Lucene search
K
VeracodeMost viewed

38332 matches found

Veracode
Veracode
•added 2024/04/06 12:34 a.m.•34 views

Certificate Validation

curl is vulnerable to Certificate Validation. The vulnerability is due to a flaw in libcurl when built with wolfSSL and the error path inadvertently bypassing certificate verification when encountering unknown or bad ciphers or curves, allows for certificate verification to be skipped for QUIC...

6.3CVSS6.1AI score0.01709EPSS
Exploits1References12Affected Software1
Veracode
Veracode
•added 2024/03/14 6:36 a.m.•34 views

Off-by-one Error

libvirt.so is vulnerable to Off-by-one Error. The vulnerability is due to a miscalculation in the udevListInterfacesByStatus function when the number of interfaces exceeds the size of the names array. This issue can be exploited by sending specially crafted data to the libvirt daemon, enabling an...

5.5CVSS6.9AI score0.00398EPSS
Exploits0References9Affected Software1
Veracode
Veracode
•added 2024/03/10 11:23 p.m.•34 views

Inappropriate Implementation

Google Chrome is vulnerable to Inappropriate Implementation. The vulnerability is due to an implementation error in the V8 engine, allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS6.4AI score0.12558EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2024/02/07 7:34 a.m.•34 views

Insecure Deserialisation

clearml is vulnerable to Insecure Deserialisation. The vulnerability is due to Deserialisation of untrusted data. An attacker can upload a malicious pickle file via the project API to run arbitrary code on an end user's system...

8.8CVSS7.2AI score0.02452EPSS
Exploits9References2Affected Software1
Veracode
Veracode
•added 2024/02/01 3:7 a.m.•34 views

Denial Of Service

chromium is vulnerable to Denial Of Service. The vulnerability is due to an integer underflow in WebUI. A remote attacker can potentially exploit heap corruption via a malicious file...

9.8CVSS6.8AI score0.00548EPSS
Exploits0References6Affected Software3
Veracode
Veracode
•added 2024/01/19 9:16 a.m.•34 views

Heap Buffer Overflow

libxml2 is vulnerable to Heap Buffer Overflow. The vulnerability is due to improper bound checking. This issue can be exploited by an attacker via parsing a malicious file to execute arbitrary code within the context of an unprivileged process...

7.8CVSS7.4AI score0.02142EPSS
Exploits0References2
Veracode
Veracode
•added 2024/01/11 6:12 a.m.•34 views

Improper Access Control

CRI-O is vulnerable to Improper Access Control. The vulnerability is due to improper restrictions of the experimental io.kubernetes.cri-o.UnifiedCgroup annotation, which results in container resources being unconfined. This issue can be exploited by an attacker to specify any amount of memory/cpu...

7.5CVSS6.7AI score0.00859EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2023/12/26 12:49 p.m.•34 views

SMTP Smuggling

Postfix is vulnerable to SMTP smuggling. The vulnerability is caused due to support for . while handling line endings. A remote attacker can exploit this using published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection...

5.3CVSS6.7AI score0.02598EPSS
Exploits4References18Affected Software1
Veracode
Veracode
•added 2023/12/15 7:30 a.m.•34 views

Integer Overflow

xwayland:sid is vulnerable to Integer Overflow. The vulnerability due to xorg-server crafted request to RRChangeProviderProperty or RRChangeOutputProperty. It leads to allow an attacker to a disclosure of sensitive information...

7.6CVSS6.3AI score0.01631EPSS
Exploits0References28Affected Software2
Veracode
Veracode
•added 2023/12/15 5:1 a.m.•34 views

Buffer Overflow

chromium:sid is vulnerable to buffer overflow. The vulnerability due to to access a memory location after the memory has been freed or deallocated. It allow a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS6.9AI score0.00639EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2023/12/09 3:46 a.m.•34 views

Use After Free

Chromium is vulnerable to Use After Free. The vulnerability is due to improper memory management in Side Panel Search in Google Chrome. This allows an attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction...

8.8CVSS6.7AI score0.00993EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2023/11/28 7:35 a.m.•34 views

Policy Bypass

nodejs is vulnerable to Policy Bypass. The vulnerability allows a malicious attacker to intercepting the resource integrity check performed by the Node.js policy feature and to get a forged checksum resulting in potential malicious code execution...

7.5CVSS6.6AI score0.01107EPSS
Exploits0References9Affected Software2
Veracode
Veracode
•added 2023/11/16 10:11 a.m.•34 views

Path Traversal

galaxyimporter is vulnerable to Path Traversal. The vulnerability is due to incorrect symbolic link handing, allowing an attacker to construct a specially crafted tarball that,when imported using the galaxy importer of Ansible Automation Hub, creates a symbolic link on the disk, potentially...

6.5CVSS7AI score0.00834EPSS
Exploits1References7Affected Software1
Veracode
Veracode
•added 2023/11/02 6:39 p.m.•34 views

Remote Code Execution (RCE)

chromium is vulnerable to Remote Code Execution RCE. The vulnerability exists due to the incorrect security UI in Downloads, which allows a remote malicious attacker to obfuscate security UI via a crafted HTML page...

4.3CVSS7.6AI score0.00646EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2023/10/29 10:30 a.m.•34 views

Buffer Overflows

memcached is vulnerable to Buffer Overflows. An attacker could exploit this vulnerability by sending a specially crafted multiget request to a vulnerable Memcached server when there are many spaces after the "get" substring for multiget requests in proxy mode. The server would then attempt to...

7.5CVSS7.9AI score0.00778EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2023/10/24 2:58 a.m.•34 views

Buffer Overflow

libz.so is vulnerable to Buffer Overflow. The vulnerability is present due to the absence of length checks in the filename, extrafield, and comment parameters within the zip.c. This oversight enables an attacker to trigger an integer overflow, leading to a heap-based buffer overflow in the...

9.8CVSS7.5AI score0.02918EPSS
Exploits0References13Affected Software5
Veracode
Veracode
•added 2023/10/13 9:18 a.m.•34 views

Denial Of Service (DoS)

Golang.org/x/net is vulnerable to Denial of Service DoS. This vulnerability exists due to a flaw which allows a user to send a request, and quickly cancel it. The http2.Server.MaxConcurrentStreams limits the amount of allowed inflight requests, but does not handle the situation of resetting the...

7.5CVSS6.6AI score0.03796EPSS
Exploits0References47Affected Software2
Veracode
Veracode
•added 2023/10/09 1:43 a.m.•34 views

Denial Of Service (DoS)

python2.7 is vulnerable to Denial Of Service DoS. The vulnerability exists due to the use after free in the library, allowing an attacker to cause an application crash through the heappushpop in heapq...

7.5CVSS7AI score0.0177EPSS
Exploits1References9Affected Software2
Veracode
Veracode
•added 2023/09/12 7:13 a.m.•34 views

Improper Input Validation

apache-superset is vulnerable to Improper Input Validation. The vulnerability allows an attacker to trick a user into potentially registering a SQLite database connection incorrectly if an attacker employs alternative driver names such as sqlite+pysqlite or utilizes database imports. This...

6.5CVSS6.7AI score0.83716EPSS
Exploits2References4Affected Software1
Veracode
Veracode
•added 2023/08/30 3:57 p.m.•34 views

Denial Of Service (DoS)

wireshark is vulnerable to Denial Of Service DoS. The vulnerability exists due to the infinite loop in the BT SDP dissector, which allows an attacker to cause an application crash via packet injection or crafted capture file...

7.5CVSS7.1AI score0.00438EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2023/08/25 11:34 p.m.•34 views

Denial Of Service (DoS)

binutils is vulnerable to Denial Of Service DoS. The vulnerability exists in the bfdmachogetsyntheticsymtab function of match-o.c, which allows an attacker to cause an aplication crash by providing a maliciously crafted input...

7.8CVSS6.6AI score0.00461EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2023/08/17 12:48 p.m.•34 views

Denial Of Service (DoS)

libpoppler.so is vulnerable to Denial Of Service DoS. The vulnerability exists due to the heap buffer overflow in the FoFiType1C::cvtGlyph function of fofi/FoFiType1C.cc, allowing an attacker to cause an application crash...

6.5CVSS7.3AI score0.00927EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2023/08/07 6:11 p.m.•34 views

Denial Of Service (DoS)

w3m is vulnerable to Denial of Service DoS attacks. This vulnerability occurs when w3m parses a specially crafted HTML file that contains an out-of-bounds read. If the file is valid, w3m could crash...

5.5CVSS6.6AI score0.00355EPSS
Exploits1References8Affected Software1
Veracode
Veracode
•added 2023/08/07 1:17 a.m.•34 views

Authorization Bypass

chromium is vulnerable to Authorization Bypasses. Inappropriate implementation in Extensions API allows an attacker who convinces a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension...

4.3CVSS6.5AI score0.00621EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2023/08/06 2:39 p.m.•34 views

Privilege Escalation

gitlab is vulnerable to Privilege Escalation. This vulnerability occurs due to a flaw in the way that GitLab handles project tokens. An attacker with the "Maintainer" role on any project can exploit this vulnerability to gain the "Internal" role on the same project, which grants them elevated...

6.5CVSS6.4AI score0.0106EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2023/08/06 7:40 a.m.•34 views

NULL Pointer Dereference

libapache2-mod-auth-openidc is vulnerable NULL Pointer Dereference. This occurs when OIDCStripCookies is set and a creafted cookie is supplied resulting in a segmentation fault, causing to denial of service conditions...

7.5CVSS6.5AI score0.01327EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2023/07/27 5:3 p.m.•34 views

Improper Filename Validation

Thunderbird is vulnerable to Improper Filename Validation. the vulnerability is due to a lack of preventing text direction override unicode characters in filename attachments. This can allow an attacker to attach an executable file, without the extension displayed as such...

7.5CVSS6.7AI score0.00556EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2023/07/26 10:23 a.m.•34 views

Remote Code Execution (RCE)

org.apache.jena:jena is vulnerable to Remote Code Execution RCE. Lack of proper checking for user permissions in script functions allows an attacker to upload and execute malicious code on the system via a SPARQL query...

8.8CVSS7.8AI score0.01324EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2023/07/26 9:9 a.m.•34 views

Cross-Site Scripting (XSS)

copyparty is vulnerable to Cross-Site Scripting. The vulnerability exists due to a lack of user input validation in the ?k304= and ?setck= parameters which allows an attacker to inject and execute arbitrary JavaScript into the browser...

6.3CVSS7AI score0.06195EPSS
Exploits3References5Affected Software1
Veracode
Veracode
•added 2023/07/20 10:29 a.m.•34 views

Denial Of Service (DoS)

gpac is vulnerable to Denial of Service DoS attacks. If keys or parameters are received from an unreliable source, applications employing DHcheck, DHcheckex, or EVPPKEYparamcheck may face lengthy delays, resulting in denial of service conditions...

5.3CVSS6.7AI score0.05533EPSS
Exploits0References20Affected Software3
Veracode
Veracode
•added 2023/07/13 2:53 p.m.•34 views

Denial Of Service (DoS)

johnzon-mapper is vulnerable to Denial Of Service DoS. The vulnerability exists because it does not validate JSON user input for large numbers, which allows an attacker to inject a large number which will then be parsed by BigDecimal, resulting in Denial of Service...

5.3CVSS6.7AI score0.01098EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2023/07/10 12:8 p.m.•34 views

Type Confusion

qt5-qtwebengine is vulnerable to Type Confusion. A malicious attacker could remotely exploit heap corruption via a crafted HTML page...

8.8CVSS7AI score0.23855EPSS
Exploits1References8Affected Software2
Veracode
Veracode
•added 2023/07/09 10:29 p.m.•34 views

Heap-Based Buffer Overflow

libjpeg-turbo is vulnerable to Heap-Based Buffer Overflow. A malicious attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples, the application attempting to decompress the image could lead to buffer overflows...

6.5CVSS6.8AI score0.012EPSS
Exploits1References8Affected Software1
Veracode
Veracode
•added 2023/06/16 7:42 a.m.•34 views

Denial Of Service (DoS)

.NET is vulnerable to Denial of Service DoS attacks. The vulnerability is due to processing X.509 certificates, which allows a malicious user is to trigger an application crash by passing a crafted certificate...

7.5CVSS6.7AI score0.02627EPSS
Exploits0References3Affected Software18
Veracode
Veracode
•added 2023/06/15 2:48 a.m.•34 views

Code Injection

nifi-hikari-dbcp-service and nifi-dbcp-base is vulnerable to Code Injection. The vulnerability exists due to improper URL validation for the database services, if an attacker has access to the database URL, an attacker can inject and execute malicious code by configuring an H2 driver...

8.8CVSS7.3AI score0.63383EPSS
Exploits9References10Affected Software2
Veracode
Veracode
•added 2023/05/21 4:19 p.m.•34 views

Denial Of Services (DoS)

libssh.so is vulnerable to Denial Of Services DoS. The vulnerability exists due to a null pointer dereference during rekeying with algorithm guessing, which allows an attacker to cause an application crash when the client initiates rekeying with the firstkexpacketfollows flag in the KEXINIT messa...

6.5CVSS6.7AI score0.01314EPSS
Exploits0References12Affected Software2
Veracode
Veracode
•added 2023/05/16 6:19 a.m.•34 views

Directory Traversal

n8n is vulnerable to Directory Traversal. Improper input validation for the credentialType argument of the getCredentialTranslationPath function allows directory traversal via the /rest/credential-translation endpoint, resulting in file disclosure...

6.5CVSS6.9AI score0.02316EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2023/05/12 11:29 p.m.•34 views

Improper Input Validation

OpenJDK is vulnerable to Improper Input Validation. An attacker can update, insert or delete access to some of Oracle Java SE and Oracle GraalVM Enterprise Edition accessible data through multiple protocols...

3.7CVSS6.5AI score0.01208EPSS
Exploits0References12Affected Software9
Veracode
Veracode
•added 2023/05/01 9:49 p.m.•34 views

NULL Pointer Dereference

linux-azure is vulnerable to NULL Pointer Dereference. A missing lock when clearing 'skuserdata' can lead to the vulnerability causing a potential denial of service...

5.5CVSS6.5AI score0.00172EPSS
Exploits0References7Affected Software3
Veracode
Veracode
•added 2023/04/30 8:16 p.m.•34 views

Information Disclosure

virtualbox is vulnerable to Information Disclosure. A high priviledged attacker with logon capabilities to the infrastructure,can comprimize virtualbox leading to information disclosure...

4.6CVSS6AI score0.00309EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2023/04/30 1:12 p.m.•34 views

Use After Free

ffmpeg is vulnerable to Use After Free. vulnerability occurs in 'libavcodec/pthreadframe.c' due to stale hwaccel state in worker threads which allows an attacker to trigger use after free...

8.1CVSS7.7AI score0.01512EPSS
Exploits1References9Affected Software1
Veracode
Veracode
•added 2023/04/28 2:49 a.m.•34 views

Out-of-bounds Write

binutils is vulnerable to Out-of-bounds Write. This vulnerability results in a heap based buffer overflow within 'binutils-gdb/bfd/libbfd.c' in 'bfdgetl64'...

7.8CVSS7.7AI score0.00486EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2023/04/19 7:5 a.m.•34 views

Denial Of Services (DoS)

Google Chrome is vulnerable to Denial Of Services DoS. The vulnerability exists due to the heap buffer overflow in Browser History, which allows an attacker to convince a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS8.7AI score0.00975EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2023/04/05 9:4 p.m.•34 views

Information Disclosure

samba is vulnerable to Information Disclosure. An attacker is able to obtain confidential BitLocker recovery keys from a samba AD DC, because confidential attribute disclosure vi LDAP filters was insufficient...

6.5CVSS6AI score0.00567EPSS
Exploits0References6Affected Software3
Veracode
Veracode
•added 2023/03/24 4:26 a.m.•34 views

Information Disclosure

github.com/argoproj/argo-cd is vulnerable to Information Disclosure. The vulnerability is due to a bug that allows unauthorized users to enumerate application names by inspecting API error messages, which can then be used as a starting point for another attack...

4.3CVSS5.3AI score0.00847EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2023/03/22 1:21 p.m.•34 views

Denial Of Service (DoS)

vim is vulnerable to Denial Of Service DoS. The vulnerability exists due to the null pointer dereference in the library, which allows an attacker to cause an application crash...

5.5CVSS5.9AI score0.00453EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2023/03/22 4:52 a.m.•34 views

Denial Of Service (DoS)

sofia-sip is vulnerable to Denial of Service DoS attacks. An attacker is able to send a message with evil sdp to FreeSWITCH, which may cause an application crash with the use of a URL ending with %...

7.5CVSS8.3AI score0.01802EPSS
Exploits1References10Affected Software1
Veracode
Veracode
•added 2023/03/21 12:28 a.m.•34 views

Authentication Bypass

curl is vulnerable to Authentication Bypass. The vulnerability exists because the SSH connection is too eager to reuse still since it keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup...

5.5CVSS7.3AI score0.01162EPSS
Exploits1References10Affected Software4
Veracode
Veracode
•added 2023/03/13 12:10 a.m.•34 views

Cross-site Scripting (XSS)

WordPress is vulnerable to Cross-site Scripting XSS. An authenticated attacker can inject and execute malicious javascript in to the system...

6.1CVSS6AI score0.00958EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2023/03/12 3:0 p.m.•34 views

Denial Of Service (DoS)

vim is vulnerable to Denial Of Service DoS. The vulnerability exists due to the heap-based buffer overflow in the library, which allows an attacker to cause an application crash...

7.8CVSS4AI score0.00555EPSS
Exploits1References13Affected Software3
Total number of security vulnerabilities5000