Lucene search
K
VeracodeMost viewed

38332 matches found

Veracode
Veracode
•added 2020/08/20 3:4 a.m.•35 views

Remote Code Execution (RCE)

ojdbc7 is vulnerable to remote code execution RCE. The vulnerability exists in the JDBC component of the Oracle Database Server...

8.1CVSS2.7AI score0.03542EPSS
Exploits0References9Affected Software2
Veracode
Veracode
•added 2020/08/18 2:3 a.m.•35 views

SQL Injection

hibernate-core is vulnerable to SQL injection. The vulnerability exists in Hibernate ORM...

6.5CVSS1.6AI score0.02126EPSS
Exploits0References30Affected Software30
Veracode
Veracode
•added 2020/08/06 9:39 p.m.•35 views

Arbitrary Code Execution

WebKitGTK is vulnerable to arbitrary code execution. A memory corruption issue use-after-free allows an attacker to execute arbitrary code...

9.8CVSS4.9AI score0.05028EPSS
Exploits0References11Affected Software29
Veracode
Veracode
•added 2020/08/06 9:34 p.m.•35 views

Denial Of Service (DoS)

Perl is vulnerable to denial of service DoS. It allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow...

8.2CVSS5.1AI score0.11334EPSS
Exploits0References15Affected Software1
Veracode
Veracode
•added 2020/08/06 9:33 p.m.•35 views

Buffer Overflows

Squid is vulnerable to buffer overflows. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy...

7.3CVSS4.9AI score0.7179EPSS
Exploits0References17Affected Software5
Veracode
Veracode
•added 2020/08/06 9:33 p.m.•35 views

Arbtirary Code Execution

libjpeg-turbo and mozjpeg is vulnerable to arbitrary code execution. A heap-based buffer over-read in getrgbrow in rdppm.c allows an attacker to execute arbitrary code on the host OS via a malicious PPM input file...

8.1CVSS5.5AI score0.03178EPSS
Exploits1References11Affected Software1
Veracode
Veracode
•added 2020/08/06 9:29 p.m.•35 views

Use-after-free

webkit2gtk is vulnerable to use-after-free. Due to a flaw in memory management, a remote attacker may be able to cause unexpected application termination or arbitrary code execution...

9.8CVSS4.1AI score0.04138EPSS
Exploits0References10Affected Software28
Veracode
Veracode
•added 2020/06/26 7:34 a.m.•35 views

Denial Of Service (DoS)

tomcat-coyote is vulnerable to denial of service DoS. The vulnerability is caused due to lack of proper handling of sequence of HTTP/2 requests, leading to a high CUP consumption and an application crash...

7.5CVSS1.6AI score0.26699EPSS
Exploits0References46Affected Software6
Veracode
Veracode
•added 2020/06/22 5:1 a.m.•35 views

LDAP Injection

archiva-redback-core is vulnerable to LDAP injection. The vulnerability exists due to the lack of sanitization of source.getUsername in LdapBindAuthenticator, and this.getEmail, this.getFullName, this.getUsername in LdapUserQuery...

5.3CVSS2.3AI score0.08004EPSS
Exploits1References11Affected Software2
Veracode
Veracode
•added 2020/05/29 3:24 a.m.•35 views

Denial Of Service (DoS)

bind is vulnerable to denial of service DoS. The vulnerability exists as a logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c...

7.5CVSS2.6AI score0.93422EPSS
Exploits5References16Affected Software1
Veracode
Veracode
•added 2020/05/10 11:25 p.m.•35 views

Denial Of Service (DoS)

ffmpeg is vulnerable to denial of service DoS. The vulnerability exists as the ffamfgetfieldvalue function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service Segmentation Violation and application crash via a crafted stream...

7.5CVSS4.6AI score0.02362EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2020/04/29 2:39 a.m.•35 views

Information Disclosure

tcpdump is vulnerable to information disclosure. The vulnerability exists through a stack-based buffer over-read in print-hncp.c:printprefix via crafted pcap...

5.5CVSS2.6AI score0.02364EPSS
Exploits1References15Affected Software1
Veracode
Veracode
•added 2020/04/29 2:39 a.m.•35 views

Denial Of Service (DoS)

exiv2 is vulnerable to a denial of service. The vulnerability exists due to a heap-based buffer overflow in Exiv2::d2Data in types.cpp which allows an attacker to crash the application via malicious input...

6.5CVSS7.4AI score0.01903EPSS
Exploits1References5Affected Software4
Veracode
Veracode
•added 2020/04/24 2:52 a.m.•35 views

Denial Of Service (DoS)

pillow is vulnerable to denial of service DoS. The vulnerability exists through multiple out of bounds roads in ImagingFliDecode in FliDecode.c...

5.5CVSS2.8AI score0.01468EPSS
Exploits0References14Affected Software1
Veracode
Veracode
•added 2020/04/17 2:10 a.m.•35 views

Remote Code Execution

Sonatype nxrm is vulnerable to remote code execution. The vulnerability allows high privilege users such as administrators to run arbitrary code on the server with Nexus process privileges by injecting arbitrary Java Expression Language EL expressions...

8.8CVSS6.7AI score0.99064EPSS
Exploits10References6Affected Software2
Veracode
Veracode
•added 2020/04/10 1:11 a.m.•35 views

Denial Of Service (DoS)

mysql is vulnerable to Denial of Service DoS...

5CVSS2.4AI score0.03155EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2020/04/10 1:10 a.m.•35 views

Arbitrary Code Execution

httpd is vulnerable to arbitrary code execution. The vulnerability exists as an integer overflow flaw, leading to a heap-based buffer overflow, was found in the way httpd performed substitutions in regular expressions. An attacker able to set certain httpd settings, such as a user permitted to...

4.4CVSS1.4AI score0.04716EPSS
Exploits4References73Affected Software1
Veracode
Veracode
•added 2020/04/10 1:7 a.m.•35 views

Phishing Attack

firefox is vulnerable to phishing attack. The vulnerability exists as it was found that by using the DOM fullscreen API, untrusted content could bypass the mozRequestFullscreen security protections. A web page containing malicious web content could exploit this API flaw to cause user interface...

6.4CVSS1.5AI score0.01973EPSS
Exploits0References28Affected Software3
Veracode
Veracode
•added 2020/04/10 1:6 a.m.•35 views

Privilege Escalation

kernel is vulnerable to privilege escalation. The vulnerability exists using PCI passthrough without interrupt remapping support allowed KVM guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate thei...

7.4CVSS1.5AI score0.00852EPSS
Exploits1References12Affected Software1
Veracode
Veracode
•added 2020/04/10 1:5 a.m.•35 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the way space was allocated in the Linux kernel's Global File System 2 GFS2 implementation. If the file system was almost full, and a local, unprivileged user made an fallocate request, it could result ...

4.9CVSS3.2AI score0.00406EPSS
Exploits1References14Affected Software1
Veracode
Veracode
•added 2020/04/10 1:1 a.m.•35 views

Insecure Resource Limit Verification

samba does not properly verify resource limits. It was found that the mount.cifs tool did not handle certain errors correctly when updating the mtab file. If mount.cifs had the setuid bit set, a local attacker could corrupt the mtab file by setting a small file size limit before running mount.cif...

3.3CVSS1.7AI score0.00531EPSS
Exploits2References21Affected Software3
Veracode
Veracode
•added 2020/04/10 12:59 a.m.•35 views

Arbitrary Code Execution

qemu-kvm is vulnerable to arbitrary code execution. The vulnerability exists as it was found that the virtio-blk driver in qemu-kvm did not properly validate read and write requests from guests. A privileged guest user could use this flaw to crash the guest or, possibly, execute arbitrary code on...

7.4CVSS2.8AI score0.00718EPSS
Exploits0References22Affected Software1
Veracode
Veracode
•added 2020/04/10 12:59 a.m.•35 views

Arbitrary Code Execution

qemu-kvm is vulnerable to arbitrary code execution. The vulnerability exists as it was found that the PIIX4 Power Management emulation layer in qemu-kvm did not properly check for hot plug eligibility during device removals. A privileged guest user could use this flaw to crash the guest or,...

7.4CVSS3.7AI score0.0075EPSS
Exploits0References23Affected Software1
Veracode
Veracode
•added 2020/04/10 12:58 a.m.•35 views

Same-Origin Policy Bypass

thunderbird/firefox is vulnerable to Same-Origin Policy bypass. It was found that Thunderbird could treat two separate cookies for web content as interchangeable if both were for the same domain name but one of those domain names had a trailing "." character. This violates the same-origin policy...

5CVSS1.7AI score0.01777EPSS
Exploits1References18Affected Software4
Veracode
Veracode
•added 2020/04/10 12:57 a.m.•35 views

Arbitrary Code Execution

openoffice.org is vulnerable to arbitrary code execution. The vulnerability exists as a heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA Truevision TGA files. An attacker could use this flaw to create a specially-crafted TARGA file. If a document containing...

9.3CVSS3.7AI score0.10102EPSS
Exploits0References27Affected Software1
Veracode
Veracode
•added 2020/04/10 12:56 a.m.•35 views

Arbitrary Code Execution

gimp is vulnerable to arbitrary code execution. A stack-based buffer overflow flaw was found in the GIMP's Lightning, Sphere Designer, and Gfig image filters. An attacker could create a specially-crafted Lightning, Sphere Designer, or Gfig filter configuration file that, when opened, could cause...

6.8CVSS3AI score0.05569EPSS
Exploits1References21Affected Software1
Veracode
Veracode
•added 2020/04/10 12:56 a.m.•35 views

Information Disclosure

kernel is vulnerable to information disclosure. The vulnerability exists through missing validations of null-terminated string data structure elements in the doreplace, compatdoreplace, doiptgetctl, doip6tgetctl, and doarptgetctl functions could allow a local user who has the CAPNETADMIN capabili...

2.1CVSS1.6AI score0.00404EPSS
Exploits2References14Affected Software2
Veracode
Veracode
•added 2020/04/10 12:56 a.m.•35 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as a missing error checking in the way page tables were handled in the Xen hypervisor implementation could allow a privileged guest user to cause the host, and the guests, to lock up...

5.5CVSS3AI score0.00673EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2020/04/10 12:55 a.m.•35 views

Denial Of Service (DoS)

The kernel package is vulnerable to denial of service DpS. Due to a flaw in the dvbcaioctl function in the Linux kernel's av7110 module. On systems that use old DVB cards that require the av7110 module, a local, unprivileged user could use this flaw to cause a denial of service or escalate their...

7.2CVSS2.9AI score0.00408EPSS
Exploits1References15Affected Software2
Veracode
Veracode
•added 2020/04/10 12:55 a.m.•35 views

Arbitrary Code Execution

glibc is vulnerable to arbitrary code execution. It was discovered that the glibc fnmatch function did not properly restrict the use of alloca. If the function was called on sufficiently large inputs, it could cause an application using fnmatch to crash or, possibly, execute arbitrary code with t...

5.1CVSS3.5AI score0.14323EPSS
Exploits1References28Affected Software1
Veracode
Veracode
•added 2020/04/10 12:54 a.m.•35 views

Privilege Escalation

firefox is vulnerable to privilege escalation. The vulnerability exists as a flaw was found in the way Firefox handled dialog boxes. An attacker could use this flaw to create a malicious web page that would present a blank dialog box that has non-functioning buttons. If a user closes the dialog b...

6.8CVSS2.4AI score0.01823EPSS
Exploits1References11Affected Software4
Veracode
Veracode
•added 2020/04/10 12:53 a.m.•35 views

Authorization Bypass

php is vulnerable to authorization bypass. The vulnerability exists as an input validation flaw was discovered in the PHP session serializer. If a PHP script generated session variable names from untrusted user input, a remote attacker could use this flaw to inject an arbitrary variable into the...

5CVSS2.8AI score0.0219EPSS
Exploits1References9Affected Software1
Veracode
Veracode
•added 2020/04/10 12:53 a.m.•35 views

Denial Of Service (DoS)

mysql is vulnerable to denial of service. A flaw in the way MySQL processed EXPLAIN statements for some complex SELECT queries could allow a remote, authenticated attacker to crash mysqld...

4CVSS4.4AI score0.1144EPSS
Exploits1References28Affected Software1
Veracode
Veracode
•added 2020/04/10 12:53 a.m.•35 views

Use-after-free

WebKitGTK+ is vulnerable to use-after-free. It is possible for a remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing...

9.8CVSS7.3AI score0.02307EPSS
Exploits1References16Affected Software1
Veracode
Veracode
•added 2020/04/10 12:53 a.m.•35 views

Denial Of Service (DoS)

WebKitGTK+ is vulnerable to denial of service DoS. Due use-after-free flaws caused by vectors involving selections, malicious web content leads an application using WebKitGTK+ to crash or, potentially, execute arbitrary code with the privileges of the user running the application...

9.3CVSS6.1AI score0.61319EPSS
Exploits13References24Affected Software1
Veracode
Veracode
•added 2020/04/10 12:53 a.m.•35 views

Arbitrary Code Execution

python is vulnerable to arbitrary code execution. It was found that many applications embedding the Python interpreter did not specify a valid full path to the script or application when calling the PySysSetArgv API function, which could result in the addition of the current working directory to...

6.9CVSS2.6AI score0.0051EPSS
Exploits1References26Affected Software1
Veracode
Veracode
•added 2020/04/10 12:52 a.m.•35 views

Arbitrary Code Execution

firefox is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox...

9.3CVSS4.6AI score0.06997EPSS
Exploits0References22Affected Software2
Veracode
Veracode
•added 2020/04/10 12:50 a.m.•35 views

Arbitrary Code Execution

seamonkey is vulnerable to arbitrary code excution. A flaw was found in the way SeaMonkey loaded Java LiveConnect scripts. Malicious web content could load a Java LiveConnect script in a way that would result in the plug-in object having elevated privileges, allowing it to execute Java code with...

9.3CVSS3.4AI score0.03796EPSS
Exploits1References23Affected Software3
Veracode
Veracode
•added 2020/04/10 12:50 a.m.•35 views

Privilege Escalation

kernel is vulnerable to privilege escalation. The vulnerability exists through a flaw in the linkpathwalk function. Using the file descriptor returned by open with the ONOFOLLOW flag on a subordinate NFS-mounted file system, could result in a NULL pointer dereference, causing a denial of service ...

5.4CVSS3.6AI score0.02774EPSS
Exploits1References20Affected Software2
Veracode
Veracode
•added 2020/04/10 12:50 a.m.•35 views

Denial Of Service (DoS)

The kernel is vulnerable to Denial Of Service DoS. The attack is possible because a NULL pointer dereference flaw in ftraceregexlseek in the Linux kernel's ftrace implementation could allow a local, unprivileged user to cause a denial of service. Note: The debugfs file system must be mounted...

5.5CVSS4.6AI score0.00393EPSS
Exploits0References15Affected Software1
Veracode
Veracode
•added 2020/04/10 12:49 a.m.•35 views

Denial Of Service (DoS)

Samba vulnerable to Denial Of Service DoS. Due to an input sanitization flaw in the way Samba parsed client data, a malicious client could send a specially-crafted SMB packet to the Samba server, resulting in arbitrary code execution with the privileges of the Samba server smbd...

7.5CVSS6.6AI score0.78702EPSS
Exploits5References38Affected Software2
Veracode
Veracode
•added 2020/04/10 12:48 a.m.•35 views

Arbitrary Code Execution

firefox/thunderbird/seamonkey is vulnerable to arbitrary code execution. Several use-after-free and dangling pointer flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running...

9.3CVSS4.1AI score0.05366EPSS
Exploits0References17Affected Software4
Veracode
Veracode
•added 2020/04/10 12:48 a.m.•35 views

Arbitrary Code Execution

firefox is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox...

6.8CVSS4.6AI score0.02024EPSS
Exploits0References15Affected Software4
Veracode
Veracode
•added 2020/04/10 12:47 a.m.•35 views

Information Disclosure

Pluggable Authentication Modules PAM is vulnerable to Information Disclosure. It was discovered that the pammail module used root privileges while accessing users' files. In certain configurations, a local, unprivileged user could use this flaw to obtain limited information about files or...

4.7CVSS3.6AI score0.00356EPSS
Exploits0References22Affected Software1
Veracode
Veracode
•added 2020/04/10 12:46 a.m.•35 views

Denial Of Service (DoS)

The kernel packages is vulnerable to Denial of Service DoS. The attack is possible because a flaw was found in the CIFSSMBWrite function in the Linux kernel Common Internet File System CIFS implementation. A remote attacker could send a specially-crafted SMB response packet to a target CIFS clien...

7.8CVSS4.4AI score0.04033EPSS
Exploits1References24Affected Software2
Veracode
Veracode
•added 2020/04/10 12:45 a.m.•35 views

Arbitrary JavaScript Code Execution

firefox is vulnerable to arbitrary javascript code execution. The vulnerability exists as a flaw was found in Firefox that could allow an applet to generate a drag and drop action from a mouse click. Such an action could be used to execute arbitrary JavaScript with the privileges of the user...

7.6CVSS2.3AI score0.03431EPSS
Exploits1References23Affected Software2
Veracode
Veracode
•added 2020/04/10 12:45 a.m.•35 views

Remote Code Execution (RCE)

Mozilla Firefox is vulnerable to remote code execution RCE. Due to a use-after-free flaws were found in Firefox, visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privileges of the user running Firefox...

9.3CVSS4.4AI score0.06995EPSS
Exploits1References29Affected Software4
Veracode
Veracode
•added 2020/04/10 12:44 a.m.•35 views

Denial Of Service (DoS)

The kernel is vulnerable to denial of service DoS. A missing boundary check was found in the domovepages function in the memory migration functionality in the Linux kernel. A local user could use this flaw to cause a local denial of service or an information leak...

4.6CVSS2.5AI score0.01819EPSS
Exploits3References31Affected Software2
Veracode
Veracode
•added 2020/04/10 12:43 a.m.•35 views

Use-after-Free

Mozilla Firefox is vulnerable to use-after-free vulnerability. As it allows the processing of malformed web content, a web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox...

9.3CVSS5.2AI score0.04812EPSS
Exploits0References33Affected Software9
Veracode
Veracode
•added 2020/04/10 12:43 a.m.•35 views

Denial Of Service (DoS)

The kernel package is vulnerable to Denial Of Service DoS. A divide-by-zero flaw was found in the ext4 file system code. A local attacker could use this flaw to cause a denial of service by mounting a specially-crafted ext4 file system...

7.1CVSS3.2AI score0.03431EPSS
Exploits2References15Affected Software1
Total number of security vulnerabilities5000