Lucene search
K
VeracodeMost viewed

38355 matches found

Veracode
Veracode
•added 2021/11/09 3:5 p.m.•38 views

Sandbox Escape

chrome is vulnerable to sandbox escape. The vulnerability exists due to a heap buffer overflow...

9.6CVSS1.9AI score0.01EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2021/10/25 6:1 p.m.•38 views

Denial Of Service (DoS)

linux-oracle:hirsute is vulnerable to denial of service. The decodedata function in drivers/net/hamradio/6pack.c in the Linux kernel has a slab out-of-bounds write. Input from a process that has the CAPNETADMIN capability can lead to root access...

7.8CVSS3.8AI score0.01476EPSS
Exploits3References6Affected Software3
Veracode
Veracode
•added 2021/10/05 1:23 p.m.•38 views

Denial Of Service (DoS)

Redis is vulnerable to denial of service. The vulnerability exists due to the debuggers protocol parser to read data beyond the actual buffer...

5.3CVSS4.1AI score0.01702EPSS
Exploits0References17Affected Software1
Veracode
Veracode
•added 2021/09/15 2:3 a.m.•39 views

Denial Of Service (DoS)

chromium:edge is vulnerable to denial of service. Use after free in Extensions API in Google Chrome allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS2.6AI score0.04136EPSS
Exploits0References8Affected Software2
Veracode
Veracode
•added 2021/09/01 7:35 a.m.•38 views

Privilege Escalation

matrixsynapse is vulnerable to privilege escalation. An unauthorised user knowing Room ID of a private room and setting room's history visibility to shared is allowed to enumerate the room's members, including their display names...

3.1CVSS4.2AI score0.01457EPSS
Exploits0References7Affected Software3
Veracode
Veracode
•added 2021/08/19 11:32 a.m.•38 views

Denial Of Service

qemu is vulnerable to denial of service. The vulnerability exists when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full, a malicious SPICE client could use this flaw to make QEMU call free with faked heap chunk metadata, resulting in a crash of QEMU...

8.5CVSS1.4AI score0.02904EPSS
Exploits0References7Affected Software4
Veracode
Veracode
•added 2021/08/10 11:44 p.m.•38 views

Remote Code Execution

libencode is vulnerable to remote code execution. Encode.pm loads code from outside...

7.8CVSS2.8AI score0.01397EPSS
Exploits0References10Affected Software5
Veracode
Veracode
•added 2021/07/29 6:44 a.m.•38 views

Information Disclosure

webkit2gtk is vulnerable to information disclosure. The vulnerability exists due to a use-after-free in Webkits GraphicsContext...

8.8CVSS1AI score0.02913EPSS
Exploits1References8Affected Software17
Veracode
Veracode
•added 2021/07/25 12:39 a.m.•38 views

Remote Code Execution (RCE)

java openjdk is vulnerable to remote code execution. It has a flaw was found in the way the Hotspot component of OpenJDK performed range check elimination. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions...

7.5CVSS2.1AI score0.04008EPSS
Exploits0References9Affected Software5
Veracode
Veracode
•added 2021/07/23 12:39 a.m.•38 views

Denial Of Service

Linux kernel is vulnerable to denial of service. Linux fair scheduler has a use-after-free in shownumastats because NUMA fault statistics are inappropriately freed. A flaw was found in the Linux kernels implementation of displaying NUMA statistics, where displaying the scheduler statistics could...

5.3CVSS2.4AI score0.00313EPSS
Exploits0References7Affected Software2
Veracode
Veracode
•added 2021/07/22 5:50 a.m.•38 views

Insecure SSL Configuration

curl uses insecure SSL configurations. The curlsslconfigmatches attempts to compare whether two SSL connections have identical SSL security options and could potentially reuse a connection that is less secure or uses different security options such as capath, cainfo or certificate/issuer pinning...

3.7CVSS2.1AI score0.0627EPSS
Exploits1References21Affected Software7
Veracode
Veracode
•added 2021/07/22 5:50 a.m.•38 views

Wrong Content

curl:edge shows wrong content via metalink as it is not discarded...

6.5CVSS2.8AI score0.04313EPSS
Exploits1References16Affected Software1
Veracode
Veracode
•added 2021/07/05 7:20 a.m.•38 views

Authentication Bypass

libcurl.so is vulnerable to authentication bypass. Insecure re-use of NTLM-authenticated proxy connections allow an attacker to authenticate as other users via a malicious request...

7.3CVSS6.1AI score0.09327EPSS
Exploits0References19Affected Software2
Veracode
Veracode
•added 2021/06/14 8:25 a.m.•38 views

Denial Of Service (DoS)

pdfbox is vulnerable to denial of service. An attacker is able to cause an infinite loop by submitting a malicious PDF file...

5.5CVSS2.9AI score0.03054EPSS
Exploits0References28Affected Software2
Veracode
Veracode
•added 2021/06/13 8:1 p.m.•38 views

Denial Of Service (DoS)

chromium:edge is vulnerable to denial of service...

8.8CVSS2.5AI score0.01236EPSS
Exploits0References8Affected Software3
Veracode
Veracode
•added 2021/06/13 8:0 p.m.•38 views

Arbtirary Code Execution

chromium is vulnerable to arbitrary code execution. An out-of-bounds write in Angle allows an attacker to execute arbtirary code on the host OS...

8.8CVSS4AI score0.03582EPSS
Exploits0References13Affected Software10
Veracode
Veracode
•added 2021/06/13 3:24 a.m.•38 views

Denial Of Service(DoS)

Apache HTTP Server is vulnerable to denial of service.A specially crafted Cookie header handled by modsession can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service...

7.5CVSS1.1AI score0.65067EPSS
Exploits0References17Affected Software19
Veracode
Veracode
•added 2021/06/09 3:10 a.m.•38 views

Remote Code Execution (RCE)

zope is vulnerable to remote code execution. The vulnerability exists due to untrusted modules available indirectly through Python modules...

8.8CVSS2.7AI score0.01574EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2021/06/03 9:21 p.m.•38 views

Denial Of Service (DoS)

golang is vulnerable to . Due to a pre-allocation optimization in zip.NewReader, an attacker can cause a denial of service condition using a malicious archive which would result in a panic or memory exhaustion...

7.5CVSS3.6AI score0.03464EPSS
Exploits1References8Affected Software9
Veracode
Veracode
•added 2021/05/24 9:30 a.m.•38 views

Denial Of Service (DoS)

linux-aws:groovy is vulnerable to denial of service. eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ring buffer as was allocated. A local attacker could use this to cause a denial of service system crash or execute arbitrary...

7.8CVSS4.5AI score0.0055EPSS
Exploits0References7Affected Software4
Veracode
Veracode
•added 2021/05/20 3:28 p.m.•38 views

Denial Of Service (DoS)

usbsgcancel in drivers/usb/core/message.c in the Linux kernel has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. A use-after-free flaw was found in usbsgcancel in drivers/usb/core/message.c in the USB core subsystem. This flaw allows a local attacker with a...

6.7CVSS5.9AI score0.00802EPSS
Exploits1References38Affected Software2
Veracode
Veracode
•added 2021/05/20 3:27 p.m.•38 views

Denial Of Service (DoS)

Unbound is vulnerable to denial of service. It allows an assertion failure and denial of service in dnamepktcopy via an invalid packet. A flaw was found in unbound. A reachable assertion in the dnamepktcopy function can be triggered by sending invalid packets to the server...

7.5CVSS3.4AI score0.02128EPSS
Exploits0References7Affected Software3
Veracode
Veracode
•added 2021/05/20 3:25 p.m.•38 views

Denial Of Service (DoS)

sqlite is vulnerable to denial of service. The vulnerability exists due to select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation...

5.5CVSS2.3AI score0.01027EPSS
Exploits1References26Affected Software1
Veracode
Veracode
•added 2021/05/06 11:27 a.m.•38 views

Information Disclosure

samba is vulnerable to information disclosure. The vulnerability exists due to a flaw that could allow an attacker to read data beyond the end of the array...

6.8CVSS2.4AI score0.01616EPSS
Exploits0References12Affected Software7
Veracode
Veracode
•added 2021/05/04 10:33 p.m.•38 views

Arbitrary Code Execution

exim4 is vulnerable to arbitrary code execution. An integer overflow in receiveaddrecipient could potentially allow an attacker to execute arbitrary code on the host OS...

9.8CVSS4.9AI score0.36071EPSS
Exploits1References2Affected Software2
Veracode
Veracode
•added 2021/04/29 12:16 p.m.•38 views

Remote Code Execution (RCE)

cacti is vulnerable to remote code injection. The vulnerability exists due to cacti allows an admin to inject SQL via the filter parameter...

7.2CVSS5.1AI score0.8633EPSS
Exploits9References12Affected Software1
Veracode
Veracode
•added 2021/04/29 12:15 p.m.•38 views

Remote Code Execution (RCE)

webkit2gtk is vulnerable to remote code execution, the vulnerability exists due to an out-of-bounds write issue...

8.8CVSS2.9AI score0.01996EPSS
Exploits0References19Affected Software2
Veracode
Veracode
•added 2021/04/23 11:6 p.m.•38 views

Denial Of Service (DoS)

chromium is vulnerable to denial of service. An out-of-bounds memory access in V8 allows an attacker to crash the application, and potentially obtain confidential information...

8.8CVSS4.2AI score0.06625EPSS
Exploits0References12Affected Software3
Veracode
Veracode
•added 2021/04/06 7:43 a.m.•38 views

Heap Buffer Overflow

A heap buffer overflow security issue was found in the TabStrip component of the Chromium browser...

8.8CVSS2.2AI score0.01337EPSS
Exploits0References10Affected Software3
Veracode
Veracode
•added 2021/04/05 7:26 a.m.•38 views

Privilege Escalation

linux is vulnerable to privilege escalation. RM Memory Management Double Free Privilege Escalation Vulnerability...

6.7CVSS2.9AI score0.00872EPSS
Exploits0References3Affected Software2
Veracode
Veracode
•added 2021/03/22 5:25 a.m.•38 views

Cross-site Scripting (XSS)

lxml is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary script via HTML action attribute into defs.linkattrs in html/defs.py...

6.1CVSS2.4AI score0.04002EPSS
Exploits1References14Affected Software2
Veracode
Veracode
•added 2021/03/18 4:30 a.m.•38 views

Regular Expression Denial Of Service (ReDoS)

ua-parser-js is vulnerable to regular expression denial of service. An attacker is able to exploit the vulnerability by sending a malicious User-Agent header under the device type causing the system to process the header for an extended period of time...

7.5CVSS3.7AI score0.03366EPSS
Exploits1References5Affected Software2
Veracode
Veracode
•added 2021/03/17 4:6 a.m.•38 views

Cross-site Scripting (XSS)

pki-core is vulnerable to cross-site scripting XSS. An attacker could inject a specially crafted value that will be executed on the victim's browser if an attacker has a valid nonce...

4.7CVSS3.7AI score0.00661EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2021/02/27 1:3 a.m.•38 views

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of service DoS. It is possible because of a NULL-ptr deref in the spkttyioreceivebuf2 function in spkttyio.c...

5.5CVSS3.3AI score0.00303EPSS
Exploits0References7Affected Software4
Veracode
Veracode
•added 2021/02/26 2:11 a.m.•39 views

Denial Of Service (DoS)

linux is vulnerable to denial of service DoS. The vulnerability exists through a use after free in the Linux kernel infiniband hfi1 driver, found in the way user calls Ioctl after open dev file and fork...

4.4CVSS2.2AI score0.00308EPSS
Exploits0References2Affected Software3
Veracode
Veracode
•added 2021/02/15 6:30 p.m.•38 views

Heap Buffer Overflow

BusyBox is vulnerable to heap-based buffer overflow in the DHCP client udhcpc. It allows remote attackers to have unspecified impact via vectors involving OPTION6RD parsing...

9.8CVSS7.3AI score0.28429EPSS
Exploits4References15Affected Software1
Veracode
Veracode
•added 2021/02/13 3:54 a.m.•38 views

Denial Of Service (DoS)

mariadb is vulnerable to denial of service. A difficult to exploit vulnerability allows an attacker to crash the application...

5.9CVSS3.8AI score0.03028EPSS
Exploits0References12Affected Software2
Veracode
Veracode
•added 2021/02/10 6:5 a.m.•38 views

Arbitrary Code Execution

kernel is vulnerable to arbitrary code execution. The vulnerability exists through an out-of-bounds access in the function buildaudioprocunit in the file sound/usb/mixer.c...

7.8CVSS3.8AI score0.00412EPSS
Exploits0References9Affected Software1
Veracode
Veracode
•added 2021/02/03 7:31 a.m.•38 views

Denial Of Service (DoS)

openjpeg2 is vulnerable to denial of service. Excessive iterations in the opjt1encodecblks function in openjp2/t1.c allows remote attackers to cause a denial of service via a malicious bmp file...

5.5CVSS5.5AI score0.01745EPSS
Exploits1References8Affected Software1
Veracode
Veracode
•added 2021/01/14 4:52 a.m.•38 views

Denial Of Service (DoS)

dotnet is vulnerable to denial of service DoS. The vulnerability exists through ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2...

7.5CVSS2.8AI score0.04908EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2021/01/08 1:59 p.m.•38 views

Directory Traversal

flink-runtime in vulnerable to Directory Traversal. An attacker is able to read any file accessible by the JobManager process on the local filesystem of the JobManager through the RES interface of the JobManager process...

7.5CVSS4.7AI score0.97856EPSS
Exploits14References30Affected Software2
Veracode
Veracode
•added 2020/12/21 8:37 p.m.•38 views

Use After Free

chromium, sid is vulnerable to Use after free in printing in Google Chrome. It allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...

8.8CVSS2.2AI score0.01372EPSS
Exploits0References11Affected Software1
Veracode
Veracode
•added 2020/12/18 10:28 a.m.•38 views

Denial Of Service (DoS)

crypto/ssh in github.com/golang/go is vulnerable to Denial Of Service DoS. The vulnerability is possible because of a nil pointer dereference in the component...

7.5CVSS7.2AI score0.03228EPSS
Exploits0References4Affected Software3
Veracode
Veracode
•added 2020/12/11 9:23 a.m.•38 views

Phishing Attacks

curl is vulnerable to phishing attacks. malicious server can redirect FTP to malicious host via PASV reponse...

3.7CVSS1.5AI score0.03851EPSS
Exploits0References19Affected Software5
Veracode
Veracode
•added 2020/12/11 9:15 a.m.•38 views

Authorization Bypass

curl is vulnerable to authorization bypass. The vulnerability is present only if OpenSSL is the designated TLS backend. OCSP stapling is not enabled by default by libcurl, it needs to be explicitly enabled by the application to get used...

7.5CVSS2.5AI score0.04575EPSS
Exploits1References22Affected Software5
Veracode
Veracode
•added 2020/12/10 7:31 a.m.•38 views

Denial Of Service (DoS)

Qemu is vulnerable to denial of service. The vulnerability exist because of an infinite loop via an RX descriptor with a NULL buffer address...

5.5CVSS2.2AI score0.00654EPSS
Exploits1References5Affected Software2
Veracode
Veracode
•added 2020/12/06 4:24 a.m.•38 views

Buffer Overflow

Buffer overflow in the listfiles function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service crash via vectors related to the compression method...

4CVSS5.5AI score0.01453EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2020/12/06 4:22 a.m.•38 views

Arbitrary Code Injection

Apache SpamAssassin is vulnerable to arbitrary code injection. A local user is able to inject arbitrary code in the meta rule syntax...

7.8CVSS3.2AI score0.00984EPSS
Exploits0References9Affected Software1
Veracode
Veracode
•added 2020/12/06 4:14 a.m.•38 views

Arbitrary Code Execution

imagemagick is vulnerable to arbitrary code execution. A heap-based buffer overflow in WriteOnePNGImage in coders/png.c allows an attacker to execute arbitrary code via a malicious file...

5.5CVSS5.5AI score0.01016EPSS
Exploits1References4Affected Software4
Veracode
Veracode
•added 2020/12/06 3:47 a.m.•38 views

Cross Site Request Forgery (CSRF)

GnuPG is vulnerable to Cross Site Request Forgery CSRF, Information Disclosure and DoS. The attack is possible when a victim performs a web key directory request...

8.8CVSS2.4AI score0.01041EPSS
Exploits1References4Affected Software1
Total number of security vulnerabilities5000