Lucene search
K
VeracodeMost viewed

38355 matches found

Veracode
Veracode
•added 2022/05/14 7:56 p.m.•39 views

Denial Of Service (DoS)

pjproject is vulnerable to denial of service. The vulnerability exists due to the library does not properly check the WAV file data length when it greater than 31-bit, allowing an attacker to crash the application by providing malicious WAV files...

7.5CVSS8.2AI score0.01779EPSS
Exploits0References7Affected Software3
Veracode
Veracode
•added 2022/05/09 12:19 a.m.•39 views

Denial Of Service (DoS)

FreeType is vulnerable to denial of service. The vulnerability exists in sfntinitface function due to a segment violation which allows an attacker to cause an application crash...

9.8CVSS3.6AI score0.02636EPSS
Exploits1References17Affected Software2
Veracode
Veracode
•added 2022/04/17 9:55 a.m.•39 views

Type Confusion

Google Chrome is vulnerable to type confusion. A remote attacker is able to exploit a heap memory corruption issue via a crafted HTML page, which leads to a use-after-free state in V8 Turbofan engine...

8.8CVSS2AI score0.1372EPSS
Exploits2References4Affected Software2
Veracode
Veracode
•added 2022/03/22 4:9 a.m.•39 views

Path Traversal

studio-42/elfinder is vulnerable to path traversal. The vulnerability exists due to improper handling of absolute file paths in the getFullPathfunction. allowing a remote attacker to access data in the system...

9.1CVSS5.3AI score0.50993EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2022/03/17 8:30 a.m.•39 views

Regular Expression Denial Of Service (ReDoS)

ckeditor4 is vulnerable to regular expression denial of service. The vulnerability exists due to a lack of sanitization of the input validator regular expression in dialog...

7.5CVSS3.9AI score0.02448EPSS
Exploits0References8Affected Software2
Veracode
Veracode
•added 2022/03/15 1:35 p.m.•39 views

Information Disclosure

moodle/moodle is vulnerable to information exposure. The vulnerability exists due to a lack of sanitization in output field in the manage.php file, allowing to read sensitive information in the system...

5.3CVSS1.7AI score0.00993EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2022/03/11 4:1 a.m.•39 views

Denial Of Service (DoS)

github.com/istio/istio is vulnerable to Denial Of Service DoS. The vulnerability exists because the library does not properly limit the reads from untrusted inputs, allowing an attacker to crash the application by providing maliciously crafted messages...

7.5CVSS7.3AI score0.01529EPSS
Exploits0References9Affected Software2
Veracode
Veracode
•added 2022/03/10 4:21 a.m.•39 views

Denial Of Service (DoS)

firefox is vulnerable to denial of service. An attacker is able to exploit the vulnerability by forcing a text reflow in an SVG object leading to a potentially exploitable crash...

8.8CVSS3.4AI score0.00849EPSS
Exploits1References6Affected Software6
Veracode
Veracode
•added 2022/03/07 12:11 a.m.•39 views

Denial Of Service (DoS)

Chrome is vulnerable to denial of service. The vulnerability exists due to a Use after free in WebShare...

8.8CVSS1.9AI score0.00954EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2022/02/14 10:31 a.m.•39 views

Arbitrary Code Execution

vm2 is vulnerable to arbitrary code execution. Remote attackers are able to inject and execute crafted malicious scripts on the host machine via direct access to host error objects generated by node internals during generation of a stacktraces...

9.8CVSS5.8AI score0.02876EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2022/02/14 12:27 a.m.•39 views

Denial Of Service (DoS)

vim is vulnerable to denial of service. The vulnerability exists due to a heap-based buffer overflow which allows an attacker to cause an application crash...

7.8CVSS3.9AI score0.01514EPSS
Exploits1References10Affected Software3
Veracode
Veracode
•added 2022/01/23 5:15 p.m.•39 views

Buffer Overflow

vim is vulnerable to Heap-based Buffer Overflow. The vulnerability exists due to a lack of sanitization...

3.3CVSS3.7AI score0.01709EPSS
Exploits1References13Affected Software1
Veracode
Veracode
•added 2022/01/23 12:19 a.m.•39 views

Heap-Based Buffer Overflow

vim is vulnerable to Heap-based Buffer Overflow. The vulnerability exists due to the lack of sanitization of the help.ccauses a heap-based buffer overflow which could result in an application crash...

7.8CVSS3.1AI score0.01792EPSS
Exploits1References11Affected Software3
Veracode
Veracode
•added 2022/01/18 10:23 p.m.•39 views

Denial Of Service (DoS)

expat is vulnerable to denial-of-service. The vulnerability exists in storeAtts function in xmlparse.c may lead to realloc misbehavior, allowing a malicious user to cause an application crash...

8.8CVSS2.8AI score0.042EPSS
Exploits1References14Affected Software23
Veracode
Veracode
•added 2022/01/14 5:54 a.m.•39 views

Denial Of Service (DoS)

firefox is vulnerable to denial of service. The vulnerability exists due to a heap-buffer-overflow in blendGaussianBlur allowing an attacker to crash the system by applying a CSS filter effect...

8.8CVSS3.6AI score0.00995EPSS
Exploits1References7Affected Software7
Veracode
Veracode
•added 2022/01/05 4:25 a.m.•39 views

Denial Of Service (DoS)

python3 is vulnerable to denial of service. The vulnerability exists because the ftplib is using the host from the PASV response which allows an attacker to cause an application crash...

5.3CVSS2.7AI score0.02511EPSS
Exploits0References9Affected Software14
Veracode
Veracode
•added 2021/11/17 10:37 p.m.•39 views

Denial Of Service (DoS)

kernel is vulnerable to Denial Of Service DoS. An Access Point AP forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and make...

5.3CVSS6.8AI score0.06487EPSS
Exploits0References13Affected Software2
Veracode
Veracode
•added 2021/11/12 8:43 a.m.•39 views

Denial Of Service (DoS)

busybox is vulnerable to denial of service. An out-of-bounds heap read in unlzma leads to information leak and application crash when crafted LZMA-compressed input is decompressed...

5.3CVSS1.9AI score0.00579EPSS
Exploits1References9Affected Software5
Veracode
Veracode
•added 2021/10/26 9:56 p.m.•39 views

Improper Input Validation

Java SE is vulnerable to Improper Input Validation. An attacker can perform service disruption through the Hotspot component in the oracle GraalVM enterprise edition...

3.1CVSS5.8AI score0.03599EPSS
Exploits0References15Affected Software3
Veracode
Veracode
•added 2021/10/13 5:54 a.m.•39 views

HTTP Request Smuggling

puma is vulnerable to HTTP request smuggling. Incorrect handling of HTTP requests with LF characters as line endings, allows a remote attacker to smuggle a request through a proxy, causing the proxy to send a response back to the victim...

3.7CVSS3.8AI score0.01119EPSS
Exploits0References5Affected Software3
Veracode
Veracode
•added 2021/10/05 7:7 a.m.•39 views

Privilege Escalation

github.com/moby/moby is vulnerable to privilege escalation. Attempting to copy files to a malicious container using docker cp allows an attacker to change the permission for existing files in the host's system...

6.3CVSS3.6AI score0.0027EPSS
Exploits0References7Affected Software7
Veracode
Veracode
•added 2021/09/30 5:57 a.m.•39 views

Privilege Escalation

zoneminder is vulnerable to privilege escalation. The vulnerability exists due to a Time-of-check Time-of-use TOCTOU Race Condition...

7.5CVSS2.9AI score0.00914EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2021/08/23 2:2 a.m.•39 views

Denial Of Service

FFmpeg is vulnerable to denial of service. The vulnerability exists due to a null pointer dereference passed as argument to libavformat/aviobuf.c...

7.5CVSS3.6AI score0.01079EPSS
Exploits0References3Affected Software2
Veracode
Veracode
•added 2021/08/12 3:28 p.m.•39 views

Privilege Escalation

kernel is vulnerable to privilege escalation. The vulnerability exists due to a race condition in the SCTP sockets net/sctp/socket.c which allows an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPFCGROUPINETSOCKCREATE is...

7CVSS7.2AI score0.00482EPSS
Exploits1References16Affected Software6
Veracode
Veracode
•added 2021/06/22 11:4 p.m.•39 views

Denial Of Service (DoS)

tor:edge is vulnerable to denial of service. The vl one of three use after free UAF bugs...

8.8CVSS2.4AI score0.52005EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2021/06/11 10:48 p.m.•39 views

Denial Of Service (DoS)

apache2 is vulnerable to denial of service. A null pointer dereference occurs when handling malicious HTTP/2 request. A remote attacker could use this flaw to crash the httpd child process, causing temporary denial of service...

7.5CVSS2.6AI score0.51208EPSS
Exploits0References21Affected Software1
Veracode
Veracode
•added 2021/06/06 10:38 a.m.•39 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. The ext4 file system implementation contains an integer overflow in ext4escacheextent when lblk + len exceeds 2^32. An attacker is able to crash the kernel by mounting a malicious file system...

5.5CVSS4.9AI score0.00296EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2021/05/31 5:29 a.m.•39 views

Regular Expression Denial Of Service (ReDoS)

trim-newlines is vulnerable to Regular Expression Denial Of Service ReDoS. The usage of an insecure regular expression in the .end method allows an attacker to cause excessive resource consumption...

7.5CVSS7.2AI score0.02901EPSS
Exploits0References5Affected Software3
Veracode
Veracode
•added 2021/05/28 12:59 p.m.•39 views

Information Disclosure

curl is vulnerable to information disclosure. The vulnerability exists in -t command line in CURLOPTTELNETOPTIONS because the option parser for sending NEWENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server which allows an attacker to...

3.1CVSS5.1AI score0.04385EPSS
Exploits1References21Affected Software5
Veracode
Veracode
•added 2021/05/23 6:5 a.m.•39 views

Cross-Site Scripting (XSS)

ceph is vulnerable to cross-site scripting. The vulnerability exists due to a flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the...

6.5CVSS6AI score0.01627EPSS
Exploits0References10Affected Software6
Veracode
Veracode
•added 2021/05/20 3:28 p.m.•39 views

Arbitrary Code Execution

kernel is vulnerable to arbitrary code execution. The vulnerability can be caused by a privileged local user through the kbdkeycode function of keyboard.c, where an out of bounds write was possible due to a missing bounds check...

6.7CVSS4.3AI score0.00223EPSS
Exploits0References8Affected Software2
Veracode
Veracode
•added 2021/05/18 5:3 p.m.•39 views

Denial Of Service (DoS)

glib:edge is vulnerable to denial of service. The function gbytesnew has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption...

7.5CVSS4.3AI score0.02993EPSS
Exploits1References12Affected Software4
Veracode
Veracode
•added 2021/05/08 3:21 p.m.•39 views

Arbitrary Code Execution

libxml2 is vulnerable to arbitrary code execution. A use-after-free occurs in xmllint when --html and --push options are used, allowing an attacker to execute arbitrary code on the host OS by submitting malicious files...

7.8CVSS4.8AI score0.0199EPSS
Exploits1References12Affected Software17
Veracode
Veracode
•added 2021/05/04 10:34 p.m.•39 views

Privilege Escalation

exim4 is vulnerable to privilege escalation. The vulnerability exists due to insufficient validation of user-supplied input when processing new line characters. A remote attacker can inject a new line character into the spool header file and modify the mail queue...

8.8CVSS4.5AI score0.0406EPSS
Exploits1References2Affected Software7
Veracode
Veracode
•added 2021/04/29 12:5 p.m.•39 views

CVE-2021-28148

One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service DoS...

7.5CVSS2.3AI score0.03497EPSS
Exploits0References9Affected Software1
Veracode
Veracode
•added 2021/04/05 3:21 a.m.•39 views

Denial Of Service(DoS)

webkit2gtk is vulnerable to denial of service. A memory corruption happens due to processing of maliciously crafted web content, leading to an arbitrary code execution...

8.8CVSS4.2AI score0.02368EPSS
Exploits0References10Affected Software17
Veracode
Veracode
•added 2021/03/09 1:6 a.m.•39 views

Authentication Bypass

botframework-connector is vulnerable to authentication bypass. The vulnerability exists as Skill claims found in the jwt token is not validated against the SkillValidation.isSkillClaim method...

5.5CVSS2.8AI score0.01057EPSS
Exploits0References6Affected Software2
Veracode
Veracode
•added 2021/03/04 2:17 a.m.•39 views

Regular Expression Denial-of-Service (ReDoS)

pillow is vulnerable to regular expression denial of service. Usage of an insecure regex allows an attacker to cause excessive CPU consumption when parsing a malicious PDF file...

6.5CVSS5.5AI score0.01635EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2021/02/26 2:11 a.m.•39 views

Arbitrary Code Execution

linux is vulnerable to arbitrary code execution. The vulnerabilitye exists as the kernel PV block backend expects the kernel thread handler to reset ring-xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and...

8.8CVSS1.3AI score0.00388EPSS
Exploits0References7Affected Software5
Veracode
Veracode
•added 2021/02/25 4:34 a.m.•39 views

XML External Entity (XXE)

batik-svgbrowser is vulnerable to XML external entity attacks. An attacker is able to submit HTTP GET requests on behalf of the server using malicious arguments...

8.2CVSS7.9AI score0.13635EPSS
Exploits0References17Affected Software2
Veracode
Veracode
•added 2021/02/17 3:15 a.m.•39 views

OS Command Injection

systeminformation is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands via service parameters that are passed to si.inetLatency, si.inetChecksite, si.services, si.processLoad etc...

7.8CVSS7.7AI score0.9024EPSS
Exploits4References7Affected Software1
Veracode
Veracode
•added 2021/02/15 3:48 a.m.•39 views

Open Redirection

rails is vulnerable to open redirection. Inadequate validation and regex matching of URLs allows an attacker to bypass validation checks using a malicious Host header and redirect users to a malicious website...

6.1CVSS4AI score0.87301EPSS
Exploits1References9Affected Software2
Veracode
Veracode
•added 2021/02/10 7:0 a.m.•39 views

Arbitrary Code Execution

kernel is vulnerable to arbitrary code execution. The vulnerability exists through a use-after-free in the sound subsystem as card disconnection causes certain data structures to be deleted too early...

6.4CVSS3.4AI score0.00581EPSS
Exploits1References14Affected Software1
Veracode
Veracode
•added 2021/02/05 3:21 a.m.•39 views

Buffer Overflow

glibc is vulnerable to buffer overflow. The vulnerability occurs when processing invalid multi-byte input sequences in the EUC-KR encoding...

5.9CVSS5.4AI score0.03538EPSS
Exploits0References32Affected Software1
Veracode
Veracode
•added 2021/01/07 4:43 p.m.•39 views

Remote Code Execution (RCE)

firefox is vulnerable to remote code execution. The vulnerability exists due to a use-after-free error when processing COOKIE-ECHO chunk in a SCTP packet. An attacker can inject malicious data to the browser, triggering a use-after-free error and execute arbitrary code on the system...

8.8CVSS4.6AI score0.01304EPSS
Exploits0References3Affected Software11
Veracode
Veracode
•added 2020/12/18 6:5 a.m.•39 views

Deserialization Of Untrusted Object

jackson-databind is vulnerable to deserialization of untrusted data that can lead to remote code execution. It is possible because untrusted classes org.apache.commons.dbcp2.datasources.SharedPoolDataSource was not filtered by default from the interaction between serialization gadgets and...

8.1CVSS4.5AI score0.09477EPSS
Exploits1References11Affected Software3
Veracode
Veracode
•added 2020/12/17 3:35 a.m.•39 views

Prototype Pollution

datatables.net is vulnerable to prototype pollution. The vulnerabilities exists as it does not sanitize values of the proto and constructor headers...

7.3CVSS2.9AI score0.0367EPSS
Exploits2References4Affected Software1
Veracode
Veracode
•added 2020/12/06 4:39 a.m.•39 views

NULL Pointer Dereference

SQLite is vulnerable to NULL pointer dereference. An attacker, interleaving reads and writes in a single transaction with an fts5 virtual table could cause denial of service conditions...

7.5CVSS3.3AI score0.06253EPSS
Exploits0References18Affected Software1
Veracode
Veracode
•added 2020/12/06 4:6 a.m.•39 views

Arbitrary Code Execution

openjfx is vulnerable to arbitrary code execution.An easy-to-exploit vulnerability allows an unauthenticated attacker to compromise and takeover the Java SE...

9.6CVSS4.6AI score0.02132EPSS
Exploits0References9Affected Software1
Veracode
Veracode
•added 2020/12/06 3:6 a.m.•39 views

Arbitrary Code Execution

chromium is vulnerable to arbitrary code execution. Incorrect optimization assumptions in V8 allows a remote attacker to execute arbitrary code inside a sandbox via a malicious HTML page...

8.8CVSS4.7AI score0.12879EPSS
Exploits0References10Affected Software1
Total number of security vulnerabilities5000