Lucene search
K
VeracodeMost viewed

38340 matches found

Veracode
Veracode
•added 2019/05/16 3:10 a.m.•34 views

Privilege Escalation

cephx is vulnerable to privilege escalation attacks. This is because cephx authentication protocol does not verify ceph clients correctly. An attacker who has access to the ceph cluster network is able to sniff packets on the network...

7.5CVSS8AI score0.01374EPSS
Exploits0References33Affected Software3
Veracode
Veracode
•added 2019/05/16 2:59 a.m.•34 views

Out-Of-Bounds Read

PHP is vulnerable to out-of-bounds reads. The vulnerability exists in matchat during regular expression searching because of a logical error involving order of validation and access in matchat...

9.8CVSS9.1AI score0.0654EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2019/05/16 2:59 a.m.•34 views

Heap-Based Buffer Overflow

PHP is vulnerable to heap-based buffer overflow vulnerability. The vulnerability exists in the ext/mysqlnd/mysqlndwireprotocol.c in PHP. Remote MySQL servers could cause a denial of service or possibly have unspecified other impact via crafted field metadata...

8.1CVSS9.4AI score0.0885EPSS
Exploits1References12Affected Software1
Veracode
Veracode
•added 2019/05/16 2:50 a.m.•34 views

Arbitrary Code Execution

GNU C Library is vulnerable to arbitrary code execution. A remote unauthenticated attacker could cause a buffer overflow during unescaping of user names with the operator resulting in denial of service conditions and code execution attacks...

9.8CVSS9.8AI score0.02824EPSS
Exploits0References32Affected Software1
Veracode
Veracode
•added 2019/05/16 2:31 a.m.•34 views

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of service attacks. The rdscmsgatomic function in 'net/rds/rdma.c' mishandles cases where page pinning fails or an invalid address is supplied by a user. An attacker with local access can cause denial of service conditions via NULL pointer dereference in...

5.5CVSS5.8AI score0.07679EPSS
Exploits5References17Affected Software1
Veracode
Veracode
•added 2019/05/16 2:18 a.m.•34 views

Information Disclosure

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain...

8.3CVSS8.3AI score0.06905EPSS
Exploits0References23Affected Software4
Veracode
Veracode
•added 2019/05/16 2:13 a.m.•34 views

Denial Of Service (DoS)

Linux kernel is vulnerable to NULL pointer dereference vulnerability. This occurs in the Key Management sub component in Linux kernel when trying to issue a KEYTCLREAD on a negative key. Local attackers could cause a denial of service conditions via a crafted KEYCTLREAD operation...

5.5CVSS5.8AI score0.93838EPSS
Exploits20References27Affected Software2
Veracode
Veracode
•added 2019/05/16 1:48 a.m.•34 views

Key Reinstallation Attack (KRACK)

WPA and WPA2 are vulnerable to key reinstallation attacks KRACK. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key GTK during a 4-way handshake...

5.3CVSS6.6AI score0.0207EPSS
Exploits0References36Affected Software1
Veracode
Veracode
•added 2019/05/02 6:43 a.m.•34 views

Arbitrary Code Execution

OpenJPEG is vulnerable to arbitrary code execution attacks. A remote unauthenticated attacker could exploit the vulnerable JP2 File Handler component to cause code execution via a crafted JP2 file, which triggers an out-of-bounds read or write...

7.8CVSS8.3AI score0.07114EPSS
Exploits1References24Affected Software1
Veracode
Veracode
•added 2019/05/02 6:37 a.m.•34 views

Denial Of Service (DoS)

Oracle MySQL is vulnerable to denial of service attacks. A remote, authenticated attacker could exploit the flawed Optimizer component to cause a hang or frequently repeatable crash resulting in denial of service conditions...

4.9CVSS5.5AI score0.02853EPSS
Exploits0References9Affected Software2
Veracode
Veracode
•added 2019/05/02 6:36 a.m.•34 views

Denial Of Service (DoS)

QEMU is vulnerable to denial of serviceDoS attacks. This occurs in the rtl8139cplustransmit function in hw/net/rtl8139.c. This allows local guest OS administrators to cause a denial of service condition infinite loop and CPU consumption by leveraging failure to limit the ring descriptor count...

6CVSS6.3AI score0.00407EPSS
Exploits0References217Affected Software1
Veracode
Veracode
•added 2019/05/02 6:36 a.m.•34 views

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of service attacks. A local non-privileged user is able to cause denial of service by overflowing the mount table, which causes a deadlock for the whole system. Affected is the file fs/namespace.c of the component Mount Handler...

4.7CVSS5.5AI score0.00421EPSS
Exploits0References44Affected Software2
Veracode
Veracode
•added 2019/05/02 6:9 a.m.•34 views

Command Injection

Snoopy library is vulnerable to command injection attacks. This allows remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers which may leads to data modification...

9.8CVSS9.9AI score0.04707EPSS
Exploits0References15Affected Software1
Veracode
Veracode
•added 2019/05/02 6:2 a.m.•34 views

Denial Of Service (DoS)

Mozilla Firefox is vulnerable to buffer overflow vulnerability. This is due to memory allocation issues when handling large amounts of incoming data resulting a potentially exploitable crash...

7.5CVSS8.8AI score0.12416EPSS
Exploits3References12Affected Software1
Veracode
Veracode
•added 2019/05/02 5:51 a.m.•34 views

Denial Of Service (DoS)

IPv6 protocol is vulnerable to denial of serviceDos attacks. Remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow and subsequently perform any type of a fragmentation-based attack against legacy IPv6 nodes that do not...

8.6CVSS8.3AI score0.02727EPSS
Exploits0References14Affected Software1
Veracode
Veracode
•added 2019/05/02 5:51 a.m.•34 views

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

10CVSS7.3AI score0.06058EPSS
Exploits1References22Affected Software1
Veracode
Veracode
•added 2019/05/02 5:51 a.m.•34 views

Session Fixation

pcsd in pcs is vulnerable to Session Fixation. Failing to validate cookies on the server side when a user is logged out, could potentially allow an attacker to perform session fixation attacks on pcsd in order to impersonate another user...

8.1CVSS8AI score0.02294EPSS
Exploits0References52Affected Software1
Veracode
Veracode
•added 2019/05/02 5:51 a.m.•34 views

Denial Of Service (DoS)

Oracle MySQL Server is vulnerable to denial of service DoS attacks. An authenticated user can manipulate with an unknown input, causing the application to crash. The affected component is DML...

6.5CVSS6.4AI score0.04625EPSS
Exploits18References19Affected Software9
Veracode
Veracode
•added 2019/05/02 5:43 a.m.•34 views

Denial Of Service (DoS)

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

7.5CVSS9.3AI score0.04229EPSS
Exploits0References25Affected Software2
Veracode
Veracode
•added 2019/05/02 5:43 a.m.•34 views

Brute Force Attack

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

7.5CVSS9.3AI score0.04229EPSS
Exploits0References25Affected Software2
Veracode
Veracode
•added 2019/05/02 5:41 a.m.•35 views

Man-in-the-Middle (MitM)

The Network Time Protocol NTP is used to synchronize a computer's time with another referenced time source. It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by...

7.5CVSS7AI score0.06135EPSS
Exploits0References38Affected Software1
Veracode
Veracode
•added 2019/05/02 5:41 a.m.•34 views

Improper Input Validation And Arbitary Code Injection

The Network Time Protocol NTP is used to synchronize a computer's time with another referenced time source. It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by...

7AI score0.06135EPSS
Exploits0References14Affected Software1
Veracode
Veracode
•added 2019/05/02 5:40 a.m.•34 views

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

10CVSS5.7AI score0.06181EPSS
Exploits0References19Affected Software1
Veracode
Veracode
•added 2019/05/02 5:39 a.m.•34 views

Sensitive Information Leakage

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 collection provide a stable release of Python 2.7 with a number of additional utilities and database connectors f...

9.8CVSS8.8AI score0.28319EPSS
Exploits15References20Affected Software6
Veracode
Veracode
•added 2019/05/02 5:34 a.m.•34 views

Spoofable UI

firefox is vulnerable to spoofable UI. The vulnerability exists as it was possible to spoof the address bar via a SELECT element with a persistent menu...

6.5CVSS7.1AI score0.02034EPSS
Exploits0References13Affected Software1
Veracode
Veracode
•added 2019/05/02 5:34 a.m.•34 views

Denial Of Service (DoS)

ntp is vulnerable to denial of service DoS. The vulnerability exists through an out-of-bounds reference from an addpeer request, with a large hmode value...

5.3CVSS6AI score0.15081EPSS
Exploits0References34Affected Software1
Veracode
Veracode
•added 2019/05/02 5:34 a.m.•34 views

Denial Of Service (DoS)

PCRE is vulnerable to denial of service DoS. The vulnerability exists through parsing a malicious regular expression...

7.5CVSS6.6AI score0.03764EPSS
Exploits0References19Affected Software4
Veracode
Veracode
•added 2019/05/02 5:29 a.m.•34 views

Arbitrary Code Execution

kernel is vulnerable to arbitrary code execution. The vulnerability exists as the kernel improperly handles options data, causing arbitrary code execution through sendmsg system call...

7.3CVSS7.6AI score0.00296EPSS
Exploits0References25Affected Software1
Veracode
Veracode
•added 2019/05/02 5:29 a.m.•34 views

Information Disclosure

MySQL Server is vulnerable to information disclosure. The vulnerability exists as an unspecified vulnerability in Oracle MySQL .This allows a remote authenticated user to manipulate with an unknown input which related to 'Types'...

4CVSS5.6AI score0.03764EPSS
Exploits0References46Affected Software4
Veracode
Veracode
•added 2019/05/02 5:29 a.m.•34 views

Denial Of Service (DoS)

JavaScript engine implementation in Mozilla Firefox is vulnerable to denial of service attacks. This allows a remote attacker to execute arbitrary code or cause a denial of service via a crafted web site...

7.5CVSS8.2AI score0.02254EPSS
Exploits0References19Affected Software1
Veracode
Veracode
•added 2019/05/02 5:28 a.m.•34 views

Use-After-Free

Mozilla Network Security ServicesNSS is vulnerable to use-after-free attacks. This allows remote attackers to case denial of service via crafted key data with DER encoding...

8.8CVSS8.4AI score0.02171EPSS
Exploits0References27Affected Software2
Veracode
Veracode
•added 2019/05/02 5:27 a.m.•34 views

Buffer Over-Read

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

9.8CVSS8.2AI score0.31046EPSS
Exploits9References29Affected Software2
Veracode
Veracode
•added 2019/05/02 5:21 a.m.•34 views

Cross-Site Request Forgery (CSRF)

Jenkins is vulnerable to Cross-site request forgery CSRF vulnerability. The attack is possible because the request via the HTTP GET method are not validated, allowing remote attackers to hijack the authentication of administrators for requests...

8.8CVSS8.8AI score0.02395EPSS
Exploits0References40Affected Software53
Veracode
Veracode
•added 2019/05/02 5:20 a.m.•34 views

Improper Access Control

The kernel packages contain the Linux kernel, the core of any Linux operating system. A use-after-free flaw was found in the way the Linux kernel's key management subsystem handled keyring object reference counting in certain error path of the joinsessionkeyring function. A local, unprivileged us...

7.8CVSS6.3AI score0.03646EPSS
Exploits15References40Affected Software1
Veracode
Veracode
•added 2019/05/02 5:18 a.m.•34 views

Denial Of Service (DoS)

Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...

10CVSS8.1AI score0.084EPSS
Exploits0References24Affected Software2
Veracode
Veracode
•added 2019/05/02 5:17 a.m.•34 views

Denial Of Service (DoS)

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...

6.5CVSS6.3AI score0.06964EPSS
Exploits0References12Affected Software2
Veracode
Veracode
•added 2019/05/02 5:17 a.m.•34 views

Denial Of Service (DoS)

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...

6.5CVSS6.3AI score0.06964EPSS
Exploits0References12Affected Software2
Veracode
Veracode
•added 2019/05/02 5:12 a.m.•34 views

Buffer Overflow

The X11 Xorg libraries provide library routines that are used within all X Window applications. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol da...

6.8CVSS10.2AI score0.04282EPSS
Exploits0References15Affected Software6
Veracode
Veracode
•added 2019/05/02 5:12 a.m.•34 views

Buffer Overflow

The X11 Xorg libraries provide library routines that are used within all X Window applications. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol da...

6.8CVSS10.2AI score0.04282EPSS
Exploits0References13Affected Software6
Veracode
Veracode
•added 2019/05/02 5:12 a.m.•34 views

Integer Overflow

The X11 Xorg libraries provide library routines that are used within all X Window applications. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol da...

6.8CVSS10.2AI score0.04282EPSS
Exploits0References15Affected Software6
Veracode
Veracode
•added 2019/05/02 5:12 a.m.•34 views

Buffer Overflow

PostgreSQL is an advanced object-relational database management system DBMS. An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to...

9.8CVSS8.3AI score0.05533EPSS
Exploits0References9Affected Software2
Veracode
Veracode
•added 2019/05/02 5:12 a.m.•34 views

Integer Overflow

FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handl...

7.5CVSS8.7AI score0.0571EPSS
Exploits13References16Affected Software1
Veracode
Veracode
•added 2019/05/02 5:7 a.m.•34 views

Arbitrary Code Execution

firefox is vulnerable to arbitrary code execution. The vulnerability exists through a use-after-free vulnerability when processing track data...

7.5CVSS9.5AI score0.04158EPSS
Exploits0References57Affected Software1
Veracode
Veracode
•added 2019/05/02 5:6 a.m.•34 views

Denial Of Service (DoS)

Red Hat Enterprise Linux OpenStack Platform provides the facilities for building a private or public infrastructure-as-a-service IaaS cloud running on commonly available physical hardware. Changes to the ceph component: In the previous version, launching of nova instances resulted in nova-compute...

4CVSS7.1AI score0.10066EPSS
Exploits0References50Affected Software15
Veracode
Veracode
•added 2019/05/02 5:5 a.m.•34 views

Arbitrary Code Execution

X.Org server is vulnerable to arbitrary code execution. Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server...

6.5CVSS5.4AI score0.04378EPSS
Exploits0References17Affected Software1
Veracode
Veracode
•added 2019/05/02 5:4 a.m.•34 views

Denial Of Service (DoS)

V8 is Google's open source JavaScript engine. It was discovered that V8 did not properly check the stack size limit in certain cases. A remote attacker able to send a request that caused a script executed by V8 to use deep recursion could trigger a stack overflow, leading to a crash of an...

10CVSS6.7AI score0.05428EPSS
Exploits4References16Affected Software171
Veracode
Veracode
•added 2019/05/02 5:4 a.m.•34 views

Denial Of Service (DoS)

Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as...

5CVSS6.8AI score0.03409EPSS
Exploits0References17Affected Software1
Veracode
Veracode
•added 2019/05/02 5:3 a.m.•34 views

Arbitrary Code Execution

Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...

10CVSS9.6AI score0.05591EPSS
Exploits0References39Affected Software2
Veracode
Veracode
•added 2019/05/02 5:3 a.m.•34 views

Denial Of Service (DoS)

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance PI futexes. A local, unprivileged user could use this flaw to escalate their privileges on...

7.8CVSS6.6AI score0.37233EPSS
Exploits24References22Affected Software1
Veracode
Veracode
•added 2019/05/02 5:3 a.m.•34 views

Privilege Escalation

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance PI futexes. A local, unprivileged user could use this flaw to escalate their privileges on...

7.8CVSS6.6AI score0.37233EPSS
Exploits24References42Affected Software1
Total number of security vulnerabilities5000