Lucene search
K
VeracodeMost viewed

38332 matches found

Veracode
Veracode
•added 2019/05/02 5:13 a.m.•37 views

Denial Of Service (DoS)

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References sectio...

7.5CVSS7.7AI score0.10066EPSS
Exploits0References30Affected Software2
Veracode
Veracode
•added 2019/05/02 5:13 a.m.•37 views

Denial Of Service (DoS)

OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access...

5.1CVSS5.8AI score0.02783EPSS
Exploits1References16Affected Software1
Veracode
Veracode
•added 2019/05/02 5:12 a.m.•37 views

Use-After-Free

kernel-rt is vulnerable to use-after-free. The vulnerability exists in sctpassocupdate function in net/sctp/associola.c which allows an attacker to cause a memory corruption resulting an application crash...

10CVSS6AI score0.09828EPSS
Exploits0References25Affected Software1
Veracode
Veracode
•added 2019/05/02 5:12 a.m.•37 views

SQL Injection

PostgreSQL is an advanced object-relational database management system DBMS. An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to...

9.8CVSS8.3AI score0.05533EPSS
Exploits0References9Affected Software2
Veracode
Veracode
•added 2019/05/02 5:5 a.m.•37 views

Privilege Escalation

kernel-rt packages is vulnerable to privilege escalation. An out-of-bounds memory access flaw was found in the syscall tracing functionality of the Linux kernel's ftrace subsystem. On a system with ftrace syscall tracing enabled, a local, unprivileged user could use this flaw to crash the system,...

7.8CVSS7.4AI score0.00589EPSS
Exploits1References16Affected Software1
Veracode
Veracode
•added 2019/05/02 5:5 a.m.•37 views

Arbitrary Code Execution

java is vulnerable to arbitrary code execution. An unspecified vulnerability allows a remote attacker to affect confidentiality, integrity and availability via vectors related to Deployment...

7.6CVSS4.9AI score0.04884EPSS
Exploits0References24Affected Software1
Veracode
Veracode
•added 2019/05/02 5:4 a.m.•37 views

Denial Of Service (DoS)

V8 is Google's open source JavaScript engine. It was discovered that V8 did not properly check the stack size limit in certain cases. A remote attacker able to send a request that caused a script executed by V8 to use deep recursion could trigger a stack overflow, leading to a crash of an...

10CVSS6.7AI score0.05428EPSS
Exploits4References8Affected Software171
Veracode
Veracode
•added 2019/05/02 5:3 a.m.•37 views

Denial Of Service (DoS)

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A race condition leading to a use-after-free flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled the addition of fragments to the LRU Last-Recently Used list under certai...

5.5CVSS6.8AI score0.22475EPSS
Exploits18References13Affected Software2
Veracode
Veracode
•added 2019/05/02 5:1 a.m.•37 views

Out Of Bound Reads (OOB)

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

9.8CVSS9.3AI score0.83633EPSS
Exploits17References17Affected Software2
Veracode
Veracode
•added 2019/05/02 5:1 a.m.•37 views

Sandbox Restrictions Bypass

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

10CVSS5.5AI score0.08383EPSS
Exploits3References22Affected Software1
Veracode
Veracode
•added 2019/05/02 4:58 a.m.•37 views

Arbitrary Code Execution

KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Multiple buffer overflow, input validation, and out-of-bounds write flaws were found in the wa...

8.8CVSS8.5AI score0.05412EPSS
Exploits0References10Affected Software2
Veracode
Veracode
•added 2019/05/02 4:58 a.m.•37 views

Denial Of Service (DoS)

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...

6.5CVSS5.6AI score0.04923EPSS
Exploits0References13Affected Software1
Veracode
Veracode
•added 2019/05/02 4:58 a.m.•37 views

Arbitrary Code Execution

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

10CVSS7.6AI score0.10117EPSS
Exploits1References19Affected Software3
Veracode
Veracode
•added 2019/05/02 4:57 a.m.•37 views

Sensitive Information Disclosure

The kernel-rt is vulnerable to sensitive information disclosure. A flaw was found in the way the Linux kernel's CIFS implementation handled uncached write operations with specially crafted iovec structures. An unprivileged local user with access to a CIFS share could use this flaw to crash the...

7.2CVSS7.2AI score0.00414EPSS
Exploits0References16Affected Software1
Veracode
Veracode
•added 2019/05/02 4:54 a.m.•37 views

Memory Corruption

Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to...

7.5CVSS9.8AI score0.61604EPSS
Exploits14References24Affected Software1
Veracode
Veracode
•added 2019/05/02 4:53 a.m.•37 views

Arbitrary Code Execution

openjdk is vulnerable to arbitrary code execution. It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine...

10CVSS9.6AI score0.85882EPSS
Exploits10References35Affected Software3
Veracode
Veracode
•added 2019/05/02 4:52 a.m.•37 views

Privilege Escalation

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...

5.4CVSS5.8AI score0.03177EPSS
Exploits2References11Affected Software1
Veracode
Veracode
•added 2019/05/02 4:52 a.m.•37 views

Heap-Based Buffer Overflow

mingw32-libxml2 is vulnerable to a heap-based buffer overflow. Due to a flaw in libxml2 which decods entity references with long names, it allows an attacker to provide a malicious XML file, causing an application crash and arbitrary code execution...

7.5CVSS8.7AI score0.02399EPSS
Exploits1References17Affected Software2
Veracode
Veracode
•added 2019/05/02 4:52 a.m.•37 views

Denial Of Service (DoS) Through Double Free

mingw32-libxml2 is vulnerable to denial of service DoS. It is possible because it does not prevent parsing of malicious libxml2 with certain XPath XML Path Language expressions, causing an application to crash...

6.8CVSS8.3AI score0.02129EPSS
Exploits0References16Affected Software2
Veracode
Veracode
•added 2019/05/02 4:52 a.m.•37 views

Denial Of Service (DoS)

libxml2 is vulnerable to denial of service. Two heap-based buffer overflow flaws were found in the way libxml2 decoded certain XML files. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash o...

9.3CVSS9AI score0.0531EPSS
Exploits2References12Affected Software2
Veracode
Veracode
•added 2019/05/02 4:46 a.m.•37 views

Memory Corruption

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

9.8CVSS7.7AI score0.98704EPSS
Exploits23References29Affected Software1
Veracode
Veracode
•added 2019/05/02 4:45 a.m.•37 views

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

8.8CVSS8.2AI score0.69021EPSS
Exploits9References20Affected Software3
Veracode
Veracode
•added 2019/05/02 4:45 a.m.•37 views

Use-After-Free

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

10CVSS6.6AI score0.73364EPSS
Exploits18References16Affected Software3
Veracode
Veracode
•added 2019/05/02 4:45 a.m.•37 views

Denial Of Service (DoS)

Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. A heap-based buffer overflow flaw was found in the way Wireshark handled Endace ERF Extensible Record Format capture files. If Wireshark opened a...

4.3CVSS7AI score0.06597EPSS
Exploits8References18Affected Software1
Veracode
Veracode
•added 2019/05/02 4:44 a.m.•37 views

Arbitrary Code Execution

Oracle Java SE is vulnerable to arbitrary code execution attacks. Remote unauthenticated attackers could execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager...

10CVSS9.5AI score0.86963EPSS
Exploits10References25Affected Software2
Veracode
Veracode
•added 2019/05/02 4:43 a.m.•37 views

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

9.3CVSS9.8AI score0.42609EPSS
Exploits5References20Affected Software3
Veracode
Veracode
•added 2019/05/02 4:43 a.m.•37 views

Use-After-Free

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

9.3CVSS9.8AI score0.42609EPSS
Exploits5References19Affected Software3
Veracode
Veracode
•added 2019/05/02 4:43 a.m.•37 views

Denial Of Service (DoS)

Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP Border Gateway Protocol routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF Open Shortest Path First routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd...

7.5CVSS6.5AI score0.13426EPSS
Exploits2References10Affected Software1
Veracode
Veracode
•added 2019/05/02 4:41 a.m.•37 views

Denial Of Service (DoS)

The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: A flaw was found in the way the Linux kernel's Event Poll epoll subsystem handled large, nested epoll structures. A local, unprivileged user could use this flaw t...

4.9CVSS6AI score0.00795EPSS
Exploits1References84Affected Software2
Veracode
Veracode
•added 2019/05/02 4:40 a.m.•37 views

Denial Of Service (DoS)

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...

9CVSS6AI score0.05096EPSS
Exploits1References20Affected Software1
Veracode
Veracode
•added 2019/05/02 4:40 a.m.•37 views

Denial Of Service (DoS)

MySQL is vulnerable to denial of service. It allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1703...

6.8CVSS5AI score0.0374EPSS
Exploits0References20Affected Software1
Veracode
Veracode
•added 2019/04/24 2:24 a.m.•37 views

Denial Of Service (DoS)

imagemagick is vulnerable to denial of service. A attacker is able to cause the process to crash after consuming a large amount of system resources using a malicious Cineon image with an incorrect claimed image size. The cineon. The vulnerability occurs in ReadCINImage in coders/cin.c due to a la...

6.5CVSS7.4AI score0.03643EPSS
Exploits1References12Affected Software4
Veracode
Veracode
•added 2019/04/23 8:10 a.m.•37 views

Arbitrary File Write

mercurial is vulnerable to arbitrary file write attacks. The vulnerability is possible by using symlinks and subrepositories to bypass the validation of path checking, allowing the writing of files outside of the repository...

5.9CVSS6.2AI score0.01413EPSS
Exploits0References8Affected Software2
Veracode
Veracode
•added 2019/04/23 2:9 a.m.•37 views

Information Disclosure

jetty-server is vulnerable to information disclosure. The error page produced from DefaultHandler reveals the base resource directory of each context in the list of contexts...

5.3CVSS6.8AI score0.05782EPSS
Exploits0References25Affected Software3
Veracode
Veracode
•added 2019/04/18 2:43 a.m.•37 views

Remote Code Execution (RCE)

symfony/symfony is vulnerable to remote code execution. A lack of validation in the service IDs that are derived from user input could allow a remote attacker to execute arbitrary code on the host...

9.8CVSS8.7AI score0.05491EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2019/04/08 3:43 p.m.•37 views

Sandbox Escape

Jinja2 is vulnerable to sandbox escapes. Users are allowed to input str.format through web templates, leading to an escape from sandbox. This CVE is related to CVE-2019-10906...

8.6CVSS7.9AI score0.03603EPSS
Exploits1References12Affected Software259
Veracode
Veracode
•added 2019/02/25 8:11 a.m.•37 views

PHP Code Injection

smarty-php/smarty is vulnerable to PHP code injection attacks. The vulnerability exists as the template names are unsanitized when called from fetch or display, allowing PHP code injection attacks...

9.8CVSS9.5AI score0.03124EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2019/02/22 3:15 a.m.•37 views

Remote Code Execution (RCE)

drupal is vulnerable to remote code execution RCE attacks. The vulnerability exists through certain field types that do not sanitize data from non-form sources, allowing remote code execution RCE attacks...

8.1CVSS8.4AI score0.91919EPSS
Exploits22References9Affected Software1
Veracode
Veracode
•added 2019/01/15 9:26 a.m.•37 views

Denial Of Service (DoS)

libpoppler.so is vulnerable to denial of service DoS attacks. A malicious user can pass a malicious PDF file to the FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc, causing a null pointer dereference that can crash the application...

5.5CVSS5.7AI score0.01913EPSS
Exploits1References209Affected Software95
Veracode
Veracode
•added 2019/01/15 9:25 a.m.•37 views

Symlink Attack

libglusterfs.so is vulnerable to a symlink attack. The library allows the use of the / character in basenames, allowing a malicious user to conduct a symlink attack to execute arbitrary code, create arbitrary files or crash the application. The vulnerability is due to an incomplete fix of...

8.8CVSS7.7AI score0.03336EPSS
Exploits0References10Affected Software2
Veracode
Veracode
•added 2019/01/15 9:23 a.m.•37 views

Denial Of Service (DoS)

rh-php70-php is vulnerable to denial of service DoS attacks. The vulnerability exists as the exifconvertanytoint function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service application crash via crafted EXIF da...

7.5CVSS8AI score0.07763EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2019/01/15 9:20 a.m.•37 views

Information Disclosure

openssh is vulnerable to information disclosure attacks. The vulnerability exists as sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users ...

5.9CVSS6.4AI score0.88944EPSS
Exploits12References13Affected Software1
Veracode
Veracode
•added 2019/01/15 9:17 a.m.•37 views

Arbitrary Code Execution

java-1.7.1-ibm is vulnerable to arbitrary code execution attacks. The vulnerability exists as inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic...

8.8CVSS9.7AI score0.04793EPSS
Exploits0References32Affected Software6
Veracode
Veracode
•added 2019/01/15 9:14 a.m.•37 views

Denial Of Service (DoS)

v8 is vulnerable to denial of service. An integer-overflow flaw was found in V8's Zone class when allocating new memory Zone::New and Zone::NewExpand. An attacker with the ability to manipulate a large zone could crash the application or, potentially, execute arbitrary code with the application...

8.8CVSS8.1AI score0.04227EPSS
Exploits0References27Affected Software56
Veracode
Veracode
•added 2019/01/15 9:14 a.m.•37 views

Cross-site Scripting (XSS) Via Dialog CloseText

jquery-ui is vulnerable to cross-site scripting XSS attacks. A malicious user can execute arbitrary code to the closeText parameter of the dialog function...

6.1CVSS6.7AI score0.2258EPSS
Exploits1References38Affected Software2
Veracode
Veracode
•added 2019/01/15 9:12 a.m.•37 views

Denial Of Service (DoS)

Linux kernel-rt is vulnerable to denial of service. A race condition flaw was found in the way the Linux kernel's SCTP implementation handled sctpaccept during the processing of heartbeat timeout events. A remote attacker could use this flaw to prevent further connections to be accepted by the SC...

6.2CVSS6.3AI score0.00391EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2019/01/15 9:7 a.m.•37 views

Information Disclosure

qemu-kvm-rhev is vulnerable to information disclosure attacks. The vulnerability exists as the C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors...

9.3CVSS6.2AI score0.13288EPSS
Exploits0References30Affected Software2
Veracode
Veracode
•added 2019/01/15 9:6 a.m.•37 views

Denial Of Service

The kernel-rt packages is vulnerable to denial of service DoS attack. The attack exists because it does not properly restrict the traversal of Rock Ridge extension Continuation Entries CE, allowing a local attacker to cause an infinite loop in the kernel, resulting in a denial of service...

4.9CVSS4.8AI score0.00455EPSS
Exploits0References36Affected Software1
Veracode
Veracode
•added 2019/01/15 9:3 a.m.•37 views

Cross-site Scripting (XSS)

modcluster is vulnerable to cross-site scripting XSS attacks. The vulnerability exists in the manager web interface in modcluster before 1.3.2.Alpha1 allows remote attackers to inject arbitrary web script or HTML via a crafted MCMP message...

4.3CVSS6.5AI score0.01846EPSS
Exploits0References9Affected Software167
Veracode
Veracode
•added 2019/01/15 9:2 a.m.•37 views

Denial Of Service (DoS)

php is vulnerable to denial of service DoS attacks. The vulnerability exists as the scan function in ext/date/lib/parseisointervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service heap-based buffer...

5CVSS6.8AI score0.04575EPSS
Exploits0References13Affected Software3
Total number of security vulnerabilities5000