Lucene search
K
VeracodeMost viewed

38332 matches found

Veracode
Veracode
•added 2019/10/29 9:34 a.m.•35 views

Arbitrary File Overwrite

github.com/containers/libpod is vulnerable to arbitrary file overwrite. The vulnerability exists as it does not properly perform symlink processing and wild-card characters parsing, allowing for overwriting of existing files when an undesired glob operation occurs...

5.5CVSS3.9AI score0.0149EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2019/09/11 12:6 a.m.•35 views

Use-After-Free

firefox is vulnerable to use-after-free. The vulnerability exists due to the manipulating video elements which allows an attacker to do a potentially exploitable crash in the application...

8.8CVSS8.9AI score0.01713EPSS
Exploits0References15Affected Software5
Veracode
Veracode
•added 2019/08/20 12:10 a.m.•35 views

Information Disclosure

PHP is vulnerable to Information disclosure. When an attacker supplies malicious data, it causes the funciton gdImageCreateFromXbm to use the value of uninitialized variable...

5.3CVSS2.3AI score0.04332EPSS
Exploits1References22Affected Software3
Veracode
Veracode
•added 2019/08/05 5:35 a.m.•35 views

Buffer Overflow

libpng is vulnerable to buffer overflow. The attack exists because of a flaw in PNM decoding which causes a stack overflow in the function gettoken in pnm2png.c in pnm2png...

8.8CVSS4.7AI score0.03554EPSS
Exploits1References6Affected Software2
Veracode
Veracode
•added 2019/07/29 12:8 a.m.•35 views

Denial Of Service (DoS)

openjdk is vulnerable to denial of service. It was discovered that the implementation of the Throwable class in the Utilities component of OpenJDK did not sufficiently validate serial stream before deserializing suppressed exceptions. A specially-crafted input could cause a Java application to...

5.3CVSS3.6AI score0.04472EPSS
Exploits0References16Affected Software5
Veracode
Veracode
•added 2019/07/08 12:7 a.m.•35 views

Buffer Overflow

QEMU is vulnerable to buffer overflows. A remote, unauthenticated attacker could cause a system crash due to device tree size manipulation before buffer allocation leading to denial of service conditions. Affected by this issue is the function loadimage of the file devicetree.c...

9.8CVSS8.7AI score0.04428EPSS
Exploits0References16Affected Software3
Veracode
Veracode
•added 2019/07/02 3:40 a.m.•35 views

Denial Of Service (DoS)

imagemagick is vulnerable to denial of service. A use of uninitialized value flaw in the function ReadCUTImage in coders/cut.c allows an attacker to crash the application...

8.8CVSS8.2AI score0.03291EPSS
Exploits0References11Affected Software5
Veracode
Veracode
•added 2019/06/14 3:58 a.m.•35 views

Unsafe Deserialization

jackson-databind is vulnerable to arbitrary code execution via unsafe deserrialization. Lack of object validation before deserialization allows an attacker to execute arbitrary code using polymorphic deserialization of a malicious gadget type...

5.9CVSS8.4AI score0.45205EPSS
Exploits2References65Affected Software38
Veracode
Veracode
•added 2019/05/16 3:58 a.m.•35 views

Buffer Overflow

Mozilla Thunderbird is vulnerable to buffer overflow. It does not use correct alias information in IonMonkey JIT compiler for MArraySlice in Array.prototype.slice method...

8.8CVSS8.6AI score0.29514EPSS
Exploits9References11Affected Software8
Veracode
Veracode
•added 2019/05/16 3:24 a.m.•35 views

Denial Of Service (DoS)

IBM SDK is vulnerable to denial of service DoS attacks. The vulnerability exists in the java.math component in IBM SDK. An attacker could cause a denial of service condition with specially crafted String data...

7.5CVSS7.8AI score0.03981EPSS
Exploits0References10Affected Software2
Veracode
Veracode
•added 2019/05/16 3:18 a.m.•35 views

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of service DoS attacks. The vulnerability exists in an unknown code block in the library fs/xfs/libxfs/xfsattr.c of the component XFS File System because xfsattrshortformaddname in fs/xfs/libxfs/xfsattr.c mishandles ATTRREPLACE operations with conversion of an...

5.5CVSS6AI score0.00683EPSS
Exploits1References37Affected Software2
Veracode
Veracode
•added 2019/05/16 3:18 a.m.•35 views

Privilege Escalation

Linux kernel is vulnerable to privilege escalation vulnerability. This exists in the function inodeinitowner of the file fs/inode.c. Local users could create files with an unintended group ownership and SGID permission bits set, when a directory is SGID and belongs to a certain group and is...

7.8CVSS7.7AI score0.01018EPSS
Exploits3References51Affected Software2
Veracode
Veracode
•added 2019/05/16 3:11 a.m.•35 views

Memory Corruption

Linux kernel is vulnerable to memory corruption vulnerability. This is because the ALSA sequencer core initializes the event pool on demand by invoking sndseqpoolinit when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently causing an...

7.8CVSS7.7AI score0.005EPSS
Exploits0References24Affected Software2
Veracode
Veracode
•added 2019/05/16 2:59 a.m.•35 views

Use After Free

PHP is vulnerable to use after free vulnerability. The vulnerability exists in the wddxstackdestroy function in ext/wddx/wddx.c in PHP. Remote attackers could cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset...

9.8CVSS9.8AI score0.06654EPSS
Exploits1References12Affected Software1
Veracode
Veracode
•added 2019/05/16 2:59 a.m.•35 views

Out-Of-Bounds Read

PHP is vulnerable to out-of-bounds read attacks. This exists in the phpwddxpushelement function in ext/wddx/wddx.c which allows remote attackers to cause a denial of service or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document...

9.8CVSS9.6AI score0.07031EPSS
Exploits0References14Affected Software1
Veracode
Veracode
•added 2019/05/16 2:54 a.m.•35 views

Denial Of Service (DoS)

Oracle Java SE is vulnerable to denial of service DoS attacks. The vulnerability exists in an unknown function of the component Security. An unauthenticated attacker with network access via multiple protocols could compromise Java SE, Java SE Embedded, JRockit causing a parital denial of service...

5.3CVSS6.2AI score0.06891EPSS
Exploits0References27Affected Software4
Veracode
Veracode
•added 2019/05/02 6:37 a.m.•35 views

Denial Of Service (DoS)

Oracle MySQL is vulnerable to denial of serviceDoS attacks. A remote user could exploit a flaw in the Server: Pluggable Auth component which allows unauthorized attackers to cause frequently repeatable crash on the target system...

7.5CVSS6.7AI score0.89924EPSS
Exploits7References16Affected Software2
Veracode
Veracode
•added 2019/05/02 6:36 a.m.•35 views

Denial Of Service (DoS)

QEMU is vulnerable to denial of serviceDoS attacks. This occurs in the xhciringfetch function in hw/usb/hcd-xhci.c which allows local guest OS administrators to cause a denial of service condition by leveraging failure to limit the number of link Transfer Request Blocks TRB to process...

6CVSS6.3AI score0.00386EPSS
Exploits0References219Affected Software1
Veracode
Veracode
•added 2019/05/02 6:30 a.m.•35 views

Denial Of Service

Java SE and Java SE Embedded are vulnerable to denial of serviceDoS attacks. A remote user can exploit a flaw in the Serialization component to cause application crash resulting in partial denial of service conditions...

5.3CVSS6.6AI score0.03114EPSS
Exploits0References18Affected Software5
Veracode
Veracode
•added 2019/05/02 6:12 a.m.•35 views

Denial Of Service (DOS)

Linux Kernel is vulnerable to denial of service DOS attacks. This is because Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack...

7.8CVSS7.3AI score0.01828EPSS
Exploits5References19Affected Software2
Veracode
Veracode
•added 2019/05/02 6:10 a.m.•35 views

NULL Pointer Dereference

JasPer is vulnerable to NULL pointer dereference. A remote attacker could cause denial of service via a crafted BMP image in an imginfo command. This issue affects the function bmpgetdata of the file libjasper/bmp/bmpdec.c of the component imginfo...

5.5CVSS6AI score0.0241EPSS
Exploits1References11Affected Software1
Veracode
Veracode
•added 2019/05/02 6:10 a.m.•35 views

Unauthorized Modification

Java SE and Java SE Embedded are vulnerable to unauthenticated modification attacks. An unauthenticated attacker can exploit a flaw in the Security component of OpenJDK which does not allow users to restrict the set of algorithms allowed for Jar integrity verification allowing an attacker to modi...

3.1CVSS5.9AI score0.01993EPSS
Exploits0References18Affected Software5
Veracode
Veracode
•added 2019/05/02 5:43 a.m.•35 views

Authentication Bypass

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

7.5CVSS9.3AI score0.04229EPSS
Exploits0References25Affected Software2
Veracode
Veracode
•added 2019/05/02 5:40 a.m.•35 views

Sandbox Restrictions Bypass

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Ja...

9.8CVSS4.6AI score0.9986EPSS
Exploits1References12Affected Software1
Veracode
Veracode
•added 2019/05/02 5:39 a.m.•35 views

Improper Input Validation

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 collection provide a stable release of Python 2.7 with a number of additional utilities and database connectors f...

9.8CVSS8.8AI score0.28319EPSS
Exploits15References8Affected Software6
Veracode
Veracode
•added 2019/05/02 5:39 a.m.•35 views

Insecure TLS Configurations

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java...

10CVSS5.1AI score0.74006EPSS
Exploits1References30Affected Software1
Veracode
Veracode
•added 2019/05/02 5:27 a.m.•35 views

Information Disclosure

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

9.8CVSS8.1AI score0.31046EPSS
Exploits9References21Affected Software1
Veracode
Veracode
•added 2019/05/02 5:17 a.m.•35 views

Denial Of Service (DoS)

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...

5.7CVSS6.3AI score0.09984EPSS
Exploits0References35Affected Software3
Veracode
Veracode
•added 2019/05/02 5:13 a.m.•35 views

Sandbox Protection Bypass

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause t...

10CVSS5.5AI score0.07224EPSS
Exploits1References39Affected Software4
Veracode
Veracode
•added 2019/05/02 5:12 a.m.•35 views

Information Disclosure

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain...

6.8CVSS4.7AI score0.04102EPSS
Exploits0References36Affected Software3
Veracode
Veracode
•added 2019/05/02 5:12 a.m.•35 views

Integer Overflow

The X11 Xorg libraries provide library routines that are used within all X Window applications. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol da...

6.8CVSS10.2AI score0.04282EPSS
Exploits0References14Affected Software6
Veracode
Veracode
•added 2019/05/02 5:12 a.m.•35 views

Null Pointer Dereference

FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handl...

7.5CVSS8.7AI score0.0571EPSS
Exploits13References14Affected Software1
Veracode
Veracode
•added 2019/05/02 5:12 a.m.•35 views

Heap-Based Buffer Overflow

FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handl...

7.5CVSS8.7AI score0.0571EPSS
Exploits13References14Affected Software1
Veracode
Veracode
•added 2019/05/02 5:12 a.m.•35 views

Out-Of-Bounds Read

FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handl...

7.5CVSS8.7AI score0.0571EPSS
Exploits13References16Affected Software1
Veracode
Veracode
•added 2019/05/02 5:6 a.m.•35 views

Denial Of Service (DoS)

Red Hat Enterprise Linux OpenStack Platform provides the facilities for building a private or public infrastructure-as-a-service IaaS cloud running on commonly available physical hardware. This update addresses the following issues: This package rebases mariadb-galera to 5.5.42, fixing an issue...

4CVSS5.8AI score0.0715EPSS
Exploits0References25Affected Software12
Veracode
Veracode
•added 2019/05/02 5:5 a.m.•35 views

Information Disclosure

java is vulnerable to information disclosure. An unspecified vulnerability allows a remote attacker to affect confidentiality via vectors related to 2D...

5CVSS3.8AI score0.04053EPSS
Exploits0References48Affected Software4
Veracode
Veracode
•added 2019/05/02 5:4 a.m.•35 views

Denial Of Service (DoS) Through Divide By Zero

LibVNCServer is a library that allows for easy creation of VNC server or client functionality. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way screen sizes were handled by LibVNCServer. A malicious VNC server could use this flaw to cause a client to crash o...

7.5CVSS9.6AI score0.08272EPSS
Exploits1References15Affected Software1
Veracode
Veracode
•added 2019/05/02 5:4 a.m.•35 views

Information Disclosure

php is vulnerable to information disclosure. The vulnerability exists as the phpinfo implementation in ext/standard/info.c does not ensure use of the string data type for the PHPAUTHPW, PHPAUTHTYPE, PHPAUTHUSER, and PHPSELF...

2.6CVSS5.6AI score0.05868EPSS
Exploits1References16Affected Software4
Veracode
Veracode
•added 2019/05/02 5:3 a.m.•35 views

Denial Of Service (DoS)

Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime NSPR provides platform independence for non-GUI operating system facilities. A race condition was found in the way N...

10CVSS8.5AI score0.06381EPSS
Exploits5References31Affected Software3
Veracode
Veracode
•added 2019/05/02 5:3 a.m.•35 views

Denial Of Service (DoS)

The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security TLS. The gnutls packages also include the libtasn1 library, which provides Abstract Syntax Notation One ASN.1 parsing and structures management, and Distinguished Encoding Rules DER...

7.5CVSS7.6AI score0.11221EPSS
Exploits1References25Affected Software2
Veracode
Veracode
•added 2019/05/02 5:3 a.m.•35 views

Denial Of Service (DoS) Through A Race Condition

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A race condition leading to a use-after-free flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled the addition of fragments to the LRU Last-Recently Used list under certai...

5.5CVSS6.8AI score0.22475EPSS
Exploits18References11Affected Software1
Veracode
Veracode
•added 2019/05/02 5:1 a.m.•35 views

Sandbox Restrictions Bypass

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

10CVSS5.5AI score0.08383EPSS
Exploits3References21Affected Software1
Veracode
Veracode
•added 2019/05/02 4:58 a.m.•35 views

Unauthorized Access

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

10CVSS6.6AI score0.17606EPSS
Exploits0References15Affected Software1
Veracode
Veracode
•added 2019/05/02 4:58 a.m.•35 views

Information Disclosure

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

10CVSS7.6AI score0.10117EPSS
Exploits1References12Affected Software1
Veracode
Veracode
•added 2019/05/02 4:58 a.m.•35 views

Privilege Escalation

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

10CVSS7.6AI score0.10117EPSS
Exploits1References52Affected Software3
Veracode
Veracode
•added 2019/05/02 4:58 a.m.•35 views

Privilege Escalation

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

10CVSS7.6AI score0.10117EPSS
Exploits1References66Affected Software3
Veracode
Veracode
•added 2019/05/02 4:56 a.m.•35 views

NULL Pointer Dereference

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way IP packets with an Internet Header Length ihl of zero were processed in the skbflowdissect function in the Linux kernel. A remote attacker could use this flaw to trigger an infinit...

7.1CVSS6.9AI score0.09408EPSS
Exploits6References15Affected Software1
Veracode
Veracode
•added 2019/05/02 4:54 a.m.•35 views

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

6.5CVSS7.9AI score0.10893EPSS
Exploits5References18Affected Software3
Veracode
Veracode
•added 2019/05/02 4:54 a.m.•35 views

Out-Of-Bounds Read

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

6.5CVSS7.9AI score0.10893EPSS
Exploits5References18Affected Software3
Veracode
Veracode
•added 2019/05/02 4:54 a.m.•35 views

Information Disclosure

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

6.5CVSS7.8AI score0.10893EPSS
Exploits5References18Affected Software3
Total number of security vulnerabilities5000