Lucene search
K
VeracodeMost viewed

38332 matches found

Veracode
Veracode
•added 2022/05/23 4:21 a.m.•35 views

User Impersonation Via Anonymous Access

github.com/argoproj/argo-cd is vulnerable to user impersonation. An attacker is able to send an invalid JSON Web Token JWT along with a request if anonymous access to the Argo CD instance is enabled, allowing an unauthenticated user to get access with same privilege, create, manipulate and delete...

10CVSS8.9AI score0.01857EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2022/05/13 9:20 a.m.•35 views

Information Disclosure

eventsource is vulnerable to information disclosure. The vulnerability exists in few function in eventsource.js due to the leakage of cookies and authorization headers to external sites which allows an attacker to steal user credentials and perform unauthorized actions...

9.3CVSS3.9AI score0.01686EPSS
Exploits1References5Affected Software3
Veracode
Veracode
•added 2022/05/12 4:56 a.m.•35 views

Denial Of Service (DoS)

libtiff.so is vulnerable to denial of service DoS attacks. A malicious user is able to cause denial-of-service conditions via an out-of-bounds read in LZWDecode in libtiff/tiflzw.c through a crafted tiff file...

5.5CVSS3.5AI score0.01206EPSS
Exploits1References10Affected Software1
Veracode
Veracode
•added 2022/05/10 4:29 a.m.•35 views

Host Header Injection

craftcms/cms is vulnerable to host header injection. The vulnerability exists due to the lack of validation in the password reset token in processInvalidToken function of UsersController.php, allowing an attacker with valid email addresses or account names to manipulate the password reset...

8.8CVSS1.1AI score0.04452EPSS
Exploits3References7Affected Software1
Veracode
Veracode
•added 2022/04/26 4:59 a.m.•35 views

Privilege Escalation

qemu is vulnerable to privilege escalation. The vulnerability exists due to a lack of validation of authorization which allows an attacker to create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is...

7.8CVSS5AI score0.00332EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2022/04/26 4:18 a.m.•35 views

XML External Entity (XXE) Injection

Opensagres XDocReport Document is vulnerable to XML external entity injection. The vulnerability exists in preprocess function in SAXXDocPreprocessor because the XML parser is not properly configured which allows an attacker to inject malicious XML input via weakly configured parser...

5.5AI score
Exploits0
Veracode
Veracode
•added 2022/04/25 8:12 a.m.•36 views

Insecure Defaults

github.com/cri-o/cri-o is vulnerable to insecure defaults. The vulnerability exists because its containers started incorrectly with non-empty inheritable Linux process capabilities, allowing an unprivileged user to gain inheritable file capabilities up to the container's bounding set...

5.3CVSS4.7AI score0.00241EPSS
Exploits0References3Affected Software2
Veracode
Veracode
•added 2022/04/13 2:34 p.m.•35 views

Denial Of Service (DoS)

subversion is vulnerable to denial of service. The vulnerability exists due to a use after free memory corruption...

7.5CVSS3.5AI score0.09254EPSS
Exploits0References14Affected Software1
Veracode
Veracode
•added 2022/04/13 10:14 a.m.•35 views

Denial Of Service (DoS)

libxml2 is vulnerable to denial of service. The vulnerability exists due to an integer overflow in xmlmemory.c...

8.8CVSS3.7AI score0.02979EPSS
Exploits0References12Affected Software1
Veracode
Veracode
•added 2022/04/13 8:50 a.m.•35 views

Arbitrary File Upload

express-fileupload is vulnerable to arbitrary file upload. The vulnerability exists due to a lack of verification of the number of files being sent to the writeStream function...

7.5CVSS2.5AI score0.01359EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2022/04/13 7:35 a.m.•35 views

Denial Of Service (DoS)

ruby is vulnerable to denial of service. The vulnerability exists due to a Double free in Regexp compilation which allows an attacker to crash the application via malicious input...

9.8CVSS4AI score0.02572EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2022/04/12 4:29 a.m.•35 views

Denial Of Service (DoS)

nokogiri is vulnerable to Denial Of Service DoS. SAX parser's inefficient entity handling for regular expressions causes excessive backtracking when a malicious documents are parsed which allows an attacker to cause an application crash...

7.5CVSS5.1AI score0.03549EPSS
Exploits0References14Affected Software3
Veracode
Veracode
•added 2022/04/10 10:49 p.m.•35 views

Arbitrary File Write

libarchive is vulnerable to arbitrary file write. An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would...

7.8CVSS3.3AI score0.00366EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2022/04/09 12:46 a.m.•35 views

Denial Of Service (DoS)

firefox is vulnerable to Denial Of Service DoS. The vulnerability exists due to lack of sanitization of regex which allows an attacker to crash the application via malicious input...

7.5CVSS8AI score0.1446EPSS
Exploits1References16Affected Software9
Veracode
Veracode
•added 2022/04/07 9:28 a.m.•35 views

Heap-based Buffer Overflow

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2...

7.8CVSS3.3AI score0.01687EPSS
Exploits1References11Affected Software1
Veracode
Veracode
•added 2022/04/06 6:36 a.m.•35 views

Symlink Attack

github.com/beego/beego is vulnerable to symlink attack. Lack of sufficient check for the existence of files created allows an attacker to use MemProf and GetCPUProfile commands to trigger the symbolic link attack locally...

7.8CVSS3.3AI score0.00432EPSS
Exploits1References1Affected Software1
Veracode
Veracode
•added 2022/04/04 7:50 a.m.•35 views

Remote Code Execution (RCE)

Dompdf is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of the font type via a .php file in the src:url field of an @font-face Cascading Style Sheets CSS statement within an HTML input file...

9.8CVSS1.5AI score0.82438EPSS
Exploits8References5Affected Software1
Veracode
Veracode
•added 2022/03/31 4:16 a.m.•35 views

HTTP Request Smuggling

puma is vulnerable to HTTP request smuggling. When using the library behind a proxy that does not properly validate the incoming HTTP requests with the RFC7230 standard, puma and the frontend proxy contradict on where one request starts and where it ends, resulting in requests to be smuggled via...

9.1CVSS1AI score0.0214EPSS
Exploits0References13Affected Software3
Veracode
Veracode
•added 2022/03/22 7:58 a.m.•35 views

Information Exposure

topthink/think is vulnerable to information exposure. The vulnerability exists due to a lack of input validation which allows an attacker to access sensitive informations in the system...

7.5CVSS3AI score0.04748EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2022/03/19 11:30 a.m.•35 views

Privilege Escalation

MariaDB is vulnerable to privilege escalation. The vulnerability exists due to a Heap-based Buffer Overflow Privilege Escalation Vulnerability...

7.8CVSS4.7AI score0.00645EPSS
Exploits0References14Affected Software3
Veracode
Veracode
•added 2022/03/17 6:54 a.m.•35 views

Side-Channel Attacks

hostapd is vulnerable to side channel attack. The vulnerability exists due to cache access patterns...

9.8CVSS1.9AI score0.02944EPSS
Exploits0References9Affected Software1
Veracode
Veracode
•added 2022/03/13 6:0 a.m.•35 views

Denial Of Service (DoS)

vim is vulnerable to denial of service. The vulnerability exists due to an Out-of-range Pointer Offset...

7.8CVSS3.1AI score0.01607EPSS
Exploits1References11Affected Software1
Veracode
Veracode
•added 2022/03/12 6:50 a.m.•35 views

Buffer Overflow

vim is vulnerable to buffer overflow. The vulnerability exists due to the use of Out-of-range Pointer Offset...

8.8CVSS3.9AI score0.01622EPSS
Exploits1References13Affected Software1
Veracode
Veracode
•added 2022/03/12 12:42 a.m.•35 views

Remote Code Execution (RCE)

cyrus-sasl is vulnerable to remote code execution. The vulnerability exists due to an unescaped password for a SQL INSERT or UPDATE statement...

8.8CVSS2.8AI score0.04123EPSS
Exploits0References16Affected Software2
Veracode
Veracode
•added 2022/03/08 5:2 p.m.•35 views

Denial Of Service (DoS)

php is vulnerable to denial of service. The vulnerability exists due to a lack of sanitization of changes to string objects in the zendstringextend function in Zend/zendstring.h...

9.8CVSS2.6AI score0.07191EPSS
Exploits1References4Affected Software2
Veracode
Veracode
•added 2022/03/07 2:56 a.m.•35 views

Remote Code Execution (RCE)

razorengine is vulnerable to remote code execution. The vulnerability exists because it does not sanitize the CAS code access security of an insecure sandboxed environment, allowing an attacker to execute maliciously crafted .NET code into the system...

9.8CVSS4.5AI score0.01832EPSS
Exploits2References2Affected Software1
Veracode
Veracode
•added 2022/03/06 3:56 p.m.•35 views

Denial Of Service (DoS)

firefox is vulnerable to denial of service. The vulnerability exists due to a use-after-free was discovered when removing an XSLT parameter in some circumstances...

9.6CVSS2.1AI score0.02349EPSS
Exploits1References4Affected Software6
Veracode
Veracode
•added 2022/03/04 9:43 a.m.•35 views

Information Disclosure

github.com/containerd/containerd is vulnerable to information disclosure. Remote unauthenticated attackers are able to gain access read-only copies of arbitrary files and directories on the host via a specially-crafted image configuration resulting in disclosure of sensitive information...

7.5CVSS4.2AI score0.27392EPSS
Exploits4References17Affected Software1
Veracode
Veracode
•added 2022/03/04 7:5 a.m.•35 views

Denial Of Service (DoS)

libvirt.so is vulnerable to denial of service. Lack of proper handling of a locked virStoragePoolObj object to release on ACL permission failure in the function virStoragePoolLookupByTargetPath allows other users to access storage pool APIs, causing an application crash...

6.5CVSS3.4AI score0.01366EPSS
Exploits0References11Affected Software1
Veracode
Veracode
•added 2022/02/22 9:0 a.m.•35 views

Denial Of Service (DoS)

libexpat.so is vulnerable to denial of service. The vulnerability exists due to the heap overflow in the resolveinstalled function of solver.c, allowing an attacker to cause an application crash...

2.2AI score
Exploits0References5Affected Software2
Veracode
Veracode
•added 2022/02/14 11:49 a.m.•35 views

Information Disclosure

github.com/portainer/agent is vulnerable to information disclosure. The API server may continue running even after the associated Portainer instance connection is terminated allowing remote attackers to gain access to sensitive information...

9.8CVSS4.3AI score0.01619EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2022/02/14 11:26 a.m.•35 views

Validation Bypass

github.com/cri-o/cri-o is vulnerable to Validation Bypass. When an attacker creates a pod with a hostIPC and hostNetwork kernel namespace, the attacker is able to apply sysctls from the list of safe sysctls specified for the cluster resulting in unauthorized access due to insufficient validations...

4.2CVSS2.5AI score0.00768EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2022/02/14 1:14 a.m.•35 views

Denial Of Service (DoS)

vim is vulnerable to denial of service. The vulnerability exists due to a use After Free...

7.8CVSS2.4AI score0.01395EPSS
Exploits1References10Affected Software1
Veracode
Veracode
•added 2022/02/09 6:49 a.m.•35 views

Remote Code Execution (RCE)

firefox is vulnerable to remote code execution. The vulnerability when a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible...

8.8CVSS3.1AI score0.00564EPSS
Exploits0References6Affected Software6
Veracode
Veracode
•added 2022/01/29 5:20 p.m.•35 views

Denial Of Service (DoS)

openjdk1 is vulnerable to denial of service. The vulnerability exists due to improper input validation in the ImageIO component allows attacker to perform service disruption...

5.3CVSS3.9AI score0.03091EPSS
Exploits0References8Affected Software6
Veracode
Veracode
•added 2022/01/29 5:17 p.m.•35 views

Improper Input Validation

openjdk11, edge is vulnerable to improper input validation. The vulnerability exists due to improper input validation within the JAXP component allow attacker to exploit this vulnerability to gain access to sensitive information...

5.3CVSS3.1AI score0.02877EPSS
Exploits0References9Affected Software8
Veracode
Veracode
•added 2022/01/26 2:30 p.m.•35 views

Denial Of Service (DoS)

util-linux:sid is vulnerable to denial of service...

5.5CVSS2.3AI score0.00634EPSS
Exploits3References11Affected Software3
Veracode
Veracode
•added 2022/01/20 8:41 a.m.•35 views

Information Disclosure

github.com/grafana/grafana is vulnerable to information disclosure. When the forward auth identity is enabled, the library sends the OAuth identity of the most recently logged-in user when sending a query to the data source, allowing an attacker to retrieve sensitive data from the most recently...

4.3CVSS3.8AI score0.02013EPSS
Exploits0References10Affected Software9
Veracode
Veracode
•added 2022/01/20 6:22 a.m.•35 views

Remote Code Execution (RCE)

chromium-browser is vulnerable to remote code execution. The vulnerability exists due to the issue in the Object lifecycle in ANGLE...

8.8CVSS2.9AI score0.00738EPSS
Exploits0References3Affected Software2
Veracode
Veracode
•added 2022/01/15 12:34 a.m.•35 views

Type Confusion

Google Chrome is vulnerable to type confusion which allows a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS3AI score0.01387EPSS
Exploits0References7Affected Software2
Veracode
Veracode
•added 2022/01/15 12:30 a.m.•35 views

Use After Free

chrome is vulnerable to use-after free. The vulnerability exists due to a heap corruption via a crafted Chrome Extension...

8.8CVSS2.2AI score0.00947EPSS
Exploits0References7Affected Software2
Veracode
Veracode
•added 2022/01/11 8:52 a.m.•35 views

Information Dislcosure

pillow is vulnerable to information disclosure. The vulnerability exists because the pillow doesn't restrict the builtins available in eval function of ImageMath.py which allows an attacker to evaluate arbitrary expressions and gain access to sensitive information...

9.8CVSS3AI score0.03399EPSS
Exploits0References9Affected Software3
Veracode
Veracode
•added 2022/01/11 3:52 a.m.•35 views

Denial Of Service (DoS)

libexpat.so is vulnerable to denial of service. The vulnerability exists due to the integer overflow in the lookup of xmlparse.c, allowing an attacker to cause an application crash...

8.8CVSS3.6AI score0.02614EPSS
Exploits0References7Affected Software23
Veracode
Veracode
•added 2022/01/07 9:51 a.m.•35 views

Remote Code Execution (RCE)

h2 is vulnerable to remote code execution. The vulnerability exists due to the use of javax.naming.Context.lookup method which performs JNDI lookup,as a dangerous function/sink, allowing an attacker to load custom class/ remote LDAP/RMI queries and execute malicious code in a process with H2...

9.8CVSS3.1AI score0.63211EPSS
Exploits3References7Affected Software27
Veracode
Veracode
•added 2021/12/10 7:36 a.m.•35 views

Spoofing Attack

Thunderbird and Firefox are vulnerable to spoofing attack. The vulnerability exists due to a misuse of a race in the notification code allowing an attacker to forcefully hide the notification for pages that had received full screen and pointer lock access...

4.3CVSS2.7AI score0.01158EPSS
Exploits0References13Affected Software7
Veracode
Veracode
•added 2021/12/10 7:35 a.m.•35 views

Remote Code Execution (RCE)

thunderbird is vulnerable to remote code execution. The vulnerability exists due to the lack of sanitization of the execution context which allows Javascript to be enabled in the composition area...

6.5CVSS4AI score0.01267EPSS
Exploits0References8Affected Software4
Veracode
Veracode
•added 2021/11/17 11:52 p.m.•35 views

Privilege Escalation

github.com/grafana/grafana is vulnerable to privilege escalation. The vulnerability exists due to a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users roles in other organizations in which they are not an admin...

9.1CVSS7.7AI score0.02834EPSS
Exploits0References6Affected Software2
Veracode
Veracode
•added 2021/11/03 4:37 a.m.•35 views

LDAP Injection

github.com/stevenweathers/thunderdome-planning-poker is vulnerable to LDAP injection. Lack of an escape filter allows remote attackers to inject specially crafted values through UserName parameter resulting in LDAP injection vulnerability. Successful attackers are able to read, modify or delete...

9.8CVSS5.9AI score0.01467EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2021/10/20 2:39 a.m.•35 views

Denial Of Service (DoS)

qt5-qtwebengine:edge is vulnerable to denial of service...

8.8CVSS2.2AI score0.00991EPSS
Exploits0References7Affected Software3
Veracode
Veracode
•added 2021/10/18 2:27 p.m.•35 views

Denial Of Service (DoS)

MySQL is vulnerable to denial of service. An attacker is able to exploit the vulnerability by accessing the network and crashing the system...

4.9CVSS3.9AI score0.02336EPSS
Exploits0References13Affected Software1
Total number of security vulnerabilities5000