Lucene search
K
VeracodeMost viewed

38355 matches found

Veracode
Veracode
•added 2022/11/21 1:40 p.m.•38 views

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists in the BinaryFunctor function of cwiseopscommon.h due to a size mismatch during broadcast assignment which allows an attacker to cause an application crash by providing malicious input...

7.5CVSS7.1AI score0.0044EPSS
Exploits1References8Affected Software3
Veracode
Veracode
•added 2022/11/19 2:27 p.m.•38 views

Denial Of Service (DoS)

Linux is vulnerable to Denial Of Service DoS. The vulnerability exists in the ismergeableanonvma function of rmap.c due to a use-after-free related to leaf anonvma double reuse which allows an attacker to cause an application crash by providing malicious input...

5.5CVSS6.4AI score0.00971EPSS
Exploits3References8Affected Software4
Veracode
Veracode
•added 2022/11/10 12:30 a.m.•38 views

Information Disclosure

rh-mysql80-mysql is vulnerable to denial of service. The vulnerability exists in the Server: PAM Auth Plugin component, allowing an attacker to access critical data or complete access to all MySQL Server accessible data...

5.9CVSS6.1AI score0.02023EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2022/11/10 12:27 a.m.•38 views

Privilege Escalation

rh-mysql80-mysql is vulnerable to privilege escalation. A high privileged attacker with network access via multiple protocols to compromise MySQL server, resulting in unauthorized update, insert or delete access to some of MySQL server accessible data...

5.5CVSS5.4AI score0.01604EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2022/11/10 12:25 a.m.•38 views

Denial Of Service (DoS)

rh-mysql80-mysql is vulnerable to denial of service. The vulnerability exists in the Server: Optimizer component, allowing an attacker to cause an application crash and modify some MySQL Server accessible data through the multiple protocols...

7.1CVSS6.6AI score0.02192EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2022/11/06 2:52 p.m.•38 views

Arbitrary Code Execution

nodejs is vulnerable to Arbitrary Code Execution. The vulnerability exists because the IP addresses are not properly handled which allows an attacker to perform DNS rebinding and execute arbitrary code...

8.1CVSS8.2AI score0.14024EPSS
Exploits0References8Affected Software3
Veracode
Veracode
•added 2022/10/31 10:41 a.m.•38 views

Denial Of Service (DoS)

libvirt.so is vulnerable to denial of service DoS attacks. The locked virStoragePoolObj object in the storagePoolLookupByTargetPath function is not properly released on ACL permission failures which allows clients connected to the read-write socket with limited ACL permissions to acquire the lock...

6.5CVSS6.3AI score0.01366EPSS
Exploits0References12Affected Software1
Veracode
Veracode
•added 2022/10/30 3:50 p.m.•38 views

Information Disclosure

dolphinscheduler-server is vulnerable to Information Disclosure. The vulnerability exists due to improper handling of logs in the process function of LoggerRequestProcessor.java, allowing an attacker to read log files through the log server...

6.5CVSS6.1AI score0.01486EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2022/10/24 8:50 a.m.•38 views

Out-of-bounds Write

libtiff.so is vulnerable to out-of-bound write. The vulnerability exists due to a heap based buffer overflow in uint32t parameter in tifdir.c which allows an attacker to submit a malicious code file into the system and perform out of bound writes...

6.5CVSS6.7AI score0.00949EPSS
Exploits1References7Affected Software4
Veracode
Veracode
•added 2022/10/19 2:12 a.m.•38 views

Denial Of Service (DoS)

libxml2 is vulnerable to denial of service DoS attacks. A malicious user is able to cause an integer overflow leading to a segmentation fault through a multi-gigabyte XML document when the XMLPARSEHUGE parser option enabled, causing the application to crash...

7.5CVSS7.6AI score0.22791EPSS
Exploits2References19Affected Software3
Veracode
Veracode
•added 2022/10/11 11:43 a.m.•38 views

SQL Injection

CodeIgniter is vulnerable to sql injection. The vulnerability exists due to improper implementation of where function of DBquerybuilder.php which allows an attacker to inject and execute malicious sql queries in the system...

9.8CVSS4.2AI score0.0085EPSS
Exploits1References1Affected Software2
Veracode
Veracode
•added 2022/10/03 6:50 a.m.•38 views

Remote Code Execution

moodle/moodle is vulnerable to remote code execution. The vulnerability exists in convertconfigdata function of lib.php when restoring backup files which allows an attacker to execute remote codes in the system...

9.8CVSS9.5AI score0.01527EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2022/09/27 10:47 p.m.•38 views

HTTP Request Smuggling

nodejs-current is vulnerable to HTTP request smuggling. The vulnerability exists due to incorrect parsing header fields in the library, allowing an attacker to smuggle HTTP requests by providing a maliciously crafted input...

6.5CVSS7.8AI score0.02587EPSS
Exploits1References5Affected Software3
Veracode
Veracode
•added 2022/09/21 7:49 a.m.•38 views

Privilege Escalation

github.com/grafana/grafana is vulnerable to privilege escalation. A remote admin is able to take over the server admin account and gain full control of the particular grafana instance when auth proxy is used, via calling a fake datasource publicly through this proxying feature...

6.6CVSS7.1AI score0.01302EPSS
Exploits0References10Affected Software2
Veracode
Veracode
•added 2022/09/19 1:0 p.m.•38 views

Information Disclosure

thunderbird is vulnerable to information disclosure. An attacker can gain sensitive information when composing a response to an HTML email with a META refresh tag...

8.1CVSS7.7AI score0.00768EPSS
Exploits0References4Affected Software3
Veracode
Veracode
•added 2022/09/01 10:46 a.m.•38 views

Denial Of Service (DoS)

chrome is vulnerable to denial of service. The vulnerability exists due to a memory corruption in the functionality of the component SwiftShader allowing an attacker to crash the system via manipulation with an unknown input...

8.8CVSS8.3AI score0.00653EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2022/08/31 4:26 a.m.•38 views

Command Injection

moment-timezone is vulnerable to command injection. An attacker can inject and execute the malicious commands using the childprocess exec function as it does not sanitize the input...

3.1AI score
Exploits0
Veracode
Veracode
•added 2022/08/27 5:50 p.m.•38 views

Use-after-poison

MariaDB is vulnerable to an use-after-poison. The vulnerability exists due to lack of proper memory handling in sanitizercommoninterceptors.inc which allows an attacker to do a use-after-poison...

7.5CVSS7.1AI score0.02082EPSS
Exploits1References14Affected Software1
Veracode
Veracode
•added 2022/08/11 8:25 a.m.•38 views

Remote Code Execution (RCE)

chromium is vulnerable to remote code execution. The vulnerability exists due to a use after free in Extensions API allowing an attacker to inject maliciously crafted code into the system...

8.8CVSS8.9AI score0.00344EPSS
Exploits0References6Affected Software2
Veracode
Veracode
•added 2022/07/22 4:38 p.m.•38 views

Privilege Escalation

Zulip is vulnerable to Privilege Escalation. An attacker may exploit the vulnerability by sending a maliciously crafted API call that grants administrator privileges to a bot in control...

8.8CVSS8.3AI score0.00635EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2022/07/18 7:51 a.m.•38 views

Privilege Escalation

gafana is vulnerable to privilege escalation. An attacker can take over another user's account in the grafana instance by supplying a login name through the specified OAuth IdP when the attacker's external user id is linked to a grafana account, and the attacker knows the grafana user name of the...

7.5CVSS7.4AI score0.02039EPSS
Exploits0References15Affected Software2
Veracode
Veracode
•added 2022/07/15 4:38 a.m.•38 views

Timing Attack

@fastify/bearer-auth is vulnerable to timing attacks. The vulnerability exists because the timingSafeEqual functionality in the compare function of plugin.js does not securely perform a constant-time comparison against the length of the bearer token, allowing an attacker to guess the length of th...

7.5CVSS7.1AI score0.01156EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2022/06/30 4:10 a.m.•38 views

Session Fixation

silverstripe/hybridsessions is vulnerable to session fixation. The vulnerability exists because the destroy function of DatabaseStore.php does not properly reset the user session after logging out, allowing an attacker to gain privileges via the client-side cookie...

6.5CVSS6.5AI score0.00834EPSS
Exploits0References9Affected Software1
Veracode
Veracode
•added 2022/06/29 12:4 a.m.•38 views

Denial Of Service (DoS)

curl is vulnerable to denial of service. The vulnerability exists because the amount of accepted "chained" algorithms is very high which allows an attacker to cause an application crash...

6.5CVSS7.7AI score0.3197EPSS
Exploits1References13Affected Software16
Veracode
Veracode
•added 2022/06/27 5:57 a.m.•38 views

Remote Code Execution Backdoor

cloudlabeling is vulnerable to remote code execution. The use of the request package opens up a code execution backdoor, allowing an attacker to perform unauthorized actions and accesses to sensitive information and digital currency keys...

9.8CVSS9.4AI score0.01896EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2022/06/23 10:13 p.m.•38 views

Information Disclosure

kernel is vulnerable to information disclosure. The vulnerability exists due to a userland application can read the contents of the sigpage, which leaks kernel memory contents allowing an attacker to read a process’s memory at a specific offset...

3.3CVSS5.4AI score0.00529EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2022/06/16 3:4 a.m.•38 views

Path Traversal

github.com/golang/go is vulnerable to Path Traversal. The vulnerability exists because the Clean function of path.go does not properly remove the . prefix when the file path contains :, allowing an attacker to access files outside the expected directory on windows...

7.5CVSS7.3AI score0.0187EPSS
Exploits0References12Affected Software2
Veracode
Veracode
•added 2022/06/02 10:49 p.m.•38 views

Denial Of Service (DoS)

mariadb is vulnerable to denial of service. getsortbytable in MariaDB allows an application crash via certain subquery uses of ORDER BY...

5.5CVSS2.9AI score0.00393EPSS
Exploits1References6Affected Software5
Veracode
Veracode
•added 2022/06/01 9:52 a.m.•38 views

Denial Of Service (DoS)

protobuf is vulnerable to denial of service. The vulnerability exists due to a lack of sanitization in google.protobuf.UnknownFieldSet parameter which allows a remote attacker to inject a malicious javascript into the system and crash. which allowing an attacker to...

7.5CVSS6.2AI score0.01655EPSS
Exploits1References8Affected Software3
Veracode
Veracode
•added 2022/05/14 11:43 p.m.•38 views

Information Disclosure

curl is vulnerable to information disclosure.libcurl wrongly allows cookies to be set for Top Level Domains TLDs if thehost name is provided with a trailing dot.curl can be told to receive and send cookies...

5.3CVSS6.4AI score0.02414EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2022/05/09 4:13 a.m.•38 views

Deserialization Of Untrusted Data

topthink/framework is vulnerable to deserialization of untrusted data. The vulnerability exists in unserialize function in Driver.php due to the use of string type as the method parameter which allows an attacker to control the state or the flow of the execution...

9.8CVSS4.9AI score0.01603EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2022/04/30 4:23 p.m.•38 views

Insecure IPv6 Connection

curl has insecure IPv6 connection. The vulnerability exists due to an errors in the logic where the config matching function did not take the IPv6 address zone id into account allowing the system to use the wrong connection when one transfer uses a zone id, and when subsequent transfer uses anoth...

7.5CVSS3.7AI score0.02794EPSS
Exploits1References5Affected Software3
Veracode
Veracode
•added 2022/04/27 8:9 a.m.•38 views

Memory Leak

qemu is vulnerable to a memory leak. The vulnerability exists in virtio-net device of qemu where it forgets to unmap the cached virtqueue element on error where a malicious privileged guest could exploit this issue to crash qemu within the context of the qemu process on the host...

7.5CVSS1.6AI score0.02701EPSS
Exploits0References11Affected Software5
Veracode
Veracode
•added 2022/04/13 1:50 p.m.•38 views

Remote Code Execution (RCE)

ghost is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of the upload and update function allowing an attacker inject maliciously crafted script via an SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is...

9.8CVSS2.6AI score0.0379EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2022/04/11 9:8 a.m.•38 views

CSV Injection

kevinpapst/kimai2 is vulnerable to CSV injection. The vulnerability is possible because the library does not sanitize the $desc parameter, which allows an attacker to inject malicious input...

7.8CVSS3.5AI score0.00999EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2022/03/15 10:14 a.m.•38 views

Denial Of Service (DoS)

Apache is vulnerable to denial of service. The vulnerability exists because a carefully crafted request body can cause a read to a random memory area which could cause the process to crash...

7.5CVSS3.1AI score0.69803EPSS
Exploits0References19Affected Software6
Veracode
Veracode
•added 2022/03/11 4:48 a.m.•38 views

Remote Code Execution (RCE)

gerapy is vulnerable to remote code execution. An attacker can inject and execute malicious commands through the projectconfigure function of views.py...

3.5AI score
Exploits6References4Affected Software1
Veracode
Veracode
•added 2022/03/02 9:29 a.m.•38 views

Insecure HTTP2 TrustManager

spring-cloud-gateway-server uses an insecure HTTP2 TrustManager. Application with default configuration and no key store or trusted certificates uses an insecure trustmanager factory option when HTTP2 is enabled, allowing the gateway connections to remote services with invalid or custom...

5.5CVSS2.7AI score0.04846EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2022/02/22 5:33 p.m.•38 views

Denial Of Service (DoS)

linux is vulnerable to denial of service DoS attacks. A malicious user is able to cause a heap-based buffer overflow, causing the application to crash...

7.8CVSS3.4AI score0.00461EPSS
Exploits2References2Affected Software2
Veracode
Veracode
•added 2022/02/17 9:52 a.m.•38 views

Privilege Escalation

libexpat.so is vulnerable to privilege escalation. The vulnerability exists in the namespace-separator Character Handler in the xmlparse.c allowing an unauthorized user to access the system account...

9.8CVSS8.8AI score0.34174EPSS
Exploits0References14Affected Software23
Veracode
Veracode
•added 2022/02/08 8:36 a.m.•38 views

Injection Vulnerability

Python is vulnerable to injection vulnerability. The vulnerability exists due to a lack of sanitization on the URL string parsed into the urlparse method allowing an attacker to inject maliciously crafted URL...

7.5CVSS4.9AI score0.08325EPSS
Exploits1References10Affected Software5
Veracode
Veracode
•added 2022/02/03 11:21 a.m.•38 views

Information Disclosure

samba is vulnerable to information disclosure...

4.3CVSS0.8AI score0.01097EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2022/01/14 6:1 a.m.•38 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. The vulnerability exists due to a buffer overflow in drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c...

6.7CVSS3.9AI score0.0044EPSS
Exploits0References16Affected Software4
Veracode
Veracode
•added 2022/01/11 6:37 a.m.•38 views

Denial Of Service (DoS)

libexpat is vulnerable to denial of service. The vulnerability exists due to a lack of sanitization of boundary in storeAtts function in xmlparse.c leading to an integer overflow...

8.8CVSS4.2AI score0.02778EPSS
Exploits0References6Affected Software23
Veracode
Veracode
•added 2022/01/06 9:9 a.m.•38 views

Denial Of Service (DoS)

django is vulnerable to denial of service DoS attacks. A malicious user is able to craft an artificially large password relative to the comparison values, to significantly overhead UserAttributeSimilarityValidator component resulting in denial of service conditions...

7.5CVSS3.8AI score0.02397EPSS
Exploits0References11Affected Software4
Veracode
Veracode
•added 2021/12/09 5:47 a.m.•38 views

Cross-Site Scripting (XSS)

laravel/framework is vulnerable to cross-site scripting XSS. When the parent template contains an exploitable HTML structure, a remote attacker is able to inject arbitrary Javascript via guessing the parent placeholder SHA-1 hash by trying common names of sections...

6.1CVSS1.6AI score0.00799EPSS
Exploits1References9Affected Software2
Veracode
Veracode
•added 2021/11/14 12:40 a.m.•38 views

Denial Of Service (DoS)

SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash...

7.5CVSS2.7AI score0.0825EPSS
Exploits0References12Affected Software1
Veracode
Veracode
•added 2021/11/12 3:19 p.m.•38 views

Privilege Escalation

samba:edge is vulnerable to privilege escalation. The vulnerability exists in the component AD Domain Handler resulting in escalation of privileges...

8.1CVSS2.5AI score0.01612EPSS
Exploits0References4Affected Software8
Veracode
Veracode
•added 2021/11/09 3:6 p.m.•38 views

Directory Traversal

chrome is vulnerable to directory traversal. The vulnerability exists due to Insufficient validation of untrusted input Downloads...

5.5CVSS4.5AI score0.00568EPSS
Exploits0References4Affected Software3
Veracode
Veracode
•added 2021/11/09 3:5 p.m.•38 views

Heap Corruption

chrome is vulnerable to heap corruption. The vulnerability exists due to a use after free in dev tools...

8.8CVSS0.9AI score0.00875EPSS
Exploits0References4Affected Software2
Total number of security vulnerabilities5000