Lucene search
K
VeracodeMost viewed

38355 matches found

Veracode
Veracode
•added 2020/01/22 4:46 a.m.•39 views

Cross-site Scripting (XSS)

wordpress is vulnerable to cross-site scripting XSS. The vulnerability exists as wpksesbadprotocol fails to validate that uri attributes do not contain invalid/or unauthorized protocols...

9.8CVSS1.7AI score0.04654EPSS
Exploits1References8Affected Software2
Veracode
Veracode
•added 2020/01/18 1:1 a.m.•39 views

Arbitrary Code Execution

mozilla firefox is vulnerable to arbitrary code execution. Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion...

8.8CVSS4.4AI score0.46589EPSS
Exploits7References9Affected Software5
Veracode
Veracode
•added 2019/12/06 12:16 a.m.•39 views

Denial Of Service (DoS)

Mozilla firefox is vulnerable to denial of service DoS. The vulnerability exists through a use-after-free when retrieving a document in antitracking...

7.5CVSS3.4AI score0.01524EPSS
Exploits1References15Affected Software5
Veracode
Veracode
•added 2019/11/13 12:19 a.m.•39 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. Due to the way found in which Intel CPUs handle inconsistency between virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries, a privileged guest user may use this flaw to induce a hardware...

6.5CVSS2.2AI score0.00915EPSS
Exploits0References24Affected Software4
Veracode
Veracode
•added 2019/09/27 8:45 a.m.•39 views

HTTP Request Smuggling

Netty is vulnerable to HTTP request smuggling. The attack is possible because it fails to correctly handle white spaces in HTTP header names...

7.5CVSS0.5AI score0.08415EPSS
Exploits1References146Affected Software3
Veracode
Veracode
•added 2019/09/05 6:48 a.m.•39 views

Denial Of Service (Dos)

libexpat.so is vulnerable to denial of service. A heap-based buffer overflow occurs when an attacker sends a malicious XML which switches the DTD parsing to document parsing immaturely, leading to repeated calls of XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber function that results in an...

7.5CVSS3.9AI score0.06643EPSS
Exploits1References62Affected Software13
Veracode
Veracode
•added 2019/08/08 12:7 a.m.•39 views

Buffer Over-Read

The elfutils package is vulnerable to heap-based buffer over-read in libdw/dwarfgetaranges.c:dwarfgetaranges through a malicious file...

5.5CVSS2.7AI score0.01367EPSS
Exploits1References11Affected Software2
Veracode
Veracode
•added 2019/08/05 12:16 a.m.•39 views

Privilege Escalation

kernel is vulnerable to privilege escalation. A use-after-free in the svcprocesscommon function allows an attacker to cause a host kernel memory corruption and a system panic, potentially resulting in a successful privilege escalation...

8CVSS4.6AI score0.01455EPSS
Exploits0References27Affected Software2
Veracode
Veracode
•added 2019/07/08 1:43 p.m.•39 views

Cross-Site Scripting (XSS)

apache tomcat is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the time parameter in sp/cal/cal2.jsp in the calendar application in the examples application...

4.3CVSS4.6AI score0.09125EPSS
Exploits1References46Affected Software2
Veracode
Veracode
•added 2019/06/17 12:21 a.m.•39 views

Cross-site Scripting (XSS)

picketlink is vulnerable to cross-site scripting. A URL injection vulnerability via the xinclude parameter allows an attacker to inject arbitrary Javascript into a victim's browser...

9CVSS9AI score0.00927EPSS
Exploits0References28Affected Software25
Veracode
Veracode
•added 2019/05/27 12:40 a.m.•39 views

Denial Of Service (DoS)

Oracle MySQL is vulnerable to denial of service attacks. Remote authenticated attacker could exploit the vulnerable Privileges component to cause a hang or frequently repeatable crash...

4.9CVSS5.4AI score0.03213EPSS
Exploits0References16Affected Software3
Veracode
Veracode
•added 2019/05/16 3:22 a.m.•39 views

Denial Of Service (DoS)

Oracle MySQL is vulnerable to denial of service attacks. A remote authenticated attacker could exploit a flaw in the Storage Engines component to cause denial of service conditions...

4.9CVSS6.3AI score0.03968EPSS
Exploits0References14Affected Software4
Veracode
Veracode
•added 2019/05/16 2:25 a.m.•39 views

Code Injection

pdfjs-dist is vulnerable to code injection vulnerability. This is because it does not sufficiently sanitize PostScript calculator functions which allows an attacker to inject malicious JavaScript through a crafted PDF file...

8.8CVSS9.2AI score0.10576EPSS
Exploits0References14Affected Software2
Veracode
Veracode
•added 2019/05/16 2:13 a.m.•39 views

NULL Pointer Dereference

Linux kernel is vulnerable to NULL pointer dereference attacks. This is due to mishandling of node-splitting in assocarray implementation in assocarrayinsertintoterminalnode function in lib/assocarray.c. A local users could cause a denial of service via a crafted application, as demonstrated by t...

5.5CVSS5.8AI score0.93838EPSS
Exploits21References24Affected Software2
Veracode
Veracode
•added 2019/05/02 6:37 a.m.•39 views

Man-in-the-Middle (MitM)

IBM Java SE is vulnerable to man-in-the-middle attacks. The vulnerability exists in Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A remote attacker could use this flaw to...

7.5CVSS7.5AI score0.03206EPSS
Exploits0References21Affected Software4
Veracode
Veracode
•added 2019/05/02 6:36 a.m.•39 views

Information Disclosure

Linux kernel is vulnerable to information disclosure. This occurs in arch/x86/kvm/emulate.c in the Linux kernel. Local users could obtain sensitive information from kernel memory or cause a denial of service use-after-free via a crafted application that leverages instruction emulation for fxrstor...

7.1CVSS6.7AI score0.00421EPSS
Exploits0References46Affected Software2
Veracode
Veracode
•added 2019/05/02 6:30 a.m.•39 views

Man-in-the-Middle (MitM)

PostgreSQL is vulnerable to man-in-the-middle attacks. This is because PostgreSQL client library libpq does not enforce the use of TLS/SSL for a connection to a PostgreSQL server when the PGREQUIRESSL environment variable was set. An attacker could use this flaw to strip the SSL/TLS protection fr...

5.9CVSS8AI score0.02042EPSS
Exploits0References14Affected Software7
Veracode
Veracode
•added 2019/05/02 5:43 a.m.•39 views

Privilege Escalation

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

7.5CVSS9.3AI score0.04229EPSS
Exploits0References25Affected Software2
Veracode
Veracode
•added 2019/05/02 5:41 a.m.•39 views

Improper Signature Validation

The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security TLS. It was found that GnuTLS did not check activation and expiration dates of CA certificates. This could cause an application using GnuTLS to incorrectly accept a certificate as...

7.5CVSS7.4AI score0.01586EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2019/05/02 5:40 a.m.•39 views

Sandbox Restrictions Bypass

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Ja...

9.8CVSS4.6AI score0.9986EPSS
Exploits1References32Affected Software4
Veracode
Veracode
•added 2019/05/02 5:29 a.m.•39 views

Denial Of Service (DoS)

file is vulnerable to denial of service. Multiple flaws were found in the way file parsed Executable and Linkable Format ELF files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources...

7.5CVSS7.1AI score0.04681EPSS
Exploits0References24Affected Software2
Veracode
Veracode
•added 2019/05/02 5:29 a.m.•39 views

Denial Of Service (DoS)

MySQL Server is vulnerable to denial of service DoS. The vulnerability exists as an unspecified vulnerability in Oracle MySQL . An authenticated user is able to manipulate with an unknown input which related to 'Parser'...

4CVSS5.9AI score0.30146EPSS
Exploits6References32Affected Software4
Veracode
Veracode
•added 2019/05/02 5:28 a.m.•39 views

Arbitrary Code Execution

Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. It was discovered that the unhtmlify function o...

9.8CVSS7.8AI score0.10171EPSS
Exploits0References15Affected Software1
Veracode
Veracode
•added 2019/05/02 5:27 a.m.•39 views

Denial Of Service (DoS)

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

9.8CVSS8.2AI score0.31046EPSS
Exploits9References29Affected Software2
Veracode
Veracode
•added 2019/05/02 5:27 a.m.•39 views

Buffer Over-Read

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

9.8CVSS8.2AI score0.31046EPSS
Exploits9References29Affected Software2
Veracode
Veracode
•added 2019/05/02 5:24 a.m.•39 views

Denial Of Service (DoS)

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute...

8.8CVSS8.3AI score0.0831EPSS
Exploits1References29Affected Software2
Veracode
Veracode
•added 2019/05/02 5:21 a.m.•39 views

Improper Access Control

OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not...

9.8CVSS8.7AI score0.86829EPSS
Exploits12References40Affected Software53
Veracode
Veracode
•added 2019/05/02 5:21 a.m.•39 views

Sensitive Information Disclosure

OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not...

9.8CVSS8.6AI score0.86829EPSS
Exploits12References40Affected Software53
Veracode
Veracode
•added 2019/05/02 5:20 a.m.•39 views

Denial Of Service (DoS)

The kernel packages contain the Linux kernel, the core of any Linux operating system. A use-after-free flaw was found in the way the Linux kernel's key management subsystem handled keyring object reference counting in certain error path of the joinsessionkeyring function. A local, unprivileged us...

7.8CVSS6.3AI score0.03646EPSS
Exploits15References15Affected Software1
Veracode
Veracode
•added 2019/05/02 5:20 a.m.•39 views

Sandbox Restrictions Bypass

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to...

5.9CVSS6.7AI score0.14714EPSS
Exploits0References30Affected Software5
Veracode
Veracode
•added 2019/05/02 5:17 a.m.•39 views

Denial Of Service (DoS)

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...

6.5CVSS6.3AI score0.06964EPSS
Exploits0References12Affected Software2
Veracode
Veracode
•added 2019/05/02 5:17 a.m.•39 views

Denial Of Service (DoS)

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...

6.5CVSS6.3AI score0.06964EPSS
Exploits0References12Affected Software2
Veracode
Veracode
•added 2019/05/02 5:17 a.m.•39 views

Denial Of Service (DoS)

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...

5.7CVSS6.3AI score0.09984EPSS
Exploits0References18Affected Software4
Veracode
Veracode
•added 2019/05/02 5:17 a.m.•39 views

Denial Of Service (DoS)

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...

5.7CVSS6.3AI score0.09984EPSS
Exploits0References19Affected Software4
Veracode
Veracode
•added 2019/05/02 5:12 a.m.•39 views

Use-After-Free

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

7.5CVSS9.7AI score0.04991EPSS
Exploits0References30Affected Software2
Veracode
Veracode
•added 2019/05/02 5:12 a.m.•39 views

Denial Of Service (DoS)

QEMU is vulnerable to denial of service DoS. The vulnerability exists through the parsing of a small bytesperpixel value...

5CVSS6.5AI score0.03742EPSS
Exploits0References106Affected Software1
Veracode
Veracode
•added 2019/05/02 5:6 a.m.•39 views

Weak Authentication

The Network Time Protocol NTP is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's cryptorecv, ctlputdata, and configure functions. A remote attacker could use either of these flaws to send a specially crafted request...

7.5CVSS5.9AI score0.7809EPSS
Exploits4References23Affected Software1
Veracode
Veracode
•added 2019/05/02 5:4 a.m.•39 views

Arbitrary Code Execution

LibVNCServer is a library that allows for easy creation of VNC server or client functionality. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way screen sizes were handled by LibVNCServer. A malicious VNC server could use this flaw to cause a client to crash o...

7.5CVSS9.6AI score0.08272EPSS
Exploits1References19Affected Software1
Veracode
Veracode
•added 2019/05/02 5:2 a.m.•39 views

Cross-Site Scripting (XSS)

Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller MVC framework for web application development. Action Pack implemen...

7.5CVSS6.3AI score0.53703EPSS
Exploits2References6Affected Software2
Veracode
Veracode
•added 2019/05/02 5:2 a.m.•39 views

Information Disclosure

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when...

10CVSS8.6AI score0.07571EPSS
Exploits0References12Affected Software1
Veracode
Veracode
•added 2019/05/02 5:2 a.m.•39 views

Information Disclosure

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when...

10CVSS8.6AI score0.07571EPSS
Exploits0References17Affected Software2
Veracode
Veracode
•added 2019/05/02 5:0 a.m.•39 views

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute...

9.8CVSS9.5AI score0.11076EPSS
Exploits8References26Affected Software2
Veracode
Veracode
•added 2019/05/02 4:58 a.m.•39 views

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

10CVSS9.7AI score0.05951EPSS
Exploits0References40Affected Software2
Veracode
Veracode
•added 2019/05/02 4:58 a.m.•39 views

Denial Of Service (DoS)

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...

6.5CVSS5.6AI score0.04963EPSS
Exploits0References13Affected Software1
Veracode
Veracode
•added 2019/05/02 4:58 a.m.•39 views

Information Disclosure

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

10CVSS7.6AI score0.10117EPSS
Exploits1References19Affected Software3
Veracode
Veracode
•added 2019/05/02 4:57 a.m.•39 views

Denial Of Service (DoS)

KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Multiple integer...

8.6CVSS7AI score0.01002EPSS
Exploits3References36Affected Software2
Veracode
Veracode
•added 2019/05/02 4:56 a.m.•39 views

Denial Of Service (DoS)

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way IP packets with an Internet Header Length ihl of zero were processed in the skbflowdissect function in the Linux kernel. A remote attacker could use this flaw to trigger an infinit...

7.1CVSS6.9AI score0.09408EPSS
Exploits6References25Affected Software2
Veracode
Veracode
•added 2019/05/02 4:52 a.m.•39 views

Sandbox Restrictions Bypass

openjdk is vulnerable to sandbox restrictions bypass. An unspecified vulnerability allows remote attackers to affect integrity via unknown vectors...

5.3CVSS8.9AI score0.89987EPSS
Exploits8References22Affected Software1
Veracode
Veracode
•added 2019/05/02 4:52 a.m.•39 views

Information Disclosure

Red Hat OpenShift Enterprise is a cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. Refer to the Red Hat OpenShift Enterprise 1.1 Release Notes for information about the changes in this release. The Release Notes will be available shortly fr...

7.5CVSS6.7AI score0.04458EPSS
Exploits2References47Affected Software20
Veracode
Veracode
•added 2019/05/02 4:52 a.m.•39 views

Denial Of Service (DoS)

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: A heap-based buffer overflow flaw was found in the Linux kernel's iSCSI target subsystem. A remote attacker could use a specially-crafted iSCSI request to caus...

7.9CVSS6.3AI score0.07313EPSS
Exploits11References21Affected Software1
Total number of security vulnerabilities5000