Lucene search
K
VeracodeMost viewed

38332 matches found

Veracode
Veracode
•added 2019/05/02 4:54 a.m.•35 views

Cross-Site Scripting (XSS)

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

6.5CVSS7.8AI score0.10893EPSS
Exploits5References20Affected Software3
Veracode
Veracode
•added 2019/05/02 4:52 a.m.•35 views

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

10CVSS6.8AI score0.08894EPSS
Exploits1References21Affected Software3
Veracode
Veracode
•added 2019/05/02 4:52 a.m.•35 views

Information Disclosure

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: A heap-based buffer overflow flaw was found in the Linux kernel's iSCSI target subsystem. A remote attacker could use a specially-crafted iSCSI request to caus...

7.9CVSS6.3AI score0.07313EPSS
Exploits11References20Affected Software1
Veracode
Veracode
•added 2019/05/02 4:48 a.m.•35 views

Timing Side-Channel

Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime NSPR provides platform independence for non-GUI operating system facilities. It was discovered that NSS leaked timin...

5CVSS5.6AI score0.05213EPSS
Exploits0References24Affected Software4
Veracode
Veracode
•added 2019/05/02 4:46 a.m.•35 views

Privilege Escalation

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

9.8CVSS6.5AI score0.98704EPSS
Exploits23References28Affected Software1
Veracode
Veracode
•added 2019/05/02 4:45 a.m.•35 views

Denial Of Service (DoS)

Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. A heap-based buffer overflow flaw was found in the way Wireshark handled Endace ERF Extensible Record Format capture files. If Wireshark opened a...

4.3CVSS7AI score0.06597EPSS
Exploits8References20Affected Software1
Veracode
Veracode
•added 2019/05/02 4:44 a.m.•35 views

Permission Check Bypass

OpenJDK 7 Java Runtime Environment and OpenJDK 7 Software Development Kit is vulnerable to permission check bypass. The attack is due to incorrect setter access check in MethodHandles.java, allowing an attacker to set value of a final field...

3.7CVSS8.6AI score0.85333EPSS
Exploits6References19Affected Software1
Veracode
Veracode
•added 2019/05/02 4:43 a.m.•35 views

Denial Of Service (DoS)

The libexif packages provide an Exchangeable image file format Exif library. Exif allows metadata to be added to and read from certain types of image files. Multiple flaws were found in the way libexif processed Exif tags. An attacker could create a specially-crafted image file that, when opened ...

7.5CVSS6.7AI score0.07557EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2019/05/02 4:43 a.m.•35 views

Denial Of Service (DoS)

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

10CVSS9.1AI score0.11515EPSS
Exploits0References12Affected Software1
Veracode
Veracode
•added 2019/05/02 4:43 a.m.•35 views

Information Disclosure

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

10CVSS9.1AI score0.11515EPSS
Exploits0References18Affected Software1
Veracode
Veracode
•added 2019/05/02 4:43 a.m.•35 views

Denial Of Service (DoS)

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

10CVSS9.1AI score0.11515EPSS
Exploits0References26Affected Software1
Veracode
Veracode
•added 2019/05/02 4:42 a.m.•35 views

Denial Of Service (DoS)

X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use thi...

1.9CVSS5.6AI score0.00605EPSS
Exploits5References10Affected Software1
Veracode
Veracode
•added 2019/05/02 4:41 a.m.•35 views

Denial Of Service (DoS)

Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays dictionaries in Python. An attacker able to supply a large number of inputs to a Python application such as HTTP POST request parameters sent...

5CVSS9.3AI score0.0562EPSS
Exploits7References21Affected Software1
Veracode
Veracode
•added 2019/05/02 4:41 a.m.•35 views

Information Disclosure

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

10CVSS9.4AI score0.04899EPSS
Exploits1References12Affected Software3
Veracode
Veracode
•added 2019/05/02 4:41 a.m.•35 views

Information Disclosure

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

10CVSS5.7AI score0.68532EPSS
Exploits5References39Affected Software1
Veracode
Veracode
•added 2019/03/25 8:40 a.m.•35 views

Directory Traversal

Jetty is vulnerable to directory traversal. It is due to the way URLs with multiple / slash characters are processed, allowing a remote unauthenticated attacker to view hidden or private files and directories...

5CVSS9.2AI score0.03832EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2019/03/14 2:16 a.m.•35 views

Remote Code Execution (RCE)

railties is vulnerable to remote code execution. A remote attacker is able to guess the automatically generated secret token when Rails is in development mode. This token can subsequently be used in combination with other Rails internals to execute arbitrary code...

9.8CVSS9.7AI score0.92144EPSS
Exploits13References8Affected Software2
Veracode
Veracode
•added 2019/01/21 2:11 a.m.•35 views

Denial Of Service (DoS)

github.com/moby/moby is vulnerable to denial of service DoS attacks. The vulnerability exists due to the lack of validation of cpuset-mems or cpuset-cpus, where a memory exhaustion could occur with a large integer...

4.9CVSS5.2AI score0.02231EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2019/01/15 9:27 a.m.•35 views

HTTP Response Splitting

ruby is vulnerable to HTTP response splitting. An attacker is able to inject arbitrary data into an HTTP response of the WEBrick server, allowing cross-site scripting attacks, web cache poisoning or similar exploits...

5.3CVSS6.9AI score0.0576EPSS
Exploits0References22Affected Software8
Veracode
Veracode
•added 2019/01/15 9:26 a.m.•35 views

Denial Of Service (DoS)

nginx is vulnerable to denial of service. An attacker is able to cause a infinite loop or a memory disclosure in ngxhttpmp4module via a malicious mp4 file...

6.1CVSS6.3AI score0.09801EPSS
Exploits1References15Affected Software3
Veracode
Veracode
•added 2019/01/15 9:26 a.m.•35 views

Information Disclosure

Linux kernel that is built with CONFIGPOSIXTIMERES and CONFIGCHECKPOINTRESTORE is vulnerable to information disclosure. An out-of-bounds access in the showtimer function in the timercreate syscall implementation in kernel/time/posix-timers.c allows userspace applications to read arbitrary kernel...

5.5CVSS6AI score0.03228EPSS
Exploits8References18Affected Software2
Veracode
Veracode
•added 2019/01/15 9:25 a.m.•35 views

Information Disclosure

System.Net.Http in rh-dotnetcore10 and rh-dotnetcore11 is vulnerable to an information disclosure. The library does not clear it's authentication headers during redirection, allowing a malicious user to use a redirect to gain access to information in the authentication header...

7.5CVSS7.4AI score0.14833EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2019/01/15 9:22 a.m.•35 views

Privilege Escalation

rhev-hypervisor7 is vulnerable to denial of service DoS attacks. The vulnerability exists as kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions...

8CVSS7.1AI score0.18404EPSS
Exploits9References19Affected Software6
Veracode
Veracode
•added 2019/01/15 9:22 a.m.•35 views

Information Disclosure

Several modern microprocessor designs are vulnerable to information disclosure vulnerability. An unprivileged local attacker could access sensitive memory locations via a targeted side-channel attack...

5.5CVSS5.8AI score0.60631EPSS
Exploits2References152Affected Software11
Veracode
Veracode
•added 2019/01/15 9:21 a.m.•35 views

Directory Traversal

wildfly-undertow is vulnerable to directory traversal attacks. The application does not handle pathing properly, allowing a malicious user to pass a URL to gain access to sensitive information on the system...

5.5CVSS7.3AI score0.00498EPSS
Exploits0References11Affected Software23
Veracode
Veracode
•added 2019/01/15 9:21 a.m.•35 views

Denial Of Service (DoS)

qemu-kvm-rhev is vulnerable to denial of service DoS attacks. The vulnerability exists as the addressspacewritecontinue function in exec.c in QEMU aka Quick Emulator allows local guest OS privileged users to cause a denial of service out-of-bounds access and guest instance crash by leveraging use...

4.4CVSS5.6AI score0.00502EPSS
Exploits0References15Affected Software1
Veracode
Veracode
•added 2019/01/15 9:19 a.m.•35 views

Remote Code Execution (RCE)

kernel is vulnerable to remote code execution RCE attacks. The vulnerability exists as the native Bluetooth stack in the Linux Kernel BlueZ, starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP...

8CVSS8.2AI score0.16181EPSS
Exploits12References23Affected Software2
Veracode
Veracode
•added 2019/01/15 9:17 a.m.•35 views

Arbitrary Code Execution

kernel is vulnerable to arbitrary code execution attacks. The vulnerability exists as the NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have...

9.8CVSS9.7AI score0.1081EPSS
Exploits0References17Affected Software2
Veracode
Veracode
•added 2019/01/15 9:16 a.m.•35 views

Denial Of Service (DoS)

kernel-rt is vulnerable to denial of service DoS attacks. The vulnerability exists as the ext4fillsuper function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service out-of-bound...

4.3CVSS5.1AI score0.00428EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2019/01/15 9:16 a.m.•35 views

Privilege Escalation

openssh is vulnerable to privilege escalation. It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configurations with UseLogin=yes and the pamenv PAM module configured to read user environment settings, a local user could use this...

7.6CVSS8.2AI score0.01284EPSS
Exploits0References16Affected Software1
Veracode
Veracode
•added 2019/01/15 9:16 a.m.•35 views

Denial Of Service (DoS)

QEMU is vulnearble to denial of service. An integer overflow flaw and an out-of-bounds read flaw were found in the way QEMU's VGA emulator set certain VGA registers while in VBE mode. A privileged guest user could use this flaw to crash the QEMU process instance...

5.5CVSS6.6AI score0.00513EPSS
Exploits0References29Affected Software1
Veracode
Veracode
•added 2019/01/15 9:15 a.m.•35 views

Weak Encryption

The DES and Triple-DES ciphers are vulnerable to birthday attacks, allowing a malicious user to decrypt and obtain cleartext data faster than a standard brute-force attack...

7.5CVSS7.5AI score0.95707EPSS
Exploits7References148Affected Software11
Veracode
Veracode
•added 2019/01/15 9:15 a.m.•35 views

Improper Access Control

nagios is vulnerable to privilege escalation attacks. The vulnerability exists as MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this...

9.8CVSS7.8AI score0.22684EPSS
Exploits11References2Affected Software1
Veracode
Veracode
•added 2019/01/15 9:14 a.m.•35 views

Denial Of Service (DoS)

gstreamer-plugins-bad-free is vulnerable to denial of service DoS attacks. The vulnerability exists as an integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service crash via large width and height values, which triggers a buffer overflow...

7.5CVSS7.4AI score0.03691EPSS
Exploits0References12Affected Software1
Veracode
Veracode
•added 2019/01/15 9:14 a.m.•35 views

Denial Of Service (DoS)

undertow-core is vulnerable to denial of service attacks. The vulnerability exists when a GET request with very long URL about 1900 characters which exceeds the default buffer sizes is sent to the proxy server, it consumes 100% CPU and fills the disk space by generating logs very fast with an...

5.9CVSS5.8AI score0.0248EPSS
Exploits0References5Affected Software127
Veracode
Veracode
•added 2019/01/15 9:13 a.m.•35 views

Regular Expression Denial Of Service (ReDoS) Via Long String Of Semicolons

tough-cookie is vulnerable to regular expression denial-of-service ReDoS attack. A malicious user can pass a long string that contains many semicolons in the Set-Cookies header, causing a regular expression to take a large amount of time, causing a denial of service condition...

5.3CVSS5.7AI score0.02356EPSS
Exploits0References9Affected Software3
Veracode
Veracode
•added 2019/01/15 9:12 a.m.•35 views

Denial Of Service (DoS)

nginx is vulnerable to denial of service. It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if...

7.5CVSS7.9AI score0.81958EPSS
Exploits0References12Affected Software1
Veracode
Veracode
•added 2019/01/15 9:11 a.m.•35 views

Deserialization Of Untrusted Data

Apache ActiveMQ allows for deserialization of objects both in the Broker and in any applications which process ObjectMessage messages, specifically by using ObjectMessagegetObject. Broker deserialization happens in HTTP, Stop, Web Console, and other components. The deserialization in versions 5.0...

9.8CVSS8.4AI score0.38191EPSS
Exploits4References42Affected Software19
Veracode
Veracode
•added 2019/01/15 9:10 a.m.•35 views

Arbitrary Code Execution

git is vulnerable to arbitrary code execution. An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a...

9.8CVSS9.8AI score0.17979EPSS
Exploits0References28Affected Software2
Veracode
Veracode
•added 2019/01/15 9:8 a.m.•35 views

Denial Of Service (DoS)

qemu-kvm-rhev is vulnerable to denial of service. It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of servi...

8.6CVSS8.1AI score0.07393EPSS
Exploits0References23Affected Software1
Veracode
Veracode
•added 2019/01/15 9:7 a.m.•35 views

Denial Of Service (DoS)

qemu-kvm is vulnerable to denial of service. A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance denial of service or...

7.2CVSS7.4AI score0.01046EPSS
Exploits0References28Affected Software3
Veracode
Veracode
•added 2019/01/15 9:5 a.m.•35 views

Arbitrary Code Execution

firefox is vulnerable to arbitrary code execution attacks. The vulnerability exists as Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via...

7.5CVSS9.5AI score0.03269EPSS
Exploits0References37Affected Software2
Veracode
Veracode
•added 2019/01/15 9:3 a.m.•35 views

Authorization Bypass

httpd24-httpd is vulnerable to authorization bypass attacks. The vulnerability exists as the modheaders module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding...

5CVSS4.9AI score0.60205EPSS
Exploits2References68Affected Software9
Veracode
Veracode
•added 2019/01/15 9:1 a.m.•35 views

Sensitive Information Leakage

The kernel-rt packages is susceptible to denial of service DoS. The attack is possible because it does not make sure the addrlen value to get initialized with the associated data structure, allowing a local unauthorized user to do the recvmsg, recvfrom, and recvmmsg system calls to leak kernel...

4.9CVSS6.6AI score0.0048EPSS
Exploits0References34Affected Software1
Veracode
Veracode
•added 2019/01/15 9:1 a.m.•35 views

Denial Of Service

PostgreSQL is vulnerable to denial of service DoS attack. The attack exists because of failure to have proper the enumrecv function declaration in backend/utils/adt/enum.c causes an array index error, leading to a heap-based out-of-bounds buffer read flaw. Therefore, an unprivileged database user...

6.8CVSS6.4AI score0.03592EPSS
Exploits0References24Affected Software2
Veracode
Veracode
•added 2019/01/15 9:1 a.m.•35 views

Denial Of Service (DoS)

firefox is vulnerable to denial of service DoS attacks. The vulnerability exists as multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and...

10CVSS9.8AI score0.05238EPSS
Exploits0References16Affected Software3
Veracode
Veracode
•added 2019/01/15 8:59 a.m.•35 views

Arbitrary Code Execution Through REST API Call

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call...

7.5CVSS6.9AI score0.03408EPSS
Exploits0References18Affected Software3
Veracode
Veracode
•added 2019/01/15 8:59 a.m.•35 views

Information Disclosure

Linux kernel-rt is vulnerable to information disclosure. A NULL pointer dereference in the sndctlelemusertlv function in sound/core/control.c allows a local privileged user to exploit the vulnerability to leak kernel memory to user space...

1.9CVSS5.6AI score0.00335EPSS
Exploits0References18Affected Software2
Veracode
Veracode
•added 2019/01/15 8:58 a.m.•35 views

Man-in-the-Middle (MitM)

gnutls is vulnerable to man-in-the-middle MitM attacks. The vulnerability exists as lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof...

5.8CVSS7AI score0.29958EPSS
Exploits1References28Affected Software1
Veracode
Veracode
•added 2019/01/15 8:57 a.m.•35 views

Denial Of Service

The httpd packages is susceptible to a denial of service. The vulnerability is possible due to a NULL pointer dereference flaw in the modcache httpd module. A malicious HTTP server causes the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching...

4.3CVSS5.8AI score0.11534EPSS
Exploits0References30Affected Software1
Total number of security vulnerabilities5000