Lucene search
K
VeracodeMost viewed

38340 matches found

Veracode
Veracode
•added 2020/04/10 12:20 a.m.•34 views

Spoofing Attack

kernel is vulnerable to spoofing attacks. A flaw in the CIFS handling of the mount option sec= that didn't enable integrity checking and didn't produce any error message...

4.3CVSS2.2AI score0.02624EPSS
Exploits0References20Affected Software1
Veracode
Veracode
•added 2020/04/10 12:19 a.m.•34 views

Denial Of Service (DoS)

https is vulnerable to denial of service. A flaw was found in the modproxybalancer module. On sites where modproxybalancer was enabled, an authorized user could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial o...

4CVSS0.9AI score0.09951EPSS
Exploits1References47Affected Software1
Veracode
Veracode
•added 2020/04/10 12:19 a.m.•34 views

Arbitrary Code Execution

kernel is vulnerable to arbitrary code execution. A flaw was found in the IA32 system call emulation provided on AMD64 and Intel 64 platforms. An improperly validated 64-bit value could be stored in the %RAX register, which could trigger an out-of-bounds system call table access. An untrusted loc...

7.2CVSS3.9AI score0.0082EPSS
Exploits0References41Affected Software1
Veracode
Veracode
•added 2020/04/10 12:17 a.m.•34 views

Arbitrary Code Execution

php is vulnerable to arbitrary code execution. A buffer overflow flaw was found in the PHP 'soap' extension, regarding the handling of an HTTP redirect response when using the SOAP client provided by this extension with an untrusted SOAP server...

5.1CVSS2.2AI score0.02303EPSS
Exploits0References24Affected Software1
Veracode
Veracode
•added 2020/04/10 12:15 a.m.•34 views

DNS Spoofing

Mozilla Firefox is vulnerable to DNS spoofing. A flaw was found in the Firefox auto-update verification system. An attacker who has the ability to spoof a victim's DNS could get Firefox to download and install malicious code. In order to exploit this issue an attacker would also need to get a...

2.6CVSS3.2AI score0.0179EPSS
Exploits1References42Affected Software2
Veracode
Veracode
•added 2020/04/10 12:12 a.m.•34 views

Denial Of Service (DoS)

bind is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the way BIND processed certain DNS query responses. On servers that had enabled DNSSEC validation, this could allow a remote attacker to cause a denial of service...

4.3CVSS5.1AI score0.43355EPSS
Exploits1References70Affected Software1
Veracode
Veracode
•added 2020/04/08 12:44 a.m.•34 views

Denial Of Service (DoS)

Mozilla is vulnerable to denial of service. The vulnerability exists through a use-after-free issue when handling a ReadableStream...

8.1CVSS8.7AI score0.06305EPSS
Exploits0References6Affected Software3
Veracode
Veracode
•added 2020/03/18 12:55 a.m.•34 views

Use-after-free

Mozilla Firefox is vulnerable to use-after-free in cubeb during stream destruction...

8.8CVSS2.5AI score0.01239EPSS
Exploits0References8Affected Software6
Veracode
Veracode
•added 2020/03/05 5:52 a.m.•34 views

SQL Injection

django is vulnerable to SQL injection. Lack of adequate validation and sanitization of the tolerance parameter allows an attacker to inject and execute arbitrary SQL statements in the database...

8.8CVSS4.3AI score0.22513EPSS
Exploits0References14Affected Software4
Veracode
Veracode
•added 2020/02/10 6:22 a.m.•34 views

Authorization Bypass

node is vulnerable to authorization bypass. Trailing OWS from header values are not stripped, potentially allowing a remote attacker to bypass access controls...

9.8CVSS4.7AI score0.20041EPSS
Exploits1References16Affected Software4
Veracode
Veracode
•added 2020/01/17 1:47 a.m.•34 views

Denial Of Service (DoS)

OpenJDK is vulnerable to denial of service DoS. The vulnerability exists due to an incorrect exception during deserialization in BeanContextSupport...

3.7CVSS2.3AI score0.0404EPSS
Exploits0References27Affected Software4
Veracode
Veracode
•added 2019/12/06 12:16 a.m.•34 views

Denial Of Service (DoS)

Mozilla firefox is vulnerable to denial of service. The vulnerability exists through a use-after-free error in worker destruction...

8.8CVSS3AI score0.01877EPSS
Exploits0References15Affected Software5
Veracode
Veracode
•added 2019/11/21 2:53 a.m.•34 views

Remote Code Execution

jackson-databind is vulnerable to remote code execution. The application does not block the xalan classes during deserialization, which would allow a remote attacker to leverage the vulnerability to execute arbitrary code...

9.8CVSS5.6AI score0.03958EPSS
Exploits0References11Affected Software27
Veracode
Veracode
•added 2019/11/20 2:52 a.m.•34 views

Shell Code Execution

libunbound.so is vulnerable to shell code execution. The attack is possible due to not proper handling of a malicious IPSECKEY answer in the ipsec. The vulnerability can only triggered when the following conditions are met: 1 compiled the library with --enable-ipsecmod support, and ipsecmod is...

7.3CVSS1.9AI score0.03212EPSS
Exploits1References9Affected Software1
Veracode
Veracode
•added 2019/10/17 12:22 a.m.•34 views

Denial Of Service (DoS)

openjdk is vulnerable to denial of service. A NULL pointer dereference in DrawGlyphList allows an attacker to crash the application...

3.7CVSS3.6AI score0.03533EPSS
Exploits0References24Affected Software4
Veracode
Veracode
•added 2019/10/14 7:6 a.m.•34 views

Information Disclosure

ansible is vulnerable to information disclosure. The attack is possible due to an incomplete fix of CVE-2019-10206 which does not perform safe type conversions using AnsibleUnsafeBytes and AnsibleUnsafeBytes classes, allowing CLI provided passwords being incorrectly templated when using totext,...

6.5CVSS3.9AI score0.01649EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2019/10/02 2:15 a.m.•34 views

Remote Code Execution (RCE)

jackson-databind is vulnerable to remote code execution. The vulnerability exists as it does not stop classes from the commons-dbcp package from being used as deserialization gadgets...

9.8CVSS9.7AI score0.05681EPSS
Exploits0References45Affected Software3
Veracode
Veracode
•added 2019/10/01 12:17 a.m.•34 views

Denial Of Service (DoS)

nodejs is vulnerable to denial of service. A remote attacker is able to crash the application by flooding the server with empty frames which results in excessive resource consumption...

7.5CVSS3.5AI score0.25448EPSS
Exploits0References37Affected Software5
Veracode
Veracode
•added 2019/09/25 12:45 a.m.•34 views

Denial Of Service (DoS)

QEMU is vulnerable to denial of service DoS. The vulnerability is due to integer overflow leading to buffer overflow...

7.5CVSS4AI score0.04503EPSS
Exploits1References10Affected Software3
Veracode
Veracode
•added 2019/09/13 6:8 a.m.•34 views

Arbitrary Code Execution

libcurl.so is vulnerable to arbitrary code execution. A double-free occurs when a malicious server claims to send a large block that results in the realloc function call to fail. The vulnerability exists when curl uses kerberos over FTP, and can be exploited by an attacker to execute arbitrary co...

9.8CVSS4.8AI score0.07266EPSS
Exploits0References17Affected Software13
Veracode
Veracode
•added 2019/09/05 12:17 a.m.•34 views

Sandbox Restrictions Bypass

jenkins-plugin-script-security isv vulnerable to Sandbox bypass. This is possible through method pointer expressions in Script Security Plugin...

8.8CVSS2.5AI score0.025EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2019/08/08 12:7 a.m.•34 views

Denial Of Service (DoS)

advancecomp is vulnerable to denial of service DoS. The vulnerability exists in function advpngunfilter8 in lib/png.c...

7.8CVSS2.8AI score0.01247EPSS
Exploits1References8Affected Software1
Veracode
Veracode
•added 2019/08/08 12:7 a.m.•34 views

Arbitrary File Overwrite

keepalived is vulnerable to arbitrary file overwrite. The vulnerability exists as there is an improper pathname validation that allows for overwrite of arbitrary filenames via symlinks...

4.7CVSS4.4AI score0.00501EPSS
Exploits1References8Affected Software1
Veracode
Veracode
•added 2019/08/08 12:7 a.m.•34 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists through a buffer overflow in hidpprocessreport...

8.4CVSS3.7AI score0.00435EPSS
Exploits0References34Affected Software2
Veracode
Veracode
•added 2019/08/08 12:7 a.m.•34 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists through a NULL pointer dereference in lookupslow function...

5.5CVSS2.8AI score0.01725EPSS
Exploits0References29Affected Software4
Veracode
Veracode
•added 2019/08/08 12:7 a.m.•34 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists through a NULL pointer dereference in xfsdashrinkinode function...

5.5CVSS2.8AI score0.02179EPSS
Exploits1References34Affected Software2
Veracode
Veracode
•added 2019/08/08 12:7 a.m.•34 views

Arbitrary Code Execution

poppler is vulnerable to arbitrary code execution. A heap-based buffer underwrite in the function ImageStream::getLine in Stream.cc allows an attacker to crash the application or potentially execute arbitrary code on the system...

8.8CVSS6.1AI score0.03473EPSS
Exploits1References23Affected Software2
Veracode
Veracode
•added 2019/08/06 5:13 a.m.•34 views

Denial Of Service (DoS)

libpoppler.so is vulnerable to denial of service DoS. The attack exists because it does not prevent having integer overflow in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc...

7.5CVSS3.8AI score0.02679EPSS
Exploits1References10Affected Software3
Veracode
Veracode
•added 2019/08/05 12:16 a.m.•34 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists through a use-after-free in drivers/char/ipmi/ipmisiintf.c, ipmisimemio.c, ipmisiportio.c...

7CVSS2.7AI score0.00451EPSS
Exploits0References16Affected Software2
Veracode
Veracode
•added 2019/08/02 10:1 a.m.•34 views

Denial Of Service (DoS)

Django is vulnerable to denial of service DoS. It does not properly handle HTML entities in the function striptags, causing excessive HTMLParser recursions...

7.5CVSS2.6AI score0.03172EPSS
Exploits0References12Affected Software2
Veracode
Veracode
•added 2019/07/08 3:36 p.m.•34 views

XML Entity Expansion (XEE)

c3p0 is vulnerable to XML entity expansion XEE. Missing protections against recursive entity expansion when loading configuration allows remote attackers to exploit the billion laughs attack by loading malicious XML configurations...

7.5CVSS8.4AI score0.04882EPSS
Exploits1References10Affected Software1
Veracode
Veracode
•added 2019/07/08 12:6 a.m.•34 views

Cross-Site Scripting (XSS)

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.117. See the following advisory for the container...

5.4CVSS6.3AI score0.02111EPSS
Exploits0References71Affected Software18
Veracode
Veracode
•added 2019/06/25 7:29 a.m.•34 views

Arbitrary Code Execution

libpoppler.so is vulnerable to arbitrary code execution. A heap-based buffer overflow in Splash::blitTransparent in splash/Splash.cc allows an attacker to execute arbitrary code...

8.8CVSS9.7AI score0.02708EPSS
Exploits1References11Affected Software1
Veracode
Veracode
•added 2019/05/31 5:11 a.m.•34 views

Open Redirection

spring-security-oauth2 is vulnerable to open redirection. A remote attacker is able to modify the redirecturi parameter and redirect users to a malicious site to steal confidential information such as authorization code, username and password...

5.4CVSS5.6AI score0.08906EPSS
Exploits4References3Affected Software1
Veracode
Veracode
•added 2019/05/16 4:17 a.m.•34 views

Arbitrary Code Execution

IBM Java SE version 8 is vulnerable to arbitrary code execution fixed in 7u221 and 8u211...

8.1CVSS8.2AI score0.11466EPSS
Exploits1References11Affected Software2
Veracode
Veracode
•added 2019/05/16 3:59 a.m.•34 views

User-After-Free

Linux kernel is vulnerable to use-after-free attacks. This is because the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested =1 virtualization is enabled. An attacker could use this flaw to crash the host kernel resulting in a denial of service or...

7.8CVSS7.4AI score0.00805EPSS
Exploits1References27Affected Software2
Veracode
Veracode
•added 2019/05/16 3:59 a.m.•34 views

Denial Of Service (DoS)

The java openjdk is vulnerable to denial of service DoS. It is possible due to a slow conversion of BigDecimal to long...

7.5CVSS4.5AI score0.0441EPSS
Exploits0References23Affected Software1
Veracode
Veracode
•added 2019/05/16 3:57 a.m.•34 views

Denial Of Service (DoS)

Oracle Java SE is vulnerable to denial of service DoS attacks. The vulnerability exists in Deployment component in the Java SE component of Oracle Java SE. An unauthenticated attacker with network access via multiple protocols could cause denial of service condition with the aid of human...

3.1CVSS6AI score0.02716EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2019/05/16 3:48 a.m.•34 views

Denial Of Service (DoS)

.NET Core and ASP.NET Core is vulnerable to denial of service. The vulnerability exists due to the improper handling of web requests. A remote attacker could issue a malicious web request to exploit crash the process...

7.5CVSS7.1AI score0.05719EPSS
Exploits0References15Affected Software8
Veracode
Veracode
•added 2019/05/16 3:23 a.m.•34 views

Arbitrary Code Execution

Postgresql is vulnerable to arbitrary code execution. This is because a Postgresql user could modify the behavior of a query for other users. A malicious user could insert a trojan-horse function that, when executed by a superuser, grants escalated privileges to the malicious user...

8.8CVSS8AI score0.14142EPSS
Exploits1References70Affected Software10
Veracode
Veracode
•added 2019/05/16 3:22 a.m.•34 views

Denial Of Service (DoS)

Oracle MySQL is vulnerable to denial of service attacks. A remote authenticated attacker could exploit a flaw in the InnoDB component to cause denial of service conditions...

4.9CVSS6.2AI score0.03254EPSS
Exploits0References9Affected Software3
Veracode
Veracode
•added 2019/05/16 3:21 a.m.•34 views

Denial Of Service (DoS)

Apache HTTP Server is vulnerable to denial of service DoS attacks. The vulnerability is due to an out of bound access after a size limit is reached by reading the HTTP header. An attacker could cause an application crash via a specially crafted request resulting in a complete denial of service...

5.9CVSS7.1AI score0.15564EPSS
Exploits0References52Affected Software14
Veracode
Veracode
•added 2019/05/16 3:21 a.m.•34 views

Buffer Overflow

curl is vulnerable to buffer overflow vulnerability. The vulnerability occurs when doing a large floating point output in libcurl's implementation of the printf functions. The application accepts input format strings without doing a necessary input filtering. A remote attacker could send a format...

8.1CVSS8AI score0.04935EPSS
Exploits0References24Affected Software4
Veracode
Veracode
•added 2019/05/16 3:18 a.m.•34 views

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of serviceDoS attacks. This occurs when the ioti driver is loaded, a local unprivileged attacker could request incorrect high transfer speed in the changeportsettings in the drivers/usb/serial/ioti.c so that the divisor value becomes zero and causes a system...

5.5CVSS5.8AI score0.00683EPSS
Exploits1References29Affected Software2
Veracode
Veracode
•added 2019/05/16 3:10 a.m.•34 views

Privilege Escalation

cephx is vulnerable to privilege escalation attacks. This is because cephx authentication protocol does not verify ceph clients correctly. An attacker who has access to the ceph cluster network is able to sniff packets on the network...

7.5CVSS8AI score0.01374EPSS
Exploits0References33Affected Software3
Veracode
Veracode
•added 2019/05/16 2:59 a.m.•34 views

Out-Of-Bounds Read

PHP is vulnerable to out-of-bounds reads. The vulnerability exists in matchat during regular expression searching because of a logical error involving order of validation and access in matchat...

9.8CVSS9.1AI score0.0654EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2019/05/16 2:59 a.m.•34 views

Heap-Based Buffer Overflow

PHP is vulnerable to heap-based buffer overflow vulnerability. The vulnerability exists in the ext/mysqlnd/mysqlndwireprotocol.c in PHP. Remote MySQL servers could cause a denial of service or possibly have unspecified other impact via crafted field metadata...

8.1CVSS9.4AI score0.0885EPSS
Exploits1References12Affected Software1
Veracode
Veracode
•added 2019/05/16 2:59 a.m.•34 views

Denial Of Service (DoS)

Oracle MySQL is vulnerable to denial of serviceDoS attacks. A remote authenticated user could exploit a flaw in the DDL component which leads to cause a hang or frequently repeatable crash complete DoS...

6.5CVSS6.2AI score0.03171EPSS
Exploits0References18Affected Software4
Veracode
Veracode
•added 2019/05/16 2:53 a.m.•34 views

Denial Of Service (DoS)

QEMU is vulnerable to denial of service attacks. Function cpuphysicalmemorysnapshotgetdirty of the component VGA Display Update allows remote authenticated attackers via an assert failure issue in the VGA display emulator...

6.5CVSS6.2AI score0.02959EPSS
Exploits0References126Affected Software1
Veracode
Veracode
•added 2019/05/16 2:50 a.m.•34 views

Arbitrary Code Execution

GNU C Library is vulnerable to arbitrary code execution. A remote unauthenticated attacker could cause a buffer overflow during unescaping of user names with the operator resulting in denial of service conditions and code execution attacks...

9.8CVSS9.8AI score0.02824EPSS
Exploits0References32Affected Software1
Total number of security vulnerabilities5000