Lucene search
K
VeracodeMost viewed

38326 matches found

Veracode
Veracode
added 2021/02/26 2:10 a.m.36 views

Information Disclosure

Python is vulnerable to information disclosure. The vulnerability exists because Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP...

9.8CVSS0.6AI score0.08235EPSS
Exploits0References20Affected Software10
Veracode
Veracode
added 2021/02/24 5:20 p.m.36 views

DNS Rebinding

nodejs is vulnerable to DNS rebinding attacks. The vulnerability exists in the inspector component allowing an attacker to bypass the DNS rebinding protection if the, said attacker controls the victim's DNS server or can spoof its responses...

7.5CVSS4AI score0.32362EPSS
Exploits1References19Affected Software4
Veracode
Veracode
added 2021/02/15 6:30 p.m.36 views

Heap Buffer Overflow

BusyBox is vulnerable to heap-based buffer overflow in the DHCP client udhcpc. It allows remote attackers to have unspecified impact via vectors involving OPTION6RD parsing...

9.8CVSS7.3AI score0.28429EPSS
Exploits4References15Affected Software1
Veracode
Veracode
added 2021/02/05 3:55 a.m.36 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. An incorrect umask configuration during file or directory modification in the way user create and delete object using NFSv4.2 or newer, if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2, allows a user with access...

4.9CVSS2.6AI score0.01347EPSS
Exploits0References5Affected Software2
Veracode
Veracode
added 2021/01/22 8:28 a.m.36 views

Arbitrary Code Execution

github.com/golang/go is vulnerable to arbitrary code execution. The go command may execute arbitrary code at build time when users have “.” listed explicitly in their PATH and are running “go get” or build commands outside of a module or with module mode disabled...

7.5CVSS5.1AI score0.06497EPSS
Exploits0References8Affected Software4
Veracode
Veracode
added 2021/01/12 10:25 p.m.36 views

Denial Of Service (DoS)

imagemagick is vulnerable to denial of service DoS. The vulnerability exists through the TIFFSetProfiles function in coders/tiff.c where TIFFGetField return values imply that data validation has occurred...

6.5CVSS2.9AI score0.02616EPSS
Exploits1References5Affected Software2
Veracode
Veracode
added 2020/12/19 6:4 a.m.36 views

Denial Of Service(DoS)

lldpd is denial of serviceDoS. The buffer overflow in the lldpdecode function in daemon/protocols/lldp.c...

9.8CVSS3.4AI score0.05493EPSS
Exploits0References11Affected Software10
Veracode
Veracode
added 2020/12/06 3:50 a.m.36 views

Denial Of Service (DoS)

libdbi-perl is vulnerable to denial of service. An untrusted pointer dereference allows a local attacker who is able to manipulate calls to dbddblogin6sv, cause a memory corruption and crash the application...

5.5CVSS3.2AI score0.00576EPSS
Exploits0References9Affected Software1
Veracode
Veracode
added 2020/12/06 3:19 a.m.36 views

Arbitrary Code Execution

openexr is vulnerable to arbitrary code execution. An invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code...

8.8CVSS3.6AI score0.03166EPSS
Exploits0References11Affected Software1
Veracode
Veracode
added 2020/12/06 2:35 a.m.36 views

Denial Of Service (DoS)

qemu is vulnerable to denial of service. The vulnerability exists through hw/usb/hcd-ohci.c due to an infinite loop when a TD list has a loop allowing an attacker to cause an application crash...

5.3CVSS5.7AI score0.00441EPSS
Exploits0References6Affected Software7
Veracode
Veracode
added 2020/12/06 2:28 a.m.36 views

Privilege Escalation

linux-kvm is vulnerable to privilege escalation. The vulnerability exists as the rbd block device driver in drivers/block/rbd.c used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices...

4.1CVSS4.6AI score0.00308EPSS
Exploits0References8Affected Software5
Veracode
Veracode
added 2020/12/04 4:39 p.m.36 views

Denial Of Service (DoS)

nsd is vulnerable to denial of service. An attacker is able to overwrite the PID file via a local symlink attack which will cause the application to crash...

5.5CVSS3AI score0.00484EPSS
Exploits0References6Affected Software4
Veracode
Veracode
added 2020/12/02 9:50 a.m.36 views

Information Disclosure

php is vulnerable to information disclosure. The vulnerability exists as the DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte...

5.9CVSS1.1AI score0.08818EPSS
Exploits1References18Affected Software1
Veracode
Veracode
added 2020/11/23 11:16 a.m.36 views

Privilege Escalation

Moodle is vulnerable to privilege escalation. Users students are able to add entries within groups they do not belong to...

6.5CVSS4.3AI score0.01329EPSS
Exploits0References7Affected Software1
Veracode
Veracode
added 2020/11/20 10:27 a.m.36 views

DNS Rebinding Attack

firefox is vulnerable to DNS rebinding attack. The vulnerability exists as DNS over HTTPS intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver, and when a IPv4 address was mapped through IPv6...

6.5CVSS1.2AI score0.01161EPSS
Exploits0References5Affected Software8
Veracode
Veracode
added 2020/11/05 3:9 a.m.36 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. The vulnerability exists due to a memory leak in the rtl8xxxusubmitinturb function which allows an attacker to crash the kernel...

4.6CVSS6.4AI score0.00451EPSS
Exploits0References16Affected Software2
Veracode
Veracode
added 2020/10/26 5:9 a.m.36 views

Information Disclosure

guava is vulnerable to Information Disclosure. A folder with insecure permissions is created by the function com.google.common.io.Files.createTempDir. A local user will be able to steal secrets stored in this directory...

3.3CVSS5.6AI score0.00964EPSS
Exploits1References78Affected Software19
Veracode
Veracode
added 2020/10/23 8:58 a.m.36 views

Information Disclosure

OpenJDK is vulnerable to information disclosure. The vulnerability exists through credentials sent over unencrypted LDAP connection...

3.7CVSS1.6AI score0.02296EPSS
Exploits0References8Affected Software5
Veracode
Veracode
added 2020/10/15 5:10 a.m.36 views

XML External Entity (XXE)

jackson-databind is vulnerable to XML external entity XXE attack. The external DTDs and doctype declarations not disabled by default and allows an attacker to perform XXE attacks against the application using the library...

7.5CVSS3.6AI score0.17611EPSS
Exploits0References135Affected Software21
Veracode
Veracode
added 2020/10/14 1:7 a.m.36 views

Arbitrary Code Execution

kernel is vulnerable to arbitrary code execution. A user-after-free occurs in trymergefreespace in fs/btrfs/free-space-cache.c when mounting malicious btrfs filesystem image and subsequently making a syncfs system call. This could potentially lead to arbitrary code execution on the OS...

7.8CVSS6.8AI score0.02143EPSS
Exploits1References6Affected Software3
Veracode
Veracode
added 2020/10/04 4:38 a.m.36 views

Authorization Bypass

apache-ant is vulnerable to authorization bypass. The vulnerabiltiy exists through the mitigation for CVE-2020-1945 has changed the permissions of temporary files it created so that only the current user was allowed to access them, while the fixcrlf task deleted the temporary file and creates a n...

7.5CVSS2.6AI score0.08235EPSS
Exploits0References29Affected Software5
Veracode
Veracode
added 2020/10/01 3:53 a.m.36 views

Arbitrary Code Execution

webkitgtk is vulnerable to arbitrary code execution.The attacker execute the maliciously crafted web content to create multiple memory corruption issue lead to arbitrary code execution...

8.8CVSS3.8AI score0.01936EPSS
Exploits0References10Affected Software28
Veracode
Veracode
added 2020/10/01 3:52 a.m.36 views

Arbitrary Code Execution

webkitgtk4 is vulnerable to arbitrary code execution. The vulnerability exists through parsing web content that causes memory corruption...

8.8CVSS6AI score0.02014EPSS
Exploits0References11Affected Software28
Veracode
Veracode
added 2020/10/01 3:52 a.m.36 views

Arbitrary Code Execution

webkitgtk4 is vulnerable to arbitrary code execution.The attacker execute the malicious crafted web content multiple memory corruption issues leading to arbitrary code execution...

8.8CVSS4.1AI score0.01906EPSS
Exploits0References9Affected Software28
Veracode
Veracode
added 2020/10/01 3:52 a.m.36 views

Arbitrary Code Execution

webkitgtk is vulnerable to arbitrary code execution.The attacker execute the malicious crafted web content to cause the multiple memory corruption lead to arbitrary code execution...

8.8CVSS3.9AI score0.01571EPSS
Exploits0References5Affected Software28
Veracode
Veracode
added 2020/10/01 3:52 a.m.36 views

Arbitrary Code Execution

webkitgtk is vulnerable to arbitrary code execution. The vulnerability exists through a memory corruption issue...

8.8CVSS3.8AI score0.01571EPSS
Exploits0References5Affected Software28
Veracode
Veracode
added 2020/10/01 3:52 a.m.36 views

Arbitrary Code Execution

WebKitGTK+ is vulnerable to arbitrary code execution. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS4.3AI score0.01812EPSS
Exploits0References10Affected Software1
Veracode
Veracode
added 2020/10/01 3:52 a.m.36 views

Arbitrary Code Execution

WebKitGTK+ is vulnerable to arbitrary code execution. A memory corruption issue allows an attacker to execute arbitrary code on the host OS...

8.8CVSS4.4AI score0.01812EPSS
Exploits0References10Affected Software1
Veracode
Veracode
added 2020/10/01 3:46 a.m.36 views

HTTP Request Splitting

squid is vulnerable to HTTP Request Splitting. Insecure parsing of the Transfer-Encoding header allows an attacker to split an HTTP request and perform cache poisoning...

6.5CVSS2.3AI score0.04235EPSS
Exploits0References18Affected Software2
Veracode
Veracode
added 2020/10/01 12:35 a.m.36 views

Cross-site Scripting (XSS)

djangorestframework is vulnerable to cross-site scripting XSS. The vulnerability exists as the use of urlizequotedlinks in restframework/templates/restframework/base.html does not sanitize...

6.1CVSS1.5AI score0.01286EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2020/09/28 3:25 a.m.36 views

Format String Attack

tensorflow is vulnerable to format string attacks. The vulnerability exists as the fill argument of tf.strings.asstring reaches a printf call without sanitization...

7.5CVSS3.5AI score0.00952EPSS
Exploits1References4Affected Software3
Veracode
Veracode
added 2020/09/24 10:28 a.m.36 views

Denial Of Service (DoS)

wireshark is vulnerable to denial of service. An attacker is able to crash the MIME Multipart dissector by injecting a malformed packet onto the wire or by convincing a user to read a malicious packet trace file...

7.5CVSS3AI score0.04859EPSS
Exploits1References13Affected Software1
Veracode
Veracode
added 2020/09/21 6:38 a.m.36 views

Denial Of Service (DoS)

graphicsmagick is vulnerable to denial of service DoS. The vulnerability exists through a NULL pointer dereference vulnerability in the function ReadCINEONImage in coders/cineon.c...

6.5CVSS2.9AI score0.0174EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2020/09/21 6:33 a.m.36 views

Arbitrary Code Execution

ruby is vulnerable to arbitrary code execution. An attacker is able to inject code in the first argument to the command argument to Shell or Shelltest in lib/shell.rb...

8.1CVSS5.4AI score0.04221EPSS
Exploits1References15Affected Software7
Veracode
Veracode
added 2020/09/21 6:28 a.m.36 views

Denial Of Service (DoS)

squid is vulnerable to denial of service DoS. The vulnerability exists due to an incorrect input validation, causing a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy...

7.5CVSS4.1AI score0.0918EPSS
Exploits0References12Affected Software4
Veracode
Veracode
added 2020/09/21 6:28 a.m.36 views

Privilege Escalation

Linux kernel is vulnerable to privilege escalation. A memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity...

7.8CVSS3.5AI score0.01319EPSS
Exploits1References13Affected Software5
Veracode
Veracode
added 2020/09/21 6:27 a.m.36 views

Denial Of Service (DoS)

graphicsmagick:xenial is vulnerable to denial of service DoS. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file...

6.5CVSS5.1AI score0.01724EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2020/09/21 6:24 a.m.36 views

Denial Of Service (DoS)

chromium-browser is vulnerable to denial of service DoS. SkPath.cpp in Skia, as used in Google Chrome on Windows and OS X and on Linux, does not properly validate the return values of ChopMonoAtY calls, which allows remote attackers to cause a denial of service uninitialized memory access and...

8.8CVSS5.2AI score0.01088EPSS
Exploits0References5Affected Software4
Veracode
Veracode
added 2020/09/21 6:18 a.m.36 views

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of service DoS. There is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c...

4.2CVSS3.7AI score0.00281EPSS
Exploits0References6Affected Software3
Veracode
Veracode
added 2020/09/11 5:1 a.m.36 views

Man-in-the-Middle (MitM)

activemq-broker is vulnerable to man-in-the-middleMitM attack. It binds the server to jmxrmi entry after creating JMX RMI registry using LocateRegistry.createRegistry, leading to the connection to the registry without authentication and allowing rebinding of jmxrmi to any other entity. Therefore,...

5.9CVSS2.6AI score0.04561EPSS
Exploits0References9Affected Software2
Veracode
Veracode
added 2020/08/28 1:54 a.m.36 views

Session Fixation

symphonycms/symphony-2 is vulnerable to session fixation. The vulnerability exists as it does not regenerate the user's PHPSESSID cookie value upon a successful authentication. If a user's PHPSESSID cookie value can be modified by means of application logic or another vulnerability, an attacker...

7.5CVSS3.2AI score0.09421EPSS
Exploits5References8Affected Software1
Veracode
Veracode
added 2020/08/18 5:43 a.m.36 views

Server-side Request Forgery (SSRF)

phpBB is vulnerable to server side request forgery SSRF. The vulnerability exists as it does not properly limit the dimensions of images posted, allowing an attacker to use the image dimension check function to send requests on behalf of the server...

5.8CVSS3.3AI score0.00966EPSS
Exploits0References2Affected Software2
Veracode
Veracode
added 2020/08/06 9:40 p.m.36 views

Denial Of Service (DoS)

VLC is vulnerable to denial of service DoS. The vulnerability exists as an exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without...

7.5CVSS4.6AI score0.02396EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2020/08/06 9:37 p.m.36 views

Buffer Over-reads

tcpdump is vulnerable to a buffer over-read. The vulnerability exists due to a flaw in print-fr.c:mfrprint...

7.5CVSS2.3AI score0.03985EPSS
Exploits0References21Affected Software1
Veracode
Veracode
added 2020/08/06 9:32 p.m.36 views

Denial Of Service (DoS)

libvirt is vulnerable to denial of service DoS. The vulnerability exists as an issue was discovered in qemuDomainGetStatsIOThread in qemu/qemudriver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving...

6.5CVSS3.2AI score0.02294EPSS
Exploits0References9Affected Software1
Veracode
Veracode
added 2020/08/06 9:26 p.m.36 views

Cross-site Scripting (XSS)

webkit2gtk is vulnerable to cross-site scripting XSS. The vulnerability exists as it fail to properly restrict input in web content...

7.1CVSS1.7AI score0.01128EPSS
Exploits0References14Affected Software28
Veracode
Veracode
added 2020/07/17 5:32 a.m.36 views

Information Disclosure

openjdk is vulnerable to information disclosure. HostnameChecker does not ensure X.509 certificate names are in normalized form, potentially resulting in an unauthorized read access...

3.7CVSS1.6AI score0.03284EPSS
Exploits0References20Affected Software6
Veracode
Veracode
added 2020/06/24 3:8 a.m.36 views

Remote Code Execution

docker is vulnerable to remote code execution. The vulnerability exists due to a security regression of CVE-2019-5736 due to inclusion of vulnerable runc...

8.8CVSS3.4AI score0.9857EPSS
Exploits33References8Affected Software1
Veracode
Veracode
added 2020/06/23 3:37 a.m.36 views

Denial Of Service (DoS)

unbound is vulnerable to denial of service DoS. The vulnerability exists due to an incomplete fix for CVE-2020-12662 in RHEL7...

7.5CVSS2.8AI score0.03171EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2020/06/16 4:49 a.m.36 views

Cross-Site Scripting (XSS)

dijit is vulnerable to cross-site scripting. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the Editor's LinkDialog plugin...

5.4CVSS4.3AI score0.01183EPSS
Exploits0References6Affected Software1
Total number of security vulnerabilities5000