Lucene search
K
VeracodeMost viewed

38332 matches found

Veracode
Veracode
•added 2023/05/14 4:20 a.m.•36 views

Use-After-Free

xen is vulnerable to Use-After-Free. The vulnerability allows established shadow page tables to be freed again immediately, while other code is still accessible on the assumption that they would remain allocated...

7.8CVSS7AI score0.00268EPSS
Exploits0References11Affected Software1
Veracode
Veracode
•added 2023/04/29 10:9 a.m.•36 views

Denial Of Services (DoS)

Google Chrome is vulnerable to Denial Of Services DoS. The vulnerability exists due to the out of bounds memory access in Service Worker API, which allows an attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS8.7AI score0.01059EPSS
Exploits0References11Affected Software1
Veracode
Veracode
•added 2023/04/18 10:11 a.m.•36 views

Arbitrary Code Execution

vm2 is vulnerable to Arbitrary Code Execution. The vulnerability exists because the transformer function of transformer.js allows remote attackers to bypass handleException and leak unsanitized host exceptions to escape the sandbox and run arbitrary code in the host context...

10CVSS9.3AI score0.03852EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2023/03/30 2:11 a.m.•36 views

Security Bypass

spring-webmvc is vulnerable to Security Bypass. The vulnerability exists because using "" as a pattern in spring security configuration with the mvcRequestMatcher which creates a mismatch in pattern matching between Spring Security and Spring MVC and the potential for a security bypass...

7.5CVSS7.2AI score0.03514EPSS
Exploits1References4Affected Software3
Veracode
Veracode
•added 2023/03/15 1:47 a.m.•36 views

Privilege Escalation

github.com/minio/minio is vulnerable to Privilege Escalation. The vulnerability exists in the AddUser and ImportIAM functions of admin-handlers-users.go because a user with consoleAdmin permissions can potentially create a user that matches the root credential accessKey. Once this user is created...

6.5CVSS6.4AI score0.00898EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2023/03/12 9:58 a.m.•36 views

Denial Of Service (DoS)

Google Chrome is vulnerable to Denial Of Service DoS. The vulnerability exists due to the heap buffer overflow in the video, allowing an attacker to exploit heap corruption via a crafted HTML page, leading to an application crash...

8.8CVSS8.7AI score0.00668EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2023/03/08 11:33 a.m.•36 views

Information Disclosure

github.com/moby/buildkit is vulnerable to Information Disclosure. When a build request contains a Git URL with credentials, anyone with access to the build provenance attestation will be able to view the credentials issued. An attacker can use these Git credentials to access repositories...

6.5CVSS6.2AI score0.01026EPSS
Exploits1References7Affected Software2
Veracode
Veracode
•added 2023/02/18 6:28 p.m.•36 views

Denial Of Service (DoS)

go is vulnerable to Denial of Service DoS attacks. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses...

7.5CVSS7.5AI score0.01111EPSS
Exploits0References7Affected Software17
Veracode
Veracode
•added 2023/02/09 8:56 p.m.•36 views

Type Confusion

openssl is vulnerable to type confusion. The vulnerability exists because it may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory content...

7.4CVSS7.7AI score0.59501EPSS
Exploits0References8Affected Software10
Veracode
Veracode
•added 2023/02/04 3:11 p.m.•36 views

LDAP Injection

sssd is vulnerable to LDAP Injection. The vulnerability exists because the libssscertmap fails to sanitize certificate data used in LDAP filters...

8.8CVSS8.3AI score0.0095EPSS
Exploits1References7Affected Software1
Veracode
Veracode
•added 2023/01/28 12:46 a.m.•36 views

Denial Of Service (DoS)

kernel is vulnerable to Denial of Service DoS attacks. A race condition may lead to a NULL pointer dereference and general protection fault via VTRESIZEX ioctl, resulting in an application crash...

5.1CVSS6.1AI score0.00301EPSS
Exploits1References8Affected Software2
Veracode
Veracode
•added 2023/01/26 8:22 p.m.•36 views

Denial Of Service (DoS)

bind is vulnerable to Denial of Service DoS attacks. A malicious user is able to cause n application crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query...

7.5CVSS7.3AI score0.5017EPSS
Exploits0References6Affected Software3
Veracode
Veracode
•added 2023/01/23 7:36 p.m.•36 views

Remote Code Execution(RCE)

libxpm is vulnerable to Remote Code ExecutionRCE. When processing .Z or .gz file extensions, the library calls external programs to compress and uncompress files. This could allow a malicious user to execute other programs by manipulating the PATH environment variable...

8.8CVSS8.7AI score0.01199EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2023/01/17 7:15 p.m.•36 views

Authentication Bypass

Linux kernel is vulnerable to Authentication Bypass. The vulnerability exists in the nfconntrackirc because it incorrectly matches the massage, which allows an attacker to bypass the firewall when users are using unencrypted IRC with nfconntrackirc configured...

5.3CVSS6.4AI score0.01364EPSS
Exploits1References9Affected Software4
Veracode
Veracode
•added 2023/01/06 11:13 a.m.•36 views

Privilege Escalation

samba is vulnerable to Privilege Escalation. The Netlogon RPC implementations uses the rc4-hmac encryption algorithm, which is considered weak and should be avoided even if the client supports more modern encryption types, which allows an attacker who knows the plain text content communicated...

8.1CVSS8AI score0.02559EPSS
Exploits0References7Affected Software3
Veracode
Veracode
•added 2022/12/15 1:51 a.m.•36 views

Command Injection

cacti is vulnerable to command injection. Authorization can be bypassed due to the implementation of the getclientaddr function. The function is defined in the file lib/functions.php and checks serval $SERVER variables to determine the IP address of the client which allows an attacker to set...

9.8CVSS9.2AI score0.99826EPSS
Exploits48References5Affected Software1
Veracode
Veracode
•added 2022/12/14 9:59 a.m.•36 views

Denial Of Service (DoS)

org.codehaus.jettison:jettison is vulnerable to denial of service DoS attacks. A remote attacker is able to cause a stack overflow via injecting crafted JSON data, resulting in denial of service conditions...

7.5CVSS7.3AI score0.01395EPSS
Exploits1References4Affected Software2
Veracode
Veracode
•added 2022/12/07 11:55 a.m.•36 views

HTTP Response Splitting

ruby is vulnerable to http response splitting. The vulnerability exists when applications use untrusted user input either to generate an HTTP response or to create a cgi cookie object...

8.8CVSS8.2AI score0.02287EPSS
Exploits1References18Affected Software6
Veracode
Veracode
•added 2022/11/24 1:35 p.m.•36 views

Remote Code Execution (RCE)

heimdal is vulnerable to remote code execution. The vulnerability exists due to an invalid free in ASN.1 codec which allows an attacker to inject and execute arbitrary codes into the system...

9.8CVSS9.7AI score0.01844EPSS
Exploits0References6Affected Software2
Veracode
Veracode
•added 2022/11/24 9:7 a.m.•36 views

Information Disclosure

H2 Database Engine is vulnerable to information disclosure. The vulnerability is caused by the webAdminPassword argument, which allows an administrator to specify the password in plaintext. An attacker can get the password for the H2 web admin console by looking at the running processes...

8.4CVSS7.1AI score0.00301EPSS
Exploits1References7Affected Software1
Veracode
Veracode
•added 2022/11/23 2:9 a.m.•37 views

Information Disclosure

bc-fips is vulnerable to Information Disclosure. The vulnerability exists because the temporary keys used in the module get zeroed out while still in use by the module, resulting in an error or potential information loss. This vulnerability only affects Java 13 or later...

5.5CVSS5.4AI score0.00434EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2022/11/19 12:48 a.m.•36 views

Information Disclosure

rh-mysql80-mysql is vulnerable to denial of service. The vulnerability exists in the Server: Optimizer component, allowing attackers to cause an application crash and modify the critical data or all MySQL Server accessible data through multiple protocols...

6.5CVSS6.5AI score0.01147EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2022/11/10 12:24 a.m.•36 views

Denial Of Service (DoS)

rh-mysql80-mysql is vulnerable to denial of service. The vulnerability exists in the Server: Options component, allowing an attacker to cause an application crash and modify some MySQL Server accessible data through the multiple protocols...

5CVSS5.7AI score0.01601EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2022/11/09 4:37 a.m.•36 views

Denial Of Service (DoS)

@fastify/websocket and fastify-websocket are vulnerable to denial of service. The vulnerability is due to the fastifyWebsocket function in index.js which crashes the application on an uncaught exception when processing a malformed packet...

7.5CVSS7.1AI score0.00731EPSS
Exploits0References6Affected Software2
Veracode
Veracode
•added 2022/11/07 7:28 a.m.•36 views

Buffer Overflow

samba is vulnerable to buffer overflow. The vulnerability exists within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal because GSSAPI library allow a length-limited write buffer overflow on malloc allocated memory when presented with a maliciously small packet causing an application cras...

6.5CVSS7.3AI score0.0369EPSS
Exploits0References11Affected Software4
Veracode
Veracode
•added 2022/10/27 6:47 a.m.•36 views

Arbitrary Code Execution

badaso/core is vulnerable to arbitrary code executions. The vulnerability is due to the application not properly validating the data uploaded by users which allows an attacker to perform arbitrary code execution...

9.8CVSS9.4AI score0.01551EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2022/10/21 9:13 a.m.•36 views

Denial Of Service (DoS)

protobuf-cpp is vulnerable to Denial of Service. The vulnerability exists in multiple functions due to out of memory failures which allows an attacker to cause an application crash via multiple key-value...

7.5CVSS7.3AI score0.01151EPSS
Exploits0References20Affected Software2
Veracode
Veracode
•added 2022/10/17 8:35 a.m.•36 views

Authentication Bypass

grafana is vulnerable to Authentication Bypass. The vulnerability exists due to the GetUserByLogin function in user.go conflict in the login field; An attacker can register into the system from another user's email address as a username blocking a user's login attempt...

4.3CVSS5.9AI score0.0082EPSS
Exploits0References7Affected Software2
Veracode
Veracode
•added 2022/10/12 10:1 a.m.•36 views

Remote Code Execution (RCE)

commons-jxpath is vulnerable to remote code execution. The vulnerability exists in selectSingleNode function in JXPathContext.java where the attacker can use the xpath expression to load any java class from the classpath which will lead to a code execution...

3.5AI score
Exploits1References2Affected Software1
Veracode
Veracode
•added 2022/10/05 10:30 p.m.•36 views

Denial Of Service (DoS)

eap7 is vulnerable to denial of service. The vulnerability exists because the lack of handling by the browser over HTTP/2 may cause overhead or application crashes. This flaw exists because of an incomplete fix for CVE-2021-3629...

7.5CVSS6.4AI score0.01175EPSS
Exploits0References7Affected Software18
Veracode
Veracode
•added 2022/09/28 7:58 p.m.•36 views

Denial Of Service (DOS)

Consul is vulnerable to authorization denial of service. Due to incorrectly validating JWT characters, an attacker can continually request TLS certificates and ACL tokens. This unnecessary information being stored can result in authorization denial of service...

7.1CVSS5.1AI score0.00824EPSS
Exploits0References11Affected Software2
Veracode
Veracode
•added 2022/09/16 12:26 p.m.•36 views

Denial Of Service (DoS)

.NET Core is vulnerable to denial of service. The vulnerability exists due to a stack overflow which allows an attacker to send a customized payload that is parsed during model binding and cause an application crash...

7.5CVSS7.4AI score0.03074EPSS
Exploits0References19Affected Software15
Veracode
Veracode
•added 2022/09/01 12:25 p.m.•36 views

Authorization Bypass

chromium, sid is vulnerable to authorization bypass. The vulnerability exists due to an inappropriate implementation flaw was found in the extensions API component of the chromium browser...

6.5CVSS7.2AI score0.0057EPSS
Exploits0References6Affected Software2
Veracode
Veracode
•added 2022/09/01 10:44 a.m.•36 views

Improper Input Validation

chromium is vulnerable to improper input validation. The vulnerability exists due to the library does not properly validate user input in Intents...

6.5CVSS7.3AI score0.04493EPSS
Exploits1References5Affected Software2
Veracode
Veracode
•added 2022/08/31 6:23 a.m.•36 views

Denial Of Service (DoS)

github.com/helm/helm is vulnerable to denial of service. The vulnerability exists in setIndex function in parser.go because a maximum index is not defined when setting index which allows an attacker to cause an application crash...

6.5CVSS6.5AI score0.00843EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2022/08/17 5:30 a.m.•36 views

Denial Of Service (DoS)

moodle/moodle is vulnerable to denial of service. The vulnerability exists because the yuicombo.php does not properly limit the path length, allowing an attacker to crash the application by loading a large number of files...

7.5CVSS7AI score0.00804EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2022/08/15 11:39 p.m.•36 views

Denial Of Service (DoS)

u-boot is vulnerable to denial of service. The vulnerability exists due to the integer signedness error, resulting stack stack-based buffer overflow in the i2c md command, which enables the corruption of the return address pointer of the doi2cmd function...

9.8CVSS9.2AI score0.02006EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2022/08/13 10:42 a.m.•36 views

Denial Of Service (DoS)

vim is vulnerable to denial of service. The vulnerability exists due to heap based overflow in inscompladd of insexpand.c which allows an attacker to cause an application crash...

7.8CVSS7.5AI score0.0101EPSS
Exploits1References9Affected Software1
Veracode
Veracode
•added 2022/08/12 4:59 a.m.•36 views

SQL Injection

loopback-connector-postgresql is vulnerable to sql injection attacks. The vulnerability exists in buildExpression function in postgresql.js because the user provided inputs for contains loopback filter are not properly sanitized which allows an attacker to inject and execute arbitrary sql command...

10CVSS9.5AI score0.00547EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2022/08/10 8:11 a.m.•36 views

Denial Of Service (DoS)

undertow is vulnerable to Denial Of Service DoS. The vulnerability exists in read function in AjpServerRequestConduit.java because the exceptions are not handled properly for large AJP requests which allows an attacker to send a malicious request and trigger server errors causing an application...

7.5CVSS7.4AI score0.0087EPSS
Exploits0References5Affected Software19
Veracode
Veracode
•added 2022/08/09 12:45 a.m.•36 views

Directory Traversal

rsync is vulnerable to Directory Traversal. The vulnerability exists due to a lack of validation of file names allowed, allowing a malicious rsync server or Man-in-The-Middle attacker to overwrite arbitrary files in the rsync client target directory and subdirectories...

7.4CVSS7.5AI score0.0165EPSS
Exploits1References11Affected Software2
Veracode
Veracode
•added 2022/08/07 6:28 p.m.•36 views

Out-Of-Bounds Read

vim:sid is vulnerable to out of bounds read. A remote attacker is able to perform out of bound reads...

7.8CVSS7.7AI score0.01601EPSS
Exploits1References14Affected Software1
Veracode
Veracode
•added 2022/08/04 3:9 a.m.•36 views

Double Free

Linux kernel is vulnerable to double free. The vulnerability exists in usb8devstartxmit in drivers/net/can/usb/usb8dev.c because is no need to call devkfreeskb when usbsubmiturb fails because canputechoskb deletes original skb and canfreeechoskb deletes the cloned skb causing a double free...

5.5CVSS6.1AI score0.00395EPSS
Exploits0References11Affected Software4
Veracode
Veracode
•added 2022/08/01 2:11 p.m.•36 views

Denial Of Service

libtiff.so is vulnerable to denial of service DoS attacks. A malicious user is able to cause denial of service conditions via a crafted TIFF file through TIFFVGetField function, resulting in an application crash...

6.5CVSS6.2AI score0.01378EPSS
Exploits1References8Affected Software2
Veracode
Veracode
•added 2022/07/08 5:5 a.m.•36 views

Denial Of Service (DoS)

HTTP2 Server is vulnerable to Denial Of Service DoS. The vulnerability exists in onRequest function in HttpChannelOverHTTP2.java due to improper error handling which allows an attacker to cause an application crash...

7.5CVSS7.3AI score0.01818EPSS
Exploits0References9Affected Software3
Veracode
Veracode
•added 2022/07/07 2:44 p.m.•36 views

Information Disclosure

opensshkeyparser is vulnerable to information disclosure. The vulnerability exists in readfixedbytes function in pascalstylebytestream.py because the exception message is not properly handled which allows an attacker to gain access to view and modify the length of a raw field value of a key...

7.7CVSS6.1AI score0.01031EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2022/06/28 8:35 a.m.•36 views

Regular Expression Denial Of Service (ReDoS)

org.apache.tika:tika is vulnerable to regular expression denial of service ReDoS attacks. An attacker is able to cause denial of service conditions to the users who are running the StandardsExtractingContentHandler component, due to an insecure regular expression usage in setThreshold function by...

5.5CVSS5.3AI score0.02495EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2022/06/28 8:9 a.m.•36 views

Information Disclosure

guzzlehttp/guzzle is vulnerable to information disclosure. The vulnerability exists in serveral functions in RedirectMiddleware.php because the change in port is not considered a change in origin when sending requests with header files which allows an attacker to gain access to sensitive header...

7.7CVSS7.2AI score0.0138EPSS
Exploits0References9Affected Software2
Veracode
Veracode
•added 2022/06/27 8:7 a.m.•36 views

Arbitrary Code Execution

watools is vulnerable to arbitrary code execution. The vulnerability exists because of a code execution backdoor in all the versions of watools packages available in Pypi which allows an attacker to inject and execute malicious codes...

9.8CVSS9.6AI score0.01896EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2022/06/26 4:15 a.m.•36 views

Use-After-Free

vim is vulnerable to use after free. The vulnerability exists in utfptr2char function in mbyte.c because the freed memory is used when searching for pattern in path which allows an attacker to cause a memory corruption causing an application crash...

7.8CVSS7.6AI score0.01419EPSS
Exploits1References10Affected Software1
Total number of security vulnerabilities5000