validate which may lead to a segmentation fault and an application crash...

7.1CVSS7.5AI score0.00872EPSS
Exploits0References3Affected Software2
Veracode
Veracode
•added 2022/11/16 3:53 p.m.•40 views

Type Confusion

chromium is vulnerable to type confusion. The vulnerability exists in V8 in Google Chrome which allows a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS8.4AI score0.0675EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2022/11/08 7:11 a.m.•40 views

Out-of-bound Write

Apache Commons BCEL is vulnerable to Out-of-bound Write. The vulnerability is due to ConstantPool.java and ConstantPoolGen.java improperly handing MAXCPENTRIES which allows an attacker to pass data to specific APIs and control the resulting bytecode causing out-of-bound writes...

9.8CVSS8.9AI score0.02836EPSS
Exploits0References14Affected Software1
Veracode
Veracode
•added 2022/10/14 11:0 a.m.•40 views

Improper Verification Of Cryptographic Signature

Passport-saml is vulnerable to improper cryptographic signature verification. A remote attacker is able to bypass SAML authentication via an arbitrary IDP signed XML element, due to improper checks for a valid top-level signature in saml.ts...

8.1CVSS8.9AI score0.03025EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2022/09/26 11:57 p.m.•40 views

Information Disclosure

squid is vulnerable to information disclosure. The vulnerability exits due to inconsistent handling of internal URIs, which allows an attacker to gain access to cache manager information in the file system via bypassing the manager ACL protection...

6.5CVSS7.1AI score0.0169EPSS
Exploits0References8Affected Software3
Veracode
Veracode
•added 2022/09/24 8:14 a.m.•40 views

Memory Leak

bind is vulnerable to memory leak. By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources...

7.5CVSS7.7AI score0.02176EPSS
Exploits0References17Affected Software3
Veracode
Veracode
•added 2022/09/21 8:52 a.m.•40 views

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists in Compute function in batchkernels.cc because Unbatch Op kernel doesn't properly check if the input argument is a scalar which allows an attacker to send non-scalar input IDs causing an application crash...

7.5CVSS7.2AI score0.00396EPSS
Exploits0References8Affected Software3
Veracode
Veracode
•added 2022/09/08 8:14 a.m.•40 views

Authentication Bypass

github.com/kubevela/kubevela is vulnerable to authentication bypass. The vulnerability exists in authentication.go because the users are allowed use the platformID to re-generate the JWT tokens which allows an attacker to bypass the authentication...

9.8CVSS9.1AI score0.00698EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2022/09/01 10:40 a.m.•40 views

Denial Of Service (DoS)

chrome is vulnerable to denial of service. The vulnerability exists due to a memory corruption in FedCM which allows an attacker to crash the application via malicious input...

8.8CVSS8.2AI score0.02462EPSS
Exploits0References6Affected Software2
Veracode
Veracode
•added 2022/08/13 8:14 a.m.•40 views

Denial Of Service (DoS)

chrome is vulnerable to denial of service. The vulnerability exists due to a use after free in WebGPU in Google Chrome allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS8.6AI score0.00617EPSS
Exploits1References3Affected Software2
Veracode
Veracode
•added 2022/07/19 6:35 a.m.•40 views

Information Disclosure

rocketchip2.12 is vulnerable to information disclosure. The vulnerability exists due to the insecure cryptographic algorithm used in RocketCore.scala, allowing an attacker to gain sensitive information through the malicious Zk extensions...

9.1CVSS8.5AI score0.00468EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2022/07/15 2:32 a.m.•40 views

Arbitrary Code Execution

xen is vulnerable to arbitrary code execution. The vulnerability exists in hw due to Mis-trained branch predictions for return instructions which allows an attacker to inject and execute arbitrary speculative codes under certain microarchitecture-dependent conditions...

3.7AI score
Exploits0
Veracode
Veracode
•added 2022/07/05 4:15 a.m.•40 views

SQL Injection

django is vulnerable to SQL injection. An attacker is able to execute arbitrary SQL commands via the Trunc and Extract database functions which allows an attacker to execute arbitrary sql queries...

9.8CVSS10AI score0.73274EPSS
Exploits3References14Affected Software4
Veracode
Veracode
•added 2022/06/26 4:59 p.m.•40 views

Denial Of Service (DoS)

vim is vulnerable to denial of service. The vulnerability exists due to the usage of invalid index when looking for spell suggestions which causes out-of-bound reads which then lead to an application crash...

7.8CVSS7.4AI score0.01481EPSS
Exploits1References17Affected Software1
Veracode
Veracode
•added 2022/06/26 4:57 p.m.•40 views

Privilege Escalation

chromium is vulnerable to privilege escalation. The vulnerability exists because the lack of implementation of the protection mechanism, allowing an attacker to exploit this flaw by providing malicious input...

6.5CVSS7.3AI score0.0056EPSS
Exploits1References8Affected Software3
Veracode
Veracode
•added 2022/06/23 5:28 a.m.•40 views

Log Injection

org.apache.sling:org.apache.sling.api and org.apache.sling:org.apache.sling.commons.log is vulnerable to log injection. A remote attacker with privileges to forge logs, is able to inject fake logs and potentially corrupt log files, causing unintended behavior in the the system...

5.3CVSS5.9AI score0.0222EPSS
Exploits0References3Affected Software2
Veracode
Veracode
•added 2022/06/22 7:29 a.m.•40 views

Denial Of Service (DoS)

MariaDB is vulnerable to denial of service. The vulnerability exists due to a deadlock indsxbstream.cc, crashing the system when an error occurs streamctxt-destfile == NULL while executing the method xbstreamopen...

5.5CVSS5.5AI score0.00213EPSS
Exploits0References8Affected Software5
Veracode
Veracode
•added 2022/06/21 11:46 p.m.•40 views

Denial Of Service (DoS)

eap is vulnerable to denial of service. The vulnerability exists due to a flaw found in XNIO, specifically in the notifyReadClosed method allowing an attacker to crash the system via a flawed requests sent to a server, possibly causing log contention-related performance concerns or an unwanted di...

7.5CVSS8.1AI score0.01183EPSS
Exploits0References8Affected Software26
Veracode
Veracode
•added 2022/06/20 7:47 p.m.•40 views

Authentication Bypass

Linux kernel is vulnerable to authentication bypass. The vulnerability exists because the users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process which allows an attacker to escalate their privileges and crash the system...

7.8CVSS4.9AI score0.00541EPSS
Exploits0References8Affected Software4
Veracode
Veracode
•added 2022/06/02 8:55 p.m.•40 views

Denial Of Service (DoS)

.NET and Visual Studio are vulnerable to denial of service. The vulnerability exists due to a flaw in dotnet allowing an attacker to crash the system by applying MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient...

7.5CVSS7.2AI score0.05041EPSS
Exploits0References12Affected Software2
Veracode
Veracode
•added 2022/06/01 3:40 p.m.•40 views

Path Traversal

firefox is vulnerable to Path Traversal. A remote attacker is able to use the % character in filenames to store the data outside of the intended directory using windows environment variables, such as %HOMEPATH% or %APPDATA%...

8.8CVSS8.8AI score0.00662EPSS
Exploits0References7Affected Software3
Veracode
Veracode
•added 2022/06/01 3:18 p.m.•40 views

Memory Corruption

firefox is vulnerable to memory corruption vulnerability. Crafted CMS messages are incorrectly processed, leading to invalid memory reads, and potentially further memory corruption...

8.8CVSS9.3AI score0.00662EPSS
Exploits0References7Affected Software6
Veracode
Veracode
•added 2022/05/24 5:48 a.m.•40 views

Heap-based Buffer Overflow

tensorflow is vulnerable to heap-based buffer overflow. The use of AllocatedBytes in the insecure hash function AbslHashValue allows local authenticated attackers to cause heap-based buffer overflows resulting in denial of service conditions...

5.5CVSS5.6AI score0.00225EPSS
Exploits0References9Affected Software3
Veracode
Veracode
•added 2022/05/05 2:55 a.m.•40 views

Denial Of Service (DoS)

libxml2.so is vulnerable to denial of service. The xmlBufCreateSize function of buf.c does not properly check types of buffer sizes, allowing an attacker to crash the application by providing large multi-gigabyte buffers...

6.5CVSS4.5AI score0.0363EPSS
Exploits5References20Affected Software3
Veracode
Veracode
•added 2022/05/04 10:25 a.m.•40 views

Token Validation Bypass

Google OAuth Client is vulnerable to token validation bypass. The function IdTokenVerifier validate any token with custom payload as valid token if the token is properly signed...

8.7CVSS2.2AI score0.00287EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2022/04/21 12:42 a.m.•40 views

Remote Code Execution (RCE)

jenkins-2-plugins is vulnerable to remote code execution. The vulnerability exists due to a sandbox bypass allowing attackers to execute arbitrary code on the system...

8.8CVSS7.5AI score0.01541EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2022/04/14 8:18 a.m.•40 views

SQL Injection

github.com/flipped-aurora/gin-vue-admin is vulnerable to SQL injection. The vulnerability exists due to insecure handling of special elements used in an PostgreSQL Command in server/service/system/sysautocodepgsql.go. The vulnerability is only possible if the user is using PostgreSQL as the...

8.8CVSS1.9AI score0.0144EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2022/04/10 12:42 a.m.•40 views

Buffer Overflow

glibc is vulnerable to buffer overflow. The vulnerability exists due to a memory corruption when the size of the buffer is exactly 1 which allows an attacker to control the input buffer and size passed to getcwd in a setuid program...

7.8CVSS3.9AI score0.0072EPSS
Exploits1References11Affected Software2
Veracode
Veracode
•added 2022/03/26 6:16 p.m.•40 views

Insecure Access Control

linux is vulnerable to insecure access control. The vulnerability exists due to a flaw in kvms390guestsidaop in the arch/s390/kvm/kvm-s390.c function in KVM allowing an attacker to obtain unauthorized memory write access...

7.8CVSS4.6AI score0.00327EPSS
Exploits0References5Affected Software4
Veracode
Veracode
•added 2022/03/10 4:21 a.m.•40 views

Denial Of Service (DoS)

firefox is vulnerable to denial of service. The vulnerability exists due to a lack of sanitization allowing an attacker to crash the system...

7.5CVSS3.2AI score0.00657EPSS
Exploits1References6Affected Software6
Total number of security vulnerabilities5000