Lucene search
K
VeracodeMost viewed

38333 matches found

Veracode
Veracode
•added 2022/08/12 7:31 p.m.•34 views

Denial Of Service (DoS)

vim/vim is vulnerable to denial of service. The vulnerability exists due to a null pointer dereference when deleting buffers in diff mode which allows an attacker to cause an application crash...

5.5CVSS6.1AI score0.01303EPSS
Exploits1References9Affected Software1
Veracode
Veracode
•added 2022/08/12 3:14 a.m.•34 views

Cross-site Scripting (XSS)

core.wcm.components.core is vulnerable to cross-site scripting. The vulnerability exists because the stream function of AdaptiveImageServlet.java does not properly encode the imageName attribute, allowing an attacker to inject and execute malicious javascript through the crafted SVG image...

5.4CVSS5.4AI score0.00578EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2022/07/22 5:15 a.m.•34 views

Denial Of Service (DoS)

file-type is vulnerable to denial of service. The vulnerability exists in the FileTypeParser function in core.js due to a lack of input sanitization in the file type detector which allows an attacker to cause an application crash by sending mkv file...

5.5CVSS5.6AI score0.00389EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2022/07/21 9:44 a.m.•34 views

Use-After-Free

chromium is vulnerable to use-after-free. The vulnerability will allow an attacker to exploit a heap corruption via a crafted HTML page by convincing an user to install a malicious extension...

8.8CVSS8.4AI score0.0073EPSS
Exploits0References8Affected Software3
Veracode
Veracode
•added 2022/07/18 7:12 a.m.•34 views

Arbitrary Code Execution

io.fabric8:kubernetes-client is vulnerable to arbitrary code execution. Misconfigured YAML parsing in unmarshalYaml function allows local authenticated attackers to execute arbitrary code on the target machine via a maliciously crafted YAML string...

6.7CVSS6.5AI score0.00309EPSS
Exploits0References6Affected Software2
Veracode
Veracode
•added 2022/07/15 1:44 a.m.•34 views

Information Disclosure

xen is vulnerable to Information Disclosure. The vulnerability exists due to an aliases in the branch predictor causing some AMD processors to predict the wrong branch type...

6.5CVSS6.5AI score0.00772EPSS
Exploits0References18Affected Software3
Veracode
Veracode
•added 2022/07/12 6:12 a.m.•34 views

Sensitive Information Disclosure

Xen is vulnerable to Sensitive Information Disclosure. Linux block table does not zero memory regions before sharing with the backend, leading to information disclosure. Additionally, the grant table only shares 4k pages, leading to unrelated data from different backends residing in the same page...

7.1CVSS7.1AI score0.00318EPSS
Exploits0References15Affected Software1
Veracode
Veracode
•added 2022/07/08 8:18 a.m.•34 views

HTTP Request Smuggling

llhttp is vulnerable to http request smuggling. The vulnerability exists in the http function in http.ts due to a lack of validation and parsing of Transfer-Encoding headers which allows an attacker to smuggle HTTP requests...

6.5CVSS7.1AI score0.35079EPSS
Exploits1References15Affected Software4
Veracode
Veracode
•added 2022/07/06 8:23 a.m.•34 views

Denial Of Service (DoS)

ujson is vulnerable to denial of service. The vulnerability exists in decodestring function in ultrajsondec.c when reallocation of buffer fails during string decoding which frees the buffer twice causing an application crash...

5.9CVSS6.5AI score0.01388EPSS
Exploits0References7Affected Software3
Veracode
Veracode
•added 2022/07/01 9:27 a.m.•34 views

Denial Of Service (DoS)

libtiff.so is vulnerable to denial of service. The vulnerability exists because of converting double to uint32t with uint32t when divided by zero which allows an attacker to cause an application crash via a crafted file...

6.5CVSS6.3AI score0.01206EPSS
Exploits1References13Affected Software4
Veracode
Veracode
•added 2022/06/26 4:55 p.m.•34 views

Remote Code Execution (RCE)

chromium is vulnerable to remote code execution. The vulnerability exists in url format which allows an attacker to inject and execute arbitrary codes...

4.3CVSS7.4AI score0.00699EPSS
Exploits0References8Affected Software2
Veracode
Veracode
•added 2022/06/24 5:6 a.m.•34 views

Denial Of Service (DoS)

aiohttp is vulnerable to denial of service. An attacker can crash the application by providing invalid IPv6 URLs to the parsemessage function of httpparser.py...

5.5CVSS1.6AI score0.00669EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2022/06/21 11:47 p.m.•34 views

Denial Of Service (DoS)

eap7 is vulnerable to denial of service. The vulnerability exists due to a flaw that was found in Undertow which allows an attacker to cause an application crash...

7.5CVSS8AI score0.01258EPSS
Exploits0References10Affected Software26
Veracode
Veracode
•added 2022/06/15 4:11 p.m.•34 views

Remote Code Execution (RCE)

grub2 is vulnerable to remote code execution. The vulnerability exists due to a heap out-of-bounds write that happen during the handling of Huffman tables in the PNG reader allowing an attacker to inject malicious code into the system via a crafted PNG image...

4.5CVSS6.4AI score0.00449EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2022/06/14 10:42 a.m.•34 views

Out-of-Bounds Read

vim is vulnerable to Out-of-bounds Read. The vulnerability exists due to a memory corruption which allows an attacker to cause an application crash...

7.8CVSS7.6AI score0.0157EPSS
Exploits1References16Affected Software1
Veracode
Veracode
•added 2022/06/12 6:45 p.m.•34 views

Privilege Escalation

xen is vulnerable to privilege escalation. The vulnerability exists due to non-coherent mappings allowing an attacker to control the whole system because the system safety logic doesn't account for CPU-induced cache...

6.7CVSS7.1AI score0.00494EPSS
Exploits3References11Affected Software1
Veracode
Veracode
•added 2022/06/12 6:35 p.m.•34 views

Incorrect Logic

x86 pv is using an incorrect logic. The vulnerability exists due to insufficient care with non-coherent mappings which allows an attacker to perform unwanted actions...

6.7CVSS7AI score0.00341EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2022/06/03 9:4 a.m.•34 views

Regular Expression Denial Of Service (ReDoS)

semver-regex is vulnerable to regular expression denial of service. The vulnerability exists in semverRegex function in index.js due to improper use of regular expressions which allows an attacker to cause a ReDos...

7.5CVSS4.3AI score0.01455EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2022/05/30 10:49 p.m.•34 views

Cross-site Scripting (XSS)

spip is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the spip.php...

6.1CVSS6.5AI score0.01462EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2022/05/30 3:13 p.m.•34 views

Use-After-Free

vim is vulnerable to use-after-free. The vulnerability exists in appendcommand which allows an attacker to cause a memory corruption which then leads to an application crash...

7.8CVSS7.6AI score0.02645EPSS
Exploits1References16Affected Software1
Veracode
Veracode
•added 2022/05/23 9:58 a.m.•34 views

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. Failure to check the input to tf.rawops.LSTMBlockCell to validate ranks of any of the API call arguments causes a CHECK-failure , triggering a denial of service attack...

5.5CVSS3.7AI score0.00317EPSS
Exploits1References7Affected Software3
Veracode
Veracode
•added 2022/05/16 4:19 p.m.•34 views

Denial Of Service (DoS)

chromium is vulnerable to denial of service. The vulnerability exists due to use after free in Performance APIs which allows an attacker to crash the application via malicious input...

8.8CVSS8.3AI score0.00723EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2022/05/16 4:16 p.m.•34 views

Use After Free

chromium is vulnerable to use after free. The vulnerability exists in ANGLE which causes a memory corruption allowing a malicious attacker to cause a denial of service...

8.8CVSS8.2AI score0.00735EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2022/04/30 4:23 p.m.•34 views

Information Disclosure

curl is vulnerable to information disclosure. The vulnerability exists due to an Auth/cookie leak on redirect to the same host but another port number...

6.5CVSS0.4AI score0.03425EPSS
Exploits1References10Affected Software4
Veracode
Veracode
•added 2022/04/28 2:1 p.m.•34 views

Denial Of Service (DoS)

chrome is vulnerable to denial of service. The vulnerability exists due to an Out of bounds memory access in UI Shelf which allows an attacker to cause an application crash...

8.8CVSS4.2AI score0.00851EPSS
Exploits1References4Affected Software2
Veracode
Veracode
•added 2022/04/27 8:6 a.m.•34 views

Path Traversal

org.owasp.esapi:esapi is vulnerable to path traversal. A remote authenticated user is able to break out of expected directory via a crafted input through getValidDirectoryPath function, because it may incorrectly treat the tested input string as a child of the specified parent directory...

9.8CVSS4.3AI score0.02674EPSS
Exploits2References6Affected Software2
Veracode
Veracode
•added 2022/04/26 9:47 p.m.•34 views

Remote Code Execution (RCE)

qemu is vulnerable to re,mote code execution. The vulnerability exists in nvmectrlreset function which is triggered by the reentrancy write triggers where a malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially,...

8.2CVSS5.5AI score0.00643EPSS
Exploits2References9Affected Software2
Veracode
Veracode
•added 2022/04/25 5:1 p.m.•34 views

Privilege Escalation

virtualbox is vulnerable to privilege escalation. The vulnerability exists due to improper access control which allows an attacker to access, insert, update and delete critical data in oracle vm...

3.8CVSS4.4AI score0.00354EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2022/04/22 8:18 a.m.•34 views

Denial Of Service (DoS)

htmlunit is vulnerable to denial of service. An attacker can cause excessive heap memory consumption by providing malicious processing instructions to the compileString function of HtmlUnitContextFactory.java, leading to an application crash...

7.5CVSS2.3AI score0.01967EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2022/04/22 5:18 a.m.•34 views

SQL Injection

blazer is vulnerable to sql injection attacks. The library does not properly sanitize user input which allows an attacker to inject malicious sql queries and modify system data...

7.5CVSS4.8AI score0.00833EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2022/04/10 3:36 a.m.•34 views

Heap Buffer Overflow

heap buffer overflow in getonesourceline in GitHub repository vim/vim prior to 8.2.4647...

7.8CVSS2.2AI score0.01267EPSS
Exploits1References13Affected Software1
Veracode
Veracode
•added 2022/03/15 12:10 p.m.•34 views

Information Exposure

moodle/moodle is vulnerable to information exposure. The vulnerability exists due to a lack of input validation in the export.php file, allowing to read sensitive informations in the system...

4.3CVSS2.3AI score0.00743EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2022/03/13 3:14 a.m.•34 views

Denial Of Service (DoS)

vim is vulnerable to denial of service. The vulnerability exists due to an Out-of-bounds Read...

5.5CVSS2.7AI score0.0144EPSS
Exploits1References11Affected Software1
Veracode
Veracode
•added 2022/03/12 1:55 p.m.•34 views

Buffer Overflow

pjproject is vulnerable to buffer overflow. The vulnerability exists due to a stack overflow in PJSUA API when calling pjsuaplayercreate...

9.8CVSS3.8AI score0.02475EPSS
Exploits0References6Affected Software3
Veracode
Veracode
•added 2022/03/07 10:8 a.m.•34 views

Cross-site Scripting (XSS)

Liferay Frontend Taglib Clay is vulnerable to cross-site scripting. The vulnerability exists in processStartTag function of ManagementToolbarTag.java because the keyword in the search function is not escaped which allows an attacker to inject and execute arbitrary javascript...

6.1CVSS2.8AI score0.01122EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2022/02/24 9:48 p.m.•34 views

Use After Free

libarchive is vulnerable to Use After Free. libarchive The vulnerability exists due to the lack of sanitization of the copystring...

6.5CVSS1.7AI score0.02845EPSS
Exploits0References13Affected Software1
Veracode
Veracode
•added 2022/02/21 6:21 a.m.•34 views

Denial Of Service (DoS)

webkit2gtk:edge is vulnerable to denial of service...

6.5CVSS2.2AI score0.01495EPSS
Exploits0References7Affected Software4
Veracode
Veracode
•added 2022/02/21 5:46 a.m.•34 views

Information Disclosure

cobbler is vulnerable to information disclosure. The vulnerability exists because the library does not properly restrict the config file accessibility, which allows an attacker who has access to the server to open an authenticated session with a cobbler daemon...

7.1CVSS3.8AI score0.00306EPSS
Exploits0References12Affected Software1
Veracode
Veracode
•added 2022/02/20 10:20 p.m.•34 views

Denial Of Service (DoS)

libexpat.so is vulnerable to denial of service. An attacker can trigger stack exhaustion in the buildmodel function of xmlparse.c via a large nesting depth in the DTD element, leading to an application crash...

6.5CVSS2.7AI score0.03268EPSS
Exploits0References15Affected Software21
Veracode
Veracode
•added 2022/02/17 5:16 a.m.•34 views

DNS Spoofing

mellium.im/xmpp is vulnerable to DNS spoofing. The vulnerability exists due to a lack of verification of the host name allowing an attacker to potentially deceive the user with a malicious DNS ID because the library does not properly verify TLS certification...

5.9CVSS3.3AI score0.00619EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2022/02/10 7:13 a.m.•34 views

Authentication Bypass

github.com/go-gitea/gitea is vulnerable to authentication bypass. The library allows the TOTP code for two-factor authentication to be submitted correctly more than once enabling remote attackers to abuse the flaw and gain unauthorized privileges...

9.8CVSS6.2AI score0.01319EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2022/02/10 5:37 a.m.•34 views

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists in TensorByteSize function of attrvalueutil.cc because of the check failure in TensorShape which leads to an application crash...

6.5CVSS4.1AI score0.00783EPSS
Exploits1References3Affected Software3
Veracode
Veracode
•added 2022/02/06 7:7 a.m.•34 views

Remote Code Execution (RCE)

webkit2gtk is vulnerable to remote code execution. The vulnerability exists due to a buffer overflow allowing an attacker to inject maliciously crafted script via web content...

8.8CVSS4.9AI score0.02641EPSS
Exploits0References13Affected Software4
Veracode
Veracode
•added 2022/01/27 3:56 a.m.•34 views

Integer Overflow

libexpat.so is vulnerable to integer overflow. The vulnerability exists in the doProlog function in the xmlparse.c file, allowing an attacker to cause an application crash...

7.5CVSS4AI score0.03992EPSS
Exploits0References11Affected Software22
Veracode
Veracode
•added 2022/01/26 2:30 p.m.•34 views

Denial Of Service (DoS)

util-linux is vulnerable to denial of service. The vulnerability exists due to a logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem...

5.5CVSS4AI score0.0063EPSS
Exploits3References10Affected Software3
Veracode
Veracode
•added 2022/01/25 4:25 a.m.•34 views

Denial Of Service (DoS)

xercesImpl is vulnerable to denial of service. The vulnerability exists because the library does not properly handle XML document payloads, allowing an attacker to crash the application by providing a specially crafted XML document through the XML parser...

6.5CVSS5.3AI score0.0444EPSS
Exploits0References6Affected Software27
Veracode
Veracode
•added 2022/01/23 5:15 p.m.•34 views

Heap-based Buffer Overflow

vim is vulnerable to heap-based buffer overflow. The vulnerability exist in the 'onefunctionarg' function in 'userfunc.c' causes a heap-based buffer overflow which could result in an application crash...

5.5CVSS3.7AI score0.01719EPSS
Exploits1References13Affected Software1
Veracode
Veracode
•added 2022/01/22 9:57 p.m.•34 views

Buffer Overflow

vim is vulnerable to Heap-based Buffer Overflow. The vulnerability exist due to a lack of sanitization of the memory control pointer...

7.8CVSS3.8AI score0.01831EPSS
Exploits1References15Affected Software1
Veracode
Veracode
•added 2022/01/22 9:0 p.m.•34 views

Use After Free

vim is vulnerable to use after free...

7.8CVSS1.5AI score0.01621EPSS
Exploits1References15Affected Software1
Veracode
Veracode
•added 2022/01/20 6:21 a.m.•34 views

Integer Underflow

bionic is vulnerable to integer underflows. The library does not properly check memory size causing an integer underflow that allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS3.3AI score0.01372EPSS
Exploits0References7Affected Software2
Total number of security vulnerabilities5000