Lucene search
K
VeracodeMost viewed

38355 matches found

Veracode
Veracode
•added 2019/05/02 4:52 a.m.•39 views

Denial Of Service (DoS)

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: A heap-based buffer overflow flaw was found in the Linux kernel's iSCSI target subsystem. A remote attacker could use a specially-crafted iSCSI request to caus...

7.9CVSS6.3AI score0.07313EPSS
Exploits11References21Affected Software1
Veracode
Veracode
•added 2019/05/02 4:46 a.m.•39 views

Privilege Escalation

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

5.9CVSS7AI score0.15561EPSS
Exploits7References38Affected Software63
Veracode
Veracode
•added 2019/05/02 4:46 a.m.•39 views

Arbitrary Code Execution

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

9.8CVSS6.5AI score0.98704EPSS
Exploits23References25Affected Software1
Veracode
Veracode
•added 2019/05/02 4:46 a.m.•39 views

Privilege Escalation

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

9.8CVSS6.5AI score0.98704EPSS
Exploits23References28Affected Software1
Veracode
Veracode
•added 2019/05/02 4:46 a.m.•39 views

Sandbox Restrictions Bypass

openjdk is vulnerable to sandbox restrictions bypass. An improper permission check issue was discovered in the reflection API in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

9.8CVSS5.9AI score0.97612EPSS
Exploits38References22Affected Software1
Veracode
Veracode
•added 2019/05/02 4:45 a.m.•39 views

Denial Of Service (DoS)

Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. A heap-based buffer overflow flaw was found in the way Wireshark handled Endace ERF Extensible Record Format capture files. If Wireshark opened a...

4.3CVSS7AI score0.06597EPSS
Exploits8References19Affected Software1
Veracode
Veracode
•added 2019/05/02 4:43 a.m.•39 views

Denial Of Service (DoS)

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

9.3CVSS9.8AI score0.42609EPSS
Exploits5References18Affected Software3
Veracode
Veracode
•added 2019/05/02 4:43 a.m.•39 views

Access Restriction Bypass

JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.0, and includes bug fixes and enhancements. Refer to the 6.0.1 Release Notes for information on the...

10CVSS6AI score0.6477EPSS
Exploits7References11Affected Software204
Veracode
Veracode
•added 2019/05/02 4:41 a.m.•39 views

Memory Corruption

The IBM Java SE version 6 release includes the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. Detailed vulnerability descriptions are linked fr...

9.8CVSS9.1AI score0.98237EPSS
Exploits35References33Affected Software1
Veracode
Veracode
•added 2019/05/02 4:41 a.m.•39 views

Memory Corruption

The IBM Java SE version 6 release includes the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. Detailed vulnerability descriptions are linked fr...

9.8CVSS9.1AI score0.98237EPSS
Exploits35References17Affected Software1
Veracode
Veracode
•added 2019/01/15 9:26 a.m.•39 views

Denial Of Service (DoS)

nginx is vulnerable to denial of service. The implementation of HTTP/2, when compiled with ngxhttpv2module and if the http2 option of the listen directive is used in a configuration file, contains a vulnerability which would allow an attacker to crash the service from excessive memory consumption...

7.5CVSS7.1AI score0.47057EPSS
Exploits0References13Affected Software1
Veracode
Veracode
•added 2019/01/15 9:25 a.m.•39 views

Open Redirection

tomcat-catalina is vulnerable to open redirection. The vulnerability is possible because the library creates a protocol-relative redirect in the default servlet when generating a redirect to a directory, allowing an attack through any malicious URL...

4.3CVSS5.1AI score0.94494EPSS
Exploits3References66Affected Software7
Veracode
Veracode
•added 2019/01/15 9:23 a.m.•39 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS attacks. The vulnerability exists as the tcpdisconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service tcpselectwindow divide-by-zero error and system crash by triggering a disconnect within a...

5.5CVSS5.9AI score0.00445EPSS
Exploits0References14Affected Software2
Veracode
Veracode
•added 2019/01/15 9:16 a.m.•39 views

Use-After-Free

Linux kernel is vulnerable to privilege escalation. A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKETV3 ring buffer. A local user able to op...

7.8CVSS7.1AI score0.11127EPSS
Exploits16References40Affected Software1
Veracode
Veracode
•added 2019/01/15 9:11 a.m.•39 views

Arbitrary Code Execution

rh-mariadb100-mariadb is vulnerable to arbitrary code execution attacks. The vulnerability exists as a heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by...

9.8CVSS8AI score0.09157EPSS
Exploits1References19Affected Software4
Veracode
Veracode
•added 2019/01/15 9:6 a.m.•39 views

Denial Of Service (DoS)

net-snmp is vulnerable to denial of service DoS attacks. The vulnerability exists as snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service snmptrapd crash via a crafted SNMP trap message, which triggers a conversion to the...

5CVSS8.5AI score0.04619EPSS
Exploits1References31Affected Software1
Veracode
Veracode
•added 2019/01/15 9:6 a.m.•39 views

Double Free Vulnerability

PHP is vulnerable to a double free. It is due to a flaw in zendtshashgracefuldestroy function in the PHP ZTS module...

7.5CVSS7.4AI score0.16948EPSS
Exploits1References18Affected Software1
Veracode
Veracode
•added 2019/01/15 9:5 a.m.•39 views

Denial Of Service (DoS)

Mozilla Firefox is vulnerable to denial of service. The application does not properly process malformed web content, which would allow a remote attacker to crash a user's application via malicious H.264 video data in an m4v file...

6.8CVSS7.2AI score0.0544EPSS
Exploits0References18Affected Software1
Veracode
Veracode
•added 2019/01/15 9:5 a.m.•39 views

Denial Of Service (DoS)

libkrb5.so is vulnerable to denial of service DoS attacks. The vulnerability exists in the krb5gssprocesscontexttoken function of lib/gssapi/krb5/processcontexttoken.c where a terminated security-context handle could be used by authenticated users to cause a Denial of Service DoS attack...

9CVSS5.5AI score0.06213EPSS
Exploits0References16Affected Software1
Veracode
Veracode
•added 2019/01/15 9:1 a.m.•39 views

Directory Traversal

Django is vulnerable to directory traversal attacks. Attacker can perform unauthorized file access using the ssi templating tag which is configured in the ALLOWEDINCLUDEROOTS setting incorrectly. Therefore it is opening up the loophole to use relative path provided in the ALLOWEDINCLUDEROOTS...

5CVSS6AI score0.03182EPSS
Exploits2References8Affected Software1
Veracode
Veracode
•added 2019/01/15 9:0 a.m.•39 views

Arbitrary File Access Using A Symlink Attack

rack/file.rb Rack::File in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATHINFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka 'symlink path...

4.3CVSS6AI score0.02952EPSS
Exploits0References15Affected Software4
Veracode
Veracode
•added 2019/01/15 8:57 a.m.•39 views

Denial Of Service (DoS)

httpd is vulnerable to denial of service DoS attacks. The vulnerability exists as moddav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service segmentation fault via a MERGE request in whi...

4.3CVSS5.9AI score0.29484EPSS
Exploits3References60Affected Software98
Veracode
Veracode
•added 2019/01/15 8:57 a.m.•39 views

Remote Code Execution (RCE)

httpd is vulnerable to remote code execution RCE. The modrewrite.c in the modrewrite module does not sanitize non-printable characters before writing to a log file, allowing a remote attacker to inject escape sequences for a terminal emulator into the log file via an HTTP request, resulting in...

5.1CVSS6.9AI score0.24886EPSS
Exploits2References65Affected Software98
Veracode
Veracode
•added 2019/01/15 8:55 a.m.•39 views

Directory Traversal When Route Globbing Configurations Are Enabled

Directory traversal vulnerability in actionpack/lib/abstractcontroller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files...

7.5CVSS6.1AI score0.53703EPSS
Exploits2References11Affected Software12
Veracode
Veracode
•added 2019/01/15 8:52 a.m.•39 views

Remote Code Execution (RCE)

busybox is vulnerable to remote code execution RCE attacks. The vulnerability exists in the decompress function in compress42.c in 1 ncompress 4.2.4 and 2 liblzw allows remote attackers to cause a denial of service crash, and possibly execute arbitrary code, via crafted data that leads to a buffe...

7.5CVSS7.6AI score0.05422EPSS
Exploits0References71Affected Software2
Veracode
Veracode
•added 2019/01/15 8:52 a.m.•39 views

Cross-site Scripting (XSS)

Python SimpleHTTPServer is vulnerable to cross-site scripting XSS. The listdirectory function in Lib/SimpleHTTPServer.py does not set a charset parameter in the Content-Type HTTP header, allowing an attacker to inject arbitrary Javascript through UTF-7 encoding into Internet Explorer 7 browser vi...

2.6CVSS5.5AI score0.03213EPSS
Exploits1References19Affected Software1
Veracode
Veracode
•added 2019/01/15 8:51 a.m.•39 views

Memory Corruption

Oracle MySQL has a stack-based buffer overflow vulnerability. It does not handle checking of user permission in MySQL, allowing an authenticated user to crash the mysqld daemon and subsequently leading to arbitrary code execution with the privileges of the user running the application...

6.5CVSS5.8AI score0.24564EPSS
Exploits2References29Affected Software1
Veracode
Veracode
•added 2019/01/03 6:15 a.m.•39 views

Remote Code Execution (RCE)

jackson-databind is susceptible to deserialisation vulnerability. The vulnerability is due to the lack of openjpa class blockage, allowing a remote attacker to leverage this vulnerability to execute arbitrary code...

9.8CVSS9.4AI score0.10599EPSS
Exploits0References46Affected Software4
Veracode
Veracode
•added 2018/11/09 12:45 a.m.•39 views

Authentication Bypass

catalina is vulnerable to authentication bypass attacks. The vulnerability exists due to the improper handling of failed undeploy where the appBase files can remain after the failed undeploy process...

4.3CVSS5AI score0.08151EPSS
Exploits0References38Affected Software1
Veracode
Veracode
•added 2018/11/01 8:41 a.m.•39 views

Out-of-Bounds Read

libcurl.so is vulnerable to a out-of-bounds read. The warning message display function does not format the display information correctly when a warning is longer than 80 bytes, leading to an out-of-bounds read that can disclose sensitive information from the buffer or crash the application...

9.1CVSS9AI score0.02099EPSS
Exploits0References11Affected Software2
Veracode
Veracode
•added 2018/10/04 9:6 a.m.•39 views

Open Redirection

tomcat-catalina is vulnerable to open redirection. The vulnerability is possible because the library creates a protocol-relative redirect in the default servlet when generating a redirect to a directory, allowing an attack through any malicious URL...

4.3CVSS5.1AI score0.94494EPSS
Exploits3References59Affected Software2
Veracode
Veracode
•added 2018/09/24 7:23 a.m.•39 views

Man-in-the-Middle (MitM)

node.js is vulnerable to a man-in-the-middle MitM attack. The library does not properly handle the wildcard character in the X.509 Certificate namefields. This can allow a malicious user to spoof servers and cause a MitM attack...

5.9CVSS5.9AI score0.02841EPSS
Exploits0References2Affected Software4
Veracode
Veracode
•added 2018/07/23 6:35 a.m.•39 views

Information Disclosure

tomcat is vulnerable to information disclosure attacks. The vulnerability exists due to the mishandling of close in the NIO and NIO2 connectors where user sessions can be mixed up, causing information disclosure...

5.9CVSS7.1AI score0.12058EPSS
Exploits0References28Affected Software3
Veracode
Veracode
•added 2017/11/01 5:30 a.m.•39 views

Vulnerability Through C Libraries

chef uses vulnerable versions of LibXML2, OpenSSL and LibXSLT. These vulnerabilities are included due to the omnibusoverride file using the vulnerable versions. LibXML2 is vulnerable to the following CVEs: CVE-2017-9050, CVE-2017-9049, CVE-2017-9048, CVE-2017-9047, CVE-2017-8872, and CVE-2016-931...

7.5CVSS7AI score0.57595EPSS
Exploits7
Veracode
Veracode
•added 2017/10/30 12:47 a.m.•39 views

Arbitrary Command Execution

Dulwich is vulnerable to arbitrary command execution. When using the SSH subprocess, an attacker can use an ssh URL with the - dash character in the hostname.This is related to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117...

9.8CVSS8.4AI score0.77823EPSS
Exploits12References4Affected Software1
Veracode
Veracode
•added 2017/08/23 1:48 a.m.•39 views

Denial Of Service (DoS)

ImageMagick is susceptible to denial of service DoS attacks. The vulnerability is caused due to not properly handling memory allocation in the formatIPTC method in coders/meta.c...

6.5CVSS6.8AI score0.0149EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2017/08/22 7:33 a.m.•39 views

Arbitrary Code Execution Through Serialization

QOS.ch Logback is vulnerable to arbitrary code execution through serialization. It is possible to write untrusted objects from the Logger, allowing arbitrary code execution. This is related to CVE-2017-5929...

9.8CVSS9.7AI score0.07501EPSS
Exploits0
Veracode
Veracode
•added 2017/06/28 1:33 a.m.•39 views

Remote Code Execution (RCE)

phpunit is vulnerable to remote code execution RCE attacks. A malicious user can inject and execute arbitrary PHP script by using the ?php tag and sending a POST request to the eval-stdin.php file on the system...

9.8CVSS9.9AI score0.99999EPSS
Exploits19References11Affected Software1
Veracode
Veracode
•added 2017/06/15 2:56 a.m.•39 views

HTTP Smuggling

undertow is vulnerable to HTTP Smuggling attacks. The library does not verify that messages do not contain invalid headers, allowing a malicious user to conduct http smuggling that can lead to cross-site scripting attacks. This is related to an incomplete fix in CVE-2017-2666...

6.5CVSS6.7AI score0.02712EPSS
Exploits0References15Affected Software127
Veracode
Veracode
•added 2017/03/24 8:19 a.m.•39 views

Cross-site Scripting

console-common is vulnerable to cross-site scripting XSS attacks. They are possible because it does not perform HTML escaping properly...

5.8CVSS5.2AI score0.11515EPSS
Exploits0References15Affected Software1
Veracode
Veracode
•added 2017/02/10 12:52 a.m.•39 views

Cipher Bypass

OpenSSL is vulnerable to cipher bypasses. A malicious user can negotiate and complete an SSLv2 handshake with the server even if the ciphers have been disabled on the server. SSLv2 handshakes are vulnerable to man-in-the-middle attacks...

5.9CVSS6.8AI score0.10731EPSS
Exploits2References38Affected Software3
Veracode
Veracode
•added 2017/02/06 8:56 a.m.•39 views

Denial Of Service (DoS) Through Memory Consumption

OpenSSL is vulnerable to denial of service DoS attacks. These attacks are possible because there is a memory leak in the tlsdecryptticket function which can be triggered through a session ticket...

7.1CVSS4.2AI score0.23598EPSS
Exploits0References58Affected Software2
Veracode
Veracode
•added 2017/02/06 2:21 a.m.•39 views

Protection Mechanism Bypass

OpenSSL is vulnerable to protection mechanism bypass. This is because OpenSSL accepts several variations of certificate signature algorithms and signature encodings. It doesn't then enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. This...

5CVSS5.7AI score0.1653EPSS
Exploits0References41Affected Software1
Veracode
Veracode
•added 2017/02/03 6:21 a.m.•39 views

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service DoS attacks. The library does not clear DTLS handshake messages when they are delivered out of order even when the handshake has been completed. A malicious user can take advantage of this by opening multiple DTLS connections to the system, causing a...

7.5CVSS8.1AI score0.26559EPSS
Exploits1References26Affected Software3
Veracode
Veracode
•added 2017/02/01 3:14 a.m.•39 views

Denial Of Service (DoS) Or Arbitrary Code Execution

expat is vulnerable to denial of service DoS or arbitrary code execution attacks. When users input malformed document, expat XML parser mishandles the input which causes a buffer overflow during the processing and error reporting. This leading to a denial of service and conceivably result in remo...

9.8CVSS8.4AI score0.13335EPSS
Exploits3References32Affected Software2
Veracode
Veracode
•added 2017/01/25 2:53 a.m.•39 views

Cache-timing Attack

OpenSSL is vulnerable to a cache-timing attack. The attack exists due to a flaw in signing function of crypto/ecdsa/ecdsaossl.c which sets the BNFLGCONSTTIME flag for nonces instead of taking a secure code path in the BNmodinverse method...

5.5CVSS6.5AI score0.00594EPSS
Exploits0References22Affected Software10
Veracode
Veracode
•added 2025/12/13 4:33 a.m.•38 views

XML External Entity (XXE)

org.jenkins-ci.plugins, generic-webhook-trigger is vulnerable to XML External Entity XXE. The vulnerability is due to improper XML parser configuration that does not disable external entity processing, which allows an attacker to exploit crafted XML input to access sensitive information or perfor...

9.8CVSS7.3AI score0.25746EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/04/10 9:15 p.m.•38 views

Improper Input Validation

Apache is vulnerable to Improper Input Validation. The vulnerability is caused due to inadequate input validation, which can be exploited by attackers to manipulate HTTP responses...

6.5AI score0.03914EPSS
Exploits0References8Affected Software7
Veracode
Veracode
•added 2024/04/05 7:19 a.m.•38 views

Denial Of Service (DOS)

golang.org/x/net is vulnerable to Denial Of Service DoS. The vulnerability is due to a lack of header frame limits, allowing an attacker to send excessive CONTINUATION frames which causes the endpoint to read arbitrary amounts of header data without proper memory allocation limits...

7.5CVSS6.7AI score0.91969EPSS
Exploits1References11Affected Software4
Veracode
Veracode
•added 2024/03/26 8:39 p.m.•38 views

Asymmetric Resource Consumption

python is vulnerable to Asymmetric Resource Consumption. This vulnerability is due to an issue in the zip format, allowing for the creation of zip-bombs with a high compression ratio...

6.2CVSS7AI score0.00333EPSS
Exploits0References17Affected Software5
Total number of security vulnerabilities5000