Lucene search
K
VeracodeMost viewed

38332 matches found

Veracode
Veracode
•added 2020/06/26 7:34 a.m.•35 views

Denial Of Service (DoS)

tomcat-coyote is vulnerable to denial of service DoS. The vulnerability is caused due to lack of proper handling of sequence of HTTP/2 requests, leading to a high CUP consumption and an application crash...

7.5CVSS1.6AI score0.26699EPSS
Exploits0References46Affected Software6
Veracode
Veracode
•added 2020/06/22 5:1 a.m.•35 views

LDAP Injection

archiva-redback-core is vulnerable to LDAP injection. The vulnerability exists due to the lack of sanitization of source.getUsername in LdapBindAuthenticator, and this.getEmail, this.getFullName, this.getUsername in LdapUserQuery...

5.3CVSS2.3AI score0.08004EPSS
Exploits1References11Affected Software2
Veracode
Veracode
•added 2020/05/29 3:24 a.m.•35 views

Denial Of Service (DoS)

bind is vulnerable to denial of service DoS. The vulnerability exists as a logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c...

7.5CVSS2.6AI score0.93422EPSS
Exploits5References16Affected Software1
Veracode
Veracode
•added 2020/05/10 11:25 p.m.•35 views

Denial Of Service (DoS)

ffmpeg is vulnerable to denial of service DoS. The vulnerability exists as the ffamfgetfieldvalue function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service Segmentation Violation and application crash via a crafted stream...

7.5CVSS4.6AI score0.02362EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2020/05/04 9:21 a.m.•35 views

Information Disclosure

doorkeeper is susceptible to information disclosure. If it enables the Doorkeeper::Application attributes using the GET /oauth/authorizedapplications.json, an authorized application user can access the model attribute values including secrets...

7.5CVSS2.3AI score0.02016EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2020/04/29 2:39 a.m.•35 views

Information Disclosure

tcpdump is vulnerable to information disclosure. The vulnerability exists through a stack-based buffer over-read in print-hncp.c:printprefix via crafted pcap...

5.5CVSS2.6AI score0.02364EPSS
Exploits1References15Affected Software1
Veracode
Veracode
•added 2020/04/29 2:39 a.m.•35 views

Denial Of Service (DoS)

exiv2 is vulnerable to a denial of service. The vulnerability exists due to a heap-based buffer overflow in Exiv2::d2Data in types.cpp which allows an attacker to crash the application via malicious input...

6.5CVSS7.4AI score0.01903EPSS
Exploits1References5Affected Software4
Veracode
Veracode
•added 2020/04/24 2:52 a.m.•35 views

Denial Of Service (DoS)

pillow is vulnerable to denial of service DoS. The vulnerability exists through multiple out of bounds roads in ImagingFliDecode in FliDecode.c...

5.5CVSS2.8AI score0.01468EPSS
Exploits0References14Affected Software1
Veracode
Veracode
•added 2020/04/10 1:10 a.m.•35 views

Arbitrary Code Execution

httpd is vulnerable to arbitrary code execution. The vulnerability exists as an integer overflow flaw, leading to a heap-based buffer overflow, was found in the way httpd performed substitutions in regular expressions. An attacker able to set certain httpd settings, such as a user permitted to...

4.4CVSS1.4AI score0.04716EPSS
Exploits4References73Affected Software1
Veracode
Veracode
•added 2020/04/10 1:7 a.m.•35 views

Phishing Attack

firefox is vulnerable to phishing attack. The vulnerability exists as it was found that by using the DOM fullscreen API, untrusted content could bypass the mozRequestFullscreen security protections. A web page containing malicious web content could exploit this API flaw to cause user interface...

6.4CVSS1.5AI score0.01973EPSS
Exploits0References28Affected Software3
Veracode
Veracode
•added 2020/04/10 1:6 a.m.•35 views

Privilege Escalation

kernel is vulnerable to privilege escalation. The vulnerability exists using PCI passthrough without interrupt remapping support allowed KVM guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate thei...

7.4CVSS1.5AI score0.00852EPSS
Exploits1References12Affected Software1
Veracode
Veracode
•added 2020/04/10 1:1 a.m.•35 views

Insecure Resource Limit Verification

samba does not properly verify resource limits. It was found that the mount.cifs tool did not handle certain errors correctly when updating the mtab file. If mount.cifs had the setuid bit set, a local attacker could corrupt the mtab file by setting a small file size limit before running mount.cif...

3.3CVSS1.7AI score0.00531EPSS
Exploits2References21Affected Software3
Veracode
Veracode
•added 2020/04/10 12:56 a.m.•35 views

Information Disclosure

kernel is vulnerable to information disclosure. The vulnerability exists through missing validations of null-terminated string data structure elements in the doreplace, compatdoreplace, doiptgetctl, doip6tgetctl, and doarptgetctl functions could allow a local user who has the CAPNETADMIN capabili...

2.1CVSS1.6AI score0.00404EPSS
Exploits2References14Affected Software2
Veracode
Veracode
•added 2020/04/10 12:56 a.m.•35 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as a missing error checking in the way page tables were handled in the Xen hypervisor implementation could allow a privileged guest user to cause the host, and the guests, to lock up...

5.5CVSS3AI score0.00673EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2020/04/10 12:55 a.m.•35 views

Arbitrary Code Execution

glibc is vulnerable to arbitrary code execution. It was discovered that the glibc fnmatch function did not properly restrict the use of alloca. If the function was called on sufficiently large inputs, it could cause an application using fnmatch to crash or, possibly, execute arbitrary code with t...

5.1CVSS3.5AI score0.14323EPSS
Exploits1References28Affected Software1
Veracode
Veracode
•added 2020/04/10 12:53 a.m.•35 views

Authorization Bypass

php is vulnerable to authorization bypass. The vulnerability exists as an input validation flaw was discovered in the PHP session serializer. If a PHP script generated session variable names from untrusted user input, a remote attacker could use this flaw to inject an arbitrary variable into the...

5CVSS2.8AI score0.0219EPSS
Exploits1References9Affected Software1
Veracode
Veracode
•added 2020/04/10 12:53 a.m.•35 views

Denial Of Service (DoS)

mysql is vulnerable to denial of service. A flaw in the way MySQL processed EXPLAIN statements for some complex SELECT queries could allow a remote, authenticated attacker to crash mysqld...

4CVSS4.4AI score0.1144EPSS
Exploits1References28Affected Software1
Veracode
Veracode
•added 2020/04/10 12:53 a.m.•35 views

Arbitrary Code Execution

python is vulnerable to arbitrary code execution. It was found that many applications embedding the Python interpreter did not specify a valid full path to the script or application when calling the PySysSetArgv API function, which could result in the addition of the current working directory to...

6.9CVSS2.6AI score0.0051EPSS
Exploits1References26Affected Software1
Veracode
Veracode
•added 2020/04/10 12:50 a.m.•35 views

Arbitrary Code Execution

seamonkey is vulnerable to arbitrary code excution. A flaw was found in the way SeaMonkey loaded Java LiveConnect scripts. Malicious web content could load a Java LiveConnect script in a way that would result in the plug-in object having elevated privileges, allowing it to execute Java code with...

9.3CVSS3.4AI score0.03796EPSS
Exploits1References23Affected Software3
Veracode
Veracode
•added 2020/04/10 12:50 a.m.•35 views

Denial Of Service (DoS)

The kernel is vulnerable to Denial Of Service DoS. The attack is possible because a NULL pointer dereference flaw in ftraceregexlseek in the Linux kernel's ftrace implementation could allow a local, unprivileged user to cause a denial of service. Note: The debugfs file system must be mounted...

5.5CVSS4.6AI score0.00393EPSS
Exploits0References15Affected Software1
Veracode
Veracode
•added 2020/04/10 12:43 a.m.•35 views

Use-after-Free

Mozilla Firefox is vulnerable to use-after-free vulnerability. As it allows the processing of malformed web content, a web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox...

9.3CVSS5.2AI score0.04812EPSS
Exploits0References33Affected Software9
Veracode
Veracode
•added 2020/04/10 12:43 a.m.•35 views

Denial Of Service (DoS)

The kernel package is vulnerable to Denial Of Service DoS. A divide-by-zero flaw was found in the ext4 file system code. A local attacker could use this flaw to cause a denial of service by mounting a specially-crafted ext4 file system...

7.1CVSS3.2AI score0.03431EPSS
Exploits2References15Affected Software1
Veracode
Veracode
•added 2020/04/10 12:42 a.m.•35 views

Arbitrary Code Execution

seamonkey is vulnerable to arbitrary code execution. A use-after-free flaw was found in SeaMonkey. Under low memory conditions, visiting a web page containing malicious content could result in SeaMonkey executing arbitrary code with the privileges of the user running SeaMonkey...

10CVSS4.9AI score0.06392EPSS
Exploits2References30Affected Software4
Veracode
Veracode
•added 2020/04/10 12:42 a.m.•35 views

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service flaw. Flaws in OpenSSL's DTLS implementation allows a remote attacker to cause a DTLS server to use excessive amounts of memory, or crash on an invalid memory access or NULL pointer dereference...

5CVSS4.4AI score0.80134EPSS
Exploits9References171Affected Software1
Veracode
Veracode
•added 2020/04/10 12:40 a.m.•35 views

Authorization Bypass

java is vulnerable to authorization bypass. The vulnerability exists in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit...

5CVSS3.8AI score0.03107EPSS
Exploits1References28Affected Software2
Veracode
Veracode
•added 2020/04/10 12:40 a.m.•35 views

Privilege Escalation

java is vulnerable to privilege escalation. The vulnerability exists in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit...

9.3CVSS3.9AI score0.65461EPSS
Exploits9References30Affected Software2
Veracode
Veracode
•added 2020/04/10 12:39 a.m.•35 views

Denial Of Service (DoS)

The kernel vulnerable to denial of service DoS. The Parallels Virtuozzo Containers team reported the RHSA-2009:1243 update introduced two flaws in the routing implementation. If an attacker was able to cause a large enough number of collisions in the routing hash table via specially-crafted packe...

7.5CVSS1.3AI score0.11051EPSS
Exploits3References19Affected Software1
Veracode
Veracode
•added 2020/04/10 12:37 a.m.•35 views

Spoofable Address Bar

Mozilla Firefox is vulnerable to Spoofable Address Bar. A flaw was found in the way Firefox displays the address bar when window.open is called in a certain way. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site...

5.8CVSS2.2AI score0.04745EPSS
Exploits1References29Affected Software4
Veracode
Veracode
•added 2020/04/10 12:37 a.m.•35 views

Privilege Escalation

udev is vulnerable to privilege escalation. It was discovered that udev did not properly check the origin of Netlink messages. A local attacker could use this flaw to gain root privileges via a crafted Netlink message sent to udev, causing it to create a world-writable block device file for an...

7.2CVSS3.9AI score0.81528EPSS
Exploits12References44Affected Software1
Veracode
Veracode
•added 2020/04/10 12:36 a.m.•35 views

Remote Code Execution (RCE)

SeaMonkey is vulnerable to Remote Code Execution RCE. Due to a flaw found in the way SeaMonkey displays a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differs from the name displayed in the dialog body. An attacker could use this fl...

9.3CVSS4.8AI score0.03183EPSS
Exploits2References16Affected Software5
Veracode
Veracode
•added 2020/04/10 12:35 a.m.•35 views

Arbitrary Code Execution

openoffice.org is vulnerable to arbitrary code execution. An integer underflow flaw and a boundary error flaw, both possibly leading to a heap-based buffer overflow, were found in the way OpenOffice.org parses certain records in Microsoft Word documents. An attacker could create a specially-craft...

9.3CVSS4.1AI score0.06722EPSS
Exploits1References21Affected Software1
Veracode
Veracode
•added 2020/04/10 12:33 a.m.•35 views

Arbitrary Code Execution

firefox is vulnerable to arbitrary code execution. The vulnerability exists as a web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox...

9.3CVSS4.4AI score0.09176EPSS
Exploits1References36Affected Software2
Veracode
Veracode
•added 2020/04/10 12:33 a.m.•35 views

Phishing Attacks

seamonkey is vulnerable to phishing attacks. The vulnerability exists as a web page containing malicious content could execute arbitrary JavaScript in the context of the site, possibly presenting misleading data to a user, or stealing sensitive information such as login credentials...

4.3CVSS3AI score0.01351EPSS
Exploits0References33Affected Software4
Veracode
Veracode
•added 2020/04/10 12:32 a.m.•35 views

Cross-Site Scripting (XSS)

modperl is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via el/functions.jsp, el/implicit-objects.jsp and jspx/textRotate.jspx in examples/jsp2...

4.3CVSS4.5AI score0.07883EPSS
Exploits0References22Affected Software1
Veracode
Veracode
•added 2020/04/10 12:32 a.m.•35 views

Arbitrary Code Execution

ghostscript is vulnerable to arbitrary code execution. A buffer overflow flaw and multiple missing boundary checks were found in Ghostscript. An attacker could create a specially-crafted PostScript or PDF file that could cause Ghostscript to crash or, potentially, execute arbitrary code when open...

7.5CVSS4.3AI score0.0484EPSS
Exploits1References26Affected Software1
Veracode
Veracode
•added 2020/04/10 12:32 a.m.•35 views

Arbitrary Code Execution

xpdf is vulnerable to arbitrary code execution. The vulnerability exists as an attacker could create a malicious PDF file that would cause Xpdf to crash or, potentially, execute arbitrary code when opened...

6.8CVSS4.8AI score0.05491EPSS
Exploits1References51Affected Software5
Veracode
Veracode
•added 2020/04/10 12:31 a.m.•35 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. The Linux kernel implementation of the Network File System NFS did not properly initialize the file name limit in the nfsserver data structure. This flaw could possibly lead to a denial of service on a client mounting an NFS share...

4.9CVSS2.8AI score0.00411EPSS
Exploits0References27Affected Software1
Veracode
Veracode
•added 2020/04/10 12:31 a.m.•35 views

Arbitrary Code Execution

seamonkey is vulnerable to arbitrary code execution. A flaw was discovered in the way SeaMonkey handles certain XUL garbage collection events. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey...

9.3CVSS3.3AI score0.0649EPSS
Exploits2References38Affected Software3
Veracode
Veracode
•added 2020/04/10 12:30 a.m.•35 views

Denial Of Service (DoS)

The kernel is vulnerable to Denial Of Service DoS. Memory leaks were found on some error paths in the icmpsend function in the Linux kernel. This could, potentially, cause the network connectivity to cease...

7.1CVSS3.2AI score0.04623EPSS
Exploits2References21Affected Software1
Veracode
Veracode
•added 2020/04/10 12:30 a.m.•35 views

Arbitrary Code Execution

seamonkey is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey...

6.8CVSS4.5AI score0.04825EPSS
Exploits2References153Affected Software4
Veracode
Veracode
•added 2020/04/10 12:29 a.m.•35 views

Cross-Site Request Forgery (CSRF)

The modproxybalancer module in Apache HTTP server is vulnerable to cross-site request forgery CSRF. A remote attacker could cause a denial of service by exploiting the vulnerability if modproxybalancer is enabled and an authenticated user is targeted...

4.3CVSS1.9AI score0.09114EPSS
Exploits1References45Affected Software9
Veracode
Veracode
•added 2020/04/10 12:29 a.m.•35 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as the sendmsg function in the Linux kernel did not block during UNIX socket garbage collection. This could, potentially, lead to a local denial of service...

4.9CVSS3.2AI score0.00405EPSS
Exploits0References33Affected Software2
Veracode
Veracode
•added 2020/04/10 12:29 a.m.•35 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. The ext2 and ext3 filesystem code failed to properly handle corrupted data structures, leading to a possible local denial of service issue when read or write operations were performed...

2.1CVSS1.9AI score0.00525EPSS
Exploits1References41Affected Software2
Veracode
Veracode
•added 2020/04/10 12:28 a.m.•35 views

Privilege Escalation

kernel is vulnerable to privilege escalation. The vulnerability exists as the dotruncate and genericfilesplicewrite functions did not clear the setuid and setgid bits. This could allow a local unprivileged user to obtain access to privileged information...

4.6CVSS3.3AI score0.02141EPSS
Exploits2References34Affected Software1
Veracode
Veracode
•added 2020/04/10 12:25 a.m.•35 views

Arbitrary Code Execution

seamonkey is vulnerable to arbitrary code execution. The vulnerability exists a web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey...

10CVSS4.8AI score0.04988EPSS
Exploits1References52Affected Software7
Veracode
Veracode
•added 2020/04/10 12:25 a.m.•35 views

Privilege Escalation

kernel is vulnerable to privilege escalation. The vulnerability exists as multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation...

7.8CVSS4.7AI score0.00426EPSS
Exploits2References36Affected Software1
Veracode
Veracode
•added 2020/04/10 12:22 a.m.•35 views

Privilege Escalation

mysql is vulnerable to privilege escalation. A flaw was found in a way MySQL handled symbolic links when database tables were created with explicit "DATA" and "INDEX DIRECTORY" options. An authenticated user could create a table that would overwrite tables in other databases, causing destruction ...

7.1CVSS2AI score0.1426EPSS
Exploits2References44Affected Software1
Veracode
Veracode
•added 2020/04/10 12:22 a.m.•35 views

Arbitrary Code Execution

xorg-x11-server is vulnerable to arbitrary code execution. Multiple integer overflow flaws were found in X.org's Render extension. A malicious authorized client could exploit these issues to cause a denial of service crash or, potentially, execute arbitrary code with root privileges on the X.Org...

10CVSS5.5AI score0.03566EPSS
Exploits0References45Affected Software1
Veracode
Veracode
•added 2020/04/10 12:22 a.m.•35 views

Arbitrary Code Execution

seamonkey is vulnerable to arbitrary code execution. Several flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey...

6.8CVSS4.5AI score0.04344EPSS
Exploits1References53Affected Software3
Veracode
Veracode
•added 2020/04/10 12:20 a.m.•35 views

Arbitrary Code Execution

cups is vulnerable to arbitrary code execution. The vulnerability exists in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed...

9.3CVSS4.1AI score0.06408EPSS
Exploits1References93Affected Software4
Total number of security vulnerabilities5000