Lucene search
K
VeracodeMost viewed

38340 matches found

Veracode
Veracode
•added 2019/05/02 5:2 a.m.•34 views

Information Disclosure

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when...

10CVSS8.6AI score0.0751EPSS
Exploits0References12Affected Software1
Veracode
Veracode
•added 2019/05/02 5:2 a.m.•34 views

Authorization Bypass

Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that when JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length heade...

5.8CVSS8.2AI score0.16833EPSS
Exploits2References23Affected Software71
Veracode
Veracode
•added 2019/05/02 5:1 a.m.•34 views

Denial Of Service (DoS)

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to...

9.3CVSS9.7AI score0.11823EPSS
Exploits1References13Affected Software1
Veracode
Veracode
•added 2019/05/02 5:0 a.m.•34 views

Heap-based Buffer Over-read

OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. Multiple heap-based buffer overflow flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash or,...

7.5CVSS8.7AI score0.05515EPSS
Exploits0References12Affected Software1
Veracode
Veracode
•added 2019/05/02 4:58 a.m.•34 views

NULL Pointer Dereference

Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly,...

7.8CVSS6.7AI score0.037EPSS
Exploits11References20Affected Software1
Veracode
Veracode
•added 2019/05/02 4:58 a.m.•34 views

Denial Of Service (DoS)

Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly,...

7.8CVSS6.7AI score0.037EPSS
Exploits11References25Affected Software1
Veracode
Veracode
•added 2019/05/02 4:58 a.m.•34 views

Arbitrary Code Execution

KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Multiple buffer overflow, input validation, and out-of-bounds write flaws were found in the wa...

8.8CVSS8.5AI score0.05412EPSS
Exploits0References17Affected Software2
Veracode
Veracode
•added 2019/05/02 4:58 a.m.•34 views

Sandbox Restrictions Bypass

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

10CVSS6.6AI score0.17606EPSS
Exploits0References19Affected Software1
Veracode
Veracode
•added 2019/05/02 4:58 a.m.•34 views

Arbitrary Code Execution

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

10CVSS7.6AI score0.10117EPSS
Exploits1References19Affected Software3
Veracode
Veracode
•added 2019/05/02 4:56 a.m.•34 views

Denial Of Service (DoS)

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...

7.5CVSS9.9AI score0.06353EPSS
Exploits0References21Affected Software2
Veracode
Veracode
•added 2019/05/02 4:56 a.m.•34 views

Arbitrary Code Execution

java is vulnerable to arbitrary code execution. The vulnerability exists through missing package access checks in the Naming/JNDI component...

10CVSS5.9AI score0.06051EPSS
Exploits0References32Affected Software3
Veracode
Veracode
•added 2019/05/02 4:55 a.m.•34 views

Authorization Bypass

java is vulnerable to authorization bypass. The vulnerability exists through Scripting...

9.8CVSS8.9AI score0.96714EPSS
Exploits13References18Affected Software2
Veracode
Veracode
•added 2019/05/02 4:54 a.m.•34 views

Arbitrary Code Execution

OpenJDK is vulnerable to arbitrary code execution. The attack is due to a flaw which allows an untrusted Java application or applet to bypass certain Java sandbox restrictions...

9.3CVSS6.6AI score0.04652EPSS
Exploits0References14Affected Software1
Veracode
Veracode
•added 2019/05/02 4:54 a.m.•34 views

Sandbox Restrictions Bypass

openjdk is vulnerable to sandbox restrictions bypass. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions and affect confidentiality, integrity and availability via vectors related to 2D...

10CVSS6.1AI score0.07188EPSS
Exploits0References28Affected Software3
Veracode
Veracode
•added 2019/05/02 4:52 a.m.•34 views

Arbitrary Code Execution

firefox/thunderbird is vulnerable to arbitrary code execution. A remote attacker is able to corrupt memory which could lead to arbitrary code execution or an application crash...

9.3CVSS7.1AI score0.04676EPSS
Exploits0References24Affected Software6
Veracode
Veracode
•added 2019/05/02 4:52 a.m.•34 views

Denial Of Service (DoS)

MySQL is vulnerable to denial of service DoS. It allows remote attackers to affect availability via unknown vectors...

4CVSS5.2AI score0.02829EPSS
Exploits1References12Affected Software1
Veracode
Veracode
•added 2019/05/02 4:52 a.m.•34 views

Denial Of Service (DoS)

MySQL is vulnerable to denial of service DoS. It allows remote attackers to affect availability via unknown vectors...

5CVSS5.2AI score0.03177EPSS
Exploits0References11Affected Software1
Veracode
Veracode
•added 2019/05/02 4:52 a.m.•34 views

Denial Of Service (DoS)

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...

5.4CVSS5.8AI score0.03177EPSS
Exploits2References11Affected Software1
Veracode
Veracode
•added 2019/05/02 4:45 a.m.•34 views

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

8.8CVSS8.1AI score0.69021EPSS
Exploits9References17Affected Software3
Veracode
Veracode
•added 2019/05/02 4:45 a.m.•34 views

Same-Origin Policy Bypass

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

8.8CVSS8.1AI score0.69021EPSS
Exploits9References19Affected Software3
Veracode
Veracode
•added 2019/05/02 4:45 a.m.•34 views

Sandbox Restrictions Bypass

OpenJDK 7 Java Runtime Environment and Software Development Kit is susceptible to sandbox restriction bypass. Due to the flaws in ImagingLib and the image attribute, channel, layout and raster processing in the 2D component, it does not prevent an untrusted Java application or applet to trigger...

9.8CVSS6.1AI score0.98704EPSS
Exploits10References35Affected Software3
Veracode
Veracode
•added 2019/05/02 4:45 a.m.•34 views

Denial Of Service (DoS)

Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. A heap-based buffer overflow flaw was found in the way Wireshark handled Endace ERF Extensible Record Format capture files. If Wireshark opened a...

4.3CVSS7AI score0.06597EPSS
Exploits8References25Affected Software1
Veracode
Veracode
•added 2019/05/02 4:44 a.m.•34 views

Input Validation Bypass

OpenShift Enterprise is a cloud computing Platform-as-a-Service PaaS solution from Red Hat, and is designed for on-premise or private cloud deployments. A flaw was found in the handling of paths provided to ruby193-rubygem-rack. A remote attacker could use this flaw to conduct a directory travers...

7.5CVSS5.5AI score0.05281EPSS
Exploits0References8Affected Software4
Veracode
Veracode
•added 2019/05/02 4:43 a.m.•34 views

Bypass Policy

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

9.3CVSS9.8AI score0.42609EPSS
Exploits5References23Affected Software3
Veracode
Veracode
•added 2019/05/02 4:42 a.m.•34 views

Spoofing Vulnerability

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1970,...

10CVSS9.6AI score0.07762EPSS
Exploits2References14Affected Software2
Veracode
Veracode
•added 2019/05/02 4:42 a.m.•34 views

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1970,...

10CVSS9.6AI score0.07762EPSS
Exploits2References18Affected Software3
Veracode
Veracode
•added 2019/05/02 4:42 a.m.•34 views

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user...

9.8CVSS6.3AI score0.99998EPSS
Exploits56References16Affected Software2
Veracode
Veracode
•added 2019/05/02 4:42 a.m.•34 views

Authorization Bypass

JBoss Application Server is the base package for JBoss Enterprise Application Platform, providing the core server components. The Java Naming and Directory Interface JNDI Java API allows Java software clients to locate objects or services in an application server. The Java Authorization Contract...

7.5CVSS5.7AI score0.03521EPSS
Exploits2References16Affected Software3
Veracode
Veracode
•added 2019/05/02 4:41 a.m.•34 views

Information Disclosure

kernel-rt is vulnerable to information disclosure. Local users are able to obtain confidential information from the kernel stack memory via recvfrom or recvmsgsystem call on an RDS socket. due to failure to initialize certain structure member in the rdsrecvmsg function in net/rds/recv.c...

2.1CVSS5.3AI score0.00952EPSS
Exploits2References26Affected Software1
Veracode
Veracode
•added 2019/05/02 4:41 a.m.•34 views

Remote Code Execution (RCE)

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

10CVSS5.7AI score0.98536EPSS
Exploits14References17Affected Software1
Veracode
Veracode
•added 2019/05/02 4:41 a.m.•34 views

Denial Of Service (DoS)

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...

9CVSS6AI score0.05096EPSS
Exploits1References23Affected Software1
Veracode
Veracode
•added 2019/05/02 4:41 a.m.•34 views

Denial Of Service (DoS)

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...

9CVSS6AI score0.05096EPSS
Exploits1References20Affected Software1
Veracode
Veracode
•added 2019/04/23 3:14 a.m.•34 views

Authorization Bypass

libxslt.so is vulnerable to authorization bypass. The callers of xsltCheckRead and xsltCheckWrite allow access upon receiving a -1 error code, which is invalid for a URL but is subsequently loaded...

9.8CVSS9.1AI score0.0523EPSS
Exploits0References21Affected Software2
Veracode
Veracode
•added 2019/04/03 2:27 a.m.•34 views

Firewall Misconfiguration

github.com/containernetworking/plugins contains firewall misconfigurations. The misconfiguration causes the HostPort/portmap rule to take precedence on matching incoming traffic even if there are earlier rules or better fitting rules in the iptables nat chains...

7.5CVSS7.4AI score0.03119EPSS
Exploits0References7Affected Software2
Veracode
Veracode
•added 2019/03/25 8:40 a.m.•34 views

Cross-Site Scripting (XSS)

Mort Bay Jetty is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary web script or HTML via the query string to jsp/dump.jsp in the JSP Dump feature, the Name and Value parameter in the default URI for the Session Dump Servlet under session/...

4.3CVSS8.6AI score0.03055EPSS
Exploits1References1Affected Software1
Veracode
Veracode
•added 2019/03/15 3:3 a.m.•34 views

Cross-Site Request Forgery (CSRF)

wordpress is vulnerable to cross-site request forgery CSRF. The vulnerability exists as it does not have any CSRF protections in place to prevent forged request when posting comments. Moreover, a lack of comment content filtering when an administrative user posts a comment, allows a remote attack...

8.8CVSS8.5AI score0.4375EPSS
Exploits4References8Affected Software2
Veracode
Veracode
•added 2019/02/19 4:42 a.m.•34 views

Denial Of Service (DoS)

libsystemd.so is vulnerable to denial of service. A local attacker is able to cause a kernel panic by sending a malicious DBUS message which would cause a stack-based buffer overflow in the function busprocessobject in bus-objects.c...

5.5CVSS5.6AI score0.02035EPSS
Exploits1References21Affected Software4
Veracode
Veracode
•added 2019/02/12 2:31 a.m.•34 views

Malicious Container Execution

github.com/opencontainers/runc is vulnerable to Malicious Container Execution. It does not properly perform the file-descriptor handling which allows a malicious user to overwrite the host runc binary and subsequently executing containers such as 1 a new container with an attacker-controlled imag...

8.6CVSS8.4AI score0.9857EPSS
Exploits33References79Affected Software3
Veracode
Veracode
•added 2019/01/15 9:27 a.m.•34 views

Arbitrary Command Execution

ghostscript is vulnerable to arbitrary command execution. An incomplete fix for CVE-2018-16509 allows an attacker to exploit another variant of the vulnerability and bypass the -dSAFER protection to execute arbitrary command via malicious PostScript documents...

7.8CVSS8.3AI score0.92499EPSS
Exploits4References14Affected Software1
Veracode
Veracode
•added 2019/01/15 9:26 a.m.•34 views

Denial Of Service (DoS)

libsystemd.so is vulnerable to denial of service. A malicious DHCP server in the adjacent network is able to corrupt heap memory in the DHCPv6 client via a crafted options packet, resulting in a denial of service condition or possible code execution...

8.8CVSS8.3AI score0.0168EPSS
Exploits0References10Affected Software2
Veracode
Veracode
•added 2019/01/15 9:25 a.m.•34 views

Denial Of Service (DoS)

389-ds-base is vulnerable to denial of service DoS attacks. The vulnerability exists as a flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the dosearch function. An unauthenticated attacker could use this flaw to provoke a denial ...

7.5CVSS7AI score0.06238EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2019/01/15 9:25 a.m.•34 views

Privilege Escalation

glibc is vulnerable to privilege escalation attacks. The vulnerability exists as elf/dl-load.c in the GNU C Library aka glibc or libc6 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged setuid or ATSECURE program, which allows local users to gain privileges via a...

7.8CVSS8.4AI score0.02698EPSS
Exploits0References29Affected Software1
Veracode
Veracode
•added 2019/01/15 9:24 a.m.•34 views

Arbitrary Code Execution

richfaces is vulnerable to arbitrary code execution attacks. The vulnerabitiy exists as JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language EL expressions and execute arbitrary Java code via a /DATA/ substring in a path with an...

9.8CVSS9.7AI score0.21375EPSS
Exploits1References9Affected Software1
Veracode
Veracode
•added 2019/01/15 9:24 a.m.•34 views

Information Disclosure

Systems with microprocessors utilizing speculative execution and address translations are vulnerable to information disclosure. An L1TF issue allows an unprivileged attacker to read privileged memory of the kernel or other processes by conducting targeted cache side-channel attacks...

5.6CVSS6.3AI score0.05577EPSS
Exploits0References58Affected Software4
Veracode
Veracode
•added 2019/01/15 9:24 a.m.•34 views

Arbitrary Code Execution

jbossas is vulnerable to arbitrary code execution attacks. The vulnerability exists as Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it...

9.8CVSS9.7AI score0.90713EPSS
Exploits14References7Affected Software1
Veracode
Veracode
•added 2019/01/15 9:23 a.m.•34 views

Arbitrary Code Execution

glibc is vulnerable to arbitrary code execution. A buffer overflow vulnerability in the glob function in glob.c, caused by an off-by-one error, allows an attacker to execute arbitrary code and escalate his privileges...

9.8CVSS9.8AI score0.03002EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2019/01/15 9:23 a.m.•34 views

Memory Corruption

kernel-rt is vulnerable to arbitrary code execution attacks. The vulnerability exists as the Linux Kernel version 3.18 contains a dangerous feature vulnerability in modifyuserhwbreakpoint that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code...

5.5CVSS7AI score0.01221EPSS
Exploits0References17Affected Software2
Veracode
Veracode
•added 2019/01/15 9:22 a.m.•34 views

Arbitrary Code Execution

patch is vulnerable to arbitrary code execution attacks. The vulnerability exists as GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitabl...

7.8CVSS7.9AI score0.0556EPSS
Exploits0References22Affected Software1
Veracode
Veracode
•added 2019/01/15 9:21 a.m.•34 views

ASLR Bypass

kernel-rt is vulnerable to ASLR bypass attacks. The vulnerability exists as the archpickmmaplayout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the...

7.8CVSS7.9AI score0.0117EPSS
Exploits12References45Affected Software1
Veracode
Veracode
•added 2019/01/15 9:16 a.m.•34 views

Privilege Escalation

kernel is vulnerable to privilege escalation attacks. The vulnerability exists as an elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate becau...

7CVSS7.5AI score0.02341EPSS
Exploits0References8Affected Software2
Total number of security vulnerabilities5000