Lucene search
K
VeracodeMost viewed

38332 matches found

Veracode
Veracode
•added 2019/05/02 6:10 a.m.•35 views

Unauthorized Modification

Java SE and Java SE Embedded are vulnerable to unauthenticated modification attacks. An unauthenticated attacker can exploit a flaw in the Security component of OpenJDK which does not allow users to restrict the set of algorithms allowed for Jar integrity verification allowing an attacker to modi...

3.1CVSS5.9AI score0.01993EPSS
Exploits0References18Affected Software5
Veracode
Veracode
•added 2019/05/02 5:51 a.m.•35 views

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of serviceDoS attacks. A local user can connect a USB device to the target system to trigger a double-free memory error in sndusbmidicreate function which cause the kernel to crash or potentially execute arbitrary code...

4.6CVSS6.4AI score0.03723EPSS
Exploits10References45Affected Software1
Veracode
Veracode
•added 2019/05/02 5:51 a.m.•35 views

Cross-site Scripting (XSS)

Firefox ESR and Firefox are vulnerable to cross-site scripting XSS attacks. A remote attacker can exploit an input validation flaw in the Pocket server to execute arbitrary JavaScript in the about:pocket-saved page and access the Pocket messaging API...

9.8CVSS8.6AI score0.02916EPSS
Exploits0References10Affected Software3
Veracode
Veracode
•added 2019/05/02 5:51 a.m.•35 views

Privilege Escalation

Oracle MySQL, MariaDB, Percona Server and Percona XtraDB Cluster are vulnerable to privilege escalation. A locally authenticated attacker may use race condition while setting stats during MyISAM table repair to obtain elevated privileges...

7CVSS7.8AI score0.04313EPSS
Exploits18References31Affected Software11
Veracode
Veracode
•added 2019/05/02 5:43 a.m.•35 views

Authentication Bypass

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

7.5CVSS9.3AI score0.04229EPSS
Exploits0References25Affected Software2
Veracode
Veracode
•added 2019/05/02 5:41 a.m.•35 views

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

10CVSS8.2AI score0.09027EPSS
Exploits0References20Affected Software1
Veracode
Veracode
•added 2019/05/02 5:41 a.m.•35 views

Sensitive Information Leak

ntp is vulnerable to sensitive information disclosure. It is possible due to missing validation of vallen value in ntpcrypto.c when the decryption of a secret received from an NTP server is performed, leading to a stack-based buffer overflow and crashing the NTP client...

5.8CVSS6.9AI score0.06135EPSS
Exploits0References23Affected Software1
Veracode
Veracode
•added 2019/05/02 5:40 a.m.•35 views

CRLF Injection

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker...

5CVSS8.5AI score0.17942EPSS
Exploits0References39Affected Software1
Veracode
Veracode
•added 2019/05/02 5:40 a.m.•35 views

Sandbox Restrictions Bypass

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Ja...

9.8CVSS4.6AI score0.9986EPSS
Exploits1References12Affected Software1
Veracode
Veracode
•added 2019/05/02 5:40 a.m.•35 views

Buffer Overflow

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

10CVSS5.7AI score0.06181EPSS
Exploits0References23Affected Software2
Veracode
Veracode
•added 2019/05/02 5:39 a.m.•35 views

Memory Corruption

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic acce...

5.5CVSS6.6AI score0.03742EPSS
Exploits4References28Affected Software1
Veracode
Veracode
•added 2019/05/02 5:39 a.m.•35 views

Improper Input Validation

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 collection provide a stable release of Python 2.7 with a number of additional utilities and database connectors f...

9.8CVSS8.8AI score0.28319EPSS
Exploits15References8Affected Software6
Veracode
Veracode
•added 2019/05/02 5:39 a.m.•35 views

Insecure TLS Configurations

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java...

10CVSS5.1AI score0.74006EPSS
Exploits1References30Affected Software1
Veracode
Veracode
•added 2019/05/02 5:29 a.m.•35 views

Denial Of Service (DoS)

Oracle MySQL Server is vulnerable to denial of service DoS attacks. An authenticated user is able to manipulate the component Memcached with an unknown input which may leads to an application crash...

2.1CVSS6.2AI score0.03764EPSS
Exploits0References17Affected Software1
Veracode
Veracode
•added 2019/05/02 5:27 a.m.•35 views

Denial Of Service (DoS)

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

9.8CVSS8.2AI score0.31046EPSS
Exploits9References29Affected Software2
Veracode
Veracode
•added 2019/05/02 5:27 a.m.•35 views

Information Disclosure

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

9.8CVSS8.1AI score0.31046EPSS
Exploits9References21Affected Software1
Veracode
Veracode
•added 2019/05/02 5:20 a.m.•35 views

Remote Code Execution (RCE)

Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, remote management and monitoring of multiple Linux deployments with a single, centralized tool. It performs provisioning and configuration management of predefined standard operating...

8.8CVSS9.2AI score0.02839EPSS
Exploits0References242Affected Software37
Veracode
Veracode
•added 2019/05/02 5:18 a.m.•35 views

Denial Of Service (DoS)

firefox/thunderbird is vulnerable to denial of service. A remote attacker is able to corrupt memory and crash the application...

7.5CVSS8.9AI score0.03497EPSS
Exploits0References23Affected Software2
Veracode
Veracode
•added 2019/05/02 5:18 a.m.•35 views

Denial Of Service (DoS)

Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...

10CVSS8.1AI score0.084EPSS
Exploits0References24Affected Software2
Veracode
Veracode
•added 2019/05/02 5:17 a.m.•35 views

Denial Of Service (DoS)

MySQL is vulnerable to denial of service. It allows remote authenticated users to affect availability via vectors related to DML...

4CVSS5.2AI score0.04328EPSS
Exploits0References20Affected Software4
Veracode
Veracode
•added 2019/05/02 5:17 a.m.•35 views

Denial Of Service (DoS)

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...

5.7CVSS6.3AI score0.09984EPSS
Exploits0References35Affected Software3
Veracode
Veracode
•added 2019/05/02 5:13 a.m.•35 views

Sandbox Protection Bypass

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause t...

10CVSS5.5AI score0.07224EPSS
Exploits1References39Affected Software4
Veracode
Veracode
•added 2019/05/02 5:12 a.m.•35 views

Information Disclosure

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain...

6.8CVSS4.7AI score0.04102EPSS
Exploits0References36Affected Software3
Veracode
Veracode
•added 2019/05/02 5:12 a.m.•35 views

Integer Overflow

The X11 Xorg libraries provide library routines that are used within all X Window applications. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol da...

6.8CVSS10.2AI score0.04282EPSS
Exploits0References14Affected Software6
Veracode
Veracode
•added 2019/05/02 5:12 a.m.•35 views

Null Pointer Dereference

FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handl...

7.5CVSS8.7AI score0.0571EPSS
Exploits13References14Affected Software1
Veracode
Veracode
•added 2019/05/02 5:12 a.m.•35 views

Heap-Based Buffer Overflow

FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handl...

7.5CVSS8.7AI score0.0571EPSS
Exploits13References14Affected Software1
Veracode
Veracode
•added 2019/05/02 5:12 a.m.•35 views

Out-Of-Bounds Read

FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handl...

7.5CVSS8.7AI score0.0571EPSS
Exploits13References16Affected Software1
Veracode
Veracode
•added 2019/05/02 5:6 a.m.•35 views

Denial Of Service (DoS)

Red Hat Enterprise Linux OpenStack Platform provides the facilities for building a private or public infrastructure-as-a-service IaaS cloud running on commonly available physical hardware. This update addresses the following issues: This package rebases mariadb-galera to 5.5.42, fixing an issue...

4CVSS5.8AI score0.0715EPSS
Exploits0References25Affected Software12
Veracode
Veracode
•added 2019/05/02 5:5 a.m.•35 views

Information Disclosure

java is vulnerable to information disclosure. An unspecified vulnerability allows a remote attacker to affect confidentiality via vectors related to 2D...

5CVSS3.8AI score0.04053EPSS
Exploits0References48Affected Software4
Veracode
Veracode
•added 2019/05/02 5:4 a.m.•35 views

Denial Of Service (DoS) Through Divide By Zero

LibVNCServer is a library that allows for easy creation of VNC server or client functionality. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way screen sizes were handled by LibVNCServer. A malicious VNC server could use this flaw to cause a client to crash o...

7.5CVSS9.6AI score0.08272EPSS
Exploits1References15Affected Software1
Veracode
Veracode
•added 2019/05/02 5:4 a.m.•35 views

Information Disclosure

php is vulnerable to information disclosure. The vulnerability exists as the phpinfo implementation in ext/standard/info.c does not ensure use of the string data type for the PHPAUTHPW, PHPAUTHTYPE, PHPAUTHUSER, and PHPSELF...

2.6CVSS5.6AI score0.05868EPSS
Exploits1References16Affected Software4
Veracode
Veracode
•added 2019/05/02 5:4 a.m.•35 views

Denial Of Service (DoS)

Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as...

5CVSS6.8AI score0.03409EPSS
Exploits0References17Affected Software1
Veracode
Veracode
•added 2019/05/02 5:3 a.m.•35 views

Denial Of Service (DoS)

KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Linux OpenStack Platform. Two integer overfl...

7.5CVSS8.1AI score0.02116EPSS
Exploits2References16Affected Software2
Veracode
Veracode
•added 2019/05/02 5:3 a.m.•35 views

Denial Of Service (DoS)

Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime NSPR provides platform independence for non-GUI operating system facilities. A race condition was found in the way N...

10CVSS8.5AI score0.06381EPSS
Exploits5References31Affected Software3
Veracode
Veracode
•added 2019/05/02 5:3 a.m.•35 views

Denial Of Service (DoS)

The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security TLS. The gnutls packages also include the libtasn1 library, which provides Abstract Syntax Notation One ASN.1 parsing and structures management, and Distinguished Encoding Rules DER...

7.5CVSS7.6AI score0.11221EPSS
Exploits1References25Affected Software2
Veracode
Veracode
•added 2019/05/02 5:3 a.m.•35 views

Denial Of Service (DoS) Through A Race Condition

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A race condition leading to a use-after-free flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled the addition of fragments to the LRU Last-Recently Used list under certai...

5.5CVSS6.8AI score0.22475EPSS
Exploits18References11Affected Software1
Veracode
Veracode
•added 2019/05/02 5:1 a.m.•35 views

Sandbox Restrictions Bypass

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

10CVSS5.5AI score0.08383EPSS
Exploits3References21Affected Software1
Veracode
Veracode
•added 2019/05/02 5:0 a.m.•35 views

Authentication Bypass

Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime NSPR provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled...

7.5CVSS7AI score0.04399EPSS
Exploits0References24Affected Software3
Veracode
Veracode
•added 2019/05/02 4:58 a.m.•35 views

Unauthorized Access

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

10CVSS6.6AI score0.17606EPSS
Exploits0References15Affected Software1
Veracode
Veracode
•added 2019/05/02 4:58 a.m.•35 views

Information Disclosure

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

10CVSS7.6AI score0.10117EPSS
Exploits1References12Affected Software1
Veracode
Veracode
•added 2019/05/02 4:58 a.m.•35 views

Privilege Escalation

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

10CVSS7.6AI score0.10117EPSS
Exploits1References52Affected Software3
Veracode
Veracode
•added 2019/05/02 4:58 a.m.•35 views

Privilege Escalation

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

10CVSS7.6AI score0.10117EPSS
Exploits1References66Affected Software3
Veracode
Veracode
•added 2019/05/02 4:57 a.m.•35 views

Improper Access Control

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...

7.5CVSS9.9AI score0.06353EPSS
Exploits0References14Affected Software1
Veracode
Veracode
•added 2019/05/02 4:56 a.m.•35 views

Heap-based Out-Of-Bounds Write

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way IP packets with an Internet Header Length ihl of zero were processed in the skbflowdissect function in the Linux kernel. A remote attacker could use this flaw to trigger an infinit...

7.1CVSS6.9AI score0.09408EPSS
Exploits6References20Affected Software1
Veracode
Veracode
•added 2019/05/02 4:56 a.m.•35 views

NULL Pointer Dereference

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way IP packets with an Internet Header Length ihl of zero were processed in the skbflowdissect function in the Linux kernel. A remote attacker could use this flaw to trigger an infinit...

7.1CVSS6.9AI score0.09408EPSS
Exploits6References15Affected Software1
Veracode
Veracode
•added 2019/05/02 4:54 a.m.•35 views

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

6.5CVSS7.9AI score0.10893EPSS
Exploits5References18Affected Software3
Veracode
Veracode
•added 2019/05/02 4:54 a.m.•35 views

Out-Of-Bounds Read

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

6.5CVSS7.9AI score0.10893EPSS
Exploits5References18Affected Software3
Veracode
Veracode
•added 2019/05/02 4:54 a.m.•35 views

Information Disclosure

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

6.5CVSS7.8AI score0.10893EPSS
Exploits5References18Affected Software3
Veracode
Veracode
•added 2019/05/02 4:54 a.m.•35 views

Cross-Site Scripting (XSS)

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

6.5CVSS7.8AI score0.10893EPSS
Exploits5References20Affected Software3
Veracode
Veracode
•added 2019/05/02 4:54 a.m.•35 views

Sandbox Restrictions Bypass

openjdk is vulnerable to sandbox restrictions bypass. An unspecified vulnerability allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...

10CVSS6.1AI score0.05894EPSS
Exploits0References30Affected Software3
Total number of security vulnerabilities5000