Lucene search
K
VeracodeMost viewed

38333 matches found

Veracode
Veracode
•added 2023/03/22 1:21 p.m.•34 views

Denial Of Service (DoS)

vim is vulnerable to Denial Of Service DoS. The vulnerability exists due to the null pointer dereference in the library, which allows an attacker to cause an application crash...

5.5CVSS5.9AI score0.00453EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2023/03/22 4:52 a.m.•34 views

Denial Of Service (DoS)

sofia-sip is vulnerable to Denial of Service DoS attacks. An attacker is able to send a message with evil sdp to FreeSWITCH, which may cause an application crash with the use of a URL ending with %...

7.5CVSS8.3AI score0.01802EPSS
Exploits1References10Affected Software1
Veracode
Veracode
•added 2023/03/21 12:28 a.m.•34 views

Authentication Bypass

curl is vulnerable to Authentication Bypass. The vulnerability exists because the SSH connection is too eager to reuse still since it keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup...

5.5CVSS7.3AI score0.01162EPSS
Exploits1References10Affected Software4
Veracode
Veracode
•added 2023/03/12 3:0 p.m.•34 views

Denial Of Service (DoS)

vim is vulnerable to Denial Of Service DoS. The vulnerability exists due to the heap-based buffer overflow in the library, which allows an attacker to cause an application crash...

7.8CVSS4AI score0.00555EPSS
Exploits1References13Affected Software3
Veracode
Veracode
•added 2023/03/12 9:55 a.m.•34 views

Denial Of Service (DoS)

Google Chrome is vulnerable to Denial Of Service DoS. The vulnerability exists due to the use after free in the Web Payments API, which allows an attacker to compromise the renderer process to potentially exploit heap corruption via a crafted HTML page, leading to an application crash...

8.8CVSS8.7AI score0.00579EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2023/03/12 9:55 a.m.•34 views

Denial Of Service (DoS)

Google Chrome is vulnerable to Denial Of Service DoS. The vulnerability exists due to the use after free in the SwiftShader, which allows an attacker to potentially exploit heap corruption via a crafted HTML page, leading to an application crash...

8.8CVSS8.7AI score0.006EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2023/03/10 8:22 p.m.•35 views

Denial Of Service (DoS)

Linux kernel is vulnerable to Denial Of Service DoS. The vulnerability exists due to the use after free in the SGI GRU driver because of the way the first grufileunlockedioctl function is called by the user, where a failed pass occurs in the grucheckchipletassignment function, allowing an attacke...

7.8CVSS7.6AI score0.00238EPSS
Exploits0References9Affected Software2
Veracode
Veracode
•added 2023/03/06 8:47 p.m.•34 views

Use-After-Free

Linux Kernel is vulnerable to Use-After-Free. A bug available in 'icskulpdata' of 'inetconnectionsock'. If 'CONFIGTLS' is enabled, an attacker could install a tls context leading to privilege escalation...

7.8CVSS7.5AI score0.00652EPSS
Exploits0References6Affected Software4
Veracode
Veracode
•added 2023/03/06 7:24 p.m.•34 views

Denial Of Service (DoS)

Linux Kernel is vulnerable to Denial Of Service DoS. The vulnerability exists because an attacker can cause race condition on followpagepte function of gup.c, leading to an application crash...

7.5CVSS7.4AI score0.00748EPSS
Exploits0References5Affected Software3
Veracode
Veracode
•added 2023/02/25 8:46 p.m.•34 views

Privilege Escalation

firefox is vulnerable to Privilege Escalation. An attacker is able to change their resource allocations, promote containers to privileged mode, or potentially add ssh authorized keys to a remote shell on the target machine by creating new files on the host system. In order for an attacker to...

6.5CVSS7.9AI score0.00672EPSS
Exploits0References5Affected Software5
Veracode
Veracode
•added 2023/02/23 3:21 a.m.•34 views

LDAP Injection

ldap-backend is vulnerable to LDAP Injection. The vulnerability exists because the doGetIdentity function in LdapIdentityBackend.java does not properly filter the object class, allowing an attacker to inject and execute malicious LDAP query's through the principalName parameter...

9.8CVSS9AI score0.01491EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2023/02/23 2:49 a.m.•34 views

Arbitrary Code Execution

MongoDB.Bson is vulnerable to Arbitrary Code Execution. The vulnerability exists because the library does not properly filter AllowedTypes when deserializing an object, allowing a privileged attacker to inject and execute malicious code through the ObjectSerializer in specific situtations. The...

7.2CVSS6.9AI score0.01049EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2023/01/27 4:17 a.m.•34 views

Heap-Based Buffer Overflow

libtiff.so is vulnerable to Heap-Based Buffer Overflow. An attacker is able to trigger buffer overflows by parsing a specially crafted TIFF image in the processCropSelections function of tools/tiffcrop.c...

5.5CVSS5.9AI score0.00461EPSS
Exploits1References6Affected Software4
Veracode
Veracode
•added 2023/01/19 12:17 p.m.•34 views

Denial Of Service (DoS)

net-snmp is vulnerable to Denial Of ServiceDoS. The vulnerability exists in handleipDefaultTTL in agent/mibgroup/ip-mib/ipscalars.c via a NULL Pointer Exception bug that which could be used by a remote attacker to cause the instance to crash via a crafted UDP packet...

6.5CVSS6.2AI score0.52054EPSS
Exploits1References9Affected Software1
Veracode
Veracode
•added 2023/01/08 12:52 p.m.•34 views

Remote Code Execution (RCE)

dubbo-cluster is vulnerable to remote code execution. The vulnerability exists in the doInvoke function of BroadcastClusterInvoker.java as it does not properly handle FastJson when invoking the invoke handler and later processes in PojoUtils.realize, allowing an attacker to instantiate arbitrary...

9.8CVSS9.4AI score0.02909EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2023/01/05 2:53 p.m.•34 views

Security Restrictions Bypass

sqlite is vulnerable to security restrictions bypass. When relying on --safe for execution of an untrusted CLI script, it does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE...

7.3CVSS7.3AI score0.00425EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2022/12/31 12:46 a.m.•34 views

Arbitrary Code Execution

webkitgtk is vulnerable to Arbitrary Code Execution. Processing maliciously crafted web content may lead to arbitrary code execution due to improper input validation, which allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, o...

8.8CVSS9.4AI score0.00837EPSS
Exploits0References10Affected Software3
Veracode
Veracode
•added 2022/12/27 5:54 a.m.•34 views

Reverse Tabnabbing

texthelpers is vulnerable to reverse tabnabbing. The vulnerability exists in multiple functions in translation.rb due to lack of proper regular expression which allows an attacker to use web links to untrusted targets with window.opener access...

6.3CVSS6.2AI score0.00573EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2022/12/14 5:18 a.m.•34 views

Denial Of Service (DoS)

loofah is vulnerable to denial of service. The vulnerability exists due to uncontrolled recursion used in the CDATA sections of the library, which allows an attacker to cause an application crash through malicious input...

7.5CVSS7.2AI score0.01104EPSS
Exploits0References4Affected Software3
Veracode
Veracode
•added 2022/12/08 2:17 p.m.•34 views

Privilege Escalation

DSInternals is vulnerable to privilege escalation. The vulnerability exists in the save function of RoamedCredential.cs because invalid characters are not properly parsed in windows roaming credential service which allows an attacker to write files on the file system with elevate privileges...

7.3CVSS8.2AI score0.0147EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2022/11/25 6:39 p.m.•34 views

Denial Of Service (DoS)

xen is vulnerable to denial of service. The vulnerability exists because a missing cleanup call was inserted on an error handling path which allows an attacker to cause an application crash...

5.6CVSS6.5AI score0.00247EPSS
Exploits0References13Affected Software5
Veracode
Veracode
•added 2022/11/25 6:33 p.m.•34 views

Denial Of Service (DoS)

xen is vulnerable to denial of service DoS attacks. P2M pool freeing may take excessively long te P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks resulting i...

6.5CVSS7.1AI score0.00265EPSS
Exploits0References13Affected Software1
Veracode
Veracode
•added 2022/11/24 7:41 a.m.•34 views

Cross-site Scripting (XSS)

moodle/moodle is vulnerable to cross-site scripting. The vulnerability exists due to a lack of validation in the user-supplied data policy tool in the validateUrlSyntax parameter of moodlelib.php which allows a remote attacker to inject and execute malicious JavaScript into the system...

6.1CVSS7.3AI score0.00671EPSS
Exploits0References13Affected Software1
Veracode
Veracode
•added 2022/11/23 9:48 a.m.•34 views

Denial Of Service (DoS)

xen is vulnerable to denial of service. The vulnerability exists due to excessive memory allocation which allows an attacker to cause an application crash due to overflows...

6.5CVSS7.1AI score0.00245EPSS
Exploits0References11Affected Software1
Veracode
Veracode
•added 2022/11/19 12:46 a.m.•34 views

Denial Of Service (DoS)

protobuf is vulnerable to denial of service. The vulnerability exists because of the unchecked call in the proto file's name during the generation of the resulting error message, allowing an attacker to cause an application crash by passing the incorrect symbol...

6.5CVSS5.7AI score0.0266EPSS
Exploits0References22Affected Software1
Veracode
Veracode
•added 2022/11/16 10:28 p.m.•34 views

Use After Free

chromium is vulnerable to use-after-free. The vulnerability exists in Skia in Google Chrome which allows a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS8.4AI score0.00614EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2022/11/14 6:29 a.m.•34 views

Integer Overflow

libtiff.so is vulnerable to integer overflow. The vulnerability is due to memory corruption in tifgetimage.c, which allows the remote attacker to crash the application...

8.8CVSS8.5AI score0.01237EPSS
Exploits1References9Affected Software4
Veracode
Veracode
•added 2022/11/10 2:23 a.m.•34 views

Privilege Escalation

github.com/grafana/grafana, is vulnerable to privilege escalation. The vulnerability exists due to the race condition in the authentication middlewares logic, allowing an attacker to query an administration endpoint under a heavy load...

9.8CVSS7.8AI score0.00922EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2022/11/10 12:33 a.m.•34 views

Denial Of Service (DoS)

rh-mysql80-mysql is vulnerable to denial of service. An attacker can crash the application by providing a maliciously crafted input through the multiple protocols...

6.5CVSS6.4AI score0.01169EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2022/11/10 12:29 a.m.•34 views

Denial Of Service (DoS)

rh-mysql80-mysql is vulnerable to denial of service. The vulnerability exists in the InnoDB component, allowing an attacker to cause an application crash through the multiple protocols...

4.9CVSS5.9AI score0.01414EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2022/11/08 2:30 a.m.•34 views

Path Traversal

apache ivy is vulnerable to path traversal. The vulnerability exists due to lack of file path pattern checks in the getCachedDataFile function of DefaultRepositoryCacheManager.java, allowing an attacker to overwrite files outside of the local cache by using ../ in artifact coordinates...

7.5CVSS8AI score0.01596EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2022/11/07 7:31 p.m.•34 views

Information Disclosure

samba is vulnerable to information disclosure. The vulnerability exists because the symlinks in user space with the intent doesn't properly check symlink targets to stay within the share that was configured by the administrator which allows an attacker to get access to all of the server's file...

6.5CVSS6.3AI score0.02431EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2022/11/03 4:42 a.m.•34 views

Cross-Site Scripting (XSS)

apacheairflow is vulnerable to cross-site scripting. The vulnerability is due to the origin query argument in the getsafeurl function of views.py which allows an attacker to inject and execute arbitrary scripts...

6.1CVSS6.2AI score0.01435EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2022/10/23 9:26 p.m.•34 views

Denial Of Service (DoS)

libtiff.so is vulnerable to denial of service DoS attacks. The vulnerability is due to.the TIFFmemcpy function in libtiff/tifunix.c allowing a remote attacker to cause an out-of-bounds write via a crafted tiff file, resulting in denial of service conditions...

6.5CVSS6.5AI score0.00949EPSS
Exploits1References6Affected Software4
Veracode
Veracode
•added 2022/10/21 3:21 p.m.•34 views

Prototype Pollution

uglify-js is vulnerable to prototype pollution. The vulnerability exists in DEFNODE function of ast.js via the name variable which allows an attacker to inject malicious property resulting in prototype pollution...

9.8CVSS8.8AI score0.01347EPSS
Exploits1References5Affected Software2
Veracode
Veracode
•added 2022/10/17 12:26 p.m.•34 views

Cross-Site Scripting (XSS)

github.com/go-gitea/gitea is vulnerable to cross-site scripting. The vulnerability is due to arguments in command.go given to git commands not being properly handled which allows an attacker to inject and execute arbitrary scripts...

9.8CVSS9AI score0.01051EPSS
Exploits0References7Affected Software2
Veracode
Veracode
•added 2022/10/17 5:28 a.m.•34 views

Information Disclosure

grafana is vulnerable to information disclosure. The vulnerability exists in multiple functions due to forwarding login cookies in outgoing requests resulting in an attacker gaining access to cookies required to perform unauthorized actions...

7.5CVSS7.2AI score0.01228EPSS
Exploits0References10Affected Software2
Veracode
Veracode
•added 2022/10/14 11:52 a.m.•34 views

HTTP Request Smuggling

Go is vulnerable to HTTP request smuggling. The vulnerability is due to a lack of sanitizations in the query parameter for ReverseProxy. Remote attackers can cause query parameter smuggling when a go proxy forwards a parameter with an unparseable value...

7.5CVSS7.6AI score0.01094EPSS
Exploits1References15Affected Software17
Veracode
Veracode
•added 2022/10/11 2:15 a.m.•34 views

Remote Code Execution

HyperSQL Database is vulnerable to remote code execution. The vulnerability exists in the supportsJavaMethod function of HsqlDatabaseProperties.java due to the untrusted input process allowing an attacker to execute remote codes in the system...

9.8CVSS9.4AI score0.03519EPSS
Exploits1References7Affected Software23
Veracode
Veracode
•added 2022/10/10 9:11 p.m.•34 views

Authorization Bypass

modsecurity-crs:sid is vulnerable to authorization bypass. The vulnerability exists due to encoded payload bypass detection, allowing an attacker to cause a specially malicious HTTP Content-Type header field...

9.8CVSS8.7AI score0.01115EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2022/10/10 8:18 p.m.•34 views

Improper Access Control

chromium is vulnerable to improper access control. The vulnerability is because of an incorrect security ui due to a flaw found in the Full Screen of the Chromium browser which allows an attacker to perform unauthorized actions...

6.5CVSS7.2AI score0.00547EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2022/10/10 8:17 p.m.•34 views

Arbitrary Code Execution

chromium is vulnerable to arbitrary code execution. The vulnerability exists due to use after free in logging which allows an attacker to inject and execute malicious codes in to the system...

6.5CVSS8.2AI score0.00448EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2022/09/26 5:59 p.m.•34 views

Denial Of Service (DOS)

Bind9 is vulnerable to denial of service. The vulnerability is due to malformed EdDSA signatures, which result in memory leaks. An attacker can continuously spoof the target resolver, leading to denial of service...

7.5CVSS7.4AI score0.0208EPSS
Exploits0References14Affected Software1
Veracode
Veracode
•added 2022/09/23 9:23 a.m.•34 views

Information Disclosure

spring-data-rest-webmvc is vulnerable to information disclosure. The vulnerability exists due to the improper implementation of the JSON patch in the library, allowing an attacker to get information about the hidden entity attributes through maliciously crafted HTTP requests...

3.7CVSS4.8AI score0.00455EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2022/09/19 5:3 a.m.•34 views

Denial Of Service (DoS)

xstream is vulnerable to Denial Of Service DoS. The vulnerability exists due to the stack overflow in the processConverterAnnotations function of AnnotationMapper.java, allowing an attacker to cause an application crash by providing malicious input through the parser...

7.5CVSS7.6AI score0.01022EPSS
Exploits1References6Affected Software2
Veracode
Veracode
•added 2022/09/09 2:16 a.m.•34 views

Denial Of Service (DoS)

sdk-server is vulnerable to denial of service. The vulnerability exists because the maximum number of monitored items per session does not properly configure in the getMaxMonitoredItems function of OpcUaServerConfigLimits.java, allowing an attacker to cause an application crash by sending multipl...

7.5CVSS7.3AI score0.00981EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2022/09/08 7:24 a.m.•34 views

Denial Of Service (DoS)

github.com/helm/helm is vulnerable to denial of service DoS attacks. A remote authenticated attacker is able to cause an out of memory panic by supplying malicious string inputs to functions in the strvals package, resulting in denial of service conditions...

6.5CVSS6.5AI score0.00843EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2022/09/05 9:42 p.m.•34 views

Use-After-Free

podman is vulnerable to use-after-free. An attacker could possibly crash or cause potential code execution in the system, under certain conditions, during the GPG signature verification...

7.5CVSS7.6AI score0.00715EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2022/09/01 12:25 p.m.•34 views

Denial Of Service (DoS)

vim is vulnerable to remote code execution. The vulnerability exists due to a use after free allowing an attacker to crash the system via memory corruption...

7.8CVSS8.2AI score0.00727EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2022/08/26 7:30 a.m.•34 views

Denial Of Service (DoS)

ImageMagick is vulnerable to Denial Of Service DoS. The vulnerability exists due to an integer overflow via the ExportIndexQuantum function, which then calls to the GetPixelIndex function, resulting in values outside the representable range being assigned for the unsigned char variables, leading ...

5.5CVSS6.3AI score0.00365EPSS
Exploits0References4Affected Software2
Total number of security vulnerabilities5000