Lucene search
K
VeracodeMost viewed

38354 matches found

Veracode
Veracode
•added 2020/03/26 2:15 a.m.•40 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. An out-of-bounds array access in xfrmpolicyunlink allows an attacker to crash the OS due to the way directory validation are handled...

4.4CVSS3.2AI score0.0173EPSS
Exploits0References18Affected Software1
Veracode
Veracode
•added 2020/01/22 12:30 a.m.•40 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists due to a use-after-free error in fs/xfs/xfssuper.c...

7.8CVSS2.9AI score0.00607EPSS
Exploits0References18Affected Software2
Veracode
Veracode
•added 2020/01/17 7:24 a.m.•40 views

Cross-Site Scripting (XSS)

cxf-rt-transports-http is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a user's browser via an endpoint addresses and URL...

6.1CVSS3.8AI score0.07055EPSS
Exploits0References25Affected Software82
Veracode
Veracode
•added 2020/01/17 3:59 a.m.•40 views

Reflected File Download

spring-web is vulnerable to reflected file download. The filename attribute that is derived from the user-supplied Content-Disposition header is not validated and sanitized, potentially resulting in the downloaded content of the response to be saved and executed as a file by the user's browser...

7.5CVSS2.8AI score0.88077EPSS
Exploits2References80Affected Software3
Veracode
Veracode
•added 2019/11/06 12:20 a.m.•40 views

Denial Of Service (DoS)

kernel is vulnerable to arbitrary code execution. Lack of size checks from the reading of extra descriptor in the function usbgetextradescriptor in drivers/usb/core/usb.c leads to an application crash, and potentially allows an attacker to exploit the vulnerability to execute arbitrary code in th...

6.8CVSS4.6AI score0.00586EPSS
Exploits0References28Affected Software2
Veracode
Veracode
•added 2019/10/24 12:22 a.m.•40 views

Denial Of Serivce (DoS)

Mozilla Firefox is vulnerable to denial of service DoS. It causes a Stack buffer overflow in HKDF output...

8.8CVSS3AI score0.01799EPSS
Exploits0References8Affected Software5
Veracode
Veracode
•added 2019/10/18 8:40 a.m.•40 views

Server-Side Request Forgery (SSRF)

wordpress is vulnerable to server-side request forgery SSRF. The URL validation does not consider the interpretation of a name as a series of hex characters, allowing a remote attacker to bypass the URL validation using hex values in the URL...

9.8CVSS5AI score0.05243EPSS
Exploits0References9Affected Software1
Veracode
Veracode
•added 2019/10/17 12:22 a.m.•40 views

Denial Of Service (DoS)

openjdk is vulnerable to denial of service. An unexpected exception thrown by XPathParser processing malicious XPath expression allows an attacker to crash the application...

3.7CVSS4.7AI score0.03732EPSS
Exploits0References24Affected Software4
Veracode
Veracode
•added 2019/10/16 12:21 a.m.•40 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists through a heap overflow in mwifiexupdatebssdescwithie function in marvell/mwifiex/scan.c...

8.8CVSS2.4AI score0.05649EPSS
Exploits1References34Affected Software2
Veracode
Veracode
•added 2019/10/16 12:21 a.m.•40 views

Use-after-Free

Kernel is vulnerable to use-after-free in blkdrainqueue function in block/blk-core.c...

7.8CVSS2AI score0.00707EPSS
Exploits0References25Affected Software2
Veracode
Veracode
•added 2019/08/20 12:10 a.m.•40 views

Denial Of Service (DoS)

PHP is vulnerable to denial of service DoS. A NULL pointer dereference is possible due to mishandling of ldapgetdn return value, allowing DoS via malicious LDAP server reply...

7.5CVSS2.7AI score0.08677EPSS
Exploits0References16Affected Software1
Veracode
Veracode
•added 2019/08/20 12:10 a.m.•40 views

Denial Of Service (DoS)

PHP is vulnerable to denial of service DoS. An infinite loop is possible in ext/iconv/iconv.c when streaming filter with convert.incov on invalid sequence, leading to an application crash...

7.5CVSS2.6AI score0.10433EPSS
Exploits0References13Affected Software2
Veracode
Veracode
•added 2019/08/08 12:7 a.m.•40 views

Authorization Bypass

glibc is vulnerable to authorization bypass. Successful parsing of strings containing an IPv4 address appended with whitespace and arbitrary characters causes applications using glibc to parse incorrectly validated strings. This can potentially lead to circumvention of validation and authorizatio...

5.3CVSS4.9AI score0.00479EPSS
Exploits0References26Affected Software1
Veracode
Veracode
•added 2019/08/08 12:7 a.m.•40 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. The vulnerability exists in alarmtimernsleep function of alarmtimer.c due to an integer overflow which allows an attacker to crash the application via malicious input...

3.3CVSS6.4AI score0.00513EPSS
Exploits0References34Affected Software2
Veracode
Veracode
•added 2019/07/11 10:12 a.m.•40 views

Denial Of Service (DoS)

libpng.so is vulnerable to denial of service. Failure to check the length of chunks against the user limit leads to a buffer overflow vulnerability that allows an attacker to crash the process or potentially execute arbitrary code on the system...

9.8CVSS9.6AI score0.04113EPSS
Exploits0References7Affected Software2
Veracode
Veracode
•added 2019/06/03 2:56 p.m.•40 views

Out Of Bound Reads (OOB)

lSQLite3 is vulnerable to out of boundOOB reads. The component rtree Table Handler in the function rtreenode does not properly handle invalid rtree tables, leading to OOB if the input is malicious...

9.8CVSS9.1AI score0.45426EPSS
Exploits0References17Affected Software3
Veracode
Veracode
•added 2019/05/27 12:40 a.m.•40 views

CRLF Injection

Python is vulnerable to CRLF Injection. Remote unauthenticated attacker could exploit the flaw by controling a url parameter, as demonstrated in the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? character followed by an HTTP header or a Redis comman...

6.1CVSS7.7AI score0.05328EPSS
Exploits1References38Affected Software8
Veracode
Veracode
•added 2019/05/16 3:48 a.m.•40 views

Buffer Overflow

GNU Wget is vulnerable to buffer overflow vulnerability. The vulnerability exists in an unknown functionality of the file src/iri.c. Remote attackers could run arbitrary code within the context of the affected application via unspecified vectors causing a denial of service condition...

9.8CVSS9.4AI score0.05751EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2019/05/16 3:21 a.m.•40 views

Privilege Escalation

Apache httpd is vulnerable to privilege escalation attacks. This is because the expression may not correctly match characters in a filename. The expression may match the '$' character to a newline character instead of matching only the end of the filename.On systems that allow uploading of...

8.1CVSS7.7AI score0.86006EPSS
Exploits0References51Affected Software14
Veracode
Veracode
•added 2019/05/16 2:59 a.m.•40 views

Denial Of Service (DoS)

PHP is vulnerable to denial of serviceDoS attacks. This is because an invalid free in the WDDX deserialization of boolean parameters. An attacker could inject XML for deserialization to crash the PHP interpreter which occurs in ext/wddx/wddx.c file...

7.5CVSS8.5AI score0.06846EPSS
Exploits0References12Affected Software1
Veracode
Veracode
•added 2019/05/02 6:36 a.m.•40 views

Denial Of Service (DoS) Through Divide By Zero

QEMU is vulnerable to denial of serviceDoS through divide by zero attacks. This occurs in the cirrusdocopy function in hw/display/cirrusvga.c when cirrus graphics mode is VGA. Privileged users could cause divide-by-zero error and a process crash via vectors involving blit pitch values...

5.5CVSS6.6AI score0.00413EPSS
Exploits0References216Affected Software2
Veracode
Veracode
•added 2019/05/02 6:36 a.m.•40 views

Use-After-Free

Linux kernel is vulnerable to Use-After-Free vulnerability. A local user could exploit the flaw which enables a race condition in the L2TPv3 IP Encapsulation feature allowing elevated privileges or system hang. Affected is the component, kernel networking subsystem...

7CVSS6.7AI score0.00421EPSS
Exploits0References48Affected Software2
Veracode
Veracode
•added 2019/05/02 5:43 a.m.•40 views

Arbitrary Code Execution

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime NSPR provides platform independence for non-GUI operating system facilities. A use-after-poison flaw and a heap-based...

9.8CVSS9.8AI score0.10238EPSS
Exploits0References36Affected Software3
Veracode
Veracode
•added 2019/05/02 5:40 a.m.•40 views

Sandbox Restrictions Bypass

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Ja...

9.8CVSS4.6AI score0.9986EPSS
Exploits1References29Affected Software4
Veracode
Veracode
•added 2019/05/02 5:40 a.m.•40 views

Sandbox Restrictions Bypass

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Ja...

9.8CVSS4.6AI score0.9986EPSS
Exploits1References31Affected Software4
Veracode
Veracode
•added 2019/05/02 5:40 a.m.•40 views

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

10CVSS5.7AI score0.06181EPSS
Exploits0References17Affected Software2
Veracode
Veracode
•added 2019/05/02 5:39 a.m.•40 views

Sandbox Restrictions Bypass

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java...

10CVSS5.1AI score0.74006EPSS
Exploits1References30Affected Software1
Veracode
Veracode
•added 2019/05/02 5:39 a.m.•40 views

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

7.5CVSS8.6AI score0.07417EPSS
Exploits0References21Affected Software2
Veracode
Veracode
•added 2019/05/02 5:29 a.m.•40 views

Denial Of Service (DoS)

file is vulnerable to denial of service. Multiple flaws were found in the way file parsed Executable and Linkable Format ELF files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources...

5CVSS9AI score0.05926EPSS
Exploits0References23Affected Software1
Veracode
Veracode
•added 2019/05/02 5:27 a.m.•40 views

CRLF Injection

OpenSSH is vulnerable to CRLF injection. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions...

6.4CVSS6.7AI score0.37016EPSS
Exploits13References27Affected Software1
Veracode
Veracode
•added 2019/05/02 5:27 a.m.•40 views

Denial Of Service (DoS)

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. A denial of...

8.6CVSS7.4AI score0.621EPSS
Exploits0References32Affected Software2
Veracode
Veracode
•added 2019/05/02 5:27 a.m.•40 views

Use-After-Free

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrar...

9.8CVSS9.2AI score0.46801EPSS
Exploits8References10Affected Software1
Veracode
Veracode
•added 2019/05/02 5:27 a.m.•40 views

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

9.8CVSS8.2AI score0.31046EPSS
Exploits9References21Affected Software1
Veracode
Veracode
•added 2019/05/02 5:21 a.m.•41 views

Man-In-The-Middle (MitM)

OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not...

9.8CVSS8.7AI score0.86829EPSS
Exploits12References40Affected Software53
Veracode
Veracode
•added 2019/05/02 5:20 a.m.•40 views

Improper Access Control

Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...

10CVSS7.2AI score0.06058EPSS
Exploits1References47Affected Software2
Veracode
Veracode
•added 2019/05/02 5:18 a.m.•40 views

Denial Of Service (DoS)

jenkins is vulnerable to denial of service. A remotely authenticated user is able to cause a denial of service condition caused by improper plug-in and tool installation via malicious update center data...

3.5CVSS7.1AI score0.01577EPSS
Exploits0References35Affected Software58
Veracode
Veracode
•added 2019/05/02 5:13 a.m.•40 views

Sandbox Protection Bypass

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause t...

10CVSS5.5AI score0.07224EPSS
Exploits1References12Affected Software1
Veracode
Veracode
•added 2019/05/02 5:12 a.m.•40 views

Denial Of Service (DoS)

The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled simultaneous connections between the same hosts. A remote attacker could u...

7.8CVSS7.2AI score0.05794EPSS
Exploits5References42Affected Software1
Veracode
Veracode
•added 2019/05/02 5:3 a.m.•40 views

Information Disclosure

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A race condition leading to a use-after-free flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled the addition of fragments to the LRU Last-Recently Used list under certai...

5.5CVSS6.8AI score0.22475EPSS
Exploits18References21Affected Software1
Veracode
Veracode
•added 2019/05/02 4:57 a.m.•40 views

Infomation Disclosure

OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, an...

7.1CVSS5.8AI score0.02159EPSS
Exploits3References22Affected Software1
Veracode
Veracode
•added 2019/05/02 4:56 a.m.•40 views

Arbitrary Code Execution

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way IP packets with an Internet Header Length ihl of zero were processed in the skbflowdissect function in the Linux kernel. A remote attacker could use this flaw to trigger an infinit...

7.1CVSS6.9AI score0.09408EPSS
Exploits6References19Affected Software2
Veracode
Veracode
•added 2019/05/02 4:56 a.m.•40 views

Denial Of Service (DOS)

The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret...

5.8CVSS7.3AI score0.0503EPSS
Exploits1References12Affected Software2
Veracode
Veracode
•added 2019/05/02 4:56 a.m.•40 views

Denial Of Service (DoS)

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...

7.5CVSS9.9AI score0.06353EPSS
Exploits0References21Affected Software2
Veracode
Veracode
•added 2019/05/02 4:53 a.m.•40 views

Authorization Bypass

ruby is vulnerable to authorization bypass. A flaw was found in the method for translating an exception message into a string in the Ruby Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted tainted code to modify arbitrary, trusted...

5CVSS6.1AI score0.02619EPSS
Exploits1References22Affected Software35
Veracode
Veracode
•added 2019/05/02 4:52 a.m.•40 views

Use-After-Free

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

10CVSS6.8AI score0.08894EPSS
Exploits1References21Affected Software3
Veracode
Veracode
•added 2019/05/02 4:52 a.m.•40 views

Cross-Site Scripting (XSS)

Red Hat OpenShift Enterprise is a cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. Refer to the Red Hat OpenShift Enterprise 1.1 Release Notes for information about the changes in this release. The Release Notes will be available shortly fr...

7.5CVSS6.7AI score0.04458EPSS
Exploits2References45Affected Software20
Veracode
Veracode
•added 2019/05/02 4:52 a.m.•40 views

Denial Of Service (DoS)

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...

5.4CVSS5.8AI score0.03177EPSS
Exploits2References11Affected Software1
Veracode
Veracode
•added 2019/05/02 4:52 a.m.•40 views

Information Disclosure

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: A heap-based buffer overflow flaw was found in the Linux kernel's iSCSI target subsystem. A remote attacker could use a specially-crafted iSCSI request to caus...

7.9CVSS6.3AI score0.07313EPSS
Exploits11References26Affected Software2
Veracode
Veracode
•added 2019/05/02 4:45 a.m.•40 views

Memory Corruption

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

10CVSS6.6AI score0.73364EPSS
Exploits18References20Affected Software3
Veracode
Veracode
•added 2019/05/02 4:44 a.m.•40 views

Cross-Site Request Forgery (CSRF)

OpenShift Enterprise is a cloud computing Platform-as-a-Service PaaS solution from Red Hat, and is designed for on-premise or private cloud deployments. A flaw was found in the handling of paths provided to ruby193-rubygem-rack. A remote attacker could use this flaw to conduct a directory travers...

7.5CVSS5.5AI score0.05281EPSS
Exploits0References9Affected Software4
Total number of security vulnerabilities5000