Lucene search
+L

131 matches found

RedhatCVE
RedhatCVE
added 2023/01/06 10:1 p.m.42 views

CVE-2022-45935

Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions...

5.5CVSS5.1AI score0.0036EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/12/25 12:0 a.m.5 views

PT-2022-27671 · Unknown · Planet Estream

Name of the Vulnerable Software and Affected Versions: Planet eStream versions prior to 6.72.10.07 Description: The issue involves multiple Stored Cross-Site Scripting XSS vulnerabilities in various components, including Disclaimer, Search Function, Comments, Batch editing tool, Content Creation,...

5.4CVSS5.4AI score0.00438EPSS
Exploits3References4
Microsoft Malware Protection
Microsoft Malware Protection
added 2022/11/22 5:0 p.m.54 views

Vulnerable SDK components lead to supply chain risks in IoT and OT environments

December 8, 2022 update - Reflected additional research on Boa-related CVEs and updated supply chain diagram. Vulnerabilities in network components, architecture files, and developer tools have become increasingly popular attack vectors to gain access into secure networks and devices. External...

10CVSS0.4AI score0.99999EPSS
Exploits360
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/25 3:2 p.m.47 views

Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID:CVE-2021-38185 DESCRIPTION: GNU cpio could allow a remote attacker to execute arbitrary code on the system, caused by an integer...

7.8CVSS8.2AI score0.04683EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/18 1:51 p.m.53 views

Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has released a new version which addresses the vulnerabilities. Vulnerability Details CVEID:CVE-2019-11358 DESCRIPTION: jQuery, as used in Drupal core, is...

9.8CVSS9.3AI score0.99019EPSS
Exploits37Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/23 1:34 p.m.60 views

Security Bulletin: IBM QRadar SIEM includes components with multiple known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed the relevant vulnerabilities. Vulnerability Details CVEID:CVE-2021-43859 DESCRIPTION: XStream is vulnerable to a denial of service, caused by...

9.8CVSS10AI score0.99298EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/26 2:35 p.m.69 views

Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-23218 DESCRIPTION: GNU C Library aka glibc is vulnerable to a stack-based...

9.8CVSS9.5AI score0.35867EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/25 1:54 p.m.40 views

Security Bulletin: IBM Cloud Pak for Security is vulnerable to Using Components with Known Vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed the relevant vulnerabilities. Vulnerability Details CVEID:CVE-2022-21721 DESCRIPTION: Next.js is vulnerable to a denial of service, caused by a...

9.8CVSS8.3AI score0.70561EPSS
Exploits24Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/05 1:50 p.m.73 views

Security Bulletin: IBM QRadar Network Packet Capture includes multiple vulnerable components.

Summary The product includes multiple vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed the relevant CVEs. Vulnerability Details CVEID: CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a...

9.8CVSS2AI score0.70561EPSS
Exploits6Affected Software1
NVD
NVD
added 2022/06/30 8:15 p.m.25 views

CVE-2022-23718

PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. An attacker capable of achieving a sophisticated man-in-the-middle position, or to compromise Ping Identity web servers, could deliver malicious code that would be executed as SYSTEM by the...

9.3CVSS0.01939EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/06/30 8:15 p.m.5 views

CVE-2022-23718

PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. An attacker capable of achieving a sophisticated man-in-the-middle position, or to compromise Ping Identity web servers, could deliver malicious code that would be executed as SYSTEM by the...

9.3CVSS7.5AI score0.01939EPSS
Exploits0References3
OSV
OSV
added 2022/06/30 8:15 p.m.4 views

CVE-2022-23718

PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. An attacker capable of achieving a sophisticated man-in-the-middle position, or to compromise Ping Identity web servers, could deliver malicious code that would be executed as SYSTEM by the...

8.1CVSS6AI score0.01939EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.7 views

Ping Identity Windows PingId 安全漏洞

Ping Identity Windows PingId is a software from Ping Identity USA that provides security for applications. A security vulnerability exists in Ping Identity Windows PingId versions prior to 2.8 that stems from the use of known vulnerable components that could lead to remote code execution...

9.3CVSS8.1AI score0.01939EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/17 6:45 p.m.108 views

Security Bulletin: IBM QRadar WinCollect is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., third party libraries that may be identified and exploited with automated tools. IBM QRadar WinCollect for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2022-1434 DESCRIPTION: OpenSSL is vulnerable to a...

10CVSS8.8AI score0.83223EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/31 2:40 p.m.113 views

Security Bulletin: IBM QRadar Network Packet Capture is using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The product has addressed these issues. Vulnerability Details CVEID: CVE-2021-42574 DESCRIPTION: Unicode could allow a remote attacker to execute arbitrary code ...

9.8CVSS9.5AI score0.94921EPSS
Exploits163Affected Software1
vulnersOsv
vulnersOsv
added 2022/02/16 12:1 a.m.6 views

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.openshift.jenkins:openshift-pipeline (>=1.0.14 <=1.0.57) +37 more potentially affected by CVE-2022-25180 via org.jenkins-ci.plugins.workflow:workflow-cps (>=0.1-beta-1 <=1.9-beta-1)

org.jenkins-ci.plugins.workflow:workflow-cps MAVEN version =0.1-beta-1, =1.9.2-beta, =1.0.14, =1.3.0, =0.9.0, =1.22, =1.0, =1.0, =1.0, =0.1-beta-1, =0.1-beta-5, =1.9-beta-1, =2.3 and more Source cves: CVE-2022-25180 Source advisory: OSV:GHSA-QV6Q-X9VR-W7J3...

4.3CVSS5.4AI score0.00528EPSS
Exploits0
CNNVD
CNNVD
added 2022/02/04 12:0 a.m.7 views

Micro Star International Center 安全漏洞

Micro Star International Center is a new platform from Micro Star Technology Micro Star Inc. of Taiwan, China that combines all of MSI's exclusive features. Micro Star International Center has a security vulnerability that originates from an elevation of privilege LPE/EoP vulnerability in multipl...

7.8CVSS7.4AI score0.00302EPSS
Exploits0References3
Rapid7 Blog
Rapid7 Blog
added 2021/11/08 7:7 p.m.28 views

OWASP Top 10 Deep Dive: Getting a Clear View on Vulnerable and Outdated Components

Most of us think of climbing the ladder as a good thing — but when the ladder in question is OWASP's Top 10 list of application security risks, a sudden upward trajectory is cause for alarm rather than encouragement. In the 2021 edition of the OWASP list, vulnerable and outdated components moved ...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/09/30 2:24 p.m.32 views

The 2021 OWASP Top 10 Have Evolved: Here's What You Should Know

Late last week, the Open Web Application Security Project OWASP released its top 10 list of critical web application security risks. The last OWASP Top 10 came out in 2017, and in the intervening 4 years, we've seen a fundamental shift in application security that includes greater emphasis on...

7.6AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/06/09 12:0 a.m.3 views

The vulnerability of the component set used for building JBoss Core Services’ corporate applications relates to the use of memory after it is freed. This allows a attacker to execute arbitrary code.

The vulnerability of the component set used to build JBoss Core Services applications is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker operating remotely to execute arbitrary code...

8.1CVSS6.8AI score0.60122EPSS
Exploits1References6Affected Software5
Rows per page
Query Builder