Lucene search
K
VeracodeMost viewed

38332 matches found

Veracode
Veracode
•added 2020/03/27 1:17 p.m.•35 views

Denial Of Service (DoS)

ImageMagick is vulnerable to denial of service DoS. A flaw in MagickWand/mogrify.c causes memory leaks, allowing an attacker to input a malicious image file to trigger an application crash...

6.5CVSS3.6AI score0.02183EPSS
Exploits1References7Affected Software5
Veracode
Veracode
•added 2020/03/17 4:41 a.m.•35 views

Prototype Pollution

yargs-parser is vulnerable to prototype pollution. The attack exists as it does not properly sanitize the key value provided by users, allowing the malicious properties of Object.prototype to be parsed or modified using a proto payload...

5.3CVSS5.2AI score0.00514EPSS
Exploits1References2Affected Software3
Veracode
Veracode
•added 2020/03/13 6:55 a.m.•35 views

Remote Code Execution

chakracore is vulnerable to remote code execution RCE. This is due to how the scripting engine handles objects in memory, allowing a remote attacker to execute arbitrary code in the context of the current user. This CVE ID is different from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825,...

7.5CVSS3.8AI score0.13303EPSS
Exploits0References3Affected Software2
Veracode
Veracode
•added 2020/03/03 3:39 a.m.•35 views

Remote Code Execution

pyyaml is vulnerable to arbitrary code execution. The vulnerability exists as .yaml files are parsed by FullLoader uses the unsafe yaml.load by default...

9.8CVSS5.6AI score0.05299EPSS
Exploits1References17Affected Software2
Veracode
Veracode
•added 2020/02/28 7:4 a.m.•35 views

Information Disclosure

ansible is vulnerable to information disclosure. Another user on the same computer can read the old and new secret during execution of ansible-vault edit due to overly permissive permissions...

4.7CVSS1.9AI score0.00374EPSS
Exploits0References13Affected Software1
Veracode
Veracode
•added 2020/02/17 6:35 a.m.•35 views

Remote Code Execution (RCE)

jsreport is vulnerable to remote code execution RCE. Of a variety of packages it consists, the Script-manager utilized for running user's scripts in a sandbox has an unintended require vulnerability and Puppeteer utilized for turning user's HTML into pdf files has SSRF Server Side Request Forgery...

9.8CVSS1.7AI score0.02692EPSS
Exploits1References1Affected Software1
Veracode
Veracode
•added 2020/01/30 4:8 a.m.•35 views

Certificate Spoofing

github.com/golang/go is vulnerable to certificate spoofing. A Windows vulnerability allows attackers to spoof valid certificate chains when the system root store is in use...

8.1CVSS7.8AI score0.89436EPSS
Exploits14References5Affected Software2
Veracode
Veracode
•added 2020/01/20 6:5 a.m.•35 views

Remote Code Execution

.NET software is vulnerable to remote code execution. Failure to validate the source markup of a file allows an attacker to execute code in the context of the application upon successful exploitation of the vulnerability. This CVE ID is different from CVE-2020-0605...

8.8CVSS4.3AI score0.17906EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2020/01/15 8:16 a.m.•35 views

Information Disclosure

Apache Kafka connect-runtime is vulnerable to information disclosure. Improper usage of regex matching in the Connect REST API exposes plaintext secrets through the tasks endpoint if the config value contains additional characters...

7.5CVSS2.5AI score0.03915EPSS
Exploits0References44Affected Software1
Veracode
Veracode
•added 2020/01/03 5:32 a.m.•35 views

Denial Of Service (DoS)

ecstatic is vulnerable to a denial of service DoS. When an attacker provides a URL parameter with symbols such as \x0c, it leads to a redirection from /existing-dir-name?\x0cfoo to /existing-dir-name/?\x0cfoo and causes TypeError: The header content contains invalid characters error, possibly...

7.5CVSS3.4AI score0.01274EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2019/12/16 6:41 a.m.•35 views

Insecure Random Generator

github.com/miekg/dns uses an insecure random generation for transaction IDs. The default Id function uses an insecure math/rand function, resulting in predictable output and allowing an attacker to exploit the vulnerability to forge responses without being on path...

5.9CVSS2.4AI score0.02066EPSS
Exploits1References7Affected Software1
Veracode
Veracode
•added 2019/12/11 4:7 a.m.•35 views

Arbitrary Code Execution

libssh.so is vulnerable to arbitrary code execution. When SCP client connects to a server, the function sshscpnew executed unsanitized scp-location parameter provided by the user, allowing a malicious user to inject arbitrary command through it...

8.8CVSS3.7AI score0.0316EPSS
Exploits0References13Affected Software2
Veracode
Veracode
•added 2019/12/06 12:16 a.m.•35 views

Denial Of Service (DoS)

Mozilla firefox is vulnerable to denial of service DoS. The vulnerability exists through a use-after-free error when performing device orientation checks...

7.5CVSS2.9AI score0.01566EPSS
Exploits1References15Affected Software5
Veracode
Veracode
•added 2019/11/21 2:29 a.m.•35 views

Remote Code Execution

jackson-databind is vulnerable to remote code execution. The application does not block the commons-configuration and commons-configuration2 classes during deserialization, which would allow a remote attacker to leverage the vulnerability to execute arbitrary code...

9.8CVSS5.6AI score0.0544EPSS
Exploits0References9Affected Software27
Veracode
Veracode
•added 2019/11/18 3:10 a.m.•35 views

Authorization Bypass

infinispan is vulnerable to authorization bypass. The vulnerability exists as the invokeAccessibly method in the ReflectionUtil class allows the invokation of any private methods with Infinispan's privileges...

8.8CVSS4.6AI score0.03089EPSS
Exploits0References7Affected Software3
Veracode
Veracode
•added 2019/11/18 1:36 a.m.•35 views

Remote Code Execution

Microsoft.ChakraCore is vulnerable to remote code execution. This is due to the way the ChakraCore scripting engine handles objects in memory which could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. This CVE ID is different from...

7.5CVSS3.2AI score0.72626EPSS
Exploits3References3Affected Software2
Veracode
Veracode
•added 2019/11/06 12:20 a.m.•35 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists through a use-after-free in arch/x86/lib/insn-eval.c...

7CVSS2.7AI score0.00469EPSS
Exploits1References23Affected Software2
Veracode
Veracode
•added 2019/10/29 9:34 a.m.•35 views

Arbitrary File Overwrite

github.com/containers/libpod is vulnerable to arbitrary file overwrite. The vulnerability exists as it does not properly perform symlink processing and wild-card characters parsing, allowing for overwriting of existing files when an undesired glob operation occurs...

5.5CVSS3.9AI score0.0149EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2019/10/17 12:22 a.m.•35 views

Denial Of Service (DoS)

OpenJDK is vulnerable to denial of service DoS. The vulnerability exists it is possible to cause excessive memory allocation in CMap when reading TrueType font...

3.7CVSS3AI score0.03467EPSS
Exploits0References24Affected Software4
Veracode
Veracode
•added 2019/09/11 12:6 a.m.•35 views

Use-After-Free

firefox is vulnerable to use-after-free. The vulnerability exists due to the manipulating video elements which allows an attacker to do a potentially exploitable crash in the application...

8.8CVSS8.9AI score0.01713EPSS
Exploits0References15Affected Software5
Veracode
Veracode
•added 2019/08/20 12:10 a.m.•35 views

Information Disclosure

PHP is vulnerable to Information disclosure. When an attacker supplies malicious data, it causes the funciton gdImageCreateFromXbm to use the value of uninitialized variable...

5.3CVSS2.3AI score0.04332EPSS
Exploits1References22Affected Software3
Veracode
Veracode
•added 2019/08/05 5:35 a.m.•35 views

Buffer Overflow

libpng is vulnerable to buffer overflow. The attack exists because of a flaw in PNM decoding which causes a stack overflow in the function gettoken in pnm2png.c in pnm2png...

8.8CVSS4.7AI score0.03554EPSS
Exploits1References6Affected Software2
Veracode
Veracode
•added 2019/07/29 12:8 a.m.•35 views

Denial Of Service (DoS)

openjdk is vulnerable to denial of service. It was discovered that the implementation of the Throwable class in the Utilities component of OpenJDK did not sufficiently validate serial stream before deserializing suppressed exceptions. A specially-crafted input could cause a Java application to...

5.3CVSS3.6AI score0.04472EPSS
Exploits0References16Affected Software5
Veracode
Veracode
•added 2019/07/15 12:7 a.m.•35 views

Authorization Bypass

python is vulnerable to authorization bypass. The localfile: scheme allows for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...

9.1CVSS9AI score0.11844EPSS
Exploits1References27Affected Software6
Veracode
Veracode
•added 2019/07/08 12:7 a.m.•35 views

Buffer Overflow

QEMU is vulnerable to buffer overflows. A remote, unauthenticated attacker could cause a system crash due to device tree size manipulation before buffer allocation leading to denial of service conditions. Affected by this issue is the function loadimage of the file devicetree.c...

9.8CVSS8.7AI score0.04428EPSS
Exploits0References16Affected Software3
Veracode
Veracode
•added 2019/07/02 3:40 a.m.•35 views

Denial Of Service (DoS)

imagemagick is vulnerable to denial of service. A use of uninitialized value flaw in the function ReadCUTImage in coders/cut.c allows an attacker to crash the application...

8.8CVSS8.2AI score0.03291EPSS
Exploits0References11Affected Software5
Veracode
Veracode
•added 2019/06/14 3:58 a.m.•35 views

Unsafe Deserialization

jackson-databind is vulnerable to arbitrary code execution via unsafe deserrialization. Lack of object validation before deserialization allows an attacker to execute arbitrary code using polymorphic deserialization of a malicious gadget type...

5.9CVSS8.4AI score0.45205EPSS
Exploits2References65Affected Software38
Veracode
Veracode
•added 2019/05/16 3:58 a.m.•35 views

Buffer Overflow

Mozilla Thunderbird is vulnerable to buffer overflow. It does not use correct alias information in IonMonkey JIT compiler for MArraySlice in Array.prototype.slice method...

8.8CVSS8.6AI score0.29514EPSS
Exploits9References11Affected Software8
Veracode
Veracode
•added 2019/05/16 3:24 a.m.•35 views

Denial Of Service (DoS)

IBM SDK is vulnerable to denial of service DoS attacks. The vulnerability exists in the java.math component in IBM SDK. An attacker could cause a denial of service condition with specially crafted String data...

7.5CVSS7.8AI score0.03981EPSS
Exploits0References10Affected Software2
Veracode
Veracode
•added 2019/05/16 3:24 a.m.•35 views

Denial Of Service (DoS)

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.82. See the following advisory for the container...

7.5CVSS7.6AI score0.98428EPSS
Exploits17References57Affected Software20
Veracode
Veracode
•added 2019/05/16 3:23 a.m.•35 views

Privilege Escalation

PostgreSQL is vulnerable to privilege escalation vulnerability. This is because INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL. A low privileged attacker without full read access but with both INSERT and UPDATE access could read the sensitive information of the table contents...

6.5CVSS6.9AI score0.06324EPSS
Exploits0References8Affected Software3
Veracode
Veracode
•added 2019/05/16 3:18 a.m.•35 views

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of service DoS attacks. The vulnerability exists in an unknown code block in the library fs/xfs/libxfs/xfsattr.c of the component XFS File System because xfsattrshortformaddname in fs/xfs/libxfs/xfsattr.c mishandles ATTRREPLACE operations with conversion of an...

5.5CVSS6AI score0.00683EPSS
Exploits1References37Affected Software2
Veracode
Veracode
•added 2019/05/16 3:18 a.m.•35 views

Privilege Escalation

Linux kernel is vulnerable to privilege escalation vulnerability. This exists in the function inodeinitowner of the file fs/inode.c. Local users could create files with an unintended group ownership and SGID permission bits set, when a directory is SGID and belongs to a certain group and is...

7.8CVSS7.7AI score0.01018EPSS
Exploits3References51Affected Software2
Veracode
Veracode
•added 2019/05/16 3:18 a.m.•35 views

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of serviceDoS attacks. The xfsdinodeverify function in fs/xfs/libxfs/xfsinodebuf.c in the Linux kernel could cause a NULL pointer dereference in xfsilockattrmapshared function. An attacker could exploit this by mounting a crafted xfs filesystem image to cause ...

5.5CVSS5.6AI score0.00683EPSS
Exploits2References29Affected Software2
Veracode
Veracode
•added 2019/05/16 3:11 a.m.•35 views

Memory Corruption

Linux kernel is vulnerable to memory corruption vulnerability. This is because the ALSA sequencer core initializes the event pool on demand by invoking sndseqpoolinit when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently causing an...

7.8CVSS7.7AI score0.005EPSS
Exploits0References24Affected Software2
Veracode
Veracode
•added 2019/05/16 3:0 a.m.•35 views

Information Disclosure

Java SE is vulnerable to information disclosure. A remote attacker could exploit the flawed JavaFX component to partially access data resulting in disclosure of sensitive information...

4.7CVSS5.7AI score0.02541EPSS
Exploits0References10Affected Software2
Veracode
Veracode
•added 2019/05/16 2:59 a.m.•35 views

Use After Free

PHP is vulnerable to use after free vulnerability. The vulnerability exists in the wddxstackdestroy function in ext/wddx/wddx.c in PHP. Remote attackers could cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset...

9.8CVSS9.8AI score0.06654EPSS
Exploits1References12Affected Software1
Veracode
Veracode
•added 2019/05/16 2:59 a.m.•35 views

Out-Of-Bounds Read

PHP is vulnerable to out-of-bounds read attacks. This exists in the phpwddxpushelement function in ext/wddx/wddx.c which allows remote attackers to cause a denial of service or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document...

9.8CVSS9.6AI score0.07031EPSS
Exploits0References14Affected Software1
Veracode
Veracode
•added 2019/05/16 2:54 a.m.•35 views

Denial Of Service (DoS)

Oracle Java SE is vulnerable to denial of service DoS attacks. The vulnerability exists in an unknown function of the component Security. An unauthenticated attacker with network access via multiple protocols could compromise Java SE, Java SE Embedded, JRockit causing a parital denial of service...

5.3CVSS6.2AI score0.06891EPSS
Exploits0References27Affected Software4
Veracode
Veracode
•added 2019/05/16 2:50 a.m.•35 views

Arbitrary Code Execution

Linux kernel is vulnerable to buffer overflow vulnerability. This is due to a lack of input filtering of incoming fragmented datagrams was found in the IP-over-1394 driver firewire-net in a fragment handling code in the Linux kernel. Remote attackers could execute arbitrary code via crafted...

6.8CVSS8.3AI score0.01765EPSS
Exploits0References39Affected Software2
Veracode
Veracode
•added 2019/05/16 2:16 a.m.•35 views

Privilege Escalation

RubyGems is vulnerable to privilege escalation attacks. A remote, unauthenticated attacker could elevate their privileges by interacting with the terminal via the use of escape sequences with a specifically crafted gem. Improper sanitization of gems' specification text enables the attacker to...

9.8CVSS8.6AI score0.1081EPSS
Exploits1References15Affected Software6
Veracode
Veracode
•added 2019/05/02 6:37 a.m.•35 views

Denial Of Service (DoS)

Oracle MySQL is vulnerable to denial of serviceDoS attacks. A remote user could exploit a flaw in the Server: Pluggable Auth component which allows unauthorized attackers to cause frequently repeatable crash on the target system...

7.5CVSS6.7AI score0.89924EPSS
Exploits7References16Affected Software2
Veracode
Veracode
•added 2019/05/02 6:36 a.m.•35 views

Denial Of Service (DoS)

QEMU is vulnerable to denial of service attacks. A remote attacker could cause memory exhaustion resulting in denial of service. The vulnerability exists in the file audio/audio.c of the component Audio Capture and exploitable via repeatedly starting and stopping audio capture...

7.5CVSS7.9AI score0.04544EPSS
Exploits0References12Affected Software2
Veracode
Veracode
•added 2019/05/02 6:36 a.m.•35 views

Denial Of Service (DoS) Through Divide By Zero

QEMU is vulnerable to denial of serviceDoS through divide by zero attacks. The vulnerability occurs while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in an application...

6.5CVSS7.2AI score0.00394EPSS
Exploits0References214Affected Software2
Veracode
Veracode
•added 2019/05/02 6:36 a.m.•35 views

Denial Of Service (DoS)

QEMU is vulnerable to denial of serviceDoS attacks. This occurs in the xhciringfetch function in hw/usb/hcd-xhci.c which allows local guest OS administrators to cause a denial of service condition by leveraging failure to limit the number of link Transfer Request Blocks TRB to process...

6CVSS6.3AI score0.00386EPSS
Exploits0References219Affected Software1
Veracode
Veracode
•added 2019/05/02 6:36 a.m.•35 views

Denial Of Service (DOS)

Linux kernel is vulnerable to the Linux kernel since 3.6-rc1 with 'net.ipv4.tcpfastopen' set to 1 can hit BUG statement in tcpcollapse function after making a number of certain syscalls. Local users could cause an application crash via a crafted application that makes sendto system calls, related...

5.5CVSS5.8AI score0.00465EPSS
Exploits0References49Affected Software2
Veracode
Veracode
•added 2019/05/02 6:30 a.m.•35 views

Privilege Escalation

Java SE, Java SE Embedded and JRockit are vulnerable to privilege escalation attacks. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed Security component to gain elevated privileges. Successful attacks could result in takeover of Java SE,...

8.3CVSS9.1AI score0.03524EPSS
Exploits0References19Affected Software5
Veracode
Veracode
•added 2019/05/02 6:30 a.m.•35 views

Denial Of Service

Java SE and Java SE Embedded are vulnerable to denial of serviceDoS attacks. A remote user can exploit a flaw in the Serialization component to cause application crash resulting in partial denial of service conditions...

5.3CVSS6.6AI score0.03114EPSS
Exploits0References18Affected Software5
Veracode
Veracode
•added 2019/05/02 6:12 a.m.•35 views

Denial Of Service (DOS)

Linux Kernel is vulnerable to denial of service DOS attacks. This is because Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack...

7.8CVSS7.3AI score0.01828EPSS
Exploits5References19Affected Software2
Veracode
Veracode
•added 2019/05/02 6:10 a.m.•35 views

NULL Pointer Dereference

JasPer is vulnerable to NULL pointer dereference. A remote attacker could cause denial of service via a crafted BMP image in an imginfo command. This issue affects the function bmpgetdata of the file libjasper/bmp/bmpdec.c of the component imginfo...

5.5CVSS6AI score0.0241EPSS
Exploits1References11Affected Software1
Total number of security vulnerabilities5000