Lucene search
K
VeracodeMost viewed

38332 matches found

Veracode
Veracode
•added 2019/05/16 2:59 a.m.•36 views

Denial Of Service (DoS)

Oracle MySQL is vulnerable to denial of serviceDoS attacks. A remote user could exploit a flaw in the Client programs component which leads to unauthorized attacker to cause a hang or frequently repeatable crash complete DoS...

5.9CVSS6.1AI score0.0401EPSS
Exploits0References18Affected Software4
Veracode
Veracode
•added 2019/05/16 2:50 a.m.•36 views

Information Disclosure

Linux kernel is vulnerable to information disclosure vulnerability. This is because the movepages system call in mm/migrate.c in the Linux kernel doesn't check the effective uid of the target process. A local attacker could learn the memory layout of a setuid executable allowing mitigation of ASL...

5.5CVSS5.9AI score0.00469EPSS
Exploits0References27Affected Software2
Veracode
Veracode
•added 2019/05/16 2:22 a.m.•36 views

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of service attacks. A local, authenticated attacker could exploit the flawed Keyring Handler component and create keyrings for other users via keyctl commands...

7.1CVSS6.7AI score0.00421EPSS
Exploits0References13Affected Software2
Veracode
Veracode
•added 2019/05/02 6:36 a.m.•36 views

Denial Of Service (DoS)

Apache httpd is vulnerable to denial of service attacks. The modauthdigest component does not properly initialize memory used to process 'Digest' type HTTP Authorization headers allowing a remote attacker to send a specially crafted request to view potentially sensitive information from the...

9.1CVSS8.8AI score0.5677EPSS
Exploits0References72Affected Software8
Veracode
Veracode
•added 2019/05/02 6:36 a.m.•36 views

Denial Of Service (DoS)

QEMU is vulnerable to denial of service attacks. A remote attacker could cause memory exhaustion resulting in denial of service. The vulnerability exists in the file audio/audio.c of the component Audio Capture and exploitable via repeatedly starting and stopping audio capture...

7.5CVSS7.9AI score0.04544EPSS
Exploits0References12Affected Software2
Veracode
Veracode
•added 2019/05/02 6:36 a.m.•36 views

Denial Of Service (DoS) Through Divide By Zero

QEMU is vulnerable to denial of serviceDoS through divide by zero attacks. The vulnerability occurs while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in an application...

6.5CVSS7.2AI score0.00394EPSS
Exploits0References214Affected Software2
Veracode
Veracode
•added 2019/05/02 6:36 a.m.•36 views

Denial Of Service (DOS)

Linux kernel is vulnerable to the Linux kernel since 3.6-rc1 with 'net.ipv4.tcpfastopen' set to 1 can hit BUG statement in tcpcollapse function after making a number of certain syscalls. Local users could cause an application crash via a crafted application that makes sendto system calls, related...

5.5CVSS5.8AI score0.00465EPSS
Exploits0References49Affected Software2
Veracode
Veracode
•added 2019/05/02 6:30 a.m.•36 views

Privilege Escalation

Java SE, Java SE Embedded and JRockit are vulnerable to privilege escalation attacks. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed Security component to gain elevated privileges. Successful attacks could result in takeover of Java SE,...

8.3CVSS9.1AI score0.03524EPSS
Exploits0References19Affected Software5
Veracode
Veracode
•added 2019/05/02 6:11 a.m.•36 views

Denial Of Service (DoS)

zlib is vulnerable to denial of service attacks. A remote user is able to cause an application crash resulting in denial of service conditions. The vulnerability affects the function inflateMark in the library zlib of the file inflate.c...

8.8CVSS8.7AI score0.05161EPSS
Exploits0References32Affected Software6
Veracode
Veracode
•added 2019/05/02 6:2 a.m.•36 views

Denial Of Service (DoS)

php is vulnerable to denial of service. An attacker is able to crash the application via a long string to rawurlencode function...

7.5CVSS6.5AI score0.05719EPSS
Exploits1References22Affected Software4
Veracode
Veracode
•added 2019/05/02 6:1 a.m.•36 views

Use-After-Free

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. A flaw was found in the Linux kernel's keyring handling code, where in keyrejectandlink an uninitialised variable would eventually lead to arbitrary free...

6.7CVSS6.6AI score0.22374EPSS
Exploits12References61Affected Software1
Veracode
Veracode
•added 2019/05/02 5:51 a.m.•36 views

Privilege Escalation

Linux kernel is vulnerable to privilege escalation attacks. This allows local users to gain privileges by triggering access to a paging structure by a different CPU. which leads to perform unauthorized actions...

7.4CVSS7.8AI score0.00404EPSS
Exploits0References29Affected Software1
Veracode
Veracode
•added 2019/05/02 5:51 a.m.•36 views

Denial Of Service (DoS)

Wireshark is vulnerable to denial of service DoS attacks. Not properly determining the defragmentation state in a case of an insufficient snapshot length in fragmentaddwork function allows remote attackers to crash the application through memory consumption via a crafted packet...

5CVSS5.1AI score0.02821EPSS
Exploits0References17Affected Software1
Veracode
Veracode
•added 2019/05/02 5:50 a.m.•36 views

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of service attacks. An attacker can cause a crash by triggering the use of GRO path for large crafted packets which only contain VLAN headers...

7.5CVSS6.9AI score0.07613EPSS
Exploits0References15Affected Software1
Veracode
Veracode
•added 2019/05/02 5:46 a.m.•36 views

Denial Of Service (DoS)

Red Hat JBoss Web Server is vulnerable to denial of service DoS attacks. It is possible to remotely Segfault Apache http server with a specially crafted string sent to the modcluster via service messages MCMP which results in a server crash DOS...

7.5CVSS7.2AI score0.0364EPSS
Exploits0References35Affected Software7
Veracode
Veracode
•added 2019/05/02 5:45 a.m.•36 views

Denial Of Service (DoS)

libtiff is vulnerable to denial of service DoS attacks. This allows remote attackers to affect the availability via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif...

6.5CVSS6.9AI score0.02534EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2019/05/02 5:41 a.m.•37 views

Insufficient Entropy In Key Generation Algorithm

The Network Time Protocol NTP is used to synchronize a computer's time with another referenced time source. It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by...

7.5CVSS7AI score0.06135EPSS
Exploits0References31Affected Software1
Veracode
Veracode
•added 2019/05/02 5:40 a.m.•36 views

Sandbox Restrictions Bypass

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Ja...

9.8CVSS4.6AI score0.9986EPSS
Exploits1References32Affected Software4
Veracode
Veracode
•added 2019/05/02 5:40 a.m.•36 views

Buffer Overflow

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

10CVSS5.7AI score0.06181EPSS
Exploits0References23Affected Software2
Veracode
Veracode
•added 2019/05/02 5:39 a.m.•36 views

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php54 packages provide a recent stable release of PHP with the PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a number of additional utilities. The php54 packages have been upgraded to...

7.5CVSS9.2AI score0.53166EPSS
Exploits43References24Affected Software5
Veracode
Veracode
•added 2019/05/02 5:39 a.m.•36 views

Arbitrary File Read

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 collection provide a stable release of Python 2.7 with a number of additional utilities and database connectors f...

9.8CVSS8.8AI score0.28319EPSS
Exploits15References23Affected Software175
Veracode
Veracode
•added 2019/05/02 5:39 a.m.•36 views

Sandbox Restrictions Bypass

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java...

10CVSS5.1AI score0.74006EPSS
Exploits1References28Affected Software1
Veracode
Veracode
•added 2019/05/02 5:29 a.m.•36 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. It was found that the Linux kernel's IPv6 network stack did not properly validate the value of the MTU variable when it was set. A remote attacker could potentially use this flaw to disrupt a target system's networking packet loss by setting an invalid M...

5CVSS6AI score0.03693EPSS
Exploits0References31Affected Software1
Veracode
Veracode
•added 2019/05/02 5:29 a.m.•36 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. It was found that the Linux kernel did not properly account file descriptors passed over the unix socket against the process limit. A local user could use this flaw to exhaust all available memory on the system...

6.2CVSS5.8AI score0.006EPSS
Exploits0References40Affected Software1
Veracode
Veracode
•added 2019/05/02 5:29 a.m.•36 views

Privilege Escalation

MySQL Server is vulnerable to privilege escalation. The vulnerability exists as an unspecified vulnerability in Oracle MySQL . This allows a remote authenticated user to manipulate with an unknown input. affected component is 'Privileges'...

4CVSS6AI score0.03764EPSS
Exploits0References46Affected Software4
Veracode
Veracode
•added 2019/05/02 5:29 a.m.•36 views

Denial Of Service (DoS)

MySQL Server is vulnerable to denial of service DoS attacks. The vulnerability exists as an unspecified vulnerability in Oracle MySQL .This allows a remote authenticated user to manipulate with an unknown input, causing the application to crash. The affected component is InnoDB...

3.5CVSS5.7AI score0.03764EPSS
Exploits0References30Affected Software4
Veracode
Veracode
•added 2019/05/02 5:27 a.m.•36 views

Use-After-Free

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

9.8CVSS8.2AI score0.31046EPSS
Exploits9References13Affected Software1
Veracode
Veracode
•added 2019/05/02 5:21 a.m.•36 views

Sensitive Information Disclosure

OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not...

9.8CVSS8.6AI score0.86829EPSS
Exploits12References40Affected Software53
Veracode
Veracode
•added 2019/05/02 5:20 a.m.•36 views

Buffer Overflow

Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...

10CVSS7.2AI score0.06058EPSS
Exploits1References25Affected Software2
Veracode
Veracode
•added 2019/05/02 5:18 a.m.•36 views

Arbitrary Code Execution

libxfont is vulnerable to arbitrary code execution. An integer truncation flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format BDF fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the...

8.5CVSS6.8AI score0.04923EPSS
Exploits0References19Affected Software1
Veracode
Veracode
•added 2019/05/02 5:17 a.m.•36 views

Spoofable Server

Subversion SVN is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The moddavsvn module is used with the Apache HTTP Server to allow access to Subversion...

5CVSS6.3AI score0.12841EPSS
Exploits0References19Affected Software1
Veracode
Veracode
•added 2019/05/02 5:17 a.m.•36 views

Denial Of Service (DoS)

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...

5.7CVSS6.3AI score0.09984EPSS
Exploits0References19Affected Software3
Veracode
Veracode
•added 2019/05/02 5:17 a.m.•36 views

Information Disclosure

libvirt is vulnerable to information disclosure. It was discovered that the virDomainSnapshotGetXMLDesc and virDomainSaveImageGetXMLDesc functions did not sufficiently limit the usage of the VIRDOMAINXMLSECURE flag when fine-grained ACLs were enabled. A remote attacker able to establish a...

3.5CVSS4.9AI score0.01802EPSS
Exploits0References268Affected Software1
Veracode
Veracode
•added 2019/05/02 5:13 a.m.•36 views

Arbitrary Code Execution

Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. The following security issues are fixed with this release: A use-after-free flaw was found in the way the MIT Kerberos libgssapikr...

9CVSS6.8AI score0.06213EPSS
Exploits0References16Affected Software1
Veracode
Veracode
•added 2019/05/02 5:12 a.m.•36 views

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the...

7.5CVSS9.7AI score0.03677EPSS
Exploits0References29Affected Software1
Veracode
Veracode
•added 2019/05/02 5:12 a.m.•36 views

Buffer Overflow

The X11 Xorg libraries provide library routines that are used within all X Window applications. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol da...

6.8CVSS10.2AI score0.04282EPSS
Exploits0References14Affected Software6
Veracode
Veracode
•added 2019/05/02 5:12 a.m.•36 views

Denial Of Service (DoS)

FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handl...

7.5CVSS8.7AI score0.0571EPSS
Exploits13References18Affected Software1
Veracode
Veracode
•added 2019/05/02 5:6 a.m.•36 views

Authentication Bypass

The Network Time Protocol NTP is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's cryptorecv, ctlputdata, and configure functions. A remote attacker could use either of these flaws to send a specially crafted request...

7.5CVSS5.9AI score0.7809EPSS
Exploits4References21Affected Software1
Veracode
Veracode
•added 2019/05/02 5:6 a.m.•36 views

Arbitrary Code Execution

The Network Time Protocol NTP is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's cryptorecv, ctlputdata, and configure functions. A remote attacker could use either of these flaws to send a specially crafted request...

7.5CVSS5.9AI score0.7809EPSS
Exploits4References30Affected Software1
Veracode
Veracode
•added 2019/05/02 5:3 a.m.•36 views

Use-after-Free

Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...

10CVSS9.6AI score0.05584EPSS
Exploits0References23Affected Software2
Veracode
Veracode
•added 2019/05/02 5:3 a.m.•36 views

Man-in-the-Middle Attack

nss-util is vulnerable to a man-in-the-middle attack. The library accepts a wildcard character that is embedded in an internationalized domain name's U-labels in the certTestHostName function in lib/certdb/certdb.c , allowing a malicious user to spoof SSL servers via a crafted certificate...

4.3CVSS5.6AI score0.01767EPSS
Exploits2References32Affected Software3
Veracode
Veracode
•added 2019/05/02 5:2 a.m.•36 views

Denial Of Service (DoS)

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when...

10CVSS8.5AI score0.0751EPSS
Exploits0References14Affected Software1
Veracode
Veracode
•added 2019/05/02 5:1 a.m.•36 views

Denial Of Service (DoS)

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to...

9.3CVSS9.7AI score0.11823EPSS
Exploits1References17Affected Software1
Veracode
Veracode
•added 2019/05/02 5:1 a.m.•36 views

Sandbox Restrictions Bypass

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

10CVSS5.5AI score0.08383EPSS
Exploits3References22Affected Software1
Veracode
Veracode
•added 2019/05/02 5:0 a.m.•36 views

Same-Origin Policy Bypass

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

9.8CVSS9AI score0.07072EPSS
Exploits7References36Affected Software2
Veracode
Veracode
•added 2019/05/02 5:0 a.m.•36 views

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

9.8CVSS9AI score0.07072EPSS
Exploits7References36Affected Software2
Veracode
Veracode
•added 2019/05/02 4:59 a.m.•36 views

Denial Of Service (DoS)

The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload UFO feature was enabled. A remot...

6.2CVSS6.9AI score0.03181EPSS
Exploits8References40Affected Software1
Veracode
Veracode
•added 2019/05/02 4:58 a.m.•36 views

Integer Overflow

Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly,...

7.8CVSS6.7AI score0.037EPSS
Exploits11References19Affected Software1
Veracode
Veracode
•added 2019/05/02 4:58 a.m.•36 views

Input Validation Bypass

Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly,...

6.7AI score0.037EPSS
Exploits11References11Affected Software1
Veracode
Veracode
•added 2019/05/02 4:58 a.m.•36 views

Arbitrary Code Execution

KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Multiple buffer overflow, input validation, and out-of-bounds write flaws were found in the wa...

8.8CVSS8.5AI score0.05412EPSS
Exploits0References17Affected Software2
Total number of security vulnerabilities5000