Lucene search
K
VeracodeMost viewed

38332 matches found

Veracode
Veracode
•added 2021/02/25 4:59 p.m.•35 views

Denial Of Service (DoS)

asterisk is vulnerable to denial of service DoS. A respjsipsession crash was discovered in Asterisk Open Source. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the...

5.3CVSS0.8AI score0.01969EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2021/02/11 5:23 p.m.•35 views

Denial Of Service (DoS)

subversion is vulnerable to denial of service. An unauthenticated remote attacker attacker is able to crash the application via the modauthzsvn module by requesting for a non-existing repository URL, if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option...

7.5CVSS5.1AI score0.37516EPSS
Exploits1References4Affected Software2
Veracode
Veracode
•added 2021/01/27 7:32 p.m.•35 views

Information Disclosure

firefox is vulnerable to information disclosure. The vulnerability exists by combining the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine...

7.4CVSS0.01323EPSS
Exploits0References9Affected Software9
Veracode
Veracode
•added 2021/01/21 4:35 p.m.•35 views

Privilege Escalation

xen is vulnerable to privilege escalation. The vulnerability exists through a data leak caused by an AMD IOMMU page-table entry that can be half-updated...

7.8CVSS3.6AI score0.00251EPSS
Exploits0References12Affected Software1
Veracode
Veracode
•added 2021/01/20 8:34 a.m.•35 views

Prototype Pollution

gsap is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

7.5CVSS3.7AI score0.016EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2021/01/14 5:32 a.m.•35 views

Regular Expression Denial Of Service (ReDoS)

jquery-validation is vulnerable to regular expression denial of service. An insecure use of a regular expression to parse URLs allows an attacker to cause a denial of service condition via a malicious URL...

7.5CVSS5.4AI score0.03532EPSS
Exploits0References9Affected Software3
Veracode
Veracode
•added 2021/01/11 6:12 p.m.•35 views

Arbitrary Code Execution

jasper is vulnerable to arbitrary code execution. An out-of-bounds write vulnerability in the jpc encoder allows an attacker to execute arbitrary code on the host OS via a malicious input...

7.8CVSS5.1AI score0.01371EPSS
Exploits1References11Affected Software1
Veracode
Veracode
•added 2020/12/31 5:2 p.m.•35 views

Denial Of Service (DoS)

xen is vulnerable to denial of service DoS. The vulnerability exists in oxenstored, where a owner could give a node away, causing guest can run out of quota, or create an unbounded number of nodes owned by dom0, thus running xenstored out of memory...

6CVSS3.8AI score0.00406EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2020/12/24 9:46 p.m.•35 views

Denial Of Service (DoS)

open-iscsi is vulnerable to denial of service DoS. The vulnerability exists through an Out-of-Bounds read in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upperlayerchksum in net/ipv4/uip.c...

7.5CVSS3AI score0.03194EPSS
Exploits0References4Affected Software3
Veracode
Veracode
•added 2020/12/23 4:51 p.m.•35 views

Denial Of Service (DoS)

openjpeg is vulnerable to denial of service. It is possible due to a heap-buffer-overflow in lib/openjp2/mqc.c which allows an attacker to cause an application crash...

7.8CVSS7.3AI score0.02008EPSS
Exploits1References9Affected Software4
Veracode
Veracode
•added 2020/12/22 4:41 a.m.•35 views

Insecure XML Parsing

github.com/crewjam/saml does not perform secure XML parsing. An attacker is able to forge part of a signed XML document due to a lack of validation...

9.8CVSS3.2AI score0.04872EPSS
Exploits1References9Affected Software2
Veracode
Veracode
•added 2020/12/21 6:50 p.m.•35 views

Denial Of Service(DoS)

chromium, sid is vulnerable to Denial of ServiceDoS. Inappropriate implementation in V8 in Google Chrome allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS2.7AI score0.01653EPSS
Exploits0References11Affected Software1
Veracode
Veracode
•added 2020/12/14 6:36 a.m.•35 views

Command Injection

node-notifier is vulnerable to remote code execution RCE. An attacker can send malicious commands via options params as it is not sanitized when being passed as an array...

5.6CVSS4.9AI score0.01575EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2020/12/06 3:20 a.m.•35 views

Denial Of Service (DoS)

QEMU is vulnerable to denial of service attacks. An unauthenticated remote attacker could kill the QEMU process on the host due to an assertion failure in the network packet processing, resulting in a denial of service condition in nettxpktaddrawfragment in hw/net/nettxpkt.c...

3.8CVSS3.5AI score0.00377EPSS
Exploits0References9Affected Software3
Veracode
Veracode
•added 2020/12/06 3:19 a.m.•35 views

Denial Of Service (DoS)

OpenEXR is vulnerabile to denial of service and arbitrary code execution. The vulnerability exist when an invalid write of size 1 in the bufferedReadPixels function could cause the application to crash or execute arbitrary code...

8.8CVSS4.5AI score0.03143EPSS
Exploits0References11Affected Software1
Veracode
Veracode
•added 2020/11/26 6:14 a.m.•35 views

Denial Of Service (DoS)

ImageMagick is vulnerable to denial of service. An attacker is allowed to send an input value which is outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c to trigger an application crash...

3.3CVSS3.3AI score0.01147EPSS
Exploits0References5Affected Software4
Veracode
Veracode
•added 2020/11/25 8:40 a.m.•35 views

Regular Expression Denial Of Service (ReDoS)

Handlebars is vulnerable to Regular Expression Denial of Service. The attacker is able to force the parser into an endless loop through maliciously crafted templates...

7.5CVSS4.2AI score0.03793EPSS
Exploits0References4Affected Software11
Veracode
Veracode
•added 2020/11/24 5:49 a.m.•35 views

XML External Entity (XXE)

typo3/cms-core is vulnerable to XML external entities XXE. The vulnerability exists as the libxml object in getRssItems of RssWidget.php does not disable external entities...

3.7CVSS4.5AI score0.00636EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2020/11/19 11:31 a.m.•35 views

Remote Code Execution

unomi-plugins-base is vulnerable to arbitrary code execution. An insufficient fix for CVE-2020-11975 allows an attacker to bypass the allowlist and blocklist and remotely execute arbitrary code...

9.8CVSS5.1AI score0.68398EPSS
Exploits9References18Affected Software1
Veracode
Veracode
•added 2020/11/18 2:39 a.m.•35 views

Cross-site Scripting (XSS)

typo3/fluid is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute malicious script in a user's browser via 1 additionalAttributes arrays 2 ViewHelpers 3 Subclasses of AbstractConditionViewHelper...

8CVSS5.4AI score0.01026EPSS
Exploits1References4Affected Software2
Veracode
Veracode
•added 2020/11/17 5:32 a.m.•35 views

Remote Code Execution (RCE)

XStream is vulnerable to remote code execution RCE. The processed stream at unmarshalling time contains type information to recreate the formerly written objects, and new instances are created based on these type information. The vulnerability allows an attacker to manipulate the processed input...

8.8CVSS3.7AI score0.85001EPSS
Exploits7References20Affected Software2
Veracode
Veracode
•added 2020/11/16 4:59 a.m.•35 views

Information Disclosure

Linux kernel is vulnerable to Information Disclosure. The vulnerability exists due to insufficient access control in the Linux kernel driver for some IntelR Processors. This flaw may allow an authenticated user to potentially enable information disclosure through local access...

5.5CVSS5.9AI score0.00446EPSS
Exploits0References4Affected Software5
Veracode
Veracode
•added 2020/11/06 5:55 a.m.•35 views

Denial Of Service (DoS)

github.com/hashicorp/consul is vulnerable to denial of service DoS. Incorrect use of namespaces in comparisons allow an attacker to send infinite Raft writes to cause a namespace replication bug, leading to a resource exhaustion and an application crash...

7.5CVSS3.4AI score0.02579EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2020/11/05 3:18 a.m.•35 views

Arbitrary File Overwrite

libreoffice is vulnerable to arbitrary file overwrite. Forms allowed to be submitted to any URI could result in local file overwrite...

6.5CVSS3.4AI score0.01712EPSS
Exploits0References9Affected Software3
Veracode
Veracode
•added 2020/11/05 3:17 a.m.•35 views

Denial Of Service (DoS)

qt5-qtwebsockets is vulnerable to denial of service. An insecure websocket implementation allows only limited size for frames and messages and allows an attacker to cause a denial of service...

7.5CVSS3.6AI score0.02281EPSS
Exploits1References5Affected Software3
Veracode
Veracode
•added 2020/11/05 3:9 a.m.•35 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS.Two memory leaks in the rtlusbprobe function in 'drivers/net/wireless/realtek/rtlwifi/usb.c' allows an attacker to crash the application...

4.6CVSS3.6AI score0.00897EPSS
Exploits0References19Affected Software2
Veracode
Veracode
•added 2020/11/03 6:23 a.m.•35 views

Privilege Escalation

wordpress is vulnerable to privilege escalation. Using XML-RPC allows an unprivileged user to comment on a post as wp-includes/class-wp-xmlrpc-server.php does not enforce the permission to restrict it...

9.8CVSS2.9AI score0.05016EPSS
Exploits0References12Affected Software3
Veracode
Veracode
•added 2020/10/05 1:34 a.m.•35 views

Cross-site Scripting (XSS)

react-native-webview is vulnerable to cross-site scripting XSS. The vulnerability exists through the lack of policy enforcement that allows cross-origin iframes to execute arbitrary JavaScript in the top-level document. The vulnerability exists on all applications running on systems with an Andro...

6.5CVSS4.3AI score0.03819EPSS
Exploits0References20Affected Software1
Veracode
Veracode
•added 2020/10/01 3:53 a.m.•35 views

Arbitrary Code Execution

webkitgtk4 is vulnerable to arbitrary code execution. The vulnerability exists through memory corruption...

8.8CVSS3.8AI score0.04406EPSS
Exploits0References10Affected Software28
Veracode
Veracode
•added 2020/10/01 3:53 a.m.•35 views

Arbitrary Code Execution

webkitgtk4 is vulnerable to arbitrary code execution. The vulnerability exists through a use-after-free issue in the WebKit component...

8.8CVSS3.8AI score0.02256EPSS
Exploits0References9Affected Software28
Veracode
Veracode
•added 2020/10/01 3:50 a.m.•35 views

Opren Redirect

modauthopenidc is vulnerable to open redirect. Open redirect in logout url when using URLs with leading slashes...

6.1CVSS1.3AI score0.01535EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2020/10/01 3:46 a.m.•35 views

Out-of-bounds (OOB) Read/Write

OpenEXR is vulnerable to out-of-bounds read/write. It is possible via std::vector out-of-bounds read and write in ImfTileOffsets.cpp...

5.5CVSS2.8AI score0.01793EPSS
Exploits1References20Affected Software1
Veracode
Veracode
•added 2020/09/29 3:53 a.m.•35 views

Denial Of Service (DoS)

brotli is vulnerable to denial of service. A buffer overflow vulnerability exists where an attacker can crash the application by controlling the input length of a one-shot decompression request to a script. This happens when copying over chunks of data larger than 2 GiB...

6.5CVSS2.9AI score0.03217EPSS
Exploits0References23Affected Software4
Veracode
Veracode
•added 2020/09/24 10:38 a.m.•35 views

Buffer Overflow

The implementation of realpath used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes...

7.8CVSS3.3AI score0.00714EPSS
Exploits0References9Affected Software5
Veracode
Veracode
•added 2020/09/24 10:28 a.m.•35 views

Denial Of Service (DoS)

wireshark is vulnerable to denial of service DoS. The vulnerability exists due to insufficient validation of user-supplied input within the BLIP dissector in Wireshark...

7.5CVSS2.6AI score0.03938EPSS
Exploits1References12Affected Software1
Veracode
Veracode
•added 2020/09/21 6:34 a.m.•35 views

Denial Of Service (DoS)

sqlite3 is vulnerable to denial of service DoS. The vulnerability exists as the WITH stack continues to unwind even after a parsing error in selectExpander in select.c...

7.5CVSS4.2AI score0.03622EPSS
Exploits0References6Affected Software3
Veracode
Veracode
•added 2020/09/21 6:31 a.m.•35 views

Denial Of Service (DoS)

linux is vulnerable to denial of service DoS. The vulnerability exists as aufs improperly managed inode reference counts in the vfsubdentryopen method...

5.5CVSS2.9AI score0.002EPSS
Exploits0References2Affected Software3
Veracode
Veracode
•added 2020/09/21 6:28 a.m.•35 views

Denial Of Service (DoS)

qemu is vulnerable to denial of service DoS. The vulnerability exists through a race condition during file renaming, through v9fswstat in hw/9pfs/9p.c...

4.7CVSS2.4AI score0.00403EPSS
Exploits0References14Affected Software2
Veracode
Veracode
•added 2020/09/21 6:26 a.m.•35 views

Information Disclosure

squid3 is vulnerable to information disclosure. The vulnerability exists due to incorrect data management when processing HTTP Digest Authentication where nonce tokens that contain the raw byte value of a pointer that sits within heap memory allocation, reducing ASLR protections...

7.5CVSS0.6AI score0.40982EPSS
Exploits0References13Affected Software4
Veracode
Veracode
•added 2020/09/21 6:25 a.m.•35 views

Remote Code Execution (RCE)

php7.0 is vulnerable to remote code execution RCE. University of Washington IMAP Toolkit 2007f on UNIX, as used in imapopen in PHP and other products, launches an rsh command by means of the imaprimap function in c-client/imap4r1.c and the tcpaopen function in osdep/unix/tcpunix.c without...

7.5CVSS4.2AI score0.9523EPSS
Exploits6References21Affected Software2
Veracode
Veracode
•added 2020/09/21 6:24 a.m.•35 views

Denial Of Service (DoS)

graphicsmagick:xenial is vulnerable to denial of service DoS. The DrawImage function in magick/render.c in GraphicsMagick does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service negative strncpy and application cra...

8.8CVSS7.1AI score0.02333EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2020/09/21 6:23 a.m.•35 views

Privilege Escalation

linux is vulnerable to privilege escalation. The vulnerability exists as a reference count is mishandled in rxqueueaddkobject and netdevqueueaddkobject in net/core/net-sysfs.c...

5.5CVSS3AI score0.00443EPSS
Exploits0References5Affected Software4
Veracode
Veracode
•added 2020/09/21 6:23 a.m.•35 views

Denial Of Service (DoS)

QEMU is vulnerable to denial of service DoS. es1370transferaudio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370write operation...

3.9CVSS4.3AI score0.0037EPSS
Exploits0References10Affected Software4
Veracode
Veracode
•added 2020/09/21 6:21 a.m.•35 views

Information Disclosure

thunderbird is vulnerable to information disclosure. The vulnerability exists as the S/MIME specification allows a Cipher Block Chaining CBC malleability-gadget attack that can indirectly lead to plaintext exfiltration...

5.9CVSS1.9AI score0.04219EPSS
Exploits2References6Affected Software3
Veracode
Veracode
•added 2020/09/21 6:19 a.m.•35 views

Arbitrary Code Execution

GraphicsMagick is vulnerable to arbitrary code execution. A heap-based buffer over-read in ReadOneJNGImage in coders/png.c allows an attacker to execute arbitrary code on the host OS...

8.8CVSS4.1AI score0.01843EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2020/09/21 6:19 a.m.•35 views

Denial Of Service (DoS)

qemu:xenial is vulnerable to denial of service DoS.The 1 v9fscreate and 2 v9fslcreate functions in hw/9pfs/9p.c in QEMU aka Quick Emulator allow local guest OS privileged users to cause a denial of service file descriptor or memory consumption via vectors related to an already in-use fid...

6CVSS5.8AI score0.00384EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2020/08/20 3:4 a.m.•35 views

Remote Code Execution (RCE)

ojdbc7 is vulnerable to remote code execution RCE. The vulnerability exists in the JDBC component of the Oracle Database Server...

8.1CVSS2.7AI score0.03542EPSS
Exploits0References9Affected Software2
Veracode
Veracode
•added 2020/08/18 2:3 a.m.•35 views

SQL Injection

hibernate-core is vulnerable to SQL injection. The vulnerability exists in Hibernate ORM...

6.5CVSS1.6AI score0.02126EPSS
Exploits0References30Affected Software30
Veracode
Veracode
•added 2020/08/06 9:39 p.m.•35 views

Arbitrary Code Execution

WebKitGTK is vulnerable to arbitrary code execution. A memory corruption issue use-after-free allows an attacker to execute arbitrary code...

9.8CVSS4.9AI score0.05028EPSS
Exploits0References11Affected Software29
Veracode
Veracode
•added 2020/08/06 9:34 p.m.•35 views

Denial Of Service (DoS)

Perl is vulnerable to denial of service DoS. It allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow...

8.2CVSS5.1AI score0.11334EPSS
Exploits0References15Affected Software1
Total number of security vulnerabilities5000