Lucene search
K
VeracodeMost viewed

38355 matches found

Veracode
Veracode
added 2022/03/04 8:13 p.m.40 views

Denial Of Service (DoS)

com.liferay.layout.admin.web is vulnerable to denial of service. The vulnerability exists due to improper handle of user privileges in script.jsp file allows a remote attacker to restrict system access to the legitimate users...

7.5CVSS6AI score0.02208EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2022/02/20 5:48 a.m.40 views

Use After Free

chromium is vulnerable to use after free. The vulnerability exists in Optimization Guide which allows an attacker to cause a memory corruption...

8.8CVSS3.4AI score0.23546EPSS
Exploits0References3Affected Software3
Veracode
Veracode
added 2022/02/08 6:17 p.m.40 views

Denial Of Service (DoS)

samba is vulnerable to information disclosure. The vulnerability exists due to a lack of sanitization of permission when adding service principals names SPNs to an account...

8.8CVSS2.4AI score0.01301EPSS
Exploits0References8Affected Software2
Veracode
Veracode
added 2022/01/22 2:32 p.m.40 views

Buffer Overflow

mruby is vulnerable to Heap-based Buffer Overflow. The vulnerability exists due to a lack of sanitization...

9.8CVSS3.3AI score0.0141EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2022/01/20 6:19 a.m.40 views

Denial Of Service (DoS)

linux kernel is vulnerable to Denial Of Service DoS. The vulnerability exists due to an array-index-out-of-bounds flaw in the detachcapictr function in drivers/isdn/capi/kcapi.c...

5.5CVSS6.4AI score0.00669EPSS
Exploits1References12Affected Software5
Veracode
Veracode
added 2022/01/15 12:28 a.m.40 views

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of service. The vulnerability exists due to the use-after-free in the NFC stack, allowing an attacker to crash the application...

7.8CVSS3.8AI score0.00354EPSS
Exploits0References5Affected Software3
Veracode
Veracode
added 2021/12/28 10:7 a.m.40 views

Denial Of Service (DoS)

linux-oracle:hirsute is vulnerable to denial of service. A memory leak in the ccprunaesgcmcmdfunction in drivers/crypto/ccp/ccp-ops.c in the Linux kernel allows attackers to cause an application crash...

5.5CVSS4.8AI score0.0026EPSS
Exploits0References5Affected Software5
Veracode
Veracode
added 2021/12/14 2:31 a.m.40 views

Cross-site Scripting (XSS)

lxml is vulnerable to Cross-site Scripting XSS. An attacker can inject and execute crafted and SVG embedded scripts through the data URIs in clean.py...

8.2CVSS7.4AI score0.02456EPSS
Exploits0References18Affected Software4
Veracode
Veracode
added 2021/12/10 7:36 a.m.40 views

Denial Of Service (DoS)

thunderbird and firefox are vulnerable to denial of service. The vulnerability exist due to an incorrect type conversion of sizes from 64bit to 32bit integers which allows an attacker to corrupt memory...

8.8CVSS5.8AI score0.0202EPSS
Exploits0References13Affected Software7
Veracode
Veracode
added 2021/11/26 12:41 a.m.40 views

Denial Of Service (DoS)

kernel-rt is vulnerable to denial of service DoS attacks. A flaw out of bounds memory access in the Linux kernel bluetooth subsystem was found in the way when some data being read about the bluetooth device with the hciextendedinquiryresultevt call. A local user could use this flaw to crash the...

7.1CVSS2.7AI score0.00536EPSS
Exploits1References9Affected Software2
Veracode
Veracode
added 2021/10/25 6:1 p.m.40 views

Denial Of Service (DoS)

linux is vulnerable to denial of service. The vulnerability exists due to a race condition in ext4writeinlinedataend in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel...

7CVSS2.6AI score0.00303EPSS
Exploits0References10Affected Software3
Veracode
Veracode
added 2021/10/25 5:58 p.m.40 views

Denial Of Service (DoS)

linux is vulnerable to denial of service. The vulnerability exists due to an out-of-bounds OOB memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel...

7.1CVSS3.6AI score0.0072EPSS
Exploits1References12Affected Software5
Veracode
Veracode
added 2021/10/13 5:26 p.m.40 views

HTTP Request Smuggling (HRS)

nodejs is vulnerable to HTTP Request Smuggling HRS. The vulnerability exists due to an error related to a space in headers which allows an attacker to poison the web cache, bypassing the web application...

6.5CVSS7.8AI score0.02936EPSS
Exploits1References4Affected Software5
Veracode
Veracode
added 2021/09/17 9:34 p.m.40 views

Man-In-The-Middle Attack (MitM)

curl is vulnerable to Man in the middle attack. The vulnerability exists due to a lack of clearing of previous cached responses, treating them as valid and authenticated...

5.9CVSS2.6AI score0.02799EPSS
Exploits1References22Affected Software2
Veracode
Veracode
added 2021/09/17 9:34 p.m.40 views

Denial Of Service (DoS)

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

7.5CVSS2AI score0.04224EPSS
Exploits1References23Affected Software2
Veracode
Veracode
added 2021/09/13 6:49 a.m.40 views

Prototype Pollution

set-value is vulnerable to prototype pollution. Lack of validation in type of user-provided keys in the path parameter causes a bypass of CVE-2019-10747. The exploit is possible when the user-provided keys used in the path parameter are arrays...

9.8CVSS9.1AI score0.02475EPSS
Exploits2References7Affected Software2
Veracode
Veracode
added 2021/08/13 5:50 a.m.40 views

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. Lack of checking that shape of the input or the target shape have both a non-zero number of elements causes an integral division by 0 exception...

5.5CVSS3.6AI score0.00152EPSS
Exploits0References2Affected Software3
Veracode
Veracode
added 2021/07/11 3:57 p.m.40 views

Denial Of Service (DoS)

ruby2.7:sid is vulnerable to Denial Of Service DoS. It is possible to execute arbitrary code via | and tags in a filename...

7CVSS7.7AI score0.0148EPSS
Exploits0References6Affected Software10
Veracode
Veracode
added 2021/07/10 2:45 p.m.40 views

Man In The Middle (MitM)

ruby2.7 is vulnerable to Man In the Middle Attack. An attacker may bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a “StartTLS stripping attack.”...

7.4CVSS2.9AI score0.02909EPSS
Exploits1References9Affected Software11
Veracode
Veracode
added 2021/05/24 12:38 a.m.40 views

Denial Of Service (DoS)

glibc is vulnerable to denial of service. The vulnerability exists when processing invalid multi-byte input sequences which could lead to an infinite loop in applications causing the system to crash...

5.5CVSS3.3AI score0.00887EPSS
Exploits1References11Affected Software1
Veracode
Veracode
added 2021/05/20 3:29 p.m.40 views

Privilege Escalation

kernel is vulnerable to privilege escalation. The vulnerability exists through sending ioctl commands to midi devices that could trigger a use-after-free issue where a write to this specific memory while freed...

7.8CVSS3.7AI score0.01659EPSS
Exploits2References7Affected Software2
Veracode
Veracode
added 2021/05/08 3:20 p.m.40 views

Remote Code Execution (RCE)

libxml2 is vulnerable to remote code execution. The vulnerability exists due to a use after free in libxml2 in xmlXIncludeDoProcess in xinclude.c...

8.8CVSS2.9AI score0.03653EPSS
Exploits0References24Affected Software17
Veracode
Veracode
added 2021/05/06 4:1 a.m.40 views

Remote Code Execution

redis is vulnerable to remote code execution. An integer overflow occurs during the execution of a STRALGO LCS command, resulting in heap corruption and potential code execution...

8.8CVSS5.8AI score0.04028EPSS
Exploits0References12Affected Software1
Veracode
Veracode
added 2021/04/24 10:10 p.m.40 views

Authorization Bypass

java is vulnerable to Authorization Bypass. A difficult to exploit vulnerability allows unauthenticated attacker with network access to affect intgrity of the system. The attack requires human interaction from a person other than the attacker...

5.3CVSS5.8AI score0.03566EPSS
Exploits0References20Affected Software3
Veracode
Veracode
added 2021/03/18 6:52 a.m.40 views

Denial Of Service (DoS)

etcd is vulnerable to denial of service. A panic occurs in decodeRecord method when a large slice is processed due to a lack of validation on the size of record...

6.5CVSS4.3AI score0.01291EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2021/03/09 4:21 a.m.40 views

Denial Of Service (DoS)

chromium is vulnerable to denial of service. An out-of-bounds read in sctploadaddressesfrominit in usrsctp allows an attacker to crash the application...

6.5CVSS4AI score0.03155EPSS
Exploits1References42Affected Software1
Veracode
Veracode
added 2021/03/03 6:0 a.m.40 views

Arbitrary Code Execution

grub is vulnerable to arbitrary code execution. An attacker is able to remove address ranges from memory via the cutmem command to bypass Secure Boot protections...

7.5CVSS5.6AI score0.0039EPSS
Exploits0References6Affected Software3
Veracode
Veracode
added 2021/03/03 5:51 a.m.40 views

Privilege Escalation

grub2 is vulnerable to privilege escalation. The vulnerability exists as variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with ...

6.7CVSS4.1AI score0.00573EPSS
Exploits0References6Affected Software3
Veracode
Veracode
added 2021/02/18 9:52 p.m.40 views

Remote Code Execution

bind9 is vulnerable to remote code execution. A buffer overflow in GSSAPI security policy negotiation can result in remote code execution...

8.1CVSS4.9AI score0.64161EPSS
Exploits0References15Affected Software6
Veracode
Veracode
added 2021/02/10 6:5 a.m.40 views

Privilege Escalation

kernel is vulnerable to privilege escalation. An attacker may exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device with zero interfaces that is mishandled in usbaudioprobe in sound/usb/card.c...

7.8CVSS3.5AI score0.00564EPSS
Exploits0References22Affected Software1
Veracode
Veracode
added 2021/01/21 7:51 p.m.40 views

Buffer Overflow

github.com/python/cpython is vulnerable to buffer overflow. The vulnerability exists because of the use sprintf which does not sanitize the input and its boundaries...

9.8CVSS4AI score0.23293EPSS
Exploits1References44Affected Software21
Veracode
Veracode
added 2021/01/08 7:27 a.m.40 views

Arbitrary Code Execution

jackson-databind is vulnerable to remote code execution RCE. The vulnerability exists through the lack of sanitization of the org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS class through deserialization...

8.1CVSS4.9AI score0.05041EPSS
Exploits2References10Affected Software3
Veracode
Veracode
added 2021/01/07 7:9 p.m.40 views

Denial Of Service (DoS)

openjpeg is vulnerable to denial of service. The vulnerability exists in opjt2encodepacket function of t2.c due to a null pointer dereference which allows an attacker to crash the application via malicious input...

5.5CVSS6.1AI score0.01443EPSS
Exploits0References11Affected Software3
Veracode
Veracode
added 2020/12/06 4:38 a.m.40 views

Arbitrary Code Execution

SQLite is vulnerable to arbitrary code execution. A remote attacker is able to execute arbitrary code via a buffer overflow when the FTS3 extension is enabled...

8.1CVSS6.4AI score0.09683EPSS
Exploits1References36Affected Software3
Veracode
Veracode
added 2020/12/06 4:18 a.m.40 views

Arbitrary Code Execution

lighttpd is vulnerable to arbitrary code execution. A signed integer overflow allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code on the host OS malicious HTTP GET request due to mishandling of /%2F? in burlnormalize2Ftoslashfix in burl.c...

9.8CVSS6.4AI score0.73762EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2020/12/02 9:50 a.m.40 views

Information Disclosure

php is vulnerable to information disclosure in exifreaddata...

6.5CVSS0.5AI score0.07473EPSS
Exploits1References18Affected Software1
Veracode
Veracode
added 2020/11/19 6:14 a.m.40 views

Command Injection

cmd/go in github.com/golang/go is vulnerable to command injection. An attacker is able to inject malicious command via cgoflags compiler flag argument...

7.5CVSS3.9AI score0.02369EPSS
Exploits0References13Affected Software5
Veracode
Veracode
added 2020/10/12 4:2 a.m.40 views

Validation Bypass

httpclient is vulnerable to validation bypass. A malformed authority component in the request URIs that is passed to the library as java.net.URI object would result in the request execution for a wrong target host...

5.3CVSS1.1AI score0.08665EPSS
Exploits1References120Affected Software22
Veracode
Veracode
added 2020/10/01 3:53 a.m.40 views

Arbitrary Code Execution

webkitgtk4 is vulnerable to arbitrary code execution. The vulnerability exists through memory corruption...

8.8CVSS3.8AI score0.01812EPSS
Exploits0References7Affected Software28
Veracode
Veracode
added 2020/10/01 3:52 a.m.40 views

Information Disclosure

webkitgtk4 is vulnerable to information disclosure. The vulnerability exists through the drawing of web page elements that causes browsing history to be revealed...

4.3CVSS1.3AI score0.01241EPSS
Exploits0References5Affected Software28
Veracode
Veracode
added 2020/10/01 3:52 a.m.40 views

Arbitrary Code Execution

webkitgtk4 is vulnerable to arbitrary code execution. The vulnerability exists through memory corruption when parsing web content...

6.1CVSS6AI score0.00983EPSS
Exploits0References5Affected Software28
Veracode
Veracode
added 2020/10/01 3:50 a.m.40 views

Arbitrary Code Execution

glibc is vulnerable to arbitary code execution.It is possible because LDPREFERMAP32BITEXEC doe not ignore in setuid binaries...

3.3CVSS3.9AI score0.00409EPSS
Exploits0References10Affected Software1
Veracode
Veracode
added 2020/09/21 6:39 a.m.40 views

Arbitrary Code Execution

GraphicsMagick is vulnerable to arbitrary code execution. A segmentation violation in the WriteMAPImage function in coders/map.c when processing a non-colormapped image allows an attacker to execute arbitrary code on the host OS. This vulnerability is different from CVE-2017-11642...

8.8CVSS4.2AI score0.01766EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2020/09/21 6:36 a.m.40 views

Privilege Escalation

android kernel is vulnerable to privilege escalation. A use-after-free in the video driver allows an attacker to obtain higher privileges...

7CVSS4.3AI score0.00171EPSS
Exploits0References2Affected Software3
Veracode
Veracode
added 2020/09/21 6:36 a.m.40 views

Information Disclosure

kernel is vulnerable to information disclosure. An info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusbdec.c driver allows an attacker to obtain confidential information...

2.4CVSS2.8AI score0.0046EPSS
Exploits0References6Affected Software4
Veracode
Veracode
added 2020/09/21 6:32 a.m.40 views

Sweet32 Attack

OpenVPN is vulnerable to Sweet32 Attack. When using a 64-bit block cipher, it is easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack...

5.9CVSS5.6AI score0.0594EPSS
Exploits0References10Affected Software2
Veracode
Veracode
added 2020/09/21 6:26 a.m.40 views

Denial Of Service (DoS)

busybox is vulnerable to denial of service DoS. The vulnerability exists through an integer overflow issue in the DHCP client udhcpc...

7.5CVSS3.3AI score0.08055EPSS
Exploits4References14Affected Software3
Veracode
Veracode
added 2020/08/25 3:50 a.m.40 views

Denial Of Service (DoS)

chrony is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writin...

6CVSS2.3AI score0.00485EPSS
Exploits0References5Affected Software3
Veracode
Veracode
added 2020/08/20 2:25 a.m.40 views

Denial Of Service (DoS)

mysql is vulnerable to denial of service DoS. The vulnerability exists in Server Logging...

4.9CVSS2.6AI score0.02031EPSS
Exploits0References11Affected Software1
Veracode
Veracode
added 2020/08/11 3:31 a.m.40 views

Unauthorised Access

openjdk7 is vulnerable to unauthorized. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data...

3.1CVSS4.5AI score0.02308EPSS
Exploits0References7Affected Software2
Total number of security vulnerabilities5000