Lucene search
K
VeracodeMost viewed

38332 matches found

Veracode
Veracode
•added 2020/09/21 6:23 a.m.•36 views

Privilege Escalation

linux is vulnerable to privilege escalation. The vulnerability exists as a reference count is mishandled in rxqueueaddkobject and netdevqueueaddkobject in net/core/net-sysfs.c...

5.5CVSS3AI score0.00443EPSS
Exploits0References5Affected Software4
Veracode
Veracode
•added 2020/09/21 6:18 a.m.•36 views

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of service DoS. There is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c...

4.2CVSS3.7AI score0.00281EPSS
Exploits0References6Affected Software3
Veracode
Veracode
•added 2020/08/28 1:54 a.m.•36 views

Session Fixation

symphonycms/symphony-2 is vulnerable to session fixation. The vulnerability exists as it does not regenerate the user's PHPSESSID cookie value upon a successful authentication. If a user's PHPSESSID cookie value can be modified by means of application logic or another vulnerability, an attacker...

7.5CVSS3.2AI score0.09421EPSS
Exploits5References8Affected Software1
Veracode
Veracode
•added 2020/08/06 9:37 p.m.•36 views

Buffer Over-reads

tcpdump is vulnerable to a buffer over-read. The vulnerability exists due to a flaw in print-fr.c:mfrprint...

7.5CVSS2.3AI score0.03985EPSS
Exploits0References21Affected Software1
Veracode
Veracode
•added 2020/08/06 9:32 p.m.•36 views

Denial Of Service (DoS)

libvirt is vulnerable to denial of service DoS. The vulnerability exists as an issue was discovered in qemuDomainGetStatsIOThread in qemu/qemudriver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving...

6.5CVSS3.2AI score0.02294EPSS
Exploits0References9Affected Software1
Veracode
Veracode
•added 2020/08/06 9:29 p.m.•36 views

Use-after-free

webkit2gtk is vulnerable to use-after-free. Due to a flaw in memory management, a remote attacker may be able to cause unexpected application termination or arbitrary code execution...

9.8CVSS4.1AI score0.04138EPSS
Exploits0References10Affected Software28
Veracode
Veracode
•added 2020/08/06 9:26 p.m.•36 views

Cross-site Scripting (XSS)

webkit2gtk is vulnerable to cross-site scripting XSS. The vulnerability exists as it fail to properly restrict input in web content...

7.1CVSS1.7AI score0.01128EPSS
Exploits0References14Affected Software28
Veracode
Veracode
•added 2020/06/16 4:49 a.m.•36 views

Cross-Site Scripting (XSS)

dijit is vulnerable to cross-site scripting. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the Editor's LinkDialog plugin...

5.4CVSS4.3AI score0.01183EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2020/06/15 5:12 a.m.•36 views

Remote Code Execution

jackson-databind is vulnerable to remote code execution. It was possible to use the apache-drill gadget type as a serialization gadget through polymorphic typing and execute arbitrary code on the system...

8.1CVSS4.6AI score0.08607EPSS
Exploits0References11Affected Software16
Veracode
Veracode
•added 2020/06/15 4:11 a.m.•36 views

Remote Code Execution (RCE)

jackson-databind is vulnerable to deserialization of untrusted data that can lead to remote code execution. It is possible because the untrusted class com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool was not filtered by default from the interaction between serialization gadgets and...

8.1CVSS4.4AI score0.08072EPSS
Exploits0References11Affected Software245
Veracode
Veracode
•added 2020/05/29 3:24 a.m.•36 views

Denial Of Service (DoS)

bind is vulnerable to denial of service DoS. The vulnerability exists as a logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c...

7.5CVSS2.6AI score0.93422EPSS
Exploits5References16Affected Software1
Veracode
Veracode
•added 2020/05/21 3:40 a.m.•36 views

Denial Of Service (DoS)

OpenJDK is vulnerable to denial of service. The vulnerability exists through uncaught InstantiationError exception in ObjectStreamClass which allows an attacker to cause an application crash...

3.7CVSS6.3AI score0.04211EPSS
Exploits0References20Affected Software6
Veracode
Veracode
•added 2020/05/14 4:41 a.m.•36 views

Insecure Deserialization

typo3/cms-core is vulnerable to insecure deserialization. The vulnerability is possible when the unserialize method is invoked on the malicious user provided-content with Class destructors, leading to a deletion of arbitrary directory in file system and to message submission via email, using the...

10CVSS4.4AI score0.01472EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2020/05/10 11:26 p.m.•36 views

Incorrect Number Generator

nss is vulnerable to incorrect number generation. The vulnerability exists as a flaw in DRBG number generation within the Network Security Services NSS library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue a...

5.3CVSS2.2AI score0.02642EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2020/05/10 11:24 p.m.•36 views

Denial Of Service (DoS)

memcached is vulnerable to denial of service DoS. The vulnerability exists as the tryreadcommand function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service segmentation fault via a request to add/set a key, which makes a comparison between signed and...

9.8CVSS5.4AI score0.19854EPSS
Exploits3References6Affected Software1
Veracode
Veracode
•added 2020/05/06 3:17 a.m.•36 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. The vulnerability exists when cpu.cfsquotaus is used which allows attackers to cause a denial of service against non-cpu-bound applications...

5.5CVSS6.6AI score0.00949EPSS
Exploits1References12Affected Software1
Veracode
Veracode
•added 2020/04/17 2:10 a.m.•36 views

Remote Code Execution

Sonatype nxrm is vulnerable to remote code execution. The vulnerability allows high privilege users such as administrators to run arbitrary code on the server with Nexus process privileges by injecting arbitrary Java Expression Language EL expressions...

8.8CVSS6.7AI score0.99064EPSS
Exploits10References6Affected Software2
Veracode
Veracode
•added 2020/04/10 1:11 a.m.•36 views

Denial Of Service (DoS)

mysql is vulnerable to Denial of Service DoS...

5CVSS2.4AI score0.03155EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2020/04/10 1:9 a.m.•36 views

Arbitrary Code Execution

ghostscript is vulnerable to arbitrary code execution. The vulnerability exists as it was found that Ghostscript always tried to read Ghostscript system initialization files from the current working directory before checking other directories, even if a search path that did not contain the curren...

7.2CVSS2.8AI score0.00505EPSS
Exploits1References23Affected Software1
Veracode
Veracode
•added 2020/04/10 1:9 a.m.•36 views

Arbitrary Code Execution

firefoxi s vulnerable to arbitrary code execution. The vulnerability in Sanitiser for OpenType OTS, used by Firefox to help prevent potential exploits in malformed OpenType fonts. A web page containing malicious content could cause Firefox to crash or, under certain conditions, possibly execute...

6.8CVSS3.5AI score0.01676EPSS
Exploits1References19Affected Software3
Veracode
Veracode
•added 2020/04/10 1:8 a.m.•36 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the way the Linux kernel handled VLAN 0 frames with the priority tag set. When using certain network drivers, an attacker on the local network could use this flaw to cause a denial of service...

5.7CVSS2.6AI score0.01015EPSS
Exploits0References9Affected Software1
Veracode
Veracode
•added 2020/04/10 1:7 a.m.•36 views

Denial Of Service (DoS)

kernel is vulnerable to Denial of Service DoS. The vulnerability exists as a flaw was found in the Linux kernel's clock implementation on 32-bit, SMP symmetric multiprocessing systems. A local, unprivileged user could use this flaw to cause a divide error fault, resulting in a denial of service...

4.9CVSS3.5AI score0.00481EPSS
Exploits1References8Affected Software1
Veracode
Veracode
•added 2020/04/10 1:7 a.m.•36 views

Privilege Escalation

util-linux is vulnerable to privilege escalation. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems...

3.3CVSS4.2AI score0.00404EPSS
Exploits0References22Affected Software2
Veracode
Veracode
•added 2020/04/10 1:5 a.m.•36 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the way space was allocated in the Linux kernel's Global File System 2 GFS2 implementation. If the file system was almost full, and a local, unprivileged user made an fallocate request, it could result ...

4.9CVSS3.2AI score0.00406EPSS
Exploits1References14Affected Software1
Veracode
Veracode
•added 2020/04/10 12:59 a.m.•36 views

Arbitrary Code Execution

qemu-kvm is vulnerable to arbitrary code execution. The vulnerability exists as it was found that the PIIX4 Power Management emulation layer in qemu-kvm did not properly check for hot plug eligibility during device removals. A privileged guest user could use this flaw to crash the guest or,...

7.4CVSS3.7AI score0.0075EPSS
Exploits0References23Affected Software1
Veracode
Veracode
•added 2020/04/10 12:59 a.m.•36 views

Arbitrary Code Execution

qemu-kvm is vulnerable to arbitrary code execution. The vulnerability exists as it was found that the virtio-blk driver in qemu-kvm did not properly validate read and write requests from guests. A privileged guest user could use this flaw to crash the guest or, possibly, execute arbitrary code on...

7.4CVSS2.8AI score0.00718EPSS
Exploits0References22Affected Software1
Veracode
Veracode
•added 2020/04/10 12:58 a.m.•36 views

Same-Origin Policy Bypass

thunderbird/firefox is vulnerable to Same-Origin Policy bypass. It was found that Thunderbird could treat two separate cookies for web content as interchangeable if both were for the same domain name but one of those domain names had a trailing "." character. This violates the same-origin policy...

5CVSS1.7AI score0.01777EPSS
Exploits1References18Affected Software4
Veracode
Veracode
•added 2020/04/10 12:57 a.m.•36 views

Arbitrary Code Execution

openoffice.org is vulnerable to arbitrary code execution. The vulnerability exists as a heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA Truevision TGA files. An attacker could use this flaw to create a specially-crafted TARGA file. If a document containing...

9.3CVSS3.7AI score0.10102EPSS
Exploits0References27Affected Software1
Veracode
Veracode
•added 2020/04/10 12:57 a.m.•36 views

Denial Of Service (DoS)

kernel is vulnerabel to denial of service. Missing boundary checks in the block layer implementation could allow a local, unprivileged user to cause a denial of service...

4.7CVSS3.9AI score0.00393EPSS
Exploits1References24Affected Software2
Veracode
Veracode
•added 2020/04/10 12:56 a.m.•36 views

Arbitrary Code Execution

gimp is vulnerable to arbitrary code execution. A stack-based buffer overflow flaw was found in the GIMP's Lightning, Sphere Designer, and Gfig image filters. An attacker could create a specially-crafted Lightning, Sphere Designer, or Gfig filter configuration file that, when opened, could cause...

6.8CVSS3AI score0.05569EPSS
Exploits1References21Affected Software1
Veracode
Veracode
•added 2020/04/10 12:56 a.m.•36 views

Denial Of Service (DoS)

avahi is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the way the Avahi daemon avahi-daemon processed multicast DNS mDNS packets with an empty payload. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to enter an...

5CVSS2.4AI score0.29361EPSS
Exploits1References36Affected Software1
Veracode
Veracode
•added 2020/04/10 12:55 a.m.•36 views

Denial Of Service (DoS)

The kernel package is vulnerable to denial of service DpS. Due to a flaw in the dvbcaioctl function in the Linux kernel's av7110 module. On systems that use old DVB cards that require the av7110 module, a local, unprivileged user could use this flaw to cause a denial of service or escalate their...

7.2CVSS2.9AI score0.00408EPSS
Exploits1References15Affected Software2
Veracode
Veracode
•added 2020/04/10 12:55 a.m.•36 views

Denial Of Service (DoS)

kernel is vulnearble to denial of service. A flaw was found in the Linux kernel execve system call implementation. A local, unprivileged user could cause large amounts of memory to be allocated but not visible to the OOM Out of Memory killer, triggering a denial of service...

4.9CVSS4.4AI score0.0091EPSS
Exploits3References24Affected Software2
Veracode
Veracode
•added 2020/04/10 12:55 a.m.•36 views

Privilege Escalation

glibc is vulnerable to privilege escalation. It was discovered that the glibc addmntent function did not sanitize its input properly. A local attacker could possibly use this flaw to inject malformed lines into /etc/mtab via certain setuid mount helpers, if the attacker were allowed to mount to a...

7.2CVSS6AI score0.00592EPSS
Exploits1References25Affected Software1
Veracode
Veracode
•added 2020/04/10 12:55 a.m.•36 views

Information Disclosure

kernel is vulnerable to information disclosure. Missing initialization flaws in the Linux kernel could lead to information leaks...

1.9CVSS1.2AI score0.01542EPSS
Exploits8References37Affected Software2
Veracode
Veracode
•added 2020/04/10 12:54 a.m.•36 views

Privilege Escalation

firefox is vulnerable to privilege escalation. The vulnerability exists as a flaw was found in the way Firefox handled dialog boxes. An attacker could use this flaw to create a malicious web page that would present a blank dialog box that has non-functioning buttons. If a user closes the dialog b...

6.8CVSS2.4AI score0.01823EPSS
Exploits1References11Affected Software4
Veracode
Veracode
•added 2020/04/10 12:53 a.m.•36 views

Authorization Bypass

php is vulnerable to authorization bypass. The vulnerability exists as an input validation flaw was discovered in the PHP session serializer. If a PHP script generated session variable names from untrusted user input, a remote attacker could use this flaw to inject an arbitrary variable into the...

5CVSS2.8AI score0.0219EPSS
Exploits1References9Affected Software1
Veracode
Veracode
•added 2020/04/10 12:53 a.m.•36 views

Denial Of Service (DoS)

mysql is vulnerable to denial of service DoS. The vulnerability exists as a flaw in the way MySQL processed SQL queries containing IN or CASE statements, when a NULL argument was provided as one of the arguments to the query, could allow a remote, authenticated attacker to crash mysqld...

4CVSS4.1AI score0.12229EPSS
Exploits1References17Affected Software1
Veracode
Veracode
•added 2020/04/10 12:53 a.m.•36 views

Use-after-free

WebKitGTK+ is vulnerable to use-after-free. It is possible for a remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing...

9.8CVSS7.3AI score0.02307EPSS
Exploits1References16Affected Software1
Veracode
Veracode
•added 2020/04/10 12:53 a.m.•36 views

Denial Of Service (DoS)

WebKitGTK+ is vulnerable to denial of service DoS. Due use-after-free flaws caused by vectors involving selections, malicious web content leads an application using WebKitGTK+ to crash or, potentially, execute arbitrary code with the privileges of the user running the application...

9.3CVSS6.1AI score0.61319EPSS
Exploits13References24Affected Software1
Veracode
Veracode
•added 2020/04/10 12:52 a.m.•36 views

Arbitrary Code Execution

firefox is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox...

9.3CVSS4.6AI score0.06997EPSS
Exploits0References22Affected Software2
Veracode
Veracode
•added 2020/04/10 12:52 a.m.•36 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. An integer overflow flaw was found in the extent range checking code in the Linux kernel's ext4 file system implementation. A local, unprivileged user with write access to an ext4-mounted file system could trigger this flaw by writing to a file at a very...

4.7CVSS4.1AI score0.00376EPSS
Exploits0References27Affected Software1
Veracode
Veracode
•added 2020/04/10 12:50 a.m.•36 views

Privilege Escalation

kernel is vulnerable to privilege escalation. The vulnerability exists through a flaw in the linkpathwalk function. Using the file descriptor returned by open with the ONOFOLLOW flag on a subordinate NFS-mounted file system, could result in a NULL pointer dereference, causing a denial of service ...

5.4CVSS3.6AI score0.02774EPSS
Exploits1References20Affected Software2
Veracode
Veracode
•added 2020/04/10 12:49 a.m.•36 views

Denial Of Service (DoS)

Samba vulnerable to Denial Of Service DoS. Due to an input sanitization flaw in the way Samba parsed client data, a malicious client could send a specially-crafted SMB packet to the Samba server, resulting in arbitrary code execution with the privileges of the Samba server smbd...

7.5CVSS6.6AI score0.78702EPSS
Exploits5References38Affected Software2
Veracode
Veracode
•added 2020/04/10 12:48 a.m.•36 views

Remote Code Execution (RCE)

PostgreSQL is vulnerable to remote code execution RCE. Due to a flaw found in the way PostgreSQL enforced permission checks on scripts written in PL/Tcl, if the PL/Tcl procedural language was registered on a particular database, an authenticated database user running a specially-crafted PL/Tcl...

6CVSS2.4AI score0.02888EPSS
Exploits1References38Affected Software2
Veracode
Veracode
•added 2020/04/10 12:48 a.m.•36 views

Access Restriction Bypass

PostgreSQL is vulnerable to Access Restriction Bypass. Due to a flaw found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially-crafted PL/Perl...

8.5CVSS1.5AI score0.04081EPSS
Exploits1References40Affected Software2
Veracode
Veracode
•added 2020/04/10 12:48 a.m.•36 views

Arbitrary Code Execution

firefox/thunderbird/seamonkey is vulnerable to arbitrary code execution. Several use-after-free and dangling pointer flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running...

9.3CVSS4.1AI score0.05366EPSS
Exploits0References17Affected Software4
Veracode
Veracode
•added 2020/04/10 12:48 a.m.•36 views

Arbitrary Code Execution

firefox is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox...

6.8CVSS4.6AI score0.02024EPSS
Exploits0References15Affected Software4
Veracode
Veracode
•added 2020/04/10 12:47 a.m.•36 views

Information Disclosure

Pluggable Authentication Modules PAM is vulnerable to Information Disclosure. It was discovered that the pammail module used root privileges while accessing users' files. In certain configurations, a local, unprivileged user could use this flaw to obtain limited information about files or...

4.7CVSS3.6AI score0.00356EPSS
Exploits0References22Affected Software1
Veracode
Veracode
•added 2020/04/10 12:47 a.m.•36 views

Denial Of Service (DoS)

httpd is vulnerable to denial of service. It was discovered that modproxyajp incorrectly returned an "Internal Server Error" response when processing certain malformed requests, which caused the back-end server to be marked as failed in configurations where modproxy is used in load balancer mode....

5CVSS1.3AI score0.20787EPSS
Exploits1References59Affected Software1
Total number of security vulnerabilities5000