Lucene search
K
VeracodeMost viewed

38341 matches found

Veracode
Veracode
•added 2022/01/05 6:23 p.m.•34 views

Remote Code Execution (RCE)

RabbitMQ is vulnerable to Regular Expression Denial Of Service ReDoS. A new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper...

5.4CVSS5.4AI score0.01437EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2021/12/27 12:41 a.m.•34 views

Denial Of Service (DoS)

Undertow AJP connector is vulnerable to denial of service. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability...

7.5CVSS3.8AI score0.01269EPSS
Exploits0References6Affected Software19
Veracode
Veracode
•added 2021/12/08 4:56 a.m.•34 views

Arbitrary Code Execution

freeipa is vulnerable to Arbitrary Code Execution. An unauthenticated attacker could execute arbitrary code by trigger parsing the krb principal key via the berscanf function...

8.8CVSS7.3AI score0.06329EPSS
Exploits0References12Affected Software1
Veracode
Veracode
•added 2021/11/13 12:40 a.m.•34 views

Arbitrary Code Execution

ibjpeg-turbo is vulnerable to arbitrary code execution. A remote attacker could exploit this vulnerability by send a malformed jpeg file to the service and cause arbitrary code execution or denial of service...

8.8CVSS5.3AI score0.02728EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2021/11/05 1:37 a.m.•34 views

Denial Of Service (DoS)

rust:edge is vulnerable to denial of service. The vulnerability exists as it permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters causing an...

8.3CVSS3.6AI score0.12205EPSS
Exploits4References22Affected Software13
Veracode
Veracode
•added 2021/10/05 1:32 p.m.•34 views

Remote Code Execution (RCE)

Redis is vulnerable to remote code execution. The vulnerability exists due to an integer overflow bug which can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution...

7.5CVSS3.9AI score0.03839EPSS
Exploits0References17Affected Software2
Veracode
Veracode
•added 2021/10/03 1:51 p.m.•34 views

Denial Of Service (DoS)

mediawiki is vulnerable to denial of service. The system may crash when processing ApiQueryBacklinks with a full db table scan...

7.5CVSS2.4AI score0.01646EPSS
Exploits0References11Affected Software1
Veracode
Veracode
•added 2021/08/24 8:17 a.m.•34 views

Remote Code Execution (RCE)

xstream is vulnerable to remote code execution. An attacker can manipulate the processed input stream and replace or inject objects, that result in execution of arbitrary code loaded from a remote server...

8.5CVSS3.7AI score0.04752EPSS
Exploits1References15Affected Software4
Veracode
Veracode
•added 2021/08/24 6:48 a.m.•34 views

Remote Code Execution (RCE)

xstream is vulnerable to remote code execution. The vulnerability exists due to the usage of an insecure default blacklist which does not cover all the excluded XStream security framework...

8.5CVSS2.8AI score0.04474EPSS
Exploits1References15Affected Software4
Veracode
Veracode
•added 2021/08/06 8:24 a.m.•34 views

Insecure Cryptographic Function

libapache2-mod-auth-openidc has insecure cryptographic functions. The vulnerability existis due to reusing the same key...

5.9CVSS2.6AI score0.01503EPSS
Exploits0References10Affected Software2
Veracode
Veracode
•added 2021/07/30 3:29 a.m.•34 views

Request Smuggling

tomcat-coyote is vulnerable request smuggling. Incorrect way of parsing of the HTTP transfer-encoding request header causes request smuggling when it is used with a reverse proxy and if the client declared it would only accept an HTTP/1.0 response...

5.3CVSS0.4AI score0.75353EPSS
Exploits1References22Affected Software7
Veracode
Veracode
•added 2021/06/07 1:13 p.m.•34 views

Denial Of Service (DoS)

ffmpeg is vulnerable to denial of service. The vulnerability exists due to a heap-based buffer overflow in libavfilter/vfyadif.c...

6.5CVSS4AI score0.01667EPSS
Exploits1References4Affected Software3
Veracode
Veracode
•added 2021/06/06 10:35 a.m.•34 views

Denial Of Service (DoS)

linux is vulnerable to denial of service. In intelpmudrainpebsnhm in arch/x86/events/intel/ds.c in the Linux kernel on some Haswell CPUs, userspace applications such as perf-fuzzer can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6...

5.5CVSS3.6AI score0.00385EPSS
Exploits0References11Affected Software5
Veracode
Veracode
•added 2021/06/02 8:31 a.m.•34 views

Information Disclosure

Elastic APM .NET Agent is vulnerable to information disclosure. Confidential HTTP header information is disclosed when logging the details during an application error...

4.3CVSS0.00611EPSS
Exploits0References3Affected Software3
Veracode
Veracode
•added 2021/05/24 9:1 a.m.•34 views

Man-in-the-middle (MITM)

Unbound before 1.9.5 allows configuration injection in createunboundadservers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session...

5.9CVSS1.4AI score0.01339EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2021/05/15 12:9 a.m.•34 views

Denial Of Service (DoS)

squid is vulnerable to denial of service. An attacker can cause a fatal error via the HTTP response of a squid cache, resulting in a denial of service condition...

6.5CVSS1.1AI score0.71867EPSS
Exploits0References15Affected Software6
Veracode
Veracode
•added 2021/05/06 12:13 p.m.•34 views

Arbitrary Code Execution

exim4 is vulnerable to arbitrary code execution. A heap out-of-bounds write in parsefixphrase allows an attacker to execute arbitrary code on the host OS...

7.8CVSS3.8AI score0.00399EPSS
Exploits1References3Affected Software4
Veracode
Veracode
•added 2021/04/29 12:14 p.m.•34 views

Integer Overflow

openldap:edge is vulnerable to integer overflow. An integer underflow can causes a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service...

7.5CVSS3.8AI score0.83381EPSS
Exploits0References18Affected Software1
Veracode
Veracode
•added 2021/03/15 4:19 a.m.•34 views

Cross-Site Scripting (XSS)

keycloak-theme is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via the referrer URL in the new account console...

7.5CVSS3.9AI score0.0119EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2021/03/09 2:27 p.m.•34 views

Information Disclosure

chromium is vulnerable to information disclosure. The vulnerability exists through the lack of data validation in the Reader Mode that allows cross-origin data to be leaked...

6.5CVSS2.1AI score0.0094EPSS
Exploits0References11Affected Software1
Veracode
Veracode
•added 2021/02/05 3:21 a.m.•34 views

Denial Of Service (DoS)

glibc is vulnerable to denial of service DoS. The vulnerability exists through sysdeps/i386/ldbl2mpn.c where a stack-based buffer overflow occurs on the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a...

7.5CVSS4.7AI score0.02765EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2021/01/22 9:32 p.m.•34 views

Denial Of Service (DoS)

chromium is vulnerable to denial of service DoS. The vulnerability exists through a use after free flaw...

8.8CVSS2.3AI score0.06879EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2021/01/20 4:41 p.m.•34 views

Arbitrary Code Execution

dnsmasq is vulnerable to arbitrary code execution. A heap-based buffer overflow in rfc1035.c:extractname due to the lack of length checks, which could be abused occurs when DNSSEC is enabled and before the receiving DNS entries are validated. A remote attacker who can create valid DNS replies is...

5.9CVSS6.3AI score0.86692EPSS
Exploits0References10Affected Software6
Veracode
Veracode
•added 2021/01/20 4:41 p.m.•34 views

Information Disclosure

dnsmasq is vulnerable to information disclosure. The vulnerability exists because when getting a reply from a forwarded query, dnsmasq checks in the forward.c:replyquery if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to...

3.7CVSS1.5AI score0.04041EPSS
Exploits2References11Affected Software6
Veracode
Veracode
•added 2021/01/14 4:52 a.m.•34 views

Insecure Permissions

ceph-ansible is vulnerable to insecure permission. The vulnerability allows any user to read sensitive information within...

5.5CVSS2AI score0.00211EPSS
Exploits0References3Affected Software7
Veracode
Veracode
•added 2021/01/14 4:52 a.m.•34 views

Denial Of Service (DoS)

dotnet is vulnerable to denial of service DoS. The vulnerability exists through ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2...

7.5CVSS2.8AI score0.04908EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2021/01/08 5:55 a.m.•34 views

Arbitrary Code Execution

jackson-databind is vulnerable to remote code execution RCE. The vulnerability exists through the lack of sanitization of the "org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource class through deserialization...

8.1CVSS4.9AI score0.05195EPSS
Exploits1References10Affected Software3
Veracode
Veracode
•added 2021/01/08 5:18 a.m.•34 views

Arbitrary File Overwrite

github.com/thecodingmachine/gotenberg is vulnerable to directory traversal. An attacker is able to exploit the vulnerability to overwrite arbitrary files in the system and cause a denial of service condition or potentially result in arbitrary code execution...

9.8CVSS7.4AI score0.02746EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2021/01/01 6:46 a.m.•34 views

XML External Entity (XXE)

plonesupermodel is vulnerable to XML external entity XXE attacks. The vulnerability exists due to an unapplied permission which would allow an attacker with Manager role to perform XXE attacks and submit requests on behalf of the server and access restricted internal or local resources...

8.8CVSS2.9AI score0.01066EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2020/12/24 9:46 p.m.•34 views

Integer Overflow

open-iscsi:sid is vulnerable to integer overflow. The vulnerability exist in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uipprocess in net/ipv4/uip.c...

7.5CVSS5.1AI score0.03912EPSS
Exploits0References3Affected Software3
Veracode
Veracode
•added 2020/12/23 4:51 p.m.•34 views

Arbitrary Code Execution

openjpeg is vulnerable to arbitrary code execution. A heap-based buffer-overflow write allows an attacker to execute arbitrary code on the host OS...

7.8CVSS4AI score0.01107EPSS
Exploits0References12Affected Software2
Veracode
Veracode
•added 2020/12/15 4:25 p.m.•34 views

Information Disclosure

openSSH is vulnerable to information disclosure. An attacker is able to conduct a man-in-the-middle attack to initial connections attempts due to a observable discrepancy in the algorithm negotiation...

5.9CVSS2.4AI score0.02057EPSS
Exploits2References9Affected Software1
Veracode
Veracode
•added 2020/12/15 3:24 a.m.•34 views

Incorrect Preservation Of Namespace Prefixes

encoding/xml in github.com/golang/go is performing incorrect preservation of namespace prefixes. An attacker is able to provide malicious inputs to cause conflicts in the way of preserving the namespace prefixes on XML elements during tokenization round-trips...

9.8CVSS2.8AI score0.01942EPSS
Exploits0References3Affected Software2
Veracode
Veracode
•added 2020/12/10 4:17 p.m.•34 views

Denial Of Service (DoS)

openldap is vulnerable to denial of service. A NULL pointer dereference during a request for renaming RDNs allows an unauthenticated remote attacker to crash the slapd process by sending a malicious request...

7.5CVSS3.8AI score0.02183EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2020/12/10 7:58 a.m.•34 views

Denial Of Service (DoS)

qemu is vulnerable to denial of service. An attacker is able to transmit a malicious RX descriptor to e1000ewritepackettoguest which induced an infinite loop, causing the qemu to crash resulting in denial of service...

2.7AI score
Exploits0
Veracode
Veracode
•added 2020/12/10 7:36 a.m.•34 views

Denial Of Service (DoS)

QEMU is vulnerable to denial of service. This vulnerability exist because of a flaw in the memory management API during the initialization of a memory region cache...

6CVSS3.3AI score0.0036EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2020/12/06 4:40 a.m.•34 views

Denial Of Service (DoS)

ghostscript is vulnerable to denial of service. An attacker is able to crash the application via a malicious PDF file that results in a long running computation...

5.5CVSS3AI score0.01888EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2020/12/06 4:1 a.m.•34 views

Denial Of Service (DoS)

imagemagick is vulnerable to denial of service DoS. The vulnerability exists in GammaImage of /MagickCore/enhance.c, depending on the gamma value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick...

5.5CVSS3.3AI score0.01365EPSS
Exploits0References4Affected Software4
Veracode
Veracode
•added 2020/12/06 3:25 a.m.•34 views

Denial Of Service (DoS)

ghostscript is vulnerable to denial of service DoS. The vulnerability exists due to the heap-buffer-overflow in the lprnisblack function in contrib/lips4/gdevlprn.c, allowing an attacker to crash the application via a crafted PDF file...

5.5CVSS3AI score0.0187EPSS
Exploits1References8Affected Software1
Veracode
Veracode
•added 2020/12/06 2:41 a.m.•34 views

Denial Of Service (DoS)

qemu is vulnerable to denial of service. The vulnerability exists through heap buffer overflow in sdhcisdmatransfermultiblocks in hw/sd/sdhci.c which allows an attacker to cause an application crash...

6.3CVSS6AI score0.00424EPSS
Exploits0References6Affected Software7
Veracode
Veracode
•added 2020/12/06 2:27 a.m.•34 views

Privilege Escalation

linux kernel is vulnerable to privilege escalation. A Use-after-free vulnerability in fs/blockdev.callows local users to gain additional privileges or cause a denial of service by leveraging improper access to a certain error field...

6.7CVSS5.5AI score0.00928EPSS
Exploits1References3Affected Software5
Veracode
Veracode
•added 2020/12/02 9:50 a.m.•34 views

Buffer Over-read

oniguruma is vulnerable to Heap-based buffer over-read. It is possible because of a flaw in the function gb18030mbcenclen in file gb18030.c...

7.5CVSS3.1AI score0.04052EPSS
Exploits1References11Affected Software1
Veracode
Veracode
•added 2020/11/20 12:1 p.m.•34 views

Remote Code Execution

ArchiveTar is vulnerable to remote code execution. An attacker is able to inject malicious code through file extension.PHARwithin a tar archive...

7.8CVSS3.7AI score0.47493EPSS
Exploits2References18Affected Software6
Veracode
Veracode
•added 2020/11/20 9:43 a.m.•34 views

Content Security Bypass

firefox is vulnerable to content security policy bypass. The application does not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy...

6.1CVSS1.7AI score0.01312EPSS
Exploits0References6Affected Software8
Veracode
Veracode
•added 2020/11/05 3:18 a.m.•34 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. It happens due to Red Hat only CVE-2020-12352 regression, allowing a remote attacker in an adjacent range to crash the system...

6.5CVSS4.1AI score0.05714EPSS
Exploits4References8Affected Software2
Veracode
Veracode
•added 2020/11/03 8:28 a.m.•34 views

Arbitrary File Deletion

wordpress is vulnerable to Arbitrary File Deletion. Insecure validation of the meta key protection in isprotectedmeta in wp-includes/meta.php allows an attacker to delete arbitrary files on the host...

9.1CVSS9.2AI score0.04059EPSS
Exploits0References12Affected Software3
Veracode
Veracode
•added 2020/11/03 8:14 a.m.•34 views

Arbitrary Code Execution

wordpress is vulnerable to Arbitrary Code Execution. Lack of secure validation of deserialization requests allows an attacker to submit an untrusted object to wp-includes/Requests/Utility/FilteredIterator.php which would result in unsafe deserialization, leading to arbitrary code execution...

9.8CVSS9.5AI score0.16119EPSS
Exploits1References12Affected Software3
Veracode
Veracode
•added 2020/11/03 7:36 a.m.•34 views

Cross-site Scripting (XSS)

wordpress is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the addLoadEvent function in admin-header.php where an attacker is able to inject malicious script via global variables and get it executed when a user visits the page...

6.1CVSS7.2AI score0.017EPSS
Exploits0References10Affected Software3
Veracode
Veracode
•added 2020/10/25 12:39 p.m.•34 views

Denial Of Service (DoS)

linux-oem-osp1 is vulnerable to denial of service DoS. The vulnerability exists through a heap based buffer overflow in the bluetooth implementation...

6.5CVSS2.6AI score0.02223EPSS
Exploits0References2Affected Software3
Veracode
Veracode
•added 2020/10/23 8:58 a.m.•34 views

Information Disclosure

OpenJDK is vulnerable to information disclosure. The vulnerability exists through a race condition in NIO Buffer boundary checks...

5.3CVSS1.4AI score0.03122EPSS
Exploits0References9Affected Software5
Total number of security vulnerabilities5000