Lucene search
K
VeracodeMost viewed

38326 matches found

Veracode
Veracode
•added 2022/02/12 8:24 a.m.•36 views

Denial Of Service (DoS)

JHEAD is vulnerable to denial of service. The vulnerability exists due to a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections allowing an attacker to crash the system with a maliciously crafted jpeg image...

6.1CVSS4.1AI score0.0089EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2022/02/11 1:33 p.m.•36 views

Denial Of Service (DoS)

openexr is vulnerable to denial of service.The vulnerability exists in CompositeDeepScanLine::setFrameBuffer function of ImfCompositeDeepScanLine.cpp due to a heap-based buffer overflow which allows an attacker to crash the application via malicious input...

5.5CVSS3.6AI score0.01772EPSS
Exploits1References18Affected Software1
Veracode
Veracode
•added 2022/01/29 10:24 p.m.•36 views

Denial Of Service (DoS)

wireshark:edge is vulnerable to denial of service. Crash in the RFC 7468 dissector allows denial of service via packet injection or crafted capture file...

7.5CVSS2.9AI score0.03296EPSS
Exploits1References10Affected Software1
Veracode
Veracode
•added 2022/01/18 8:50 p.m.•36 views

Insecure Cryptography

cryptsetup is vulnerable to insecure cryptography. A malicious attacker can modify on-disk metadata to simulate decryption in progress with crashed reencryption step and persistently decrypt part of the LUKS device...

4.3CVSS3.6AI score0.0028EPSS
Exploits0References10Affected Software3
Veracode
Veracode
•added 2022/01/15 10:11 p.m.•36 views

Remote Code Execution (RCE)

vim is vulnerable to remote code execution. The vulnerability exists due to a use-after-free allowing an attacker to execute malicious code in the system...

7.8CVSS4.9AI score0.01273EPSS
Exploits1References11Affected Software3
Veracode
Veracode
•added 2022/01/15 9:54 p.m.•36 views

Denial Of Service (DoS)

systemd is vulnerable to denial of service DoS attacks. An uncontrolled recursion in systemd-tmpfiles may lead to denial of service at boot time...

5.5CVSS3.8AI score0.01561EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2022/01/14 5:54 a.m.•36 views

Out-of-bounds Memory Access When Inserting Text In Edit Mode

firefox is vulnerable to Out of bounds Access. An attacker is able to exploit the vulnerability by inserting text in Edit mode...

6.5CVSS2.8AI score0.00796EPSS
Exploits0References7Affected Software7
Veracode
Veracode
•added 2021/12/10 7:36 a.m.•36 views

Denial Of Service (DoS)

thunderbird and firefox are vulnerable denial of service. The vulnerability exists due to a GC Rooting Failure When Calling Wasm Instance Methods...

8.8CVSS2.9AI score0.0162EPSS
Exploits0References13Affected Software7
Veracode
Veracode
•added 2021/12/07 12:33 a.m.•36 views

Denial Of Service (DoS)

Insufficient access control in the IntelR PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access...

7.4CVSS5.8AI score0.0407EPSS
Exploits0References17Affected Software1
Veracode
Veracode
•added 2021/11/18 6:26 a.m.•36 views

Cross-Site Scripting (XSS)

ckeditor4 is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization of HTML in the Advance Content Filter ACF module which allows an attacker to inject maliciously crafted HTML containing Javascript code...

8.2CVSS1.4AI score0.01257EPSS
Exploits0References10Affected Software2
Veracode
Veracode
•added 2021/11/17 10:36 p.m.•36 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. Uncontrolled resource consumption in some IntelR Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local access. An uncontrolled resource consumption in some IntelR...

5.5CVSS4.4AI score0.00298EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2021/11/12 3:19 p.m.•36 views

Privilege Escalation

samba is vulnerable to escalation of privilege. The vulnerability exists due to the lack of sanitization of user's authorization when RODC read-only domain controller is used when printing administration ticket...

8.8CVSS3.6AI score0.01595EPSS
Exploits0References4Affected Software4
Veracode
Veracode
•added 2021/11/11 4:14 a.m.•36 views

Improper Input Validation

pip suffers from improper input validation. The library does not properly handle unicode separators in git references. An attacker can use this flaw to install a different revision on a repository...

5.7CVSS3AI score0.01687EPSS
Exploits2References6Affected Software1
Veracode
Veracode
•added 2021/11/09 3:15 p.m.•36 views

Privilege Escalation

chrome is vulnerable to privilege escalation. The vulnerability exists due to a type confusion in the v8 component in chrome...

8.8CVSS3.2AI score0.26703EPSS
Exploits1References6Affected Software3
Veracode
Veracode
•added 2021/10/21 4:31 a.m.•36 views

Directory Traversal

babel is vulnerable to directory traversal. The library does not clean the locale identifiers properly before loading from file, allowing a malicious user to load arbitrary locale .dat files...

7.8CVSS4.2AI score0.00716EPSS
Exploits1References6Affected Software6
Veracode
Veracode
•added 2021/10/18 2:27 p.m.•36 views

Denial Of Service (DoS)

rh-mysql80-mysql is vulnerable to denial of service. An attacker can crash the application via the Server: Optimizer component...

4.9CVSS2.9AI score0.10012EPSS
Exploits3References11Affected Software1
Veracode
Veracode
•added 2021/10/11 5:4 a.m.•36 views

Business Logic Flaws

rustc has a business logic flaw. The vulnerability exists due to the iteratorgetunchecked more than once for the same index when the underlying iterator panics in certain conditions. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess...

7.5CVSS2.5AI score0.01997EPSS
Exploits1References10Affected Software1
Veracode
Veracode
•added 2021/10/07 10:16 a.m.•36 views

Denial Of Service (DoS)

chromium is vulnerable to denial of service. An attacker is able to crash the system by exploiting a heap corruption via a maliciously crafted HTML page...

8.8CVSS1.8AI score0.34887EPSS
Exploits0References11Affected Software3
Veracode
Veracode
•added 2021/10/05 1:27 p.m.•36 views

Denial Of Service (DoS)

Redis is vulnerable to denial of service. An attacker may exploit the vulnerability by injecting a malicious requests over multiple connections can cause the server to allocate significant amount of memory causing it to crash...

7.5CVSS3.3AI score0.1578EPSS
Exploits0References19Affected Software2
Veracode
Veracode
•added 2021/10/05 12:6 p.m.•36 views

Denial Of Service (DoS)

Redis is vulnerable to denial of service. An integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and client-query-buffer-limit configuration parameters to very larg...

7.5CVSS5.5AI score0.03688EPSS
Exploits0References17Affected Software2
Veracode
Veracode
•added 2021/09/20 3:36 a.m.•36 views

Bypass Of Secure Validation

Apache Santuario is vulnerable to bypass of secure validation. Lack of secure handling of secureValidation property allows an attacker to abuse an XPath Transform and to extract any local .xml files in a RetrievalMethod element during the creation of a KeyInfo from a KeyInfoReference element...

7.5CVSS2.4AI score0.10448EPSS
Exploits0References24Affected Software16
Veracode
Veracode
•added 2021/09/10 6:15 a.m.•36 views

Denial Of Service(DoS)

netty-codec is vulnerable to denial of service. The vulnerability exists due to lack of allocation size restriction on the decompressed output data in the Bzip2 decompression decoder function, leading to an OOME...

7.5CVSS3.4AI score0.0628EPSS
Exploits0References21Affected Software28
Veracode
Veracode
•added 2021/09/09 4:22 p.m.•36 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. The vulnerability exists due to the system allowing OS users to cause host OS memory corruption via rtasargs.nargs...

7.8CVSS7.5AI score0.00575EPSS
Exploits1References14Affected Software2
Veracode
Veracode
•added 2021/09/01 3:51 a.m.•36 views

Remote Code Execution (RCE)

@npmcli/arborist is vulnerable to remote code execution. The vulnerability exists due to a symlink dependency where an attacker is able to create arbitrary contents to be written to any location on the filesystem...

8.2CVSS4.1AI score0.00576EPSS
Exploits0References6Affected Software3
Veracode
Veracode
•added 2021/08/19 11:32 a.m.•36 views

Denial Of Service

qemu is vulnerable to denial of service. The vulnerability exists when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full, a malicious SPICE client could use this flaw to make QEMU call free with faked heap chunk metadata, resulting in a crash of QEMU...

8.5CVSS1.4AI score0.02904EPSS
Exploits0References7Affected Software4
Veracode
Veracode
•added 2021/08/06 8:30 p.m.•36 views

Denial Of Service (DoS)

go is vulnerable to Denial Of Service DoS. The vulnerability exists due to a race condition where the system is trying to access the same resources leading to denial of service...

5.9CVSS6.5AI score0.03128EPSS
Exploits0References19Affected Software18
Veracode
Veracode
•added 2021/07/29 7:29 a.m.•36 views

Remote Code Execution (RCE)

webkit2gtk is vulnerable to remote code execution. The vulnerability exists due to a use-after-free vulnerability exists in WebKitGTK browser...

8.8CVSS3.5AI score0.02824EPSS
Exploits1References3Affected Software17
Veracode
Veracode
•added 2021/07/13 8:34 a.m.•36 views

Denial Of Service (DoS)

sshd-core is vulnerable to denial of service. SFTP and port forwarding feature of the library allows an attacker to send maximum data to cause the boundary overflow on BufferedIoOutputStream writing, causing an OutOfMemory error...

6.5CVSS4AI score0.03394EPSS
Exploits0References9Affected Software22
Veracode
Veracode
•added 2021/07/10 6:13 p.m.•36 views

Denial Of Service (DoS)

openexr:stretch is vulnerable to denial of service. An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEX. An attacker could use this flaw to crash an application compiled with OpenEXR...

5.5CVSS3.9AI score0.01153EPSS
Exploits0References7Affected Software2
Veracode
Veracode
•added 2021/07/06 12:2 a.m.•36 views

Information Disclosure

libvirt is vulnerable to information disclosure. An attacker is able to access files of other users when the system generates SELiinux MCS category pairs for VMs' dynamic labels...

6.3CVSS3.8AI score0.00493EPSS
Exploits1References8Affected Software1
Veracode
Veracode
•added 2021/06/17 8:36 a.m.•36 views

Denial Of Service (DoS)

cxf-rt-rs-json-basic is vulnerable to denial of service. An attacker is able to cause a thread to be stuck in an infinite loop due to an insecure parsing of JSON in JsonMapObjectReaderWriter...

7.5CVSS4.1AI score0.07024EPSS
Exploits0References26Affected Software1
Veracode
Veracode
•added 2021/05/24 9:12 a.m.•36 views

Denial Of Service (DoS)

linux kernel is vulnerable to denial of service. The vulnerability exists due to a NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality...

4.4CVSS3.1AI score0.00366EPSS
Exploits1References6Affected Software3
Veracode
Veracode
•added 2021/05/24 9:1 a.m.•36 views

Arbitrary Code Execution

unbound is vulnerable to arbitrary code execution. An integer overflow in the regional allocator via the ALIGNUP macro allows an attacker to execute arbitrary code on the host OS...

9.8CVSS5.6AI score0.01783EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2021/05/24 2:29 a.m.•36 views

Information Disclosure

bouncycastle is vulnerable to information disclosure. The vulnerability exists due to a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures...

5.9CVSS1.5AI score0.01522EPSS
Exploits0References4Affected Software11
Veracode
Veracode
•added 2021/05/21 2:1 p.m.•36 views

Denial Of Service (DoS)

trousers is vulnerable to denial of service. The vulnerability exists when daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks which allows the tss user to create or corrupt existing files, which could possibly lead to a DoS attack...

5.5CVSS5.3AI score0.00553EPSS
Exploits1References11Affected Software1
Veracode
Veracode
•added 2021/05/20 3:28 p.m.•36 views

Denial Of Service (DoS)

usbsgcancel in drivers/usb/core/message.c in the Linux kernel has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. A use-after-free flaw was found in usbsgcancel in drivers/usb/core/message.c in the USB core subsystem. This flaw allows a local attacker with a...

6.7CVSS5.9AI score0.00802EPSS
Exploits1References38Affected Software2
Veracode
Veracode
•added 2021/05/12 5:18 a.m.•36 views

Insecure Deserialization

wire allows insecure deserialization. The way the type information is handled in its serialization format allows an attacker to pass malicious payloads a different type for the receiving end to the deserializer and potentially cause unexpected application behavior...

9.1CVSS3.3AI score0.01584EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2021/05/10 1:52 p.m.•36 views

Remote Code Execution (RCE)

graphviz is vulnerable to remote code execution. An attacker is able to exploit the vulnerability by loading a malicious file into the lib/common/shapes.c component...

7.8CVSS3.9AI score0.02618EPSS
Exploits1References9Affected Software1
Veracode
Veracode
•added 2021/05/08 2:25 p.m.•36 views

Denial Of Service (DoS)

lz4 is vulnerable to denial of service. An integer overflow occurs when one of the memmove arguments is set to negative, resulting in an application crash...

9.8CVSS5.5AI score0.03216EPSS
Exploits0References12Affected Software2
Veracode
Veracode
•added 2021/05/06 11:27 a.m.•36 views

Information Disclosure

samba is vulnerable to information disclosure. The vulnerability exists due to a flaw that could allow an attacker to read data beyond the end of the array...

6.8CVSS2.4AI score0.01616EPSS
Exploits0References12Affected Software7
Veracode
Veracode
•added 2021/04/30 4:58 a.m.•36 views

Directory Traversal

babel is vulnerable to directory traversal. The vulnerability allows an attacker to load arbitrary locale .dat files which contain serialized Python objects. This can potentially lead to arbitrary code execution If an attacker is able to load a malicious local .dat file through Babel.Locale...

6.6AI score
Exploits0References4Affected Software7
Veracode
Veracode
•added 2021/04/29 1:27 p.m.•36 views

Information Disclosure

chromium is vulnerable to information disclosure. The vulnerability exists due to insufficient data validation that allows a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS2.4AI score0.00814EPSS
Exploits0References9Affected Software1
Veracode
Veracode
•added 2021/03/30 8:15 p.m.•36 views

Use After Free

webkit2gtk is vulnerable to a use after free issue. Processing maliciously crafted web content may lead to arbitrary code execution...

7.8CVSS3.4AI score0.01361EPSS
Exploits0References18Affected Software17
Veracode
Veracode
•added 2021/03/24 4:3 a.m.•36 views

Regular Expression Denial Of Service (ReDoS)

hosted-git-info is vulnerable to regular expression denial of service ReDoS. An attacker can provide a malicious string via shortcutMatch in the function fromUrl in index.js to crash the application...

5.3CVSS3AI score0.03612EPSS
Exploits1References6Affected Software3
Veracode
Veracode
•added 2021/03/23 6:36 a.m.•36 views

Regular Expression Denial Of Service (ReDos)

xstream is vulnerable to regular expression denial of service. A remote attacker is able to occupy a thread that consumes excessive CPU resources for long period of time...

7.5CVSS3.9AI score0.13832EPSS
Exploits0References21Affected Software5
Veracode
Veracode
•added 2021/03/18 4:30 a.m.•36 views

Regular Expression Denial Of Service (ReDoS)

ua-parser-js is vulnerable to regular expression denial of service. An attacker is able to exploit the vulnerability by sending a malicious User-Agent header under the device type causing the system to process the header for an extended period of time...

7.5CVSS3.7AI score0.03366EPSS
Exploits1References5Affected Software2
Veracode
Veracode
•added 2021/03/17 8:8 a.m.•36 views

Denial Of Service (DoS)

json-smart is vulnerable to denial of service DoS attacks. An unhandled NumberFormatException thrown from the function extractFloat in JSONParserBase.java allows a remote attacker to crash programs or leak sensitive information...

5.9CVSS3.5AI score0.02886EPSS
Exploits1References13Affected Software1
Veracode
Veracode
•added 2021/03/17 5:7 a.m.•36 views

Authorization Bypass

moodle/moodle is vulnerable to authorization bypass. When creating a user account, it was possible to verify the account without having access to the verification email link/secret...

5.3CVSS3.7AI score0.01266EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2021/03/15 7:41 a.m.•36 views

Remote Code Execution (RCE)

xstream is vulnerable to remote code execution. An attacker is able to manipulate the processed input stream and replace or inject objects which would result in the execution of arbitrary code loaded from a remote server...

9.8CVSS3.7AI score0.76367EPSS
Exploits1References21Affected Software4
Veracode
Veracode
•added 2021/03/12 10:54 p.m.•36 views

Out-of-Bounds Access

openjpeg is vulnerable to out-of-bounds write. An attacker is able to inject a malicious input during conversion and encoding, causing an out-of-bounds write...

7.8CVSS5.6AI score0.01329EPSS
Exploits0References9Affected Software3
Total number of security vulnerabilities5000