Lucene search
K
VeracodeMost viewed

38326 matches found

Veracode
Veracode
•added 2019/05/02 4:46 a.m.•36 views

Arbitrary Code Execution

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

9.8CVSS6.5AI score0.98704EPSS
Exploits23References26Affected Software1
Veracode
Veracode
•added 2019/05/02 4:46 a.m.•36 views

Memory Corruption

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

9.8CVSS7.7AI score0.98704EPSS
Exploits23References29Affected Software1
Veracode
Veracode
•added 2019/05/02 4:44 a.m.•36 views

Arbitrary Code Execution

Oracle Java SE is vulnerable to arbitrary code execution attacks. Remote unauthenticated attackers could execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager...

10CVSS9.5AI score0.86963EPSS
Exploits10References25Affected Software2
Veracode
Veracode
•added 2019/05/02 4:43 a.m.•36 views

Use-After-Free

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

9.3CVSS9.8AI score0.42609EPSS
Exploits5References19Affected Software3
Veracode
Veracode
•added 2019/05/02 4:43 a.m.•36 views

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

9.3CVSS9.8AI score0.42609EPSS
Exploits5References24Affected Software3
Veracode
Veracode
•added 2019/05/02 4:42 a.m.•36 views

Cross Site Scripting (XSS)

JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.0, and includes bug fixes and enhancements. Refer to the 6.0.1 Release Notes for information on the...

10CVSS6AI score0.6477EPSS
Exploits7References65Affected Software204
Veracode
Veracode
•added 2019/05/02 4:42 a.m.•36 views

Arbitrary Code Execution

Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A flaw was found in the way the Pidgin MSN protocol plug-in processed text that was not encoded in UTF-8. A remote attacker could use this flaw to crash Pidgin by...

7.5CVSS6.3AI score0.06402EPSS
Exploits3References9Affected Software1
Veracode
Veracode
•added 2019/05/02 4:41 a.m.•36 views

Denial Of Service (DoS)

The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: A flaw was found in the way the Linux kernel's Event Poll epoll subsystem handled large, nested epoll structures. A local, unprivileged user could use this flaw t...

4.9CVSS6AI score0.00795EPSS
Exploits1References84Affected Software2
Veracode
Veracode
•added 2019/05/02 4:41 a.m.•36 views

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

10CVSS9.4AI score0.04899EPSS
Exploits1References12Affected Software3
Veracode
Veracode
•added 2019/05/02 4:41 a.m.•36 views

Arbitrary Code Execution Or Denial Of Service (DoS)

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

8.8CVSS9.3AI score0.11079EPSS
Exploits10References28Affected Software3
Veracode
Veracode
•added 2019/05/02 4:41 a.m.•36 views

Arbitrary Code Execution

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

10CVSS5.7AI score0.68532EPSS
Exploits5References25Affected Software1
Veracode
Veracode
•added 2019/05/02 4:40 a.m.•36 views

Denial Of Service (DoS)

MySQL is vulnerable to denial of service. It allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1703...

6.8CVSS5AI score0.0374EPSS
Exploits0References20Affected Software1
Veracode
Veracode
•added 2019/04/23 8:10 a.m.•36 views

Arbitrary File Write

mercurial is vulnerable to arbitrary file write attacks. The vulnerability is possible by using symlinks and subrepositories to bypass the validation of path checking, allowing the writing of files outside of the repository...

5.9CVSS6.2AI score0.01413EPSS
Exploits0References8Affected Software2
Veracode
Veracode
•added 2019/04/23 2:9 a.m.•36 views

Information Disclosure

jetty-server is vulnerable to information disclosure. The error page produced from DefaultHandler reveals the base resource directory of each context in the list of contexts...

5.3CVSS6.8AI score0.05782EPSS
Exploits0References25Affected Software3
Veracode
Veracode
•added 2019/03/26 6:13 a.m.•36 views

Cross-Site Scripting (XSS)

kibana is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions on behalf of the user...

6.1CVSS7.4AI score0.01338EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2019/01/15 9:24 a.m.•36 views

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of service. A use-after-free UAF vulnerability in dogetmempolicy function in mm/mempolicy.c allows an attacker to cause a denial of service condition via malicious system calls...

7.8CVSS7AI score0.00434EPSS
Exploits0References21Affected Software2
Veracode
Veracode
•added 2019/01/15 9:19 a.m.•36 views

Privilege Escalation

Linux kernel is vulnerable to privilege escalation. A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotifyhandleevent and vfsrename while running the rename operation against the same file. As a result of the race the nex...

7CVSS6.8AI score0.01223EPSS
Exploits3References23Affected Software1
Veracode
Veracode
•added 2019/01/15 9:18 a.m.•36 views

Denial Of Service (DoS)

ghostscript is vulnerable to denial of service DoS attacks. The vulnerability exists as the memgetbitsrectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted PostScript document...

5.5CVSS7AI score0.02274EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2019/01/15 9:17 a.m.•36 views

Information Disclosure

libreoffice is vulnerable to information disclosure attacks. The vulnerability exists by exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the...

5.5CVSS5.2AI score0.03122EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2019/01/15 9:16 a.m.•36 views

Timing Attack

tomcat-catalina is vulnerable to timing attacks. When the supplied username does not exist, the Realm implementation will not process the supplied password, making a timing attack possible to determine valid usernames. Note that the default configuration includes the LockOutRealm which makes...

5.9CVSS7.2AI score0.07991EPSS
Exploits0References39Affected Software6
Veracode
Veracode
•added 2019/01/15 9:14 a.m.•36 views

Cross-site Scripting (XSS) Via Dialog CloseText

jquery-ui is vulnerable to cross-site scripting XSS attacks. A malicious user can execute arbitrary code to the closeText parameter of the dialog function...

6.1CVSS6.7AI score0.2258EPSS
Exploits1References38Affected Software2
Veracode
Veracode
•added 2019/01/15 9:13 a.m.•36 views

Denial Of Service (DoS) Through Heap Out-of-Bounds (OOB) Read

liblcms2.so is vulnerable to denial of service DoS attacks. The vulnerability exists through a heap out-of-bound OOB read in TypeMLURead of cmstypes.c where the MLU bounds were not properly checked, causing the DoS attack...

7.1CVSS7.7AI score0.02772EPSS
Exploits0References22Affected Software4
Veracode
Veracode
•added 2019/01/15 9:12 a.m.•36 views

Denial Of Service (DoS)

Linux kernel-rt is vulnerable to denial of service. A race condition flaw was found in the way the Linux kernel's SCTP implementation handled sctpaccept during the processing of heartbeat timeout events. A remote attacker could use this flaw to prevent further connections to be accepted by the SC...

6.2CVSS6.3AI score0.00391EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2019/01/15 9:9 a.m.•36 views

Authorization Bypass

samba is vulnerable to authorization bypas. An access flaw was found in the way Samba verified symbolic links when creating new files on a Samba share. A remote attacker could exploit this flaw to gain access to files outside of Samba's share path...

7.2CVSS6.3AI score0.13274EPSS
Exploits1References27Affected Software2
Veracode
Veracode
•added 2019/01/15 9:7 a.m.•36 views

Information Disclosure

qemu-kvm-rhev is vulnerable to information disclosure attacks. The vulnerability exists as the C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors...

9.3CVSS6.2AI score0.13288EPSS
Exploits0References30Affected Software2
Veracode
Veracode
•added 2019/01/15 9:7 a.m.•36 views

Denial Of Service (DoS)

net-snmp is vulnerable to denial of service. It was discovered that the snmppduparse function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system wit...

7.5CVSS8.3AI score0.40002EPSS
Exploits2References31Affected Software1
Veracode
Veracode
•added 2019/01/15 9:6 a.m.•36 views

Arbitrary Code Execution

qemu-kvm-rhev is vulnerable to arbitrary code execution attacks. The vulnerability exists as the pitioportread in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code...

6.9CVSS6.5AI score0.01594EPSS
Exploits1References24Affected Software1
Veracode
Veracode
•added 2019/01/15 9:6 a.m.•36 views

Denial Of Service

The kernel-rt packages is vulnerable to denial of service DoS attack. The attack exists because it does not properly restrict the traversal of Rock Ridge extension Continuation Entries CE, allowing a local attacker to cause an infinite loop in the kernel, resulting in a denial of service...

4.9CVSS4.8AI score0.00455EPSS
Exploits0References36Affected Software1
Veracode
Veracode
•added 2019/01/15 9:6 a.m.•36 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS attacks. The vulnerability exists as the 1 piperead and 2 pipewrite implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed copytouserinatomic and copyfromuserinatomic calls, which allows local...

7.2CVSS5.5AI score0.01407EPSS
Exploits3References38Affected Software2
Veracode
Veracode
•added 2019/01/15 9:3 a.m.•36 views

Cross-site Scripting (XSS)

modcluster is vulnerable to cross-site scripting XSS attacks. The vulnerability exists in the manager web interface in modcluster before 1.3.2.Alpha1 allows remote attackers to inject arbitrary web script or HTML via a crafted MCMP message...

4.3CVSS6.5AI score0.01846EPSS
Exploits0References9Affected Software167
Veracode
Veracode
•added 2019/01/15 9:1 a.m.•36 views

Denial Of Service (DoS)

qemu-kvm is vulnerable to denial of service DoS attacks. The vulnerability exists as QEMU, possibly before 2.0.0, allows local users to cause a denial of service divide-by-zero error and crash via a zero value in the 1 tracks field to the seektosector function in block/parallels.c or 2 extentsize...

5.5CVSS6.2AI score0.00382EPSS
Exploits0References14Affected Software2
Veracode
Veracode
•added 2019/01/15 8:59 a.m.•36 views

Request-smuggling Attacks

Apache Tomcat Coyote before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, doesn't handle inconsistent HTTP request headers well when an HTTP or AJP connector is used. This allows remote attackers to incorrectly identify the requests length and conduct request-smuggling attacks through...

5.8CVSS8.5AI score0.29784EPSS
Exploits4References110Affected Software73
Veracode
Veracode
•added 2019/01/15 8:57 a.m.•36 views

Denial Of Service (DoS)

libxml2 is vulnerable to denial of service DoS attacks. The vulnerability exists as an off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service out-of-bounds write or possibly have unspecified other impact v...

6.8CVSS6.5AI score0.0266EPSS
Exploits0References23Affected Software2
Veracode
Veracode
•added 2019/01/15 8:53 a.m.•36 views

Authentication Bypass

postgresql is vulnerable to authentication bypass attacks. The vulnerability exists as the cryptdes aka DES-based crypt function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80...

4.3CVSS6.3AI score0.05734EPSS
Exploits0References28Affected Software4
Veracode
Veracode
•added 2019/01/15 8:53 a.m.•36 views

Arbitrary File Overwrite

hplip3 is vulnerable to arbitrary file overwrite attacks. The vulnerability exists as the senddatatostdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing HPLIP 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out...

1.2CVSS5.8AI score0.00444EPSS
Exploits0References17Affected Software2
Veracode
Veracode
•added 2019/01/15 8:52 a.m.•36 views

Timing Side- Channel Attack

OpenSSL is vulnerable to timing attacks. It happens because of lack of validation of MAC addresses in constant time during the processing of a malformed CBC padding. It is also known as "Lucky Thirteen" issue...

2.6CVSS6.4AI score0.35584EPSS
Exploits1References58Affected Software4
Veracode
Veracode
•added 2019/01/15 8:52 a.m.•36 views

Remote Code Execution (RCE)

gnutls is vulnerable to remote code execution RCE attacks. The vulnerability exists due to a possible buffer overflow in the readserverhello function in lib/gnutlshandshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service...

6.8CVSS7.8AI score0.11221EPSS
Exploits1References35Affected Software1
Veracode
Veracode
•added 2019/01/15 8:52 a.m.•36 views

Denial Of Service (DoS)

mysql is vulnerable to denial of service DoS attacks. The vulnerability exists as Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service crash via a crafted geometry feature that specifies a large number of points, which is...

5CVSS5.6AI score0.18675EPSS
Exploits2References25Affected Software1
Veracode
Veracode
•added 2019/01/15 8:51 a.m.•36 views

Unspecified Flaw

Google Chrome before 19.0.1084.46 on Linux does not properly mitigate an unspecified flaw in an NVIDIA driver, which has unknown impact and attack vectors...

10CVSS9AI score0.0366EPSS
Exploits0References16Affected Software3
Veracode
Veracode
•added 2019/01/15 8:51 a.m.•36 views

Denial Of Service (DoS)

kernel-rt is vulnerable to denial of service. Incorrect handling of the Delay and Unwritten buffer head states in the journalunmapbuffer function in fs/jbd2/transaction.c allows local attackers to crash systems that have an ext4 file system with a journal mounted...

4.9CVSS6AI score0.00391EPSS
Exploits0References15Affected Software2
Veracode
Veracode
•added 2019/01/09 2:50 a.m.•36 views

Cross-Origin Resource Sharing (CORS) Bypass

System.Net.Http is vulnerable to cross-origin resource sharing CORS bypass. An attacker is able to exploit the vulnerability to retrieve confidential user and system information...

7.5CVSS7.6AI score0.09611EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2018/12/28 5:45 a.m.•36 views

Deserialization Of Untrusted Data

jackson-databind can deserialize untrusted data. The vulnerability is due to an incomplete fix for the CVE-2017-7525...

9.8CVSS9.1AI score0.37925EPSS
Exploits7References36Affected Software43
Veracode
Veracode
•added 2018/12/12 4:5 a.m.•36 views

Remote Code Execution (RCE)

Microsoft.ChakraCore is vulnerable to remote code execution. This is due to an out-of-bounds in Edge WIP which would allow an attacker to execute arbitrary code in the context of the authenticated user. This CVE ID is different from CVE-2018-8583, CVE-2018-8617, CVE-2018-8618, CVE-2018-8624...

7.5CVSS7.5AI score0.62483EPSS
Exploits3References3Affected Software2
Veracode
Veracode
•added 2018/12/12 3:43 a.m.•36 views

Remote Code Execution (RCE)

Microsoft.ChakraCore is vulnerable to remote code execution. This is due to an out-of-bounds in the ChakraCore JIT which would allow an attacker to execute arbitrary code in the context of the authenticated user. This CVE ID is different from CVE-2018-8617, CVE-2018-8618, CVE-2018-8624,...

7.5CVSS7.5AI score0.62483EPSS
Exploits3References4Affected Software2
Veracode
Veracode
•added 2018/12/11 5:7 a.m.•36 views

Remote Code Execution (RCE)

microsoft.chakracore is vulnerable to remote code execution. This is due to a buffer overflow in TypeHandler caused by an invalid index reuse, which would allow an attacker to execute arbitrary code in the context of the authenticated user. This CVE ID is different from CVE-2017-8517 and...

7.5CVSS9.2AI score0.09787EPSS
Exploits0References2Affected Software2
Veracode
Veracode
•added 2018/12/04 12:56 p.m.•36 views

Remote Code Execution (RCE)

Microsoft ChakraCore is vulnerable to remote code execution. This is due to how the scripting engine handles objects in memory, which allows for a remote attacker to execute arbitrary code in the context of the authenticated user. This CVE ID is different from CVE-2018-0834, CVE-2018-0835,...

7.5CVSS7.5AI score0.65858EPSS
Exploits21References7Affected Software2
Veracode
Veracode
•added 2018/11/30 5:44 a.m.•36 views

Denial Of Service (DoS)

node is vulnerable to denial of service DoS attacks. The vulnerability exists when a malicious user sends headers while keeping HTTP/HTTPS connections alive for a long period of time...

7.5CVSS7.3AI score0.41288EPSS
Exploits0References6Affected Software5
Veracode
Veracode
•added 2018/10/04 4:47 a.m.•36 views

Remote Code Execution (RCE)

libtiff.so is vulnerable to remote code execution. A heap-based buffer overflow occurs in the functions gtTielSeparate and gtStripSeparate in tiffgetimage.c due to improper handling of the tile size in a TIFF file, allowing remote attackers to execute arbitrary code via a specially crafted TIFF...

6.8CVSS7.8AI score0.06918EPSS
Exploits0References31Affected Software2
Veracode
Veracode
•added 2018/09/03 2:22 a.m.•36 views

Denial Of Service (DoS) Through Null Pointer Dereference

imagemagick is vulnerable to denial of service DoS attacks. The vulnerability exists in property.c where an assert does not properly catches an error which allows an image object to be null, causing a DoS attackk through null pointer dereference...

9.8CVSS8.7AI score0.0228EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2018/08/20 2:52 a.m.•36 views

Denial Of Service (DoS) Through Double-free

libcurl.so is vulnerable to denial of service DoS attacks through a double-free issue. The vulnerability exists in readdata of security.c where a double-free could occur, leading to a DoS attack...

9.8CVSS8.7AI score0.04989EPSS
Exploits0References11Affected Software5
Total number of security vulnerabilities5000