Lucene search
K
VeracodeMost viewed

38341 matches found

Veracode
Veracode
•added 2021/05/06 12:13 p.m.•34 views

Arbitrary Code Execution

exim4 is vulnerable to arbitrary code execution. A heap out-of-bounds write in parsefixphrase allows an attacker to execute arbitrary code on the host OS...

7.8CVSS3.8AI score0.00399EPSS
Exploits1References3Affected Software4
Veracode
Veracode
•added 2021/04/29 12:14 p.m.•34 views

Integer Overflow

openldap:edge is vulnerable to integer overflow. An integer underflow can causes a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service...

7.5CVSS3.8AI score0.83381EPSS
Exploits0References18Affected Software1
Veracode
Veracode
•added 2021/03/15 4:19 a.m.•34 views

Cross-Site Scripting (XSS)

keycloak-theme is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via the referrer URL in the new account console...

7.5CVSS3.9AI score0.0119EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2021/03/09 2:27 p.m.•34 views

Information Disclosure

chromium is vulnerable to information disclosure. The vulnerability exists through the lack of data validation in the Reader Mode that allows cross-origin data to be leaked...

6.5CVSS2.1AI score0.0094EPSS
Exploits0References11Affected Software1
Veracode
Veracode
•added 2021/02/05 3:21 a.m.•34 views

Denial Of Service (DoS)

glibc is vulnerable to denial of service DoS. The vulnerability exists through sysdeps/i386/ldbl2mpn.c where a stack-based buffer overflow occurs on the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a...

7.5CVSS4.7AI score0.02765EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2021/01/22 9:32 p.m.•34 views

Denial Of Service (DoS)

chromium is vulnerable to denial of service DoS. The vulnerability exists through a use after free flaw...

8.8CVSS2.3AI score0.06879EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2021/01/20 4:41 p.m.•34 views

Arbitrary Code Execution

dnsmasq is vulnerable to arbitrary code execution. A heap-based buffer overflow in rfc1035.c:extractname due to the lack of length checks, which could be abused occurs when DNSSEC is enabled and before the receiving DNS entries are validated. A remote attacker who can create valid DNS replies is...

5.9CVSS6.3AI score0.86692EPSS
Exploits0References10Affected Software6
Veracode
Veracode
•added 2021/01/20 4:41 p.m.•34 views

Information Disclosure

dnsmasq is vulnerable to information disclosure. The vulnerability exists because when getting a reply from a forwarded query, dnsmasq checks in the forward.c:replyquery if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to...

3.7CVSS1.5AI score0.04041EPSS
Exploits2References11Affected Software6
Veracode
Veracode
•added 2021/01/14 4:52 a.m.•34 views

Insecure Permissions

ceph-ansible is vulnerable to insecure permission. The vulnerability allows any user to read sensitive information within...

5.5CVSS2AI score0.00211EPSS
Exploits0References3Affected Software7
Veracode
Veracode
•added 2021/01/14 4:52 a.m.•34 views

Denial Of Service (DoS)

dotnet is vulnerable to denial of service DoS. The vulnerability exists through ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2...

7.5CVSS2.8AI score0.04908EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2021/01/08 5:55 a.m.•34 views

Arbitrary Code Execution

jackson-databind is vulnerable to remote code execution RCE. The vulnerability exists through the lack of sanitization of the "org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource class through deserialization...

8.1CVSS4.9AI score0.05195EPSS
Exploits1References10Affected Software3
Veracode
Veracode
•added 2021/01/08 5:18 a.m.•34 views

Arbitrary File Overwrite

github.com/thecodingmachine/gotenberg is vulnerable to directory traversal. An attacker is able to exploit the vulnerability to overwrite arbitrary files in the system and cause a denial of service condition or potentially result in arbitrary code execution...

9.8CVSS7.4AI score0.02746EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2021/01/01 6:46 a.m.•34 views

XML External Entity (XXE)

plonesupermodel is vulnerable to XML external entity XXE attacks. The vulnerability exists due to an unapplied permission which would allow an attacker with Manager role to perform XXE attacks and submit requests on behalf of the server and access restricted internal or local resources...

8.8CVSS2.9AI score0.01066EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2020/12/24 9:46 p.m.•34 views

Integer Overflow

open-iscsi:sid is vulnerable to integer overflow. The vulnerability exist in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uipprocess in net/ipv4/uip.c...

7.5CVSS5.1AI score0.03912EPSS
Exploits0References3Affected Software3
Veracode
Veracode
•added 2020/12/23 4:51 p.m.•34 views

Arbitrary Code Execution

openjpeg is vulnerable to arbitrary code execution. A heap-based buffer-overflow write allows an attacker to execute arbitrary code on the host OS...

7.8CVSS4AI score0.01107EPSS
Exploits0References12Affected Software2
Veracode
Veracode
•added 2020/12/15 4:25 p.m.•34 views

Information Disclosure

openSSH is vulnerable to information disclosure. An attacker is able to conduct a man-in-the-middle attack to initial connections attempts due to a observable discrepancy in the algorithm negotiation...

5.9CVSS2.4AI score0.02057EPSS
Exploits2References9Affected Software1
Veracode
Veracode
•added 2020/12/15 3:24 a.m.•34 views

Incorrect Preservation Of Namespace Prefixes

encoding/xml in github.com/golang/go is performing incorrect preservation of namespace prefixes. An attacker is able to provide malicious inputs to cause conflicts in the way of preserving the namespace prefixes on XML elements during tokenization round-trips...

9.8CVSS2.8AI score0.01942EPSS
Exploits0References3Affected Software2
Veracode
Veracode
•added 2020/12/10 4:17 p.m.•34 views

Denial Of Service (DoS)

openldap is vulnerable to denial of service. A NULL pointer dereference during a request for renaming RDNs allows an unauthenticated remote attacker to crash the slapd process by sending a malicious request...

7.5CVSS3.8AI score0.02183EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2020/12/10 7:58 a.m.•34 views

Denial Of Service (DoS)

qemu is vulnerable to denial of service. An attacker is able to transmit a malicious RX descriptor to e1000ewritepackettoguest which induced an infinite loop, causing the qemu to crash resulting in denial of service...

2.7AI score
Exploits0
Veracode
Veracode
•added 2020/12/10 7:36 a.m.•34 views

Denial Of Service (DoS)

QEMU is vulnerable to denial of service. This vulnerability exist because of a flaw in the memory management API during the initialization of a memory region cache...

6CVSS3.3AI score0.0036EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2020/12/06 4:40 a.m.•34 views

Denial Of Service (DoS)

ghostscript is vulnerable to denial of service. An attacker is able to crash the application via a malicious PDF file that results in a long running computation...

5.5CVSS3AI score0.01888EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2020/12/06 4:1 a.m.•34 views

Denial Of Service (DoS)

imagemagick is vulnerable to denial of service DoS. The vulnerability exists in GammaImage of /MagickCore/enhance.c, depending on the gamma value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick...

5.5CVSS3.3AI score0.01365EPSS
Exploits0References4Affected Software4
Veracode
Veracode
•added 2020/12/06 3:25 a.m.•34 views

Denial Of Service (DoS)

ghostscript is vulnerable to denial of service DoS. The vulnerability exists due to the heap-buffer-overflow in the lprnisblack function in contrib/lips4/gdevlprn.c, allowing an attacker to crash the application via a crafted PDF file...

5.5CVSS3AI score0.0187EPSS
Exploits1References8Affected Software1
Veracode
Veracode
•added 2020/12/06 2:41 a.m.•34 views

Denial Of Service (DoS)

qemu is vulnerable to denial of service. The vulnerability exists through heap buffer overflow in sdhcisdmatransfermultiblocks in hw/sd/sdhci.c which allows an attacker to cause an application crash...

6.3CVSS6AI score0.00424EPSS
Exploits0References6Affected Software7
Veracode
Veracode
•added 2020/12/06 2:27 a.m.•34 views

Privilege Escalation

linux kernel is vulnerable to privilege escalation. A Use-after-free vulnerability in fs/blockdev.callows local users to gain additional privileges or cause a denial of service by leveraging improper access to a certain error field...

6.7CVSS5.5AI score0.00928EPSS
Exploits1References3Affected Software5
Veracode
Veracode
•added 2020/12/02 9:50 a.m.•34 views

Buffer Over-read

oniguruma is vulnerable to Heap-based buffer over-read. It is possible because of a flaw in the function gb18030mbcenclen in file gb18030.c...

7.5CVSS3.1AI score0.04052EPSS
Exploits1References11Affected Software1
Veracode
Veracode
•added 2020/11/20 12:1 p.m.•34 views

Remote Code Execution

ArchiveTar is vulnerable to remote code execution. An attacker is able to inject malicious code through file extension.PHARwithin a tar archive...

7.8CVSS3.7AI score0.47493EPSS
Exploits2References18Affected Software6
Veracode
Veracode
•added 2020/11/20 9:43 a.m.•34 views

Content Security Bypass

firefox is vulnerable to content security policy bypass. The application does not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy...

6.1CVSS1.7AI score0.01312EPSS
Exploits0References6Affected Software8
Veracode
Veracode
•added 2020/11/05 3:18 a.m.•34 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. It happens due to Red Hat only CVE-2020-12352 regression, allowing a remote attacker in an adjacent range to crash the system...

6.5CVSS4.1AI score0.05714EPSS
Exploits4References8Affected Software2
Veracode
Veracode
•added 2020/11/03 8:28 a.m.•34 views

Arbitrary File Deletion

wordpress is vulnerable to Arbitrary File Deletion. Insecure validation of the meta key protection in isprotectedmeta in wp-includes/meta.php allows an attacker to delete arbitrary files on the host...

9.1CVSS9.2AI score0.04059EPSS
Exploits0References12Affected Software3
Veracode
Veracode
•added 2020/11/03 8:14 a.m.•34 views

Arbitrary Code Execution

wordpress is vulnerable to Arbitrary Code Execution. Lack of secure validation of deserialization requests allows an attacker to submit an untrusted object to wp-includes/Requests/Utility/FilteredIterator.php which would result in unsafe deserialization, leading to arbitrary code execution...

9.8CVSS9.5AI score0.16119EPSS
Exploits1References12Affected Software3
Veracode
Veracode
•added 2020/11/03 7:36 a.m.•34 views

Cross-site Scripting (XSS)

wordpress is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the addLoadEvent function in admin-header.php where an attacker is able to inject malicious script via global variables and get it executed when a user visits the page...

6.1CVSS7.2AI score0.017EPSS
Exploits0References10Affected Software3
Veracode
Veracode
•added 2020/10/25 12:39 p.m.•34 views

Denial Of Service (DoS)

linux-oem-osp1 is vulnerable to denial of service DoS. The vulnerability exists through a heap based buffer overflow in the bluetooth implementation...

6.5CVSS2.6AI score0.02223EPSS
Exploits0References2Affected Software3
Veracode
Veracode
•added 2020/10/23 8:58 a.m.•34 views

Information Disclosure

OpenJDK is vulnerable to information disclosure. The vulnerability exists through a race condition in NIO Buffer boundary checks...

5.3CVSS1.4AI score0.03122EPSS
Exploits0References9Affected Software5
Veracode
Veracode
•added 2020/10/18 1:59 a.m.•34 views

CRLF Injection

python is vulnerable CRLF Injection. The vulnerability exists through the first argument of HTTPConnection.request...

7.2CVSS7.3AI score0.0642EPSS
Exploits1References19Affected Software17
Veracode
Veracode
•added 2020/10/13 1:33 a.m.•34 views

Information Disclosure

junit is vulnerable to Information Disclosure. The vulnerability exists through the behaviour of TemporaryFolder on UNIX-like systems, where the system's temporary directory is shared between all users on that system by default...

5.5CVSS5.5AI score0.01674EPSS
Exploits1References71Affected Software1
Veracode
Veracode
•added 2020/10/02 6:7 a.m.•34 views

Cookie Injection

php7 is vulnerable to cookie injection. The vulnerability exists as cookie names are url-decoded, allowing cookies with prefixes such as Host to be forged...

5.3CVSS3.3AI score0.05029EPSS
Exploits2References18Affected Software9
Veracode
Veracode
•added 2020/10/02 1:0 a.m.•34 views

Remote Code Execution (RCE)

nette/application is vulnerable to remote code execution RCE. The vulnerability exists as invalid closures could be processed through the value of the callback parameter in MicroPresenter.php...

9.8CVSS3.1AI score0.35228EPSS
Exploits3References4Affected Software2
Veracode
Veracode
•added 2020/10/01 3:56 a.m.•34 views

Denial Of Service (DoS)

freerdp is vulnerable to denial of service DoS. The vulnerability exists through an out-of-bounds read...

2.2CVSS2.4AI score0.0185EPSS
Exploits1References10Affected Software2
Veracode
Veracode
•added 2020/10/01 3:53 a.m.•34 views

Arbitrary Code Execution

WebKitGTK+ is vulnerable to arbitrary code execution. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS4.3AI score0.01861EPSS
Exploits0References10Affected Software28
Veracode
Veracode
•added 2020/10/01 3:53 a.m.•34 views

Arbitrary Code Execution

webkitgtk4 is vulnerable to arbitrary code execution. The vulnerability exists through memory corruption...

8.8CVSS3.8AI score0.0405EPSS
Exploits0References9Affected Software28
Veracode
Veracode
•added 2020/10/01 3:53 a.m.•34 views

Denial Of Service (DoS)

libssh2 is vulnerable to denial of service. The vulnerability exists through an integer overflow in SSHMSGDISCONNECT logic in packet.c which allows an attacker to cause an application crash...

8.1CVSS7.8AI score0.03793EPSS
Exploits1References17Affected Software1
Veracode
Veracode
•added 2020/10/01 3:53 a.m.•34 views

Denial Of Service (DoS)

webkitgtk4 is vulnerable to denial of service DoS. The vulnerability exists through an improper memory handling...

6.5CVSS2.5AI score0.01976EPSS
Exploits0References7Affected Software28
Veracode
Veracode
•added 2020/10/01 3:53 a.m.•34 views

Arbitrary Code Execution

webkitgtk4 is vulnerable to arbitrary code execution. The vulnerability exists through multiple memory corruption issues...

8.8CVSS3.6AI score0.02035EPSS
Exploits0References9Affected Software28
Veracode
Veracode
•added 2020/10/01 3:52 a.m.•34 views

Arbitrary Code Execution

webkitgtk4 is vulnerable to arbitrary code execution. The vulnerabiltiy exists through memory errors...

8.8CVSS6.3AI score0.0231EPSS
Exploits0References10Affected Software28
Veracode
Veracode
•added 2020/10/01 3:52 a.m.•34 views

Cross-site Scripting (XSS)

webkitgtk is vulnerable to cross-site scripting XSS. The vulnerability exists through an improper state management issue...

6.1CVSS1.7AI score0.01331EPSS
Exploits0References9Affected Software28
Veracode
Veracode
•added 2020/10/01 3:52 a.m.•34 views

Arbitrary Code Execution

webkitgtk is vulnerable to arbitrary code execution. The vulnerability exists through memory corruption...

8.8CVSS3.8AI score0.01556EPSS
Exploits0References5Affected Software28
Veracode
Veracode
•added 2020/10/01 3:52 a.m.•34 views

Arbitrary Code Execution

WebKitGTK+ is vulnerable to arbitrary code execution. It is possible due to a flaw in the port of the WebKit portable web rendering engine to the GTK+ platform...

8.8CVSS3.7AI score0.12955EPSS
Exploits2References11Affected Software1
Veracode
Veracode
•added 2020/10/01 3:52 a.m.•34 views

Arbitrary Code Execution

WebKitGTK+ is vulnerable to arbitrary code execution. An attacker can input malicious web content to lead to memory corruptions and arbitrary code execution...

8.8CVSS4.3AI score0.01812EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2020/10/01 3:52 a.m.•34 views

Arbitrary Code Execution

webkitgtk4 is vulnerable to arbitrary code execution. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS4.3AI score0.02462EPSS
Exploits0References11Affected Software1
Total number of security vulnerabilities5000