Lucene search
K
VeracodeMost viewed

38355 matches found

Veracode
Veracode
•added 2023/05/15 6:35 a.m.•39 views

Denial Of Services (DoS)

openssl is vulnerable to Denial Of Services DoS. The vulnerability exists due to the bug in the AES-XTS cipher decryption implementation for 64 bit ARM platform, which reads the past input buffer, leading to an application crash...

5.9CVSS6.8AI score0.00953EPSS
Exploits0References9Affected Software2
Veracode
Veracode
•added 2023/05/04 4:28 a.m.•39 views

File Upload Validation Bypass

Django is vulnerable to File Upload Validation Bypass. The vulnerability exists due to the FileInput class in widgets.py because uploading multiple files using one form field has never been officially supported by forms.FileField or forms.ImageField as only the last uploaded file was validated,...

9.8CVSS6.4AI score0.0138EPSS
Exploits0References13Affected Software2
Veracode
Veracode
•added 2023/04/29 10:9 a.m.•39 views

Integer Overflow

chromium is vulnerable to interger overflow. A malicious attacker could perform a sandbox escape via a crafter html page by comprimising the renderer process leading to interger overflow...

9.6CVSS8.6AI score0.05786EPSS
Exploits0References11Affected Software1
Veracode
Veracode
•added 2023/04/24 3:27 a.m.•39 views

Unauthorized Access

virtualbox is vulnerable to unauthorized access. The vulnerability allows low privilege attackers with logon to the infrastructure to execute a comprimise resulting unauthorized read access to a subset of virtualbox accessible data...

3.8CVSS5.5AI score0.00316EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2023/03/31 4:30 a.m.•39 views

Denial Of Services (DoS)

graphql-java is vulnerable to Denial Of Services DoS. An attacker can send a maliciously crafted GraphQL query that causes excessive stack consumption, which can lead to an application crash...

7.5CVSS7.2AI score0.01051EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2023/03/12 4:6 p.m.•39 views

Cross-site Scripting (XSS)

cacti is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the improper escaping of error message during template import preview in the xmlpath field in the templatesimport.php, allowing an attacker to inject and execute malicious javascript...

6.1CVSS6.5AI score0.02783EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2023/02/10 8:4 p.m.•39 views

Information Disclosure

linux is vulnerable to Information Disclosure. An attacker is able to gain access to leaked kernel pointers remotely via l2capparseconfreq function of net/bluetooth/l2capcore.c, resulting in disclosure of sensitive information...

6.5CVSS7.4AI score0.00395EPSS
Exploits0References3Affected Software2
Veracode
Veracode
•added 2023/02/10 1:5 p.m.•39 views

Timing Attack

openssl is vulnerable to Timing Attack. The vulnerability exists in rsa/rsaossl.c because an attacker can recover ciphertext with a Bleichenbacher style attack by sending a large number of trial messages...

5.9CVSS6.8AI score0.16195EPSS
Exploits0References9Affected Software7
Veracode
Veracode
•added 2023/02/03 6:24 a.m.•39 views

Command Injection

github.com/rancher/wrangler is vulnerable to Command Injection attacks. An attacker is able to change the library's behavior and cause confusion when a specially crafted command is executed through Git, because it uses the underlying Git binary present on the host OS or container image...

9.8CVSS9.3AI score0.03759EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2022/12/22 12:55 a.m.•39 views

Remote Code Execution (RCE)

org.apache.karaf.jaas.modules is vulnerable to remote code execution. The vulnerability exists because the doCreateDatasource function in JDBCUtils.java does not properly validate the jndiName parameter in the JNDI scheme when a configuration uses a JNDI LDAP data source URI, allowing an attacker...

9.8CVSS9.4AI score0.02404EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2022/12/14 3:37 p.m.•39 views

Denial Of Service (DoS)

ruby-nokogiri is vulnerable to denial of service DoS attacks. The library fails to check the return value from xmlTextReaderExpand in the method Nokogiri::XML::Readerattributehash which may lead to a null pointer exception when invalid markup is being parsed, causing denial of service conditions...

7.5CVSS7AI score0.0168EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2022/12/13 2:14 a.m.•39 views

HTTP Response Splitting

netty-codec-http is vulnerable to HTTP response splitting attack. The vulnerability exists in the setObject function of DefaultHeaders.java as it takes the arrays and iterators as arguments, providing a way to bypass value validation allowing an attacker to inject malicious header values into the...

6.5CVSS6.8AI score0.00885EPSS
Exploits1References8Affected Software2
Veracode
Veracode
•added 2022/12/13 1:15 a.m.•39 views

Denial Of Service (DoS)

netty-codec-haproxy is vulnerable to Denial Of Service DoS. The vulnerability is due to a StackOverflowError in the HAProxyMessage.java as it does not properly limit the maximum nesting of TLV, allowing an attacker to cause an application crash via infinite recursion by passing a maliciously...

7.5CVSS7.3AI score0.01466EPSS
Exploits1References5Affected Software3
Veracode
Veracode
•added 2022/11/30 8:22 a.m.•39 views

Heap Buffer Overflow

Chromium and Electron are vulnerable to a Heap Buffer Overflow. The vulnerability is caused by an out of bounds heap memory write which can result in an application crash...

9.6CVSS8.8AI score0.31864EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2022/11/19 2:29 p.m.•39 views

Use After Free

linux-azure, linux-aws, linux-gcp, linux-oracle and linux-kvm is vulnerable to Use After Free. The vulnerability exists in mm/mremap.c via a stale tlb because of a rmap lock is not held during a pud move...

7CVSS7AI score0.0045EPSS
Exploits1References8Affected Software3
Veracode
Veracode
•added 2022/11/02 4:58 p.m.•39 views

Denial Of Service (DoS)

firefox is vulnerable to denial of service. The vulnerability exists if the Garbage Collector was in a specific state, leading to memory corruption and potentially result in an application crash...

8.8CVSS2.8AI score0.0083EPSS
Exploits0References5Affected Software5
Veracode
Veracode
•added 2022/10/31 9:9 a.m.•39 views

Authorization Bypass

github.com/cloudflare/cloudflare-warp is vulnerable to authorization bypass. The vulnerability is due to the type WarpRoutingConfig struct parameter in configuration.go not properly validating endpoint configuration parameters which allows to malicious users to bypassing Zero Trust enrolled...

9.8CVSS8.8AI score0.00378EPSS
Exploits0References1Affected Software2
Veracode
Veracode
•added 2022/10/10 9:19 p.m.•39 views

Heap-based Buffer Overflow

tcppreplay is vulnerable to heap-based buffer overflow. The vulnerability exists in the parsempls in get.c which allows an attacker to cause buffer overflows...

7.8CVSS7.3AI score0.01096EPSS
Exploits1References9Affected Software1
Veracode
Veracode
•added 2022/10/10 12:54 p.m.•39 views

Denial Of Service (DoS)

mediawiki is vulnerable to denial of service. The vulberability exists in HTMLUserTextField where the attacker will code a specially crafted code to expose the existence of the hidden users...

5.3CVSS5.7AI score0.00641EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2022/10/07 12:59 a.m.•39 views

Arbitrary Code Execution

webkitgtk is vulnerable to Arbitrary Code Execution. The vulnerability exists due to a out-of-bounds write issue which allows an attacker to send maliciously crafted web content that may lead to arbitrary code execution...

8.8CVSS8.7AI score0.09785EPSS
Exploits0References23Affected Software3
Veracode
Veracode
•added 2022/09/30 11:8 a.m.•39 views

Denial Of Service (DoS)

php is vulnerable to Denial Of Service DoS. The vulnerability exists due to the phar uncompressor code which recursively uncompress quines gzip files, resulting in an infinite loop and deplete the system resource...

5.5CVSS7.5AI score0.00565EPSS
Exploits0References13Affected Software8
Veracode
Veracode
•added 2022/09/21 6:20 a.m.•39 views

Denial Of Service (DoS)

kafka-clients is vulnerable to denial of service. An attacker can crash the application through the OutOfMemoryException in the readArray function of ByteBufferAccessor.java by providing large amounts of memory on brokers...

7.5CVSS7.3AI score0.0125EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2022/09/19 12:1 p.m.•39 views

Denial Of Service (DoS)

jettison is vulnerable to Denial Of Service DoS. The vulnerability exists due to the stack overflow in the convertToJSONPrimitive function of DefaultConverter.java, allowing an attacker to cause an application crash by providing malicious input through the parser...

7.5CVSS8.5AI score0.01287EPSS
Exploits0References7Affected Software5
Veracode
Veracode
•added 2022/09/16 7:26 p.m.•39 views

Improper Input Validation

chromium is vulnerable to improper input validation. The vulnerability exists due to improper input validation in Mojo extension, which allows a remote attacker to perform a sandbox escape via a crafted HTML page...

9.6CVSS8.5AI score0.0568EPSS
Exploits0References6Affected Software3
Veracode
Veracode
•added 2022/09/07 4:57 a.m.•39 views

Remote Code Execution (RCE)

vm2 is vulnerable to remote code execution. The vulnerability exists in the Object.defineProperties function of setup-sandbox.js, allowing an attacker to bypass the sandbox protections by injecting and executing malicious code on the sandbox host...

10CVSS9.4AI score0.47868EPSS
Exploits2References8Affected Software1
Veracode
Veracode
•added 2022/08/17 8:19 a.m.•39 views

Spoofing Attacks

moodle/moodle is vulnerable to spoofing attacks. The vulnerability exists in the getremoteaddr function in moodlelib.php, allowing an attacker to spoof a user's IP through the X-Forwarded-For headers, bypassing the remote address checks...

5.3CVSS5.4AI score0.00477EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2022/08/13 10:36 a.m.•39 views

Denial Of Service (DoS)

vim is vulnerable to denial of service. The vulnerability exists due to the use after free in the library, allowing an attacker to crash the application by providing a malicious input...

7.8CVSS7.5AI score0.01207EPSS
Exploits1References7Affected Software1
Veracode
Veracode
•added 2022/08/09 9:57 p.m.•39 views

Out-of-bounds Write

unzip:sid is vulnerable to out-of-bounds write. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution...

5.5CVSS5.9AI score0.02108EPSS
Exploits1References12Affected Software1
Veracode
Veracode
•added 2022/08/03 5:14 a.m.•39 views

Command Injection

s3-kilatstorage is vulnerable to command injection. The vulnerability exists due to a lack of sanitization of the input argument allowing an attacker to inject maliciously crafted OS command into the system...

9.8CVSS9.2AI score0.00685EPSS
Exploits1Affected Software1
Veracode
Veracode
•added 2022/07/14 8:38 p.m.•39 views

Arbitrary Code Execution

xen is vulnerable to Arbitrary Code Execution. The vulnerability exists in Spectre variant under certain microarchitecture-dependent conditions which allows an attacker to inject and execute arbitrary speculative codes...

6.5CVSS7.2AI score0.03764EPSS
Exploits0References22Affected Software3
Veracode
Veracode
•added 2022/07/09 11:7 p.m.•39 views

Use-After-Free

qemu is vulnerable to use-after-free. The vulnerability exists in USB EHCI controller emulation because EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets which allows an attacker to cause an application crash...

8.2CVSS7.7AI score0.0053EPSS
Exploits1References8Affected Software5
Veracode
Veracode
•added 2022/07/07 9:21 a.m.•39 views

Command Injection

git-clone is vulnerable to command injection. The vulnerability exists due to the insecure usage of the --upload-pack feature of git. An attacker with the ability to control the options object provided to the clone function through the options.args array, is able to inject arbitrary commands to r...

9.8CVSS9.4AI score0.03227EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2022/07/06 5:26 a.m.•39 views

Insecure Cryptography

ujson is vulnerable to insecure cryptography. The vulnerability exists in a JSON string contains escaped surrogate characters which are not part of a proper surrogate pair, the library may decode those characters incorrectly which allows remote attackers to cause unintended behavior in the...

7.5CVSS7.3AI score0.02283EPSS
Exploits1References7Affected Software3
Veracode
Veracode
•added 2022/07/04 3:15 p.m.•39 views

Remote Code Execution (RCE)

openssl is vulnerable to remote code execution. The vulnerability exists due to the improper RSA implementation of AVX512IFMA instructions in X8664 CPUs, allowing an attacker to crash the application by providing a malicious input...

9.8CVSS6.7AI score0.44881EPSS
Exploits3References6Affected Software1
Veracode
Veracode
•added 2022/06/14 8:10 a.m.•39 views

Out-of-Bounds Read

Apache HTTP Server is vulnerable to out of bounds read. The vulnerability exists due to a memory corruption when configured to process requests with the modisapi module...

5.3CVSS7.5AI score0.03398EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2022/06/08 8:17 a.m.•39 views

Denial Of Service (DoS)

github.com/minio/minio is vulnerable to distributed denial of service attacks. The vulnerability exists in the serverMain function in server-main.go due to a lack of validation in client requests. This allows a malicious user to cause an application crash...

7.5CVSS7AI score0.02843EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2022/06/02 11:41 p.m.•39 views

Denial Of Service (DoS)

libtiff is vulnerable to denial of service. The vulnerability exists due to a buffer overflow in the "invertImage" function in the component "tiffcrop" allowing an attacker to crash the system via the "invertImage"...

7.5CVSS7.6AI score0.02433EPSS
Exploits1References7Affected Software1
Veracode
Veracode
•added 2022/06/02 11:26 a.m.•39 views

Command Injection

github.com/hashicorp/go-getter is vulnerable to command injection. The vulnerability exists in clone function in gethg.go due to improper handling of user input which allows an attacker to inject and execute arbitrary commands...

9.8CVSS9.5AI score0.01525EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2022/05/29 6:58 p.m.•39 views

Privilege Escalation

cups is vulnerable to privilege escalation. The vulnerability exists due to gain elevated privileges which allows an attacker to authenticate to CUPS as root/admin without the 32-byte secret key...

6.7CVSS7.1AI score0.00579EPSS
Exploits0References16Affected Software4
Veracode
Veracode
•added 2022/05/25 12:43 a.m.•39 views

Out-of-bounds Write

Qt is vulnerable to Out-of-bounds Write. The vulnerability exists in QtPrivate::QCommonArrayOps::growAppend which allows an attacker who is able to submit a crafted image file to an application that uses qsvghandler could cause an out-of-bounds write and potential denial of service...

5.5CVSS5.8AI score0.01343EPSS
Exploits1References19Affected Software2
Veracode
Veracode
•added 2022/05/18 1:14 p.m.•39 views

Cross-Site Scripting (XSS)

total.js is vulnerable to stored cross-site scripting. The vulnerability exists in upload function due to lack of sanitization which allows an attacker to execute arbitrary javascript via a javascript embedded PDF file...

5.4CVSS5.6AI score0.00584EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2022/05/17 4:11 p.m.•39 views

Denial Of Service (DoS)

org.apache.tika, tika is susceptible to denial of service. This vulnerability exists in the extractMetadata function in BPGParser.java due to invalid memory allocation which allows an attacker to crash the system via a crafted file...

5.5CVSS5.6AI score0.02027EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2022/05/17 11:28 a.m.•39 views

Remote Code Execution

laravel/laravel is vulnerable to remote code execution. Improper deserialization in destruct in GuzzleHttp\Cookie\FileCookieJar.php allows an attacker to upload and execute malicious code via an unserialized pop chain...

5.5AI score
Exploits0References1Affected Software2
Veracode
Veracode
•added 2022/05/14 7:56 p.m.•39 views

Denial Of Service (DoS)

pjproject is vulnerable to denial of service. The vulnerability exists due to the library does not properly check the WAV file data length when it greater than 31-bit, allowing an attacker to crash the application by providing malicious WAV files...

7.5CVSS8.2AI score0.01779EPSS
Exploits0References7Affected Software3
Veracode
Veracode
•added 2022/05/09 12:19 a.m.•39 views

Denial Of Service (DoS)

FreeType is vulnerable to denial of service. The vulnerability exists in sfntinitface function due to a segment violation which allows an attacker to cause an application crash...

9.8CVSS3.6AI score0.02636EPSS
Exploits1References17Affected Software2
Veracode
Veracode
•added 2022/04/23 12:42 a.m.•39 views

Access Control Bypass

ceph is vulnerable to access control bypass. The vulnerability exists due to a flaw which allows key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks...

6.5CVSS3.6AI score0.00436EPSS
Exploits0References12Affected Software1
Veracode
Veracode
•added 2022/04/17 9:55 a.m.•39 views

Type Confusion

Google Chrome is vulnerable to type confusion. A remote attacker is able to exploit a heap memory corruption issue via a crafted HTML page, which leads to a use-after-free state in V8 Turbofan engine...

8.8CVSS2AI score0.1372EPSS
Exploits2References4Affected Software2
Veracode
Veracode
•added 2022/04/15 12:53 a.m.•39 views

Denial Of Service (DoS)

go:edge is vulnerable to denial of service DoS attacks. A malicious user is able to cause an application crash via a large amount of PEM data...

7.5CVSS3AI score0.05335EPSS
Exploits1References18Affected Software14
Veracode
Veracode
•added 2022/04/09 8:42 a.m.•39 views

Out Of Bound Reads

vhost-vsockis vulnerable to out of bound reads. The vulnerability exists because, case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results...

3.2CVSS2.2AI score0.00391EPSS
Exploits0References12Affected Software5
Veracode
Veracode
•added 2022/04/04 12:20 p.m.•39 views

Improper Access Control

calibreweb is vulnerable to improper access control. The vulnerability exists because the server doesn't properly validate the user permissions when rendering HTML containing shelf name which allows an attacker to gain access to names of all private shelves...

4.3CVSS3.5AI score0.00747EPSS
Exploits1References6Affected Software1
Total number of security vulnerabilities5000