Lucene search
K
VeracodeMost viewed

38326 matches found

Veracode
Veracode
•added 2020/06/24 3:8 a.m.•36 views

Remote Code Execution

docker is vulnerable to remote code execution. The vulnerability exists due to a security regression of CVE-2019-5736 due to inclusion of vulnerable runc...

8.8CVSS3.4AI score0.9857EPSS
Exploits33References8Affected Software1
Veracode
Veracode
•added 2020/06/23 3:37 a.m.•36 views

Denial Of Service (DoS)

unbound is vulnerable to denial of service DoS. The vulnerability exists due to an incomplete fix for CVE-2020-12662 in RHEL7...

7.5CVSS2.8AI score0.03171EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2020/06/16 4:49 a.m.•36 views

Cross-Site Scripting (XSS)

dijit is vulnerable to cross-site scripting. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the Editor's LinkDialog plugin...

5.4CVSS4.3AI score0.01183EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2020/06/09 2:45 a.m.•36 views

Denial Of Service (DoS)

unbound is vulnerable to Denial of Service DoS. The attack exists because of amplification of an incoming query into a large number of queries directed to a target...

7.5CVSS3.2AI score0.03588EPSS
Exploits0References14Affected Software4
Veracode
Veracode
•added 2020/05/21 3:40 a.m.•36 views

Denial Of Service (DoS)

OpenJDK is vulnerable to denial of service. The vulnerability exists through uncaught InstantiationError exception in ObjectStreamClass which allows an attacker to cause an application crash...

3.7CVSS6.3AI score0.04211EPSS
Exploits0References20Affected Software6
Veracode
Veracode
•added 2020/05/14 4:41 a.m.•36 views

Insecure Deserialization

typo3/cms-core is vulnerable to insecure deserialization. The vulnerability is possible when the unserialize method is invoked on the malicious user provided-content with Class destructors, leading to a deletion of arbitrary directory in file system and to message submission via email, using the...

10CVSS4.4AI score0.01472EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2020/05/10 11:26 p.m.•36 views

Incorrect Number Generator

nss is vulnerable to incorrect number generation. The vulnerability exists as a flaw in DRBG number generation within the Network Security Services NSS library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue a...

5.3CVSS2.2AI score0.02642EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2020/05/10 11:25 p.m.•36 views

Privilege Escalation

subversion is vulnerable to privilege escalation. The vulnerability exists as a maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicio...

9.8CVSS1.6AI score0.18892EPSS
Exploits3References15Affected Software1
Veracode
Veracode
•added 2020/05/10 11:24 p.m.•36 views

Denial Of Service (DoS)

memcached is vulnerable to denial of service DoS. The vulnerability exists as the tryreadcommand function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service segmentation fault via a request to add/set a key, which makes a comparison between signed and...

9.8CVSS5.4AI score0.19854EPSS
Exploits3References6Affected Software1
Veracode
Veracode
•added 2020/05/08 2:8 a.m.•36 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. A memory leak when idralloc fails in genlregisterfamily in net/netlink/genetlink.c allows an attacker to crash the system...

4.7CVSS3.9AI score0.00497EPSS
Exploits1References8Affected Software1
Veracode
Veracode
•added 2020/05/06 3:17 a.m.•36 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. The vulnerability exists when cpu.cfsquotaus is used which allows attackers to cause a denial of service against non-cpu-bound applications...

5.5CVSS6.6AI score0.00949EPSS
Exploits1References12Affected Software1
Veracode
Veracode
•added 2020/04/30 2:23 a.m.•36 views

Information Disclosure

git is vulnerable to information disclosure. A malicious URL containing new lines, empty host or lacks a scheme can cause credential leak...

7.5CVSS0.8AI score0.03899EPSS
Exploits0References17Affected Software2
Veracode
Veracode
•added 2020/04/10 1:9 a.m.•36 views

Arbitrary Code Execution

ghostscript is vulnerable to arbitrary code execution. The vulnerability exists as it was found that Ghostscript always tried to read Ghostscript system initialization files from the current working directory before checking other directories, even if a search path that did not contain the curren...

7.2CVSS2.8AI score0.00505EPSS
Exploits1References23Affected Software1
Veracode
Veracode
•added 2020/04/10 1:9 a.m.•36 views

Arbitrary Code Execution

firefoxi s vulnerable to arbitrary code execution. The vulnerability in Sanitiser for OpenType OTS, used by Firefox to help prevent potential exploits in malformed OpenType fonts. A web page containing malicious content could cause Firefox to crash or, under certain conditions, possibly execute...

6.8CVSS3.5AI score0.01676EPSS
Exploits1References19Affected Software3
Veracode
Veracode
•added 2020/04/10 1:8 a.m.•36 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the way the Linux kernel handled VLAN 0 frames with the priority tag set. When using certain network drivers, an attacker on the local network could use this flaw to cause a denial of service...

5.7CVSS2.6AI score0.01015EPSS
Exploits0References9Affected Software1
Veracode
Veracode
•added 2020/04/10 1:7 a.m.•36 views

Arbitrary Code Execution

firefox is vulnerable to arbitrary code execution. The vulnerability exists as two flaws were found in the way Firefox parsed certain Scalable Vector Graphics SVG image files. A web page containing a malicious SVG image file could cause an information leak, or cause Firefox to crash or,...

9.3CVSS3.2AI score0.0663EPSS
Exploits0References34Affected Software3
Veracode
Veracode
•added 2020/04/10 1:7 a.m.•36 views

Denial Of Service (DoS)

kernel is vulnerable to Denial of Service DoS. The vulnerability exists as a flaw was found in the Linux kernel's clock implementation on 32-bit, SMP symmetric multiprocessing systems. A local, unprivileged user could use this flaw to cause a divide error fault, resulting in a denial of service...

4.9CVSS3.5AI score0.00481EPSS
Exploits1References8Affected Software1
Veracode
Veracode
•added 2020/04/10 1:7 a.m.•36 views

Privilege Escalation

util-linux is vulnerable to privilege escalation. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems...

3.3CVSS4.2AI score0.00404EPSS
Exploits0References22Affected Software2
Veracode
Veracode
•added 2020/04/10 1:5 a.m.•36 views

Denial Of Service (DoS)

krb5-appl is vulnerable to a buffer overflow flaw. Due to a flaw in libtelnet/encrypt.c, a remote attacker can access the telnet port of a target machine, subsequently executing arbitrary code as root...

10CVSS6AI score0.95104EPSS
Exploits19References45Affected Software2
Veracode
Veracode
•added 2020/04/10 12:56 a.m.•36 views

Denial Of Service (DoS)

avahi is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the way the Avahi daemon avahi-daemon processed multicast DNS mDNS packets with an empty payload. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to enter an...

5CVSS2.4AI score0.29361EPSS
Exploits1References36Affected Software1
Veracode
Veracode
•added 2020/04/10 12:55 a.m.•36 views

Denial Of Service (DoS)

kernel is vulnearble to denial of service. A flaw was found in the Linux kernel execve system call implementation. A local, unprivileged user could cause large amounts of memory to be allocated but not visible to the OOM Out of Memory killer, triggering a denial of service...

4.9CVSS4.4AI score0.0091EPSS
Exploits3References24Affected Software2
Veracode
Veracode
•added 2020/04/10 12:55 a.m.•36 views

Privilege Escalation

glibc is vulnerable to privilege escalation. It was discovered that the glibc addmntent function did not sanitize its input properly. A local attacker could possibly use this flaw to inject malformed lines into /etc/mtab via certain setuid mount helpers, if the attacker were allowed to mount to a...

7.2CVSS6AI score0.00592EPSS
Exploits1References25Affected Software1
Veracode
Veracode
•added 2020/04/10 12:55 a.m.•36 views

Information Disclosure

kernel is vulnerable to information disclosure. Missing initialization flaws in the Linux kernel could lead to information leaks...

1.9CVSS1.2AI score0.01542EPSS
Exploits8References37Affected Software2
Veracode
Veracode
•added 2020/04/10 12:54 a.m.•36 views

Arbitrary Code Execution

firefox is vulnerable to arbitrary code execution. A flaw was found in the way Firefox handled malformed JPEG images. A website containing a malicious JPEG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox...

9.3CVSS3.1AI score0.04698EPSS
Exploits0References10Affected Software3
Veracode
Veracode
•added 2020/04/10 12:53 a.m.•36 views

Denial Of Service (DoS)

php is vulnerable to denial of service DoS. The vulnerability exists as a NULL pointer dereference flaw was discovered in the PHP XML-RPC extension. A malicious XML-RPC client or server could use this flaw to crash the PHP interpreter via a specially-crafted XML-RPC request...

5CVSS2.1AI score0.11528EPSS
Exploits2References17Affected Software1
Veracode
Veracode
•added 2020/04/10 12:53 a.m.•36 views

Denial Of Service (DoS)

mysql is vulnerable to denial of service DoS. The vulnerability exists as a flaw in the way MySQL processed SQL queries containing IN or CASE statements, when a NULL argument was provided as one of the arguments to the query, could allow a remote, authenticated attacker to crash mysqld...

4CVSS4.1AI score0.12229EPSS
Exploits1References17Affected Software1
Veracode
Veracode
•added 2020/04/10 12:53 a.m.•36 views

Man-in-the-Middle (MitM)

seamonkey is vulnerable to man-in-the-middle attack. A flaw was found in the way SeaMonkey matched SSL certificates when the certificates had a Common Name containing a wildcard and a partial IP address. SeaMonkey incorrectly accepted connections to IP addresses that fell within the SSL...

4.3CVSS3.1AI score0.01096EPSS
Exploits0References17Affected Software6
Veracode
Veracode
•added 2020/04/10 12:52 a.m.•36 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. A flaw was found in the Linux kernel's CPU time clocks implementation for the POSIX clock interface. A local, unprivileged user could use this flaw to cause a denial of service...

4.9CVSS3.4AI score0.00321EPSS
Exploits2References19Affected Software2
Veracode
Veracode
•added 2020/04/10 12:52 a.m.•36 views

Cross-Site Scripting (XSS)

firefox is vulnerable to cross-site scripting. A cross-site scripting XSS flaw was found in the Firefox x-mac-arabic, x-mac-farsi, and x-mac-hebrew character encodings. Certain characters were converted to angle brackets when displayed. If server-side script filtering missed these cases, it could...

4.3CVSS2.3AI score0.04451EPSS
Exploits0References22Affected Software2
Veracode
Veracode
•added 2020/04/10 12:52 a.m.•36 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. An integer overflow flaw was found in the extent range checking code in the Linux kernel's ext4 file system implementation. A local, unprivileged user with write access to an ext4-mounted file system could trigger this flaw by writing to a file at a very...

4.7CVSS4.1AI score0.00376EPSS
Exploits0References27Affected Software1
Veracode
Veracode
•added 2020/04/10 12:50 a.m.•36 views

Arbitrary Code Execution

firefox is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox...

9.3CVSS4.6AI score0.06451EPSS
Exploits1References25Affected Software4
Veracode
Veracode
•added 2020/04/10 12:48 a.m.•36 views

Remote Code Execution (RCE)

PostgreSQL is vulnerable to remote code execution RCE. Due to a flaw found in the way PostgreSQL enforced permission checks on scripts written in PL/Tcl, if the PL/Tcl procedural language was registered on a particular database, an authenticated database user running a specially-crafted PL/Tcl...

6CVSS2.4AI score0.02888EPSS
Exploits1References38Affected Software2
Veracode
Veracode
•added 2020/04/10 12:48 a.m.•36 views

Access Restriction Bypass

PostgreSQL is vulnerable to Access Restriction Bypass. Due to a flaw found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially-crafted PL/Perl...

8.5CVSS1.5AI score0.04081EPSS
Exploits1References40Affected Software2
Veracode
Veracode
•added 2020/04/10 12:48 a.m.•36 views

Cross-site Scripting (XSS)

firefox is vulnerable to cross-site scripting XSS. The vulnerability exists as a web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website...

4.3CVSS1.2AI score0.02107EPSS
Exploits0References17Affected Software6
Veracode
Veracode
•added 2020/04/10 12:47 a.m.•36 views

Denial Of Service (DoS)

httpd is vulnerable to denial of service. It was discovered that modproxyajp incorrectly returned an "Internal Server Error" response when processing certain malformed requests, which caused the back-end server to be marked as failed in configurations where modproxy is used in load balancer mode....

5CVSS1.3AI score0.20787EPSS
Exploits1References59Affected Software1
Veracode
Veracode
•added 2020/04/10 12:47 a.m.•36 views

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service. It was found that the OpenSSL library did not properly re-initialize its internal state in the SSLlibraryinit function after previous calls to the CRYPTOcleanupallexdata function, which would cause a memory leak for each subsequent SSL connection. This...

5CVSS0.9AI score0.08941EPSS
Exploits0References32Affected Software1
Veracode
Veracode
•added 2020/04/10 12:47 a.m.•36 views

Arbitrary Code Execution

freetype is vulnerable to arbitrary code execution. Two stack overflow flaws were found in the way the FreeType font engineprocessed certain Compact Font Format CFF character strings opcodes. If a user loaded a specially-crafted font file with an application linked against FreeType, it could caus...

9.3CVSS3.3AI score0.30653EPSS
Exploits7References24Affected Software1
Veracode
Veracode
•added 2020/04/10 12:46 a.m.•36 views

Arbitary Code Execution

krb5 is vulnerable to arbitrary code execution. Multiple integer underflow flaws, leading to heap-based corruption, were found in the way the MIT Kerberos Key Distribution Center KDC decrypted ciphertexts encrypted with the Advanced Encryption Standard AES and ARCFOUR RC4 encryption algorithms. I...

10CVSS4.5AI score0.07411EPSS
Exploits0References33Affected Software1
Veracode
Veracode
•added 2020/04/10 12:46 a.m.•36 views

Authorization Bypass

kernel is vulnerable to authorization bypass. The vulnerability exists as a missing check was found in the mextcheckarguments function in the ext4 file system code. A local user could use this flaw to cause the MOVEEXT IOCTL to overwrite the contents of an append-only file on an ext4 file system,...

5.5CVSS2.1AI score0.00377EPSS
Exploits0References15Affected Software1
Veracode
Veracode
•added 2020/04/10 12:46 a.m.•36 views

Spoofing Attack

firefox is vulnerable to spoofing attack. A flaw was found in the way Firefox displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not...

2.6CVSS2.7AI score0.01873EPSS
Exploits1References6Affected Software3
Veracode
Veracode
•added 2020/04/10 12:46 a.m.•36 views

Information Disclosure

firefox is vulnerable to information disclosure. The vulnerability exists as an attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with Firefox...

4.3CVSS2.2AI score0.00957EPSS
Exploits1References6Affected Software2
Veracode
Veracode
•added 2020/04/10 12:44 a.m.•36 views

Authorization Bypass

firefox is vulnerable to authorization bypass. The vulnerability exists as an attacker could use these flaws to create a malicious web page that could bypass the same-origin policy, or possibly run untrusted JavaScript...

4.3CVSS2.5AI score0.02965EPSS
Exploits0References20Affected Software2
Veracode
Veracode
•added 2020/04/10 12:43 a.m.•36 views

Arbitrary Code Execution

libpng is vulnerable to arbitrary code execution.The vulnerability exists as a memory corruption flaw was found in the way applications, using the libpng library and its progressive reading method, decoded certain PNG images. An attacker could create a specially-crafted PNG image that, when opene...

9.8CVSS3.6AI score0.43382EPSS
Exploits7References52Affected Software5
Veracode
Veracode
•added 2020/04/10 12:41 a.m.•36 views

Denial Of Service (DoS)

The kernel is vulnerable to Denial Of Service DoS. A flaw was found in each of the following Intel PRO/1000 Linux drivers in the Linux kernel: e1000 and e1000e. A remote attacker using packets larger than the MTU could bypass the existing fragment check, resulting in partial, invalid frames being...

7.8CVSS4.1AI score0.05227EPSS
Exploits0References40Affected Software2
Veracode
Veracode
•added 2020/04/10 12:39 a.m.•36 views

Denial Of Service (DoS)

Samba is vulnerable to Denial of Service DoS. A denial of service flaw was found in the Samba smbd daemon. An authenticated, remote user could send a specially-crafted response that would cause an smbd child process to enter an infinite loop. An authenticated, remote user could use this flaw to...

4CVSS2.6AI score0.04207EPSS
Exploits1References33Affected Software1
Veracode
Veracode
•added 2020/04/10 12:39 a.m.•36 views

Cross-site Scripting (XSS)

squirrelmail is vulnerable to cross-site scripting XSS. The vulnerability exists as it was discovered that SquirrelMail did not properly sanitize Cascading Style Sheets CSS directives used in HTML mail. A remote attacker could send a specially-crafted email that could place mail content above...

4.3CVSS1.1AI score0.01745EPSS
Exploits0References27Affected Software1
Veracode
Veracode
•added 2020/04/10 12:39 a.m.•36 views

Privilege Escalation

kernel is vulnerable to privilege escalation. The vulnerability exists as a flaw was found in the NFSv4 implementation. The kernel would do an unnecessary permission check after creating a file. This check would usually fail and leave the file with the permission bits set to random values...

4.6CVSS3.2AI score0.00468EPSS
Exploits1References17Affected Software1
Veracode
Veracode
•added 2020/04/10 12:39 a.m.•36 views

Information Disclosure

The kernel is vulnerable to Information Disclosure. Due to missing initialization flaws found in the Linux kernel, padding data in several core network structures was not initialized properly before being sent to user-space. These flaws could lead to information leaks...

2.1CVSS1.7AI score0.00397EPSS
Exploits0References30Affected Software2
Veracode
Veracode
•added 2020/04/10 12:35 a.m.•36 views

Denial Of Service (DoS)

The kernel package is vulnerable to denial of service DoS. The possibility of a timeout value overflow was found in the Linux kernel high-resolution timers functionality, hrtimers. This could allow a local, unprivileged user to execute arbitrary code, or cause a denial of service kernel panic...

7.2CVSS6.1AI score0.00478EPSS
Exploits0References31Affected Software1
Veracode
Veracode
•added 2020/04/10 12:33 a.m.•36 views

Information Disclosure

kernel is vulnerable to information disclosure. The vulnerability exists as a flaw was found in the AGPGART driver. The agpgenericallocpage and agpgenericallocpages functions did not zero out the memory pages they allocate, which may later be available to user-space processes. This flaw could...

4.9CVSS1.4AI score0.00392EPSS
Exploits1References34Affected Software2
Total number of security vulnerabilities5000