Lucene search
K
VeracodeMost viewed

38355 matches found

Veracode
Veracode
•added 2020/12/06 3:26 a.m.•38 views

Denial Of Service (DoS)

Artifex Software GhostScript is vulnerable to denial of service attacks. A remote attacker could cause buffer overflows in mjcolorcorrect in contrib/japanese/gdevmjc.c via a crafted PDF file resulting in denial of service conditions...

5.5CVSS4.7AI score0.01988EPSS
Exploits1References8Affected Software1
Veracode
Veracode
•added 2020/12/06 3:23 a.m.•38 views

Remote Code Execution (RCE)

Dropbear is vulnerable to remote code execution. The vulnerability existed because of a double free in cleanup of TCP listeners when the -a option is enabled...

8.8CVSS4.5AI score0.05142EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2020/12/06 3:13 a.m.•38 views

Arbitrary Code Execution

libapache2-mod-fcgid is vulnerable to arbitrary code execution. A heap-based buffer overflow in the fcgidheaderbucketread function in fcgidbucket.c allows remote attackers to execute arbitrary code on the host OS...

7.5CVSS7.3AI score0.13141EPSS
Exploits0References11Affected Software1
Veracode
Veracode
•added 2020/12/06 3:6 a.m.•38 views

Remote Code Execution (RCE)

Google Chrome is vulnerable to remote code execution. The vulnerability existed because of an integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux. An attacker is able to execute arbitrary code via a crafted HTML page...

8.8CVSS4.1AI score0.07151EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2020/12/04 4:26 p.m.•38 views

Denial Of Service (DoS)

nss is vulnerable to denial of service DoS. The vulnerability exists through the way NSS handled CCS ChangeCipherSpec messages in TLS 1.3...

7.5CVSS2.8AI score0.03854EPSS
Exploits0References15Affected Software1
Veracode
Veracode
•added 2020/12/02 9:50 a.m.•38 views

Denial Of Service (DoS)

oniguruma is vulnerable to denial of service DoS. The vulnerability exists through a heap-based buffer overflow in strlowercasematch in regexec.c...

7.5CVSS3.4AI score0.02942EPSS
Exploits0References9Affected Software1
Veracode
Veracode
•added 2020/12/02 9:50 a.m.•38 views

Information Disclosure

php is vulnerable to information disclosure. The vulnerability exists as the DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte...

5.9CVSS1.1AI score0.08818EPSS
Exploits1References18Affected Software1
Veracode
Veracode
•added 2020/12/01 4:33 a.m.•38 views

Denial Of Service (DoS)

mysql is vulnerable to denial of service DoS. An attacker having high privilege with network access via multiple protocols can compromise MySQL Server...

4.9CVSS3.8AI score0.02621EPSS
Exploits0References17Affected Software4
Veracode
Veracode
•added 2020/11/20 9:48 a.m.•38 views

Overwriting Variables

postgresql is vulnerable to overwriting variables. The vulnerability exists because \gset allows overwriting specially treated variables...

7.5CVSS2.8AI score0.02586EPSS
Exploits0References4Affected Software11
Veracode
Veracode
•added 2020/11/20 3:5 a.m.•38 views

PHAR Unserialization

pear/archivetar is vulnerable to PHAR unserialization. The vulnerability exists due to the improper validation of filename that allows a filename that starts with PHAR:// to be executed...

7.8CVSS4AI score0.84554EPSS
Exploits4References19Affected Software6
Veracode
Veracode
•added 2020/11/19 6:2 a.m.•38 views

Open Redirection

werkzeug is vulnerable to open redirection. An attacker is able to redirect a user to a malicious site via double slashes in the URL...

6.1CVSS2.7AI score0.01661EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2020/11/12 5:20 a.m.•38 views

Arbitrary Code Execution

chakracore is vulnerable to arbitrary code execution. A memory corruption vulnerability allows an attacker to execute arbitrary code on the host OS. This CVE ID is different from CVE-2020-17048...

4.2CVSS4.5AI score0.01913EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2020/11/05 3:16 a.m.•38 views

Information Disclosure

kernel is vulnerable to information disclosure.It incorrectly writes to the /proc/sys/vm/cmmtimeout file.This flaw allows to local user see the kernel stack information leak on s390/s390x...

4.4CVSS1.7AI score0.00366EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2020/11/05 3:15 a.m.•38 views

Denial Of Service (DoS)

kernel is vulnerable to denial-of-service DoS attacks. The vulnerability exists in dlparparseccproperty in arch/powerpc/platforms/pseries/dlpar.c due to an unchecked kstrdup of prop-name allowing an attacker to cause an application crash...

4.1CVSS3.2AI score0.00623EPSS
Exploits0References24Affected Software1
Veracode
Veracode
•added 2020/11/05 3:9 a.m.•38 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. A use-after-free in nttyreceivebufcommon allows an attacker to crash the kernel and potentially obtain confidential information...

7.1CVSS3.6AI score0.00661EPSS
Exploits1References14Affected Software2
Veracode
Veracode
•added 2020/11/03 5:22 a.m.•38 views

Cross-Site Request Forgery (CSRF)

wordpress is vulnerable to cross-site request forgery CSRF. Lack of authenticity check for HTTP requests allows an attacker to submit requests on behalf of a user, such as changing of the theme's background image...

4.3CVSS1.6AI score0.01068EPSS
Exploits0References10Affected Software3
Veracode
Veracode
•added 2020/10/26 5:9 a.m.•38 views

Information Disclosure

guava is vulnerable to Information Disclosure. A folder with insecure permissions is created by the function com.google.common.io.Files.createTempDir. A local user will be able to steal secrets stored in this directory...

3.3CVSS5.6AI score0.00964EPSS
Exploits1References78Affected Software19
Veracode
Veracode
•added 2020/10/20 9:18 a.m.•38 views

Information Disclosure

kernel is vulnerable to information disclosure. The vulnerability exists in net bluetooth when processing certain AMP packets...

6.5CVSS1.7AI score0.07693EPSS
Exploits6References6Affected Software3
Veracode
Veracode
•added 2020/10/13 4:49 a.m.•38 views

Information Disclosure

apache tomcat is vulnerable to information disclosure. The HTTP headers within a request can potentially be included in a subsequent request and reveal confidential information, when the agreed maximum number of concurrent streams for a connection is exceeded...

4.3CVSS0.8AI score0.57286EPSS
Exploits0References10Affected Software2
Veracode
Veracode
•added 2020/10/12 1:13 a.m.•38 views

Cross-site Scripting (XSS)

phpmyadmin is vulnerable to cross-site scripting XSS. Failure to validate the requestparams whereclause allows an attacker inject and execute arbitrary Javascript in a user's browser by sending a link to the victim containing the malicious JavaScript via the transformation feature...

6.1CVSS3.4AI score0.0219EPSS
Exploits0References12Affected Software2
Veracode
Veracode
•added 2020/10/05 2:27 a.m.•38 views

XML External Entity (XXE) Injection

print-lib/print-servlet is vulnerable to XML External Entity XXE injection. A remote attacker is able to inject untrusted XML entity via tryLoadSLD as SDL parser does not disable DTDs...

9.3CVSS6.1AI score0.01342EPSS
Exploits0References4Affected Software3
Veracode
Veracode
•added 2020/10/01 3:52 a.m.•38 views

Privilege Escalation

Qt is vulnerable to Privilege Escalation. Files placed by attacker can influence the working directory and lead to malicious code execution...

7.3CVSS3.6AI score0.00568EPSS
Exploits1References6Affected Software3
Veracode
Veracode
•added 2020/10/01 3:51 a.m.•38 views

Arbitrary Code Execution

kernel is vulnerable to arbitrary code execution. The vulnerability exists through a use after free caused by a race condition in smptasktimedout and smptaskdone in drivers/scsi/libsas/sasexpander.c which allows an attacker to execute arbitrary codes...

8.1CVSS8.5AI score0.05111EPSS
Exploits0References18Affected Software2
Veracode
Veracode
•added 2020/09/21 6:40 a.m.•38 views

Cross-site Scripting (XSS)

firefox is vulnerable to cross-site scripting XSS. The vulnerability exists when pasting a tag from the clipboard into a rich text editor, and the CSS sanitizer does not escape characters, and when a webpage subsequently copies the node's innerHTML, and assigns it to another innerHTML...

6.1CVSS7.1AI score0.01988EPSS
Exploits0References25Affected Software4
Veracode
Veracode
•added 2020/09/21 6:39 a.m.•38 views

Wrong Access Permission

Linux kernel is using wrong access permission.It can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered...

7.1CVSS4.1AI score0.00361EPSS
Exploits0References10Affected Software5
Veracode
Veracode
•added 2020/09/21 6:37 a.m.•38 views

Injection Attacks

thunderbird is vulnerable to injection attacks. The vulnerability exists as the CSS sanitizer incorrectly rewrites a @namespace rule when pasting a tag from the clipboard into a rich text editor...

6.1CVSS7.5AI score0.01988EPSS
Exploits0References25Affected Software4
Veracode
Veracode
•added 2020/09/21 6:36 a.m.•38 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. The ifsdio.c module does not validate the allocworkqueue return value, resulting in a NULL pointer dereference causing a crash...

4.1CVSS6.4AI score0.00583EPSS
Exploits1References12Affected Software2
Veracode
Veracode
•added 2020/09/21 6:33 a.m.•38 views

Arbitrary Code Execution

ruby is vulnerable to arbitrary code execution. An attacker is able to inject code in the first argument to the command argument to Shell or Shelltest in lib/shell.rb...

8.1CVSS5.4AI score0.04221EPSS
Exploits1References15Affected Software7
Veracode
Veracode
•added 2020/09/21 6:30 a.m.•38 views

Spoofable Frames

linux is vulnerable to spoofable network frames. The vulnerability exists through the reinstallation of the Integrity Group Temporal Key IGTK during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients...

5.3CVSS1.8AI score0.02003EPSS
Exploits0References26Affected Software2
Veracode
Veracode
•added 2020/09/21 6:18 a.m.•38 views

Use-after-free

Linux kernel has a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d...

6.1CVSS3.1AI score0.00488EPSS
Exploits0References5Affected Software4
Veracode
Veracode
•added 2020/09/21 6:18 a.m.•38 views

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of service DoS. There is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c...

4.2CVSS3.7AI score0.00281EPSS
Exploits0References6Affected Software3
Veracode
Veracode
•added 2020/08/31 3:9 a.m.•38 views

XML External Entity (XXE)

mpxj is vulnerable to XML external entity attacks. The XMLFilter is configured with external DTDs by default, allowing an attacker to perform XXE attacks to access system files or perform requests on behalf of the server...

9.8CVSS3.3AI score0.02591EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2020/08/06 9:39 p.m.•38 views

Arbitrary Code Execution

Webkit2gtk is vulnerable to arbitrary code execution. The vulnerability exists as a use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content...

8.8CVSS5AI score0.02827EPSS
Exploits0References11Affected Software29
Veracode
Veracode
•added 2020/08/06 9:38 p.m.•38 views

Denial Of Service (DoS)

xen is vulnerable to denial of service DoS. The vulnerability exists through the bad continuation handling in GNTTABOPcopy. Grant table operations are expected to return 0 for success, and a negative number for errors. The fix for CVE-2017-12135 introduced a path through grant copy handling where...

8.8CVSS2.1AI score0.00452EPSS
Exploits0References12Affected Software1
Veracode
Veracode
•added 2020/08/06 9:29 p.m.•38 views

Arbitrary Code Execution

webkit2gtk is vulnerable to arbitrary code execution. The vulnerability exists as a logic issue was addressed with improved restrictions...

9.8CVSS4.5AI score0.77246EPSS
Exploits3References15Affected Software28
Veracode
Veracode
•added 2020/07/18 3:18 a.m.•38 views

Authorization Bypass

openjdk is vulnerable to authorizatino bypass. XML validation manipulation due to incomplete application of the use-grammar-pool-only feature allows an attacker to perform unauthorized update, insert and delete operations...

5.3CVSS3.9AI score0.04315EPSS
Exploits0References24Affected Software6
Veracode
Veracode
•added 2020/07/17 5:32 a.m.•38 views

Information Disclosure

openjdk is vulnerable to information disclosure. HostnameChecker does not ensure X.509 certificate names are in normalized form, potentially resulting in an unauthorized read access...

3.7CVSS1.6AI score0.03284EPSS
Exploits0References20Affected Software6
Veracode
Veracode
•added 2020/06/23 3:37 a.m.•38 views

Denial Of Service (DoS)

unbound is vulnerable to denial of service DoS. The vulnerability exists due to an incomplete fix for CVE-2020-12662 in RHEL7...

7.5CVSS2.8AI score0.03171EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2020/06/09 2:45 a.m.•38 views

Denial Of Service (DoS)

unbound is vulnerable to Denial of Service DoS. The attack exists because of amplification of an incoming query into a large number of queries directed to a target...

7.5CVSS3.2AI score0.03588EPSS
Exploits0References14Affected Software4
Veracode
Veracode
•added 2020/05/26 5:54 a.m.•38 views

Arbitrary Code Execution

commons-configuration2 is vulnerable to arbitrary code execution. The package uses a third-party library that, by default, allows the instantiation of arbitrary classes to parse if the YAML contains special statements. This allows an attacker to execute arbitrary code on the host application if t...

10CVSS6.4AI score0.06684EPSS
Exploits0References9Affected Software1
Veracode
Veracode
•added 2020/05/10 11:27 p.m.•38 views

Denial Of Service (DoS)

perl is vulnerable to denial of service DoS. The vulnerability exists as buffer overflow in the SgrokbslashN function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service application crash via ...

9.1CVSS5.7AI score0.05908EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2020/05/10 11:25 p.m.•38 views

Privilege Escalation

subversion is vulnerable to privilege escalation. The vulnerability exists as a maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicio...

9.8CVSS1.6AI score0.18892EPSS
Exploits3References15Affected Software1
Veracode
Veracode
•added 2020/05/10 11:22 p.m.•38 views

Arbitrary Code Execution

openjpeg is vulnerable to arbitrary code execution. A heap-based buffer overflow was discovered in the opjt2encodepacket function in lib/openjp2/t2.c which may lead to remote denial of service or potentially allow an attacker to execute arbitrary code on the system...

8.8CVSS5.8AI score0.04354EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2020/05/07 1:53 a.m.•38 views

Buffer Overflows

Mozilla is vulnerable to a Buffer overflow in SCTP chunk input validation...

9.8CVSS3.4AI score0.05803EPSS
Exploits0References12Affected Software7
Veracode
Veracode
•added 2020/04/30 2:24 a.m.•38 views

Privilege Escalation

gvfs is vulnerable to privilege escalation. A race condition in daemon/gvfsbackendadmin.c allows escalation of privileges due to admin backend not implementing queryinfoonread/write...

8.1CVSS4.5AI score0.01749EPSS
Exploits0References11Affected Software28
Veracode
Veracode
•added 2020/04/16 6:46 a.m.•38 views

Missing HTTP Security Headers

keycloak does not contain security headers in its server responses. The lack of these headers does not directly lead to a vulnerability, however it reduces the restrictions of an attacker and aids them in their efforts in the event of a successful exploit of a web vulnerability...

5.4CVSS1.6AI score0.00764EPSS
Exploits0References3Affected Software2
Veracode
Veracode
•added 2020/04/10 1:10 a.m.•38 views

Arbitrary Code Execution

rpm is vulnerable to arbitrary code execution. An attacker could create a specially-crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library such as the rpm command line tool, or the yum and up2date...

6.8CVSS5.3AI score0.04378EPSS
Exploits0References25Affected Software1
Veracode
Veracode
•added 2020/04/10 1:10 a.m.•38 views

Denial Of Service (DoS)

glibc is vulnerable to denial of service. A denial of service flaw was found in the remote procedure call RPC implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that...

5CVSS2.9AI score0.01834EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2020/04/10 1:9 a.m.•38 views

Arbitrary Code Execution

openssl is vulnerable to arbitrary code execution. The vulnerability exists as a double free flaw was discovered in the policy checking code in OpenSSL. A remote attacker could use this flaw to crash an application that uses OpenSSL by providing an X.509 certificate that has specially-crafted...

9.3CVSS2.8AI score0.17687EPSS
Exploits0References18Affected Software1
Veracode
Veracode
•added 2020/04/10 1:8 a.m.•38 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the way the Linux kernel handled fragmented IPv6 UDP datagrams over the bridge with UDP Fragmentation Offload UFO functionality on. A remote attacker could use this flaw to cause a denial of service...

7.1CVSS2AI score0.03212EPSS
Exploits1References14Affected Software2
Total number of security vulnerabilities5000