Lucene search
K
VeracodeMost viewed

38332 matches found

Veracode
Veracode
•added 2024/04/11 2:0 a.m.•35 views

Sensitive Information Disclosure

GnuTLS is vulnerable to Sensitive Information Disclosure. The vulnerability is due to exploiting deterministic behavior in systems like GnuTLS, particularly when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag, which can lead to a noticeable step in nonce size from 513 to 512 bits, exposing a...

5.3CVSS5.8AI score0.00718EPSS
Exploits0References16Affected Software1
Veracode
Veracode
•added 2024/04/04 7:58 a.m.•35 views

Local File Inclusion

voila is vulnerable to Local File Inclusion. The vulnerability is due to improper handling of file paths within app.py which allows an attacker to access readable files on the server's filesystem...

7.5CVSS6.7AI score0.00725EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2024/04/02 6:2 a.m.•35 views

Infinite Loop

protobuf is vulnerable to an infinite loop. The vulnerability is due to improper handling of malformed JSON structures, specifically when unmarshaling into messages containing a google.protobuf.Any value or when the UnmarshalOptions.DiscardUnknown option is set. This can potentially leads to deni...

7.5CVSS6.5AI score0.01262EPSS
Exploits0References9Affected Software2
Veracode
Veracode
•added 2024/03/19 4:37 p.m.•35 views

Improper Access Control

org.springframework.security: spring-security-core is vulnerable to Authentication Bypass. The vulnerability is due to the isFullyAuthenticated method within the AuthenticatedVoter class incorrectly returning true if the authentication parameter is null, resulting in broken access control. Note...

8.2CVSS6.7AI score0.00948EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/03/11 7:18 a.m.•35 views

XML Entity Expansion

libexpat is vulnerable to XML Entity Expansion. The vulnerability is caused due to insufficient input validation and handling of external entities in the XML parser. This allows an attacker to perform an XML Entity Expansion attack...

7.5CVSS6.7AI score0.02006EPSS
Exploits1References8Affected Software2
Veracode
Veracode
•added 2024/03/08 10:52 a.m.•35 views

Data Amplification

github.com/go-jose/go-jose is vulnerable to Data Amplification. The vulnerability due to insufficient checks or controls in the handling of compressed data within the Decrypt or DecryptMulti functions. Specifically, when an attacker sends a JSON Web Encryption JWE containing compressed data, the...

4.3CVSS6.6AI score0.01956EPSS
Exploits0References14Affected Software3
Veracode
Veracode
•added 2024/03/08 7:28 a.m.•35 views

Denial Of Service (DoS)

jose is vulnerable to Denial Of Service DoS. This vulnerability is due to a flaw in the support for decompressing plaintext post-decryption. An attacker can exploit a scenario with exceptionally high compression ratios, leading to JWE token lengths falling below application-defined limits. This...

4.9CVSS6.5AI score0.02085EPSS
Exploits0References8Affected Software3
Veracode
Veracode
•added 2024/02/08 7:42 a.m.•35 views

Denial Of Service (DoS)

Django is vulnerable to Denial Of Service DoS. The vulnerability is due to inefficient string processing within the intcomma template filter when a long string is parsed. This issue can be exploited by an attacker to cause DoS...

7.5CVSS6.5AI score0.01606EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2024/02/06 2:50 p.m.•35 views

Bleichenbacher Timing Attack

M2Crypto is vulnerable to Bleichenbacher Timing Attack. The vulnerability is due insecure padding schemes, resulting in the exposure of confidential or sensitive data...

7.5CVSS6.9AI score0.01124EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/02/06 12:32 p.m.•35 views

Use After Free

libxml2 is vulnerable to Use After Free. The vulnerability is caused due to a lack of validation within the xmlTextReader module. When parsing a crafted XML document using the XML Reader interface with DTD validation and XInclude expansion enabled, a xmlValidatePopElement use-after-free exception...

7.5CVSS7.1AI score0.01375EPSS
Exploits3References4Affected Software4
Veracode
Veracode
•added 2024/02/03 3:53 a.m.•35 views

Information Leak

Google Chrome is vulnerable to Information Leak. The vulnerability is caused due to Inappropriate implementation in Extensions API that causes an attacker to convince a user to install a malicious extension. This can be exploited to leak cross-origin data via a crafted Chrome Extension...

4.3CVSS6AI score0.00579EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2024/02/01 10:0 p.m.•35 views

Use After Free

chromium is vulnerable to Use After Free. The vulnerability is due to improper handling of memory within the Network component, This potentially allowing a remote attacker to exploit heap corruption through a malicious file and can leads to Denial of service...

8.8CVSS7AI score0.0093EPSS
Exploits0References5Affected Software3
Veracode
Veracode
•added 2024/01/30 8:19 p.m.•35 views

Denial Of Service (DOS)

mariadb is vulnerable to Denial Of Service DOS. The vulnerability is due to how the InnoDB component handles certain conditions, allowing a high privileged attacker with network access via multiple protocols to cause a hang or frequently repeatable crash of the MySQL Server...

4.9CVSS6.2AI score0.01782EPSS
Exploits0References11Affected Software1
Veracode
Veracode
•added 2024/01/30 7:15 p.m.•35 views

Out-of-bounds Write

openssl:edge is vulnerable of Out-of-bounds Write. The vulnerability due to the application state might be corrupted with various application dependent consequences when returning to the caller. It allows an attacker could get complete control of the application process which leads to denial of...

6.5CVSS7AI score0.02323EPSS
Exploits0References13Affected Software1
Veracode
Veracode
•added 2024/01/29 6:23 a.m.•35 views

Denial Of Service (DoS)

libtiff.so is vulnerable to Heap-based Buffer Overflow. The vulnerability is due to a lack of validation for row parameter in the TIFFReadRGBATileExt function within tifgetimage.c. This flaw allows a remote attacker to pass a crafted TIFF file to which results in improper handling of data, causin...

7.5CVSS6.7AI score0.02187EPSS
Exploits0References23Affected Software1
Veracode
Veracode
•added 2024/01/24 8:40 a.m.•35 views

Expired Pointer Dereference

squid is vulnerable to Expired Pointer Dereference. The vulnerability is due to the usage of a pointer after dereference. An attacker can exploit this vulnerability to mount a Denial Of Service DOS attack against Cache Manager error responses when generating error pages for Client Manager reports...

6.5CVSS6.7AI score0.6005EPSS
Exploits1References9Affected Software1
Veracode
Veracode
•added 2024/01/13 9:20 a.m.•35 views

Out-of-bounds Write

qemu is vulnerable to Out-of-bounds Write. The vulnerability is due to there is no proper bounds checking in the virtionetflushtx function of QEMU's virtio-net device when certain guest features are enabled. This oversight allows for a stack-based buffer overflow, enabling a malicious user to...

5.3CVSS7AI score0.0033EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2024/01/02 7:50 a.m.•35 views

SQL Injection

jeecg-boot is vulnerable to SQL Injection. The vulnerability is due to improper input validation within the /sys/replicate/check component. This could allow an attacker to inject malicious input leading to SQL Injection...

9.8CVSS7.6AI score0.00922EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2023/12/28 11:12 a.m.•35 views

Cross-Site Scripting

cacti is vulnerable to Cross-Site Scripting. The vulnerability is due to in templatesimport.php When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, potentially leads to XSS...

6.9AI score
Exploits0References3Affected Software1
Veracode
Veracode
•added 2023/12/28 8:43 a.m.•35 views

SQL Injection

Cacti is vulnerable to SQL Injection. The vulnerability is due to a lack of input sanitization in pollers.php script. This allows an attacker to potentially execute malicious SQL code, resulting in a SQL injection...

8.8CVSS7.3AI score0.84628EPSS
Exploits4References6Affected Software1
Veracode
Veracode
•added 2023/12/25 2:3 p.m.•35 views

Directory Traversal

Asterisk is vulnerable to Directory Traversal. The vulnerability arises because it allows the reading of any arbitrary file, even when the livedangerously setting is not enabled.This allows arbitrary files to be read...

7.5CVSS6.8AI score0.4557EPSS
Exploits3References5Affected Software1
Veracode
Veracode
•added 2023/12/12 7:10 a.m.•35 views

Denial Of Service (DoS)

github.com/golang/go is vulnerable to Denial Of Service DoS. The vulnerability exists because the readChunkLine function in chunked.go does not properly check the bytes from the request or response body. A malicious attacker can exploit this to cause a server to automatically read a large amount ...

5.3CVSS6.4AI score0.01208EPSS
Exploits0References9Affected Software2
Veracode
Veracode
•added 2023/11/30 6:37 p.m.•35 views

Code Injection

dotnet is vulnerable to Code Injection. The vulnerability is due to lack of adequate validation for untrusted URIs provided to System.Net.WebRequest.Create. This allows an attacker can provide a specially crafted URI to the WebRequest.Create method, that could potentially execute arbitrary comman...

9.8CVSS7.4AI score0.12512EPSS
Exploits0References4Affected Software4
Veracode
Veracode
•added 2023/11/29 9:58 a.m.•35 views

Denial Of Service

Reactor Netty HTTP Server is vulnerable to Denial Of Service DOS. The vulnerability is due to the improper validation of HTTP requests while if the micrometer integration is enabled, which can result in Denial Of Service...

7.5CVSS6.9AI score0.00906EPSS
Exploits0References3Affected Software2
Veracode
Veracode
•added 2023/11/29 7:59 a.m.•35 views

Denial Of Service (DoS)

Spring Boot is vulnerable to Denial Of Service. The vulnerability is due to parsing malicious HTTP Request without proper validation or sanitization. This issue can be exploited by an attacker via crafting mailicous HTTP Request leading to Denial Of Service. Note that the following conditions mus...

6.5CVSS7AI score0.01219EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2023/11/28 8:56 a.m.•35 views

Denial Of Service

Vim is vulnerable to Denial Of Service. The vulnerability is due to a floating point exception caused while calculating the line offset for overlong lines, with smooth scrolling and cpo-settings enabled...

4.3CVSS7AI score0.00668EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2023/11/06 10:53 a.m.•35 views

Denial Of Service (DoS)

LibTIFF is vulnerable to Denial of Service. The vulnerability is due to mishandling memory allocation for short files in the TIFFReadDirEntryArray function. This can potentially lead to an allocation failure and application crash...

7.5CVSS7AI score0.02671EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2023/11/05 1:8 a.m.•35 views

Buffer Overflows

qemu is vulnerable to Buffer Overflows. A guest I/O address overflow vulnerability allows an attacker to overwrite arbitrary memory on the host system by exploiting a flaw in the way that QEMU handles guest I/O operations...

7CVSS7AI score0.00231EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2023/11/02 9:55 p.m.•35 views

Cross-site Scripting (XSS)

chromium is vulnerable to Remote Code Execution RCE. The vulnerability exists due to the inappropriate implementation in Payments, which allows an attacker to bypass XSS preventions via a malicious file...

6.1CVSS6.7AI score0.011EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2023/11/02 6:39 p.m.•35 views

Domain Spoofing

chromium is vulnerable to Domain Spoofing. The vulnerability occurs due to incorrect security UI in Picture In Picture within google chrome which allows a remote malicious attacker to perform domain spoofing via a crafted local HTML page...

4.3CVSS6.7AI score0.00619EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2023/10/20 7:48 a.m.•35 views

Denial Of Service (DoS)

apache2 is vulnerable to Denial of Service DoS. This vulnerability allows an attacker to cause denial of service conditions on a vulnerable system by exploiting a race condition that occurs when a HTTP/2 connection is reset RST frame by a client...

5.9CVSS6.6AI score0.03024EPSS
Exploits1References7Affected Software1
Veracode
Veracode
•added 2023/10/19 2:47 p.m.•35 views

Privilege Escalation

samba is vulnerable to Privilege Escalation. A design flaw in the Samba DirSync control implementation that exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs allows RODCs and users possessing the GETCHANGES right to access all attributes,...

7.5CVSS6.7AI score0.01151EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2023/10/12 2:31 p.m.•35 views

Information Disclosure

tomcat-catalina is vulnerable to information disclosure. This vulnerability exists due to an improper request recycling mechanism, allowing an attacker to possibly access other requests...

5.3CVSS6.5AI score0.0216EPSS
Exploits1References10Affected Software2
Veracode
Veracode
•added 2023/10/08 6:5 a.m.•35 views

Denial Of Service (DoS)

wireshark is vulnerable to Denial of Service DoS. A memory leak in the RTPS dissector allows a remote attacker to cause a denial of service DoS attack by sending a specially crafted RTPS packet...

6.5CVSS6.6AI score0.00485EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2023/10/08 3:50 a.m.•35 views

Denial Of Service (DoS)

ghostscript is vulnerable to Denial Of Service DoS. A divide-by-zero vulnerability in the epsprintpage function in gdevepsn.c allows a local attacker to cause a denial of service by opening a specially crafted PDF document...

5.5CVSS6.3AI score0.00619EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2023/10/02 7:13 p.m.•35 views

Information Disclosure

openjdk8 is vulnerable to Information Disclosure. An attacker can access the vulnerable library through the multiple network and gain read access to the subset of Oracle Java SE, Oracle GraalVM Enterprise Edition and Oracle GraalVM...

3.7CVSS6.5AI score0.01164EPSS
Exploits0References6Affected Software3
Veracode
Veracode
•added 2023/09/25 9:18 a.m.•35 views

Insecure Temporary Files

org.jenkins-ci.main: jenkins-core is vulnerable to Insecure Temporary Files. The vulnerability is caused by not restricting permissions to the temporary file in the system temporary directory and leaving the newly created files with default permissions which are created by the Jenkins API...

8.1CVSS7.3AI score0.008EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2023/09/01 4:4 p.m.•35 views

Denial Of Service (DoS)

wireshark is vulnerable to Denial of Service DoS attacks. The vulnerability exists in the packet-cp2179.c file. The file is responsible for decoding CP2179 packets. The vulnerability occurs when the file fails to properly check the length of a packet. This can cause Wireshark to divide by zero,...

6.5CVSS6.7AI score0.02771EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2023/08/31 8:28 p.m.•35 views

Denial Of Service (DoS)

binutils is vulnerable to Denial of Service DoS attacks. The vulnerability exists in the loadseparatedebugfiles function in the dwarf2.c file. The function is responsible for loading debug information from separate ELF files. The vulnerability occurs when the function fails to properly check the...

5.5CVSS6.5AI score0.00483EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2023/08/06 11:23 p.m.•35 views

Improper Input Validation

chromium is vulnerable to Improper Input Validation. The vulnerability exists due to inappropriate implementation in Autofill in Google Chrome which allows a remote attacker to bypass navigation restrictions via a crafted HTML page...

5.4CVSS6.3AI score0.00373EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2023/08/06 4:19 a.m.•35 views

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability allows a project maintainer to access the DataDog integration API key from webhook logs resulting in disclosure of sensitive information...

6.8CVSS6.6AI score0.00662EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2023/07/26 12:52 p.m.•35 views

Path Traversal

org.apache.shiro:shiro-web is vulnerable to Path Traversal. The vulnerability exists in InvalidRequestFilter.java because it does not properly validate downloaded files for subpaths, which allows an attacker to to write to a directory outside the restricted path...

9.8CVSS6.3AI score0.01533EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2023/07/22 8:59 a.m.•35 views

Remote Code Execution (RCE)

gitlab is vulnerable to Remote Code Execution RCE. The vulnerability exists due to the lack of input validation of the library, which allows an attacker to inject and execute malicious code via the import from the GitHub API endpoint...

9.9CVSS7.8AI score0.86194EPSS
Exploits5References5Affected Software1
Veracode
Veracode
•added 2023/07/19 1:25 a.m.•35 views

Improper Authentication

openssl is vulnerable to Improper Authentication. The vulnerability allows applications that use the 'AES-SIV' algorithm and want to authenticate empty data entries to be misled by removing adding or reordering empty entries causing the issue...

5.3CVSS6.8AI score0.00525EPSS
Exploits0References12Affected Software2
Veracode
Veracode
•added 2023/07/14 9:36 a.m.•35 views

Path Traversal

apacheairflow is vulnerable to Path Traversal. The vulnerability exists because the DagRun.runid parameter is not properly sanitized which allows an attacker to gain access to unauthorized files outside the intended directory...

6.5CVSS7AI score0.01874EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2023/06/07 7:41 a.m.•35 views

Improper Certificate Validation

org.keycloak:keycloak-services is vulnerable to Improper Certificate Validation. The flaw relies on enabling Revalidate Client Certificate and not validating the reverse proxy before Keycloak. An attacker is able to choose the server-validated certificate, resulting in authentication bypass...

6.5CVSS7AI score0.00425EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2023/06/04 9:58 a.m.•35 views

Denial Of Service (DoS)

libcurl.so is vulnerable to Denial of Service DoS attacks. Although libcurl offers a number of backends for resolving host names, name resolves may time out if built to use the synchronous resolver to slowdown operations with alert and siglongjmp, resulting in multi-threaded application showing...

5.9CVSS6.7AI score0.02658EPSS
Exploits1References12Affected Software2
Veracode
Veracode
•added 2023/06/04 9:13 a.m.•35 views

Information Disclosure

libcurl.so is vulnerable to Information Disclosure. The SSH server's public key is verified with the use of a SHA 256 hash functionality provided by the library, however if the check is unsuccessful, the fingerprint's memory will be released before an error message is returned. This issue puts...

7.5CVSS6.8AI score0.02489EPSS
Exploits1References12Affected Software3
Veracode
Veracode
•added 2023/05/17 4:33 a.m.•35 views

Reflected File Download

github.com/gin-gonic/gin is vulnerable to Reflected File Download. The vulnerability exists because the FileAttachment function of context.go does not properly sanitize the filename parameter, which allows an attacker to modify the Content-Disposition header and replace the .txt file name suffix...

4.3CVSS6.7AI score0.00482EPSS
Exploits2References6Affected Software1
Veracode
Veracode
•added 2023/05/16 4:41 a.m.•35 views

Denial Of Service (DoS)

distribution is vulnerable to Denial of Service DoS attacks. The vulnerability is due to the /v2/catalog endpoint which may potentially cause Denial of Service conditions on systems running on a memory restricted environment. The endpoint has an optional parameter n for the max amount of records...

6.5CVSS6.8AI score0.00938EPSS
Exploits0References4Affected Software2
Total number of security vulnerabilities5000