Lucene search
K
VeracodeMost viewed

38332 matches found

Veracode
Veracode
•added 2021/10/07 10:16 a.m.•36 views

Denial Of Service (DoS)

chromium is vulnerable to denial of service. An attacker is able to crash the system by exploiting a heap corruption via a maliciously crafted HTML page...

8.8CVSS1.8AI score0.34887EPSS
Exploits0References11Affected Software3
Veracode
Veracode
•added 2021/10/05 1:27 p.m.•36 views

Denial Of Service (DoS)

Redis is vulnerable to denial of service. An attacker may exploit the vulnerability by injecting a malicious requests over multiple connections can cause the server to allocate significant amount of memory causing it to crash...

7.5CVSS3.3AI score0.1578EPSS
Exploits0References19Affected Software2
Veracode
Veracode
•added 2021/10/05 12:6 p.m.•36 views

Denial Of Service (DoS)

Redis is vulnerable to denial of service. An integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and client-query-buffer-limit configuration parameters to very larg...

7.5CVSS5.5AI score0.03688EPSS
Exploits0References17Affected Software2
Veracode
Veracode
•added 2021/09/20 3:36 a.m.•36 views

Bypass Of Secure Validation

Apache Santuario is vulnerable to bypass of secure validation. Lack of secure handling of secureValidation property allows an attacker to abuse an XPath Transform and to extract any local .xml files in a RetrievalMethod element during the creation of a KeyInfo from a KeyInfoReference element...

7.5CVSS2.4AI score0.10448EPSS
Exploits0References24Affected Software16
Veracode
Veracode
•added 2021/09/10 6:15 a.m.•36 views

Denial Of Service(DoS)

netty-codec is vulnerable to denial of service. The vulnerability exists due to lack of allocation size restriction on the decompressed output data in the Bzip2 decompression decoder function, leading to an OOME...

7.5CVSS3.4AI score0.0628EPSS
Exploits0References21Affected Software28
Veracode
Veracode
•added 2021/09/01 3:51 a.m.•36 views

Remote Code Execution (RCE)

@npmcli/arborist is vulnerable to remote code execution. The vulnerability exists due to a symlink dependency where an attacker is able to create arbitrary contents to be written to any location on the filesystem...

8.2CVSS4.1AI score0.00576EPSS
Exploits0References6Affected Software3
Veracode
Veracode
•added 2021/08/06 8:30 p.m.•36 views

Denial Of Service (DoS)

go is vulnerable to Denial Of Service DoS. The vulnerability exists due to a race condition where the system is trying to access the same resources leading to denial of service...

5.9CVSS6.5AI score0.03128EPSS
Exploits0References19Affected Software18
Veracode
Veracode
•added 2021/07/14 9:3 p.m.•36 views

Denial Of Service (DoS)

firefox:edge is vulnerable to denial of service...

8.8CVSS2AI score0.01428EPSS
Exploits1References7Affected Software8
Veracode
Veracode
•added 2021/07/13 8:34 a.m.•36 views

Denial Of Service (DoS)

sshd-core is vulnerable to denial of service. SFTP and port forwarding feature of the library allows an attacker to send maximum data to cause the boundary overflow on BufferedIoOutputStream writing, causing an OutOfMemory error...

6.5CVSS4AI score0.03394EPSS
Exploits0References9Affected Software22
Veracode
Veracode
•added 2021/07/10 6:13 p.m.•36 views

Denial Of Service (DoS)

openexr:stretch is vulnerable to denial of service. An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEX. An attacker could use this flaw to crash an application compiled with OpenEXR...

5.5CVSS3.9AI score0.01153EPSS
Exploits0References7Affected Software2
Veracode
Veracode
•added 2021/07/06 12:2 a.m.•36 views

Information Disclosure

libvirt is vulnerable to information disclosure. An attacker is able to access files of other users when the system generates SELiinux MCS category pairs for VMs' dynamic labels...

6.3CVSS3.8AI score0.00493EPSS
Exploits1References8Affected Software1
Veracode
Veracode
•added 2021/06/17 8:36 a.m.•36 views

Denial Of Service (DoS)

cxf-rt-rs-json-basic is vulnerable to denial of service. An attacker is able to cause a thread to be stuck in an infinite loop due to an insecure parsing of JSON in JsonMapObjectReaderWriter...

7.5CVSS4.1AI score0.07024EPSS
Exploits0References26Affected Software1
Veracode
Veracode
•added 2021/05/24 9:12 a.m.•36 views

Denial Of Service (DoS)

linux kernel is vulnerable to denial of service. The vulnerability exists due to a NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality...

4.4CVSS3.1AI score0.00366EPSS
Exploits1References6Affected Software3
Veracode
Veracode
•added 2021/05/24 9:1 a.m.•36 views

Arbitrary Code Execution

unbound is vulnerable to arbitrary code execution. An integer overflow in the regional allocator via the ALIGNUP macro allows an attacker to execute arbitrary code on the host OS...

9.8CVSS5.6AI score0.01783EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2021/05/24 2:29 a.m.•36 views

Information Disclosure

bouncycastle is vulnerable to information disclosure. The vulnerability exists due to a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures...

5.9CVSS1.5AI score0.01522EPSS
Exploits0References4Affected Software11
Veracode
Veracode
•added 2021/05/21 2:1 p.m.•36 views

Denial Of Service (DoS)

trousers is vulnerable to denial of service. The vulnerability exists when daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks which allows the tss user to create or corrupt existing files, which could possibly lead to a DoS attack...

5.5CVSS5.3AI score0.00553EPSS
Exploits1References11Affected Software1
Veracode
Veracode
•added 2021/05/12 5:18 a.m.•36 views

Insecure Deserialization

wire allows insecure deserialization. The way the type information is handled in its serialization format allows an attacker to pass malicious payloads a different type for the receiving end to the deserializer and potentially cause unexpected application behavior...

9.1CVSS3.3AI score0.01584EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2021/05/08 2:25 p.m.•36 views

Denial Of Service (DoS)

lz4 is vulnerable to denial of service. An integer overflow occurs when one of the memmove arguments is set to negative, resulting in an application crash...

9.8CVSS5.5AI score0.03216EPSS
Exploits0References12Affected Software2
Veracode
Veracode
•added 2021/04/29 1:27 p.m.•36 views

Information Disclosure

chromium is vulnerable to information disclosure. The vulnerability exists due to insufficient data validation that allows a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS2.4AI score0.00814EPSS
Exploits0References9Affected Software1
Veracode
Veracode
•added 2021/03/30 8:15 p.m.•36 views

Use After Free

webkit2gtk is vulnerable to a use after free issue. Processing maliciously crafted web content may lead to arbitrary code execution...

7.8CVSS3.4AI score0.01361EPSS
Exploits0References18Affected Software17
Veracode
Veracode
•added 2021/03/24 4:3 a.m.•36 views

Regular Expression Denial Of Service (ReDoS)

hosted-git-info is vulnerable to regular expression denial of service ReDoS. An attacker can provide a malicious string via shortcutMatch in the function fromUrl in index.js to crash the application...

5.3CVSS3AI score0.03612EPSS
Exploits1References6Affected Software3
Veracode
Veracode
•added 2021/03/23 6:36 a.m.•36 views

Regular Expression Denial Of Service (ReDos)

xstream is vulnerable to regular expression denial of service. A remote attacker is able to occupy a thread that consumes excessive CPU resources for long period of time...

7.5CVSS3.9AI score0.13832EPSS
Exploits0References21Affected Software5
Veracode
Veracode
•added 2021/03/18 4:30 a.m.•36 views

Regular Expression Denial Of Service (ReDoS)

ua-parser-js is vulnerable to regular expression denial of service. An attacker is able to exploit the vulnerability by sending a malicious User-Agent header under the device type causing the system to process the header for an extended period of time...

7.5CVSS3.7AI score0.03366EPSS
Exploits1References5Affected Software2
Veracode
Veracode
•added 2021/03/17 8:8 a.m.•36 views

Denial Of Service (DoS)

json-smart is vulnerable to denial of service DoS attacks. An unhandled NumberFormatException thrown from the function extractFloat in JSONParserBase.java allows a remote attacker to crash programs or leak sensitive information...

5.9CVSS3.5AI score0.02886EPSS
Exploits1References13Affected Software1
Veracode
Veracode
•added 2021/03/17 5:7 a.m.•36 views

Authorization Bypass

moodle/moodle is vulnerable to authorization bypass. When creating a user account, it was possible to verify the account without having access to the verification email link/secret...

5.3CVSS3.7AI score0.01266EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2021/03/15 7:41 a.m.•36 views

Remote Code Execution (RCE)

xstream is vulnerable to remote code execution. An attacker is able to manipulate the processed input stream and replace or inject objects which would result in the execution of arbitrary code loaded from a remote server...

9.8CVSS3.7AI score0.76367EPSS
Exploits1References21Affected Software4
Veracode
Veracode
•added 2021/03/12 10:54 p.m.•36 views

Out-of-Bounds Access

openjpeg is vulnerable to out-of-bounds write. An attacker is able to inject a malicious input during conversion and encoding, causing an out-of-bounds write...

7.8CVSS5.6AI score0.01329EPSS
Exploits0References9Affected Software3
Veracode
Veracode
•added 2021/03/10 6:6 a.m.•36 views

OS Command Injection

react-dev-utils is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands on the host OS due to the usage of childprocess.execFileSync in the function getProcessIdOnPort...

5.6CVSS6.3AI score0.03289EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2021/03/10 3:36 a.m.•36 views

Denial Of Service (DoS)

ImageMagick is vulnerable to denial of service DoS. An attacker is able to send a malicious file to trigger undefined behavior in the form of math division by zero...

5.5CVSS2.5AI score0.01228EPSS
Exploits0References5Affected Software4
Veracode
Veracode
•added 2021/02/26 6:53 a.m.•36 views

Cross-Site Scripting (XSS)

nanohttpd is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript code in a user's browser via the GeneralHandler class that implements a basic GET handler which prints debug information as an HTML page...

6.1CVSS2.2AI score0.00751EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2021/02/26 2:10 a.m.•36 views

Information Disclosure

Python is vulnerable to information disclosure. The vulnerability exists because Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP...

9.8CVSS0.6AI score0.08235EPSS
Exploits0References20Affected Software10
Veracode
Veracode
•added 2021/02/05 3:55 a.m.•36 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. An incorrect umask configuration during file or directory modification in the way user create and delete object using NFSv4.2 or newer, if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2, allows a user with access...

4.9CVSS2.6AI score0.01347EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2021/01/27 7:32 p.m.•36 views

Information Disclosure

firefox is vulnerable to information disclosure. The vulnerability exists by combining the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine...

7.4CVSS0.01323EPSS
Exploits0References9Affected Software9
Veracode
Veracode
•added 2021/01/14 5:32 a.m.•36 views

Regular Expression Denial Of Service (ReDoS)

jquery-validation is vulnerable to regular expression denial of service. An insecure use of a regular expression to parse URLs allows an attacker to cause a denial of service condition via a malicious URL...

7.5CVSS5.4AI score0.03532EPSS
Exploits0References9Affected Software3
Veracode
Veracode
•added 2021/01/12 10:25 p.m.•36 views

Denial Of Service (DoS)

imagemagick is vulnerable to denial of service DoS. The vulnerability exists through the TIFFSetProfiles function in coders/tiff.c where TIFFGetField return values imply that data validation has occurred...

6.5CVSS2.9AI score0.02616EPSS
Exploits1References5Affected Software2
Veracode
Veracode
•added 2020/12/24 9:46 p.m.•36 views

Denial Of Service (DoS)

open-iscsi is vulnerable to denial of service DoS. The vulnerability exists through an Out-of-Bounds read in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upperlayerchksum in net/ipv4/uip.c...

7.5CVSS3AI score0.03194EPSS
Exploits0References4Affected Software3
Veracode
Veracode
•added 2020/12/22 4:41 a.m.•36 views

Insecure XML Parsing

github.com/crewjam/saml does not perform secure XML parsing. An attacker is able to forge part of a signed XML document due to a lack of validation...

9.8CVSS3.2AI score0.04872EPSS
Exploits1References9Affected Software2
Veracode
Veracode
•added 2020/12/21 6:50 p.m.•36 views

Denial Of Service(DoS)

chromium, sid is vulnerable to Denial of ServiceDoS. Inappropriate implementation in V8 in Google Chrome allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS2.7AI score0.01653EPSS
Exploits0References11Affected Software1
Veracode
Veracode
•added 2020/12/19 6:4 a.m.•36 views

Denial Of Service(DoS)

lldpd is denial of serviceDoS. The buffer overflow in the lldpdecode function in daemon/protocols/lldp.c...

9.8CVSS3.4AI score0.05493EPSS
Exploits0References11Affected Software10
Veracode
Veracode
•added 2020/12/06 3:50 a.m.•36 views

Denial Of Service (DoS)

libdbi-perl is vulnerable to denial of service. An untrusted pointer dereference allows a local attacker who is able to manipulate calls to dbddblogin6sv, cause a memory corruption and crash the application...

5.5CVSS3.2AI score0.00576EPSS
Exploits0References9Affected Software1
Veracode
Veracode
•added 2020/12/06 3:19 a.m.•36 views

Arbitrary Code Execution

openexr is vulnerable to arbitrary code execution. An invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code...

8.8CVSS3.6AI score0.03166EPSS
Exploits0References11Affected Software1
Veracode
Veracode
•added 2020/12/06 2:35 a.m.•36 views

Denial Of Service (DoS)

qemu is vulnerable to denial of service. The vulnerability exists through hw/usb/hcd-ohci.c due to an infinite loop when a TD list has a loop allowing an attacker to cause an application crash...

5.3CVSS5.7AI score0.00441EPSS
Exploits0References6Affected Software7
Veracode
Veracode
•added 2020/12/06 2:28 a.m.•36 views

Privilege Escalation

linux-kvm is vulnerable to privilege escalation. The vulnerability exists as the rbd block device driver in drivers/block/rbd.c used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices...

4.1CVSS4.6AI score0.00308EPSS
Exploits0References8Affected Software5
Veracode
Veracode
•added 2020/12/04 4:39 p.m.•36 views

Denial Of Service (DoS)

nsd is vulnerable to denial of service. An attacker is able to overwrite the PID file via a local symlink attack which will cause the application to crash...

5.5CVSS3AI score0.00484EPSS
Exploits0References6Affected Software4
Veracode
Veracode
•added 2020/11/23 11:16 a.m.•36 views

Privilege Escalation

Moodle is vulnerable to privilege escalation. Users students are able to add entries within groups they do not belong to...

6.5CVSS4.3AI score0.01329EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2020/11/19 11:31 a.m.•36 views

Remote Code Execution

unomi-plugins-base is vulnerable to arbitrary code execution. An insufficient fix for CVE-2020-11975 allows an attacker to bypass the allowlist and blocklist and remotely execute arbitrary code...

9.8CVSS5.1AI score0.68398EPSS
Exploits9References18Affected Software1
Veracode
Veracode
•added 2020/11/17 5:32 a.m.•36 views

Remote Code Execution (RCE)

XStream is vulnerable to remote code execution RCE. The processed stream at unmarshalling time contains type information to recreate the formerly written objects, and new instances are created based on these type information. The vulnerability allows an attacker to manipulate the processed input...

8.8CVSS3.7AI score0.85001EPSS
Exploits7References20Affected Software2
Veracode
Veracode
•added 2020/11/05 3:17 a.m.•36 views

Denial Of Service (DoS)

qt5-qtwebsockets is vulnerable to denial of service. An insecure websocket implementation allows only limited size for frames and messages and allows an attacker to cause a denial of service...

7.5CVSS3.6AI score0.02281EPSS
Exploits1References5Affected Software3
Veracode
Veracode
•added 2020/11/05 3:9 a.m.•36 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. The vulnerability exists due to a memory leak in the rtl8xxxusubmitinturb function which allows an attacker to crash the kernel...

4.6CVSS6.4AI score0.00451EPSS
Exploits0References16Affected Software2
Veracode
Veracode
•added 2020/10/26 5:9 a.m.•36 views

Information Disclosure

guava is vulnerable to Information Disclosure. A folder with insecure permissions is created by the function com.google.common.io.Files.createTempDir. A local user will be able to steal secrets stored in this directory...

3.3CVSS5.6AI score0.00964EPSS
Exploits1References78Affected Software19
Total number of security vulnerabilities5000