Lucene search
K
VeracodeMost viewed

38326 matches found

Veracode
Veracode
•added 2018/07/05 1:40 a.m.•40 views

Denial Of Service (DoS)

.NET Core is vulnerable to denial of service DoS. This is due to the way the .NET applications process XML documents which could lead to a denial of service condition when a specially crafted request is submitted...

7.5CVSS7.2AI score0.077EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2018/07/04 7:53 a.m.•40 views

Remote Code Execution (RCE) Via Memory Corruption

microsoft.chakracore is vulnerable to remote code execution via memory corruption vulnerability. This happens when an attacker inputs a large numeric or spread array literal to ByteCodeGenerator, leading to an out-of-bounds write. This CVE ID is different from CVE-2017-11886, CVE-2017-11889,...

7.5CVSS8AI score0.68491EPSS
Exploits25References4Affected Software2
Veracode
Veracode
•added 2018/05/17 4:40 a.m.•40 views

Insecure Defaults

Apache Tomcat is vulnerable to insecure defaults. The CORS filter provided by default is insecure as it enables supportsCredentials for all origins. This can allow a malicious user unauthorized access to sensitive resources...

9.8CVSS9.1AI score0.21979EPSS
Exploits0References52Affected Software1
Veracode
Veracode
•added 2018/04/27 2:51 a.m.•40 views

Denial Of Service (DoS)

Guava is vulnerable to Denial Of Service DoS. The attacks are possible because AtomicDoubleArray and CompoundOrdering classes perform memory allocations without checking user provided data and its size...

5.9CVSS6.1AI score0.05119EPSS
Exploits0References88Affected Software1
Veracode
Veracode
•added 2018/01/29 4:14 a.m.•40 views

Denial Of Service (DoS)

Apache poi is vulnerable to denial of service DoS attacks. Attackers can cause infinite loops, when parsing WMF, EMF, MSG and macro files. They can also cause Out-of-Memory OOM exceptions to occur when parsing DOC, PPT and XLS files...

7.5CVSS8.1AI score0.10248EPSS
Exploits3References22Affected Software2
Veracode
Veracode
•added 2017/12/11 1:11 a.m.•40 views

Remote Code Execution (RCE)

Apache Synapse uses a vulnerable version of commons-collections. This allows attackers to exploit the use of the vulnerable library to perform remote code execution RCE attacks...

9.8CVSS9.6AI score0.17741EPSS
Exploits1References10Affected Software2
Veracode
Veracode
•added 2017/09/08 6:31 a.m.•40 views

Remote Code Execution (RCE)

struts2-core is vulnerable to remote code execution attacks. The vulnerability exists when expression literals, or forcing expression in Freemarker tags, are used as request values. The default Freemark configuration allows ObjectConstructor, Execurt, and freemarker.template.utility.JythonRuntime...

9.8CVSS9.6AI score0.99461EPSS
Exploits28References8Affected Software1
Veracode
Veracode
•added 2017/08/10 8:10 a.m.•40 views

Denial Of Service(DoS) Via CPU Consumption

WordPress is vulnerable to denial of service DoS attacks. The attacks exist because the hashing of large passwords are not properly handled, leading to high CPU usage...

5CVSS5.8AI score0.83162EPSS
Exploits7References8Affected Software1
Veracode
Veracode
•added 2017/08/03 8:38 a.m.•40 views

Unauthorized Access

WordPress is vulnerable to unauthorized access. The attack is possible because the library uses the SERVERNAME variable to get the hostname of the server for PHP mail functions, allowing an attacker to modify the hostname of his choice and trigger a password reset function. However, the attack ca...

5.9CVSS5.9AI score0.26699EPSS
Exploits7References6Affected Software3
Veracode
Veracode
•added 2017/05/16 2:21 a.m.•40 views

Copy-Paste Vulnerability (CPV) Through Libxml2

nokogiri has a copied version of the libxml2 library. The copy that nokogiri includes is vulnerable to CVE-2017-8872 which allows attackers to cause a denial of service DoS or information disclosure via a buffer overflow. This is caused by the htmlParseTryOrFinish method in the HTMLparser.c file...

8.7AI score0.02306EPSS
Exploits0
Veracode
Veracode
•added 2017/04/11 2:17 a.m.•40 views

Information Disclosure

Tomcat is vulnerable to information disclosure. The library does not use the appropriate facade object when making calls to certain application listeners. This allows an untrusted application to retain a reference to the object and access or modify the associated information...

9.1CVSS8.5AI score0.13225EPSS
Exploits0References25Affected Software7
Veracode
Veracode
•added 2017/04/04 3:2 a.m.•40 views

Remote Code Execution (RCE)

Glassfish is vulnerable to remote code execution. It is because the JMXMPConnectorStarter is not updated to consider Oracle’s fix for CVE-2016-3427 where a remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. Therefore,...

10CVSS9.1AI score0.92334EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2017/03/29 6:27 a.m.•40 views

Incorrect Key Verification

ansible is vulnerable to incorrect key verification. The library does not verify key fingerprints before uploading them. This allows a malicious user to generate a key with the desired 16 digit id and upload it to the server...

7.5CVSS7.5AI score0.02458EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2017/03/24 3:56 a.m.•40 views

Directory Traversal

ImageMagick is vulnerable to directory traversal. The library does not escape relative paths, allowing a malicious user to upload an arbitrary module into the system...

7.5CVSS8.4AI score0.06534EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2017/02/10 1:19 a.m.•40 views

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service DoS attacks. A malicious user can pass malformed PKCS7 or CMS data to the server that can cause a memory leak that can lead to the system crashing...

5.3CVSS6.2AI score0.38709EPSS
Exploits1References49Affected Software3
Veracode
Veracode
•added 2017/02/06 8:21 a.m.•40 views

Denial Of Service (DoS) Through Null Pointer Dereference

OpenSSL is vulnerable to denial of service DoS attacks through a null pointer dereference and daemon crash. This is because there is an unexpected handshake during the unsupported protocols. NOTE: this issue became relevant after the CVE-2014-3568 fix...

5CVSS4.4AI score0.20646EPSS
Exploits0References41Affected Software1
Veracode
Veracode
•added 2017/01/27 8:38 a.m.•40 views

DROWN Attack

OpenSSL is vulnerable to the DROWN attack. The DROWN attack is also known as a Bleichenbacher RSA padding oracle. This vulnerability allows a malicious user to recover a session key from SSL2.0 connections, allowing them to decrypt such connections...

5.9CVSS7.6AI score0.82112EPSS
Exploits2References64Affected Software4
Veracode
Veracode
•added 2017/01/26 5:46 a.m.•40 views

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service DoS attacks. The library does not validate division results, allowing a malicious user to cause a denial of service via an out-of-bounds write by sending a overly large BIGNUM...

9.8CVSS8.8AI score0.44218EPSS
Exploits1References56Affected Software3
Veracode
Veracode
•added 2017/01/26 1:52 a.m.•40 views

Denial Of Service (DoS)

OpenSSL is vulnerable to Denial Of Service DoS. A malicious user can send multiple large OCSP Status Request extension to the server. causing it to run out of memory and crash...

7.8CVSS8.5AI score0.63029EPSS
Exploits2References63Affected Software3
Veracode
Veracode
•added 2025/12/23 12:30 p.m.•39 views

Improper Authentication

github.com/edgelesssys/contrast is vulnerable to Improper Authentication. The vulnerability is due to unauthenticated LUKS2 volume metadata and support for null key-encryption algorithms, which allows an attacker to craft a malicious volume that opens with any passphrase and captures all written...

5.6AI score
Exploits0
Veracode
Veracode
•added 2024/04/15 12:24 p.m.•39 views

Sensitive Information Disclosure

Azure.Identity is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper validation of user-supplied input, allowing an attacker to access sensitive information...

5.5CVSS6.5AI score0.00711EPSS
Exploits0References1Affected Software1
Veracode
Veracode
•added 2024/04/06 12:29 a.m.•39 views

Memory Leakage

libcurl is vulnerable to a Memory Leakage. The vulnerability is due to the improper handling of HTTP/2 server push requests, allows server push and the number of received headers exceeds the maximum limit...

8.6CVSS6.2AI score0.36081EPSS
Exploits1References14Affected Software1
Veracode
Veracode
•added 2024/03/22 5:11 a.m.•39 views

Out-of-Bounds Write

Apache Commons Configuration is vulnerable to Out-of-Bounds Write. The vulnerability is due to improper handling of a cyclical object tree, which can trigger a StackOverflowError when the ListDelimiterHandler.flatten method is called. This occurs because the method recursively traverses the objec...

5.4CVSS6.7AI score0.01727EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2024/02/20 6:39 a.m.•39 views

Denial Of Service (DoS)

org.apache.commons: commons-compress is vulnerable to Denial Of Service DoS. This vulnerability is caused when uncompressing a corrupted PAC200 archive, which results in Denial of Service by consuming excessive system resources...

5.5CVSS6.7AI score0.00898EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2024/02/02 1:48 a.m.•39 views

Use After Free

Canvas in Google Chrome is vulnerable to Use after free.The vulnerability is due to referencing memory after it has been freed which allows a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS6.6AI score0.00881EPSS
Exploits0References5Affected Software3
Veracode
Veracode
•added 2023/12/26 8:19 a.m.•39 views

Improper Certificate Validation

Snowflake.data is vulnerable to Improper Certificate Validation. The vulnerability is due to not checking the Certificate Revocation List CRL when insecureMode is set to its default value of false. This allows an attacker with access to the private key of a correctly issued certificate to execute...

7.5CVSS7AI score0.00348EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2023/11/20 5:46 a.m.•39 views

Authentication Bypass

LibreNMS is vulnerable to Authentication Bypass. The vulnerability is due to improper rate limiting checks on login mechanisms using the GET method in the /?username=admin=password= endpoint. This can be exploited by an attacker to perform a brute force attack at the login endpoint, resulting in...

7.5CVSS6.2AI score0.00599EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2023/11/17 8:12 a.m.•39 views

Denial Of Service (DoS)

libde265.so is vulnerable to Denial of Service DoS. The vulnerability is due to the slicesegmentheader function in the slice.cc component. An attacker is able to cause a DoS condition by crafting a specially crafted file and tricking the system into processing it. This could disrupt service on th...

6.5CVSS6.9AI score0.00766EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2023/11/12 6:43 a.m.•39 views

Information Disclosure

wordpress is vulnerable to Information Disclosure. An attacker could exploit this vulnerability by tricking a user into installing a malicious Popup Builder plugin or by uploading a malicious plugin to a vulnerable WordPress installation. The malicious plugin would then inject malicious code into...

5.3CVSS7.1AI score0.03862EPSS
Exploits4References4Affected Software1
Veracode
Veracode
•added 2023/11/09 2:10 a.m.•39 views

Use After Free

chromium is vulnerable to Use After Free. The vulnerability exists in the WebAudio component in the library, which allows an attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7AI score0.01976EPSS
Exploits0References9Affected Software3
Veracode
Veracode
•added 2023/10/28 12:48 a.m.•39 views

Information Disclosure

openssl is vulnerable to Information Disclosure. An incorrect cipher key & IV length processing vulnerability allows an attacker to exploit a flaw in the way that OpenSSL handles cipher key and IV lengths by tricking a user into opening a specially crafted file or connecting to a malicious server...

7.5CVSS7.8AI score0.03332EPSS
Exploits0References9Affected Software1
Veracode
Veracode
•added 2023/10/06 12:9 p.m.•39 views

Out-of-bounds Read

libopensc.so is vulnerable to out-of-bounds reads. The vulnerability exists in card-myeid.c because it does not properly validate symmetric keys, which allows an attacker to send maliciously crafted responses to the APDU and read information outside of the intended range...

4.5CVSS6.1AI score0.00466EPSS
Exploits0References10Affected Software2
Veracode
Veracode
•added 2023/10/02 4:7 p.m.•39 views

Denial Of Service (DoS)

bind is vulnerable to Denial of Service DoS. An attacker could exploit this vulnerability by sending a malicious DNS packet to a vulnerable named server. Once the vulnerability is exploited, the attacker could take control of the server and steal data, install malware, or disrupt service...

7.5CVSS6.8AI score0.02626EPSS
Exploits0References13Affected Software2
Veracode
Veracode
•added 2023/09/25 10:46 a.m.•39 views

Insecure Temporary File Creation

Jenkins is vulnerable to Insecure Temporary File Creation. The vulnerability is due to creating a temporary file when a plugin is deployed directly from a URL. An attacker can exploit this vulnerability by deploying a plugin from URL resulting in access to the Jenkins controller file system with...

8.8CVSS6.7AI score0.00944EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2023/09/12 10:31 p.m.•39 views

SQL Injection

cacti is vulnerable to SQL Injection attacks. An attacker could exploit this vulnerability by sending a specially crafted SQL injection payload to a vulnerable Cacti server. This payload could allow the attacker to escalate their privileges to the root user or execute arbitrary code on the server...

8.8CVSS8.9AI score0.01541EPSS
Exploits1References7Affected Software1
Veracode
Veracode
•added 2023/09/05 4:39 a.m.•39 views

Man-in-the-Middle (MitM)

open-vm-tools is vulnerable to Man-in-the-Middle MitM attacks. This vulnerability can be exploited by an attacker with man-in-the-middle MITM network positioning between vCenter and the ESXi host hosting the virtual machine to bypass SAML token signature verification, to perform VMware Tools Gues...

7.5CVSS6.7AI score0.01193EPSS
Exploits0References11Affected Software1
Veracode
Veracode
•added 2023/08/23 5:5 p.m.•39 views

Improper Access Control

nodejs is vulnerable to Improper Access Control. This vulnerability exists due to a flaw in the way the module.constructor.createRequire API can be used to bypass the policy mechanism. An attacker can exploit this vulnerability to load modules outside of the policy...

8.8CVSS6.7AI score0.01273EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2023/08/08 11:3 p.m.•39 views

Denial Of Service (DoS)

mariadb is vulnerable to Denial of Service DoS attacks. The vulnerability occurs when MariaDB attempts to print a warning message for a query that fails. If the query contains a NULL value, MariaDB could dereference a NULL pointer and crash...

6.5CVSS6.8AI score0.01486EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2023/08/06 11:58 a.m.•39 views

Insufficient Data Validation

chromium is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the insufficient data validation in Extensions, allowing an attacker to convince user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension...

8.8CVSS6AI score0.00923EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2023/07/03 8:58 a.m.•39 views

Use After Free

Google Chrome is vulnerable to Use After Free. The vulnerability is due to improper memory management in the media API, which results in heap corruption via crafted HTML page...

8.8CVSS7AI score0.01151EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2023/06/06 4:56 p.m.•39 views

Improper Certificate Validation

curl is vulnerable to Improper Certificate Validation. The vulnerability allows matching of wildcard patterns when listed as 'Subject Alternative Name' in TLS server certificates and could result in accepting patterns that otherwise should be mismatched...

5.9CVSS6.8AI score0.0181EPSS
Exploits1References19Affected Software2
Veracode
Veracode
•added 2023/05/15 6:35 a.m.•39 views

Denial Of Services (DoS)

openssl is vulnerable to Denial Of Services DoS. The vulnerability exists due to the bug in the AES-XTS cipher decryption implementation for 64 bit ARM platform, which reads the past input buffer, leading to an application crash...

5.9CVSS6.8AI score0.00953EPSS
Exploits0References9Affected Software2
Veracode
Veracode
•added 2023/05/12 8:26 p.m.•39 views

Improper Input Validation

OpenJDK is vulnerable to Improper Input Validation. An attacker can access to critical data or complete access to all Oracle Java SE and Oracle GraalVM Enterprise Edition accessible data through the multiple protocols...

5.9CVSS6.8AI score0.01421EPSS
Exploits0References12Affected Software6
Veracode
Veracode
•added 2023/05/02 7:4 a.m.•39 views

Denial Of Service (DoS)

dnsmasq is vulnerable to Denial of Service DoS. The vulnerability exists because of the size of the UDP packet exceeds the defaults size which allows an attacker to cause an application crash...

7.5CVSS7.4AI score0.01334EPSS
Exploits0References15Affected Software1
Veracode
Veracode
•added 2023/04/29 10:9 a.m.•39 views

Integer Overflow

chromium is vulnerable to interger overflow. A malicious attacker could perform a sandbox escape via a crafter html page by comprimising the renderer process leading to interger overflow...

9.6CVSS8.6AI score0.05786EPSS
Exploits0References11Affected Software1
Veracode
Veracode
•added 2023/04/24 3:27 a.m.•39 views

Unauthorized Access

virtualbox is vulnerable to unauthorized access. The vulnerability allows low privilege attackers with logon to the infrastructure to execute a comprimise resulting unauthorized read access to a subset of virtualbox accessible data...

3.8CVSS5.5AI score0.00316EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2023/04/20 9:38 a.m.•39 views

Memory Corruption

firefox is vulnerable to Memory Corruption. The vulnerability occurs if multiple instances of resource exhaustion happens at the incorrect time, the garbage collector could cause memory corruption and a potentially exploitable crash...

6.5CVSS7.1AI score0.00469EPSS
Exploits0References4Affected Software3
Veracode
Veracode
•added 2023/03/31 4:30 a.m.•39 views

Denial Of Services (DoS)

graphql-java is vulnerable to Denial Of Services DoS. An attacker can send a maliciously crafted GraphQL query that causes excessive stack consumption, which can lead to an application crash...

7.5CVSS7.2AI score0.01051EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2023/03/21 12:30 a.m.•39 views

Double Free

curl is vulnerable to Double Free. Two threads sharing the same HSTS data could end up doing a double-free or use-after-free due to missing mutexes or thread locks. This was introduced without consideration for sharing across separate threads, which could lead to a double-free or use-after-free...

5.9CVSS7.5AI score0.01856EPSS
Exploits1References7Affected Software2
Veracode
Veracode
•added 2023/03/12 4:6 p.m.•39 views

Cross-site Scripting (XSS)

cacti is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the improper escaping of error message during template import preview in the xmlpath field in the templatesimport.php, allowing an attacker to inject and execute malicious javascript...

6.1CVSS6.5AI score0.02783EPSS
Exploits1References5Affected Software1
Total number of security vulnerabilities5000