131 matches found
CVE-2022-45935
Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions...
PT-2022-27671 · Unknown · Planet Estream
Name of the Vulnerable Software and Affected Versions: Planet eStream versions prior to 6.72.10.07 Description: The issue involves multiple Stored Cross-Site Scripting XSS vulnerabilities in various components, including Disclaimer, Search Function, Comments, Batch editing tool, Content Creation,...
Vulnerable SDK components lead to supply chain risks in IoT and OT environments
December 8, 2022 update - Reflected additional research on Boa-related CVEs and updated supply chain diagram. Vulnerabilities in network components, architecture files, and developer tools have become increasingly popular attack vectors to gain access into secure networks and devices. External...
Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID:CVE-2021-38185 DESCRIPTION: GNU cpio could allow a remote attacker to execute arbitrary code on the system, caused by an integer...
Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has released a new version which addresses the vulnerabilities. Vulnerability Details CVEID:CVE-2019-11358 DESCRIPTION: jQuery, as used in Drupal core, is...
Security Bulletin: IBM QRadar SIEM includes components with multiple known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed the relevant vulnerabilities. Vulnerability Details CVEID:CVE-2021-43859 DESCRIPTION: XStream is vulnerable to a denial of service, caused by...
Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-23218 DESCRIPTION: GNU C Library aka glibc is vulnerable to a stack-based...
Security Bulletin: IBM Cloud Pak for Security is vulnerable to Using Components with Known Vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed the relevant vulnerabilities. Vulnerability Details CVEID:CVE-2022-21721 DESCRIPTION: Next.js is vulnerable to a denial of service, caused by a...
Security Bulletin: IBM QRadar Network Packet Capture includes multiple vulnerable components.
Summary The product includes multiple vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed the relevant CVEs. Vulnerability Details CVEID: CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a...
CVE-2022-23718
PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. An attacker capable of achieving a sophisticated man-in-the-middle position, or to compromise Ping Identity web servers, could deliver malicious code that would be executed as SYSTEM by the...
CVE-2022-23718
PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. An attacker capable of achieving a sophisticated man-in-the-middle position, or to compromise Ping Identity web servers, could deliver malicious code that would be executed as SYSTEM by the...
CVE-2022-23718
PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. An attacker capable of achieving a sophisticated man-in-the-middle position, or to compromise Ping Identity web servers, could deliver malicious code that would be executed as SYSTEM by the...
Ping Identity Windows PingId 安全漏洞
Ping Identity Windows PingId is a software from Ping Identity USA that provides security for applications. A security vulnerability exists in Ping Identity Windows PingId versions prior to 2.8 that stems from the use of known vulnerable components that could lead to remote code execution...
Security Bulletin: IBM QRadar WinCollect is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., third party libraries that may be identified and exploited with automated tools. IBM QRadar WinCollect for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2022-1434 DESCRIPTION: OpenSSL is vulnerable to a...
Security Bulletin: IBM QRadar Network Packet Capture is using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The product has addressed these issues. Vulnerability Details CVEID: CVE-2021-42574 DESCRIPTION: Unicode could allow a remote attacker to execute arbitrary code ...
com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.openshift.jenkins:openshift-pipeline (>=1.0.14 <=1.0.57) +37 more potentially affected by CVE-2022-25180 via org.jenkins-ci.plugins.workflow:workflow-cps (>=0.1-beta-1 <=1.9-beta-1)
org.jenkins-ci.plugins.workflow:workflow-cps MAVEN version =0.1-beta-1, =1.9.2-beta, =1.0.14, =1.3.0, =0.9.0, =1.22, =1.0, =1.0, =1.0, =0.1-beta-1, =0.1-beta-5, =1.9-beta-1, =2.3 and more Source cves: CVE-2022-25180 Source advisory: OSV:GHSA-QV6Q-X9VR-W7J3...
Micro Star International Center 安全漏洞
Micro Star International Center is a new platform from Micro Star Technology Micro Star Inc. of Taiwan, China that combines all of MSI's exclusive features. Micro Star International Center has a security vulnerability that originates from an elevation of privilege LPE/EoP vulnerability in multipl...
OWASP Top 10 Deep Dive: Getting a Clear View on Vulnerable and Outdated Components
Most of us think of climbing the ladder as a good thing — but when the ladder in question is OWASP's Top 10 list of application security risks, a sudden upward trajectory is cause for alarm rather than encouragement. In the 2021 edition of the OWASP list, vulnerable and outdated components moved ...
The 2021 OWASP Top 10 Have Evolved: Here's What You Should Know
Late last week, the Open Web Application Security Project OWASP released its top 10 list of critical web application security risks. The last OWASP Top 10 came out in 2017, and in the intervening 4 years, we've seen a fundamental shift in application security that includes greater emphasis on...
The vulnerability of the component set used for building JBoss Core Services’ corporate applications relates to the use of memory after it is freed. This allows a attacker to execute arbitrary code.
The vulnerability of the component set used to build JBoss Core Services applications is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker operating remotely to execute arbitrary code...