Lucene search
K
VeracodeMost viewed

38332 matches found

Veracode
Veracode
•added 2021/03/10 3:36 a.m.•36 views

Denial Of Service (DoS)

ImageMagick is vulnerable to denial of service DoS. An attacker is able to send a malicious file to trigger undefined behavior in the form of math division by zero...

5.5CVSS2.5AI score0.01228EPSS
Exploits0References5Affected Software4
Veracode
Veracode
•added 2021/02/26 6:53 a.m.•36 views

Cross-Site Scripting (XSS)

nanohttpd is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript code in a user's browser via the GeneralHandler class that implements a basic GET handler which prints debug information as an HTML page...

6.1CVSS2.2AI score0.00751EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2021/02/26 2:10 a.m.•36 views

Information Disclosure

Python is vulnerable to information disclosure. The vulnerability exists because Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP...

9.8CVSS0.6AI score0.08235EPSS
Exploits0References20Affected Software10
Veracode
Veracode
•added 2021/02/15 6:30 p.m.•36 views

Heap Buffer Overflow

BusyBox is vulnerable to heap-based buffer overflow in the DHCP client udhcpc. It allows remote attackers to have unspecified impact via vectors involving OPTION6RD parsing...

9.8CVSS7.3AI score0.28429EPSS
Exploits4References15Affected Software1
Veracode
Veracode
•added 2021/02/05 3:55 a.m.•36 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. An incorrect umask configuration during file or directory modification in the way user create and delete object using NFSv4.2 or newer, if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2, allows a user with access...

4.9CVSS2.6AI score0.01347EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2021/01/12 10:25 p.m.•36 views

Denial Of Service (DoS)

imagemagick is vulnerable to denial of service DoS. The vulnerability exists through the TIFFSetProfiles function in coders/tiff.c where TIFFGetField return values imply that data validation has occurred...

6.5CVSS2.9AI score0.02616EPSS
Exploits1References5Affected Software2
Veracode
Veracode
•added 2020/12/19 6:4 a.m.•36 views

Denial Of Service(DoS)

lldpd is denial of serviceDoS. The buffer overflow in the lldpdecode function in daemon/protocols/lldp.c...

9.8CVSS3.4AI score0.05493EPSS
Exploits0References11Affected Software10
Veracode
Veracode
•added 2020/12/06 3:50 a.m.•36 views

Denial Of Service (DoS)

libdbi-perl is vulnerable to denial of service. An untrusted pointer dereference allows a local attacker who is able to manipulate calls to dbddblogin6sv, cause a memory corruption and crash the application...

5.5CVSS3.2AI score0.00576EPSS
Exploits0References9Affected Software1
Veracode
Veracode
•added 2020/12/06 3:19 a.m.•36 views

Arbitrary Code Execution

openexr is vulnerable to arbitrary code execution. An invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code...

8.8CVSS3.6AI score0.03166EPSS
Exploits0References11Affected Software1
Veracode
Veracode
•added 2020/12/06 2:35 a.m.•36 views

Denial Of Service (DoS)

qemu is vulnerable to denial of service. The vulnerability exists through hw/usb/hcd-ohci.c due to an infinite loop when a TD list has a loop allowing an attacker to cause an application crash...

5.3CVSS5.7AI score0.00441EPSS
Exploits0References6Affected Software7
Veracode
Veracode
•added 2020/12/06 2:28 a.m.•36 views

Privilege Escalation

linux-kvm is vulnerable to privilege escalation. The vulnerability exists as the rbd block device driver in drivers/block/rbd.c used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices...

4.1CVSS4.6AI score0.00308EPSS
Exploits0References8Affected Software5
Veracode
Veracode
•added 2020/12/04 4:39 p.m.•36 views

Denial Of Service (DoS)

nsd is vulnerable to denial of service. An attacker is able to overwrite the PID file via a local symlink attack which will cause the application to crash...

5.5CVSS3AI score0.00484EPSS
Exploits0References6Affected Software4
Veracode
Veracode
•added 2020/12/02 9:50 a.m.•36 views

Information Disclosure

php is vulnerable to information disclosure. The vulnerability exists as the DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte...

5.9CVSS1.1AI score0.08818EPSS
Exploits1References18Affected Software1
Veracode
Veracode
•added 2020/11/23 11:16 a.m.•36 views

Privilege Escalation

Moodle is vulnerable to privilege escalation. Users students are able to add entries within groups they do not belong to...

6.5CVSS4.3AI score0.01329EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2020/11/05 3:9 a.m.•36 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. The vulnerability exists due to a memory leak in the rtl8xxxusubmitinturb function which allows an attacker to crash the kernel...

4.6CVSS6.4AI score0.00451EPSS
Exploits0References16Affected Software2
Veracode
Veracode
•added 2020/10/26 5:9 a.m.•36 views

Information Disclosure

guava is vulnerable to Information Disclosure. A folder with insecure permissions is created by the function com.google.common.io.Files.createTempDir. A local user will be able to steal secrets stored in this directory...

3.3CVSS5.6AI score0.00964EPSS
Exploits1References78Affected Software19
Veracode
Veracode
•added 2020/10/23 8:58 a.m.•36 views

Information Disclosure

OpenJDK is vulnerable to information disclosure. The vulnerability exists through credentials sent over unencrypted LDAP connection...

3.7CVSS1.6AI score0.02296EPSS
Exploits0References8Affected Software5
Veracode
Veracode
•added 2020/10/14 1:7 a.m.•36 views

Arbitrary Code Execution

kernel is vulnerable to arbitrary code execution. A user-after-free occurs in trymergefreespace in fs/btrfs/free-space-cache.c when mounting malicious btrfs filesystem image and subsequently making a syncfs system call. This could potentially lead to arbitrary code execution on the OS...

7.8CVSS6.8AI score0.02143EPSS
Exploits1References6Affected Software3
Veracode
Veracode
•added 2020/10/04 4:38 a.m.•36 views

Authorization Bypass

apache-ant is vulnerable to authorization bypass. The vulnerabiltiy exists through the mitigation for CVE-2020-1945 has changed the permissions of temporary files it created so that only the current user was allowed to access them, while the fixcrlf task deleted the temporary file and creates a n...

7.5CVSS2.6AI score0.08235EPSS
Exploits0References29Affected Software5
Veracode
Veracode
•added 2020/10/01 3:53 a.m.•36 views

Arbitrary Code Execution

webkitgtk is vulnerable to arbitrary code execution.The attacker execute the maliciously crafted web content to create multiple memory corruption issue lead to arbitrary code execution...

8.8CVSS3.8AI score0.01936EPSS
Exploits0References10Affected Software28
Veracode
Veracode
•added 2020/10/01 3:52 a.m.•36 views

Arbitrary Code Execution

webkitgtk4 is vulnerable to arbitrary code execution. The vulnerability exists through parsing web content that causes memory corruption...

8.8CVSS6AI score0.02014EPSS
Exploits0References11Affected Software28
Veracode
Veracode
•added 2020/10/01 3:52 a.m.•36 views

Arbitrary Code Execution

webkitgtk4 is vulnerable to arbitrary code execution.The attacker execute the malicious crafted web content multiple memory corruption issues leading to arbitrary code execution...

8.8CVSS4.1AI score0.01906EPSS
Exploits0References9Affected Software28
Veracode
Veracode
•added 2020/10/01 3:52 a.m.•36 views

Arbitrary Code Execution

webkitgtk is vulnerable to arbitrary code execution.The attacker execute the malicious crafted web content to cause the multiple memory corruption lead to arbitrary code execution...

8.8CVSS3.9AI score0.01571EPSS
Exploits0References5Affected Software28
Veracode
Veracode
•added 2020/10/01 3:52 a.m.•36 views

Arbitrary Code Execution

webkitgtk is vulnerable to arbitrary code execution. The vulnerability exists through a memory corruption issue...

8.8CVSS3.8AI score0.01571EPSS
Exploits0References5Affected Software28
Veracode
Veracode
•added 2020/10/01 3:52 a.m.•36 views

Arbitrary Code Execution

WebKitGTK+ is vulnerable to arbitrary code execution. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS4.3AI score0.01812EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2020/10/01 3:52 a.m.•36 views

Arbitrary Code Execution

WebKitGTK+ is vulnerable to arbitrary code execution. A memory corruption issue allows an attacker to execute arbitrary code on the host OS...

8.8CVSS4.4AI score0.01812EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2020/10/01 12:35 a.m.•36 views

Cross-site Scripting (XSS)

djangorestframework is vulnerable to cross-site scripting XSS. The vulnerability exists as the use of urlizequotedlinks in restframework/templates/restframework/base.html does not sanitize...

6.1CVSS1.5AI score0.01286EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2020/09/28 3:25 a.m.•36 views

Format String Attack

tensorflow is vulnerable to format string attacks. The vulnerability exists as the fill argument of tf.strings.asstring reaches a printf call without sanitization...

7.5CVSS3.5AI score0.00952EPSS
Exploits1References4Affected Software3
Veracode
Veracode
•added 2020/09/24 10:28 a.m.•36 views

Denial Of Service (DoS)

wireshark is vulnerable to denial of service. An attacker is able to crash the MIME Multipart dissector by injecting a malformed packet onto the wire or by convincing a user to read a malicious packet trace file...

7.5CVSS3AI score0.04918EPSS
Exploits1References13Affected Software1
Veracode
Veracode
•added 2020/09/21 6:33 a.m.•36 views

Arbitrary Code Execution

ruby is vulnerable to arbitrary code execution. An attacker is able to inject code in the first argument to the command argument to Shell or Shelltest in lib/shell.rb...

8.1CVSS5.4AI score0.04221EPSS
Exploits1References15Affected Software7
Veracode
Veracode
•added 2020/09/21 6:28 a.m.•36 views

Denial Of Service (DoS)

squid is vulnerable to denial of service DoS. The vulnerability exists due to an incorrect input validation, causing a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy...

7.5CVSS4.1AI score0.0918EPSS
Exploits0References12Affected Software4
Veracode
Veracode
•added 2020/09/21 6:28 a.m.•36 views

Privilege Escalation

Linux kernel is vulnerable to privilege escalation. A memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity...

7.8CVSS3.5AI score0.01319EPSS
Exploits1References13Affected Software5
Veracode
Veracode
•added 2020/09/21 6:27 a.m.•36 views

Denial Of Service (DoS)

graphicsmagick:xenial is vulnerable to denial of service DoS. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file...

6.5CVSS5.1AI score0.01724EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2020/09/21 6:24 a.m.•36 views

Denial Of Service (DoS)

chromium-browser is vulnerable to denial of service DoS. SkPath.cpp in Skia, as used in Google Chrome on Windows and OS X and on Linux, does not properly validate the return values of ChopMonoAtY calls, which allows remote attackers to cause a denial of service uninitialized memory access and...

8.8CVSS5.2AI score0.01088EPSS
Exploits0References5Affected Software4
Veracode
Veracode
•added 2020/09/21 6:18 a.m.•36 views

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of service DoS. There is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c...

4.2CVSS3.7AI score0.00281EPSS
Exploits0References6Affected Software3
Veracode
Veracode
•added 2020/08/28 1:54 a.m.•36 views

Session Fixation

symphonycms/symphony-2 is vulnerable to session fixation. The vulnerability exists as it does not regenerate the user's PHPSESSID cookie value upon a successful authentication. If a user's PHPSESSID cookie value can be modified by means of application logic or another vulnerability, an attacker...

7.5CVSS3.2AI score0.09421EPSS
Exploits5References8Affected Software1
Veracode
Veracode
•added 2020/08/06 9:37 p.m.•36 views

Buffer Over-reads

tcpdump is vulnerable to a buffer over-read. The vulnerability exists due to a flaw in print-fr.c:mfrprint...

7.5CVSS2.3AI score0.03985EPSS
Exploits0References21Affected Software1
Veracode
Veracode
•added 2020/08/06 9:32 p.m.•36 views

Denial Of Service (DoS)

libvirt is vulnerable to denial of service DoS. The vulnerability exists as an issue was discovered in qemuDomainGetStatsIOThread in qemu/qemudriver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving...

6.5CVSS3.2AI score0.02294EPSS
Exploits0References9Affected Software1
Veracode
Veracode
•added 2020/08/06 9:26 p.m.•36 views

Cross-site Scripting (XSS)

webkit2gtk is vulnerable to cross-site scripting XSS. The vulnerability exists as it fail to properly restrict input in web content...

7.1CVSS1.7AI score0.01128EPSS
Exploits0References14Affected Software28
Veracode
Veracode
•added 2020/07/17 5:32 a.m.•36 views

Information Disclosure

openjdk is vulnerable to information disclosure. HostnameChecker does not ensure X.509 certificate names are in normalized form, potentially resulting in an unauthorized read access...

3.7CVSS1.6AI score0.03284EPSS
Exploits0References20Affected Software6
Veracode
Veracode
•added 2020/06/24 3:8 a.m.•36 views

Remote Code Execution

docker is vulnerable to remote code execution. The vulnerability exists due to a security regression of CVE-2019-5736 due to inclusion of vulnerable runc...

8.8CVSS3.4AI score0.9857EPSS
Exploits33References8Affected Software1
Veracode
Veracode
•added 2020/06/16 4:49 a.m.•36 views

Cross-Site Scripting (XSS)

dijit is vulnerable to cross-site scripting. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the Editor's LinkDialog plugin...

5.4CVSS4.3AI score0.01183EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2020/06/15 5:12 a.m.•36 views

Remote Code Execution

jackson-databind is vulnerable to remote code execution. It was possible to use the apache-drill gadget type as a serialization gadget through polymorphic typing and execute arbitrary code on the system...

8.1CVSS4.6AI score0.08607EPSS
Exploits0References11Affected Software16
Veracode
Veracode
•added 2020/06/15 4:11 a.m.•36 views

Remote Code Execution (RCE)

jackson-databind is vulnerable to deserialization of untrusted data that can lead to remote code execution. It is possible because the untrusted class com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool was not filtered by default from the interaction between serialization gadgets and...

8.1CVSS4.4AI score0.08072EPSS
Exploits0References11Affected Software245
Veracode
Veracode
•added 2020/05/21 3:40 a.m.•36 views

Denial Of Service (DoS)

OpenJDK is vulnerable to denial of service. The vulnerability exists through uncaught InstantiationError exception in ObjectStreamClass which allows an attacker to cause an application crash...

3.7CVSS6.3AI score0.04211EPSS
Exploits0References20Affected Software6
Veracode
Veracode
•added 2020/05/14 4:41 a.m.•36 views

Insecure Deserialization

typo3/cms-core is vulnerable to insecure deserialization. The vulnerability is possible when the unserialize method is invoked on the malicious user provided-content with Class destructors, leading to a deletion of arbitrary directory in file system and to message submission via email, using the...

10CVSS4.4AI score0.01472EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2020/05/10 11:26 p.m.•36 views

Incorrect Number Generator

nss is vulnerable to incorrect number generation. The vulnerability exists as a flaw in DRBG number generation within the Network Security Services NSS library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue a...

5.3CVSS2.2AI score0.02642EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2020/05/10 11:24 p.m.•36 views

Denial Of Service (DoS)

memcached is vulnerable to denial of service DoS. The vulnerability exists as the tryreadcommand function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service segmentation fault via a request to add/set a key, which makes a comparison between signed and...

9.8CVSS5.4AI score0.19854EPSS
Exploits3References6Affected Software1
Veracode
Veracode
•added 2020/05/06 3:17 a.m.•36 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. The vulnerability exists when cpu.cfsquotaus is used which allows attackers to cause a denial of service against non-cpu-bound applications...

5.5CVSS6.6AI score0.00949EPSS
Exploits1References12Affected Software1
Veracode
Veracode
•added 2020/04/10 1:9 a.m.•36 views

Arbitrary Code Execution

ghostscript is vulnerable to arbitrary code execution. The vulnerability exists as it was found that Ghostscript always tried to read Ghostscript system initialization files from the current working directory before checking other directories, even if a search path that did not contain the curren...

7.2CVSS2.8AI score0.00505EPSS
Exploits1References23Affected Software1
Total number of security vulnerabilities5000