Lucene search
K

312 matches found

OSV
OSV
added 2023/05/01 1:41 p.m.33 views

CVE-2023-30859 Spigot Command Exploit in Triton

Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to...

7.2CVSS8.9AI score0.01066EPSS
Exploits1References4
The Coalfire Blog
The Coalfire Blog
added 2023/02/07 7:42 p.m.16 views

End the compliance management blues

Coalfire teamed up with one of the worlds leading security technology engineering firms, anecdotes, to expand Compliance Essentials capabilities - automating compliance workflows and risks, evidence collection, and audit execution. All within one platform...

3.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/01/25 12:0 a.m.9 views

Introducing Microservices Patterns with Spring Integration

Hey Spring Community! I hope you are enjoying Spring One Essentials these days. The most exciting feature for me is an Observability which is spread throughout the Spring portfolio from now on. Nevertheless, today I’d like to share with a project I’m working on since holidays, where the mentioned...

0.1AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/01/24 9:0 a.m.18 views

This Week in Spring - SpringOne Essentials 2023 edition - January 24th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! Today is a very day for you see, today we kick off SpringOne Essentials, the online incarnation of SpringOne, online. Well see you live, on stream, in just a few hours!. SpringOne Essentials is going to be amazing, but before...

2.4AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/01/24 12:0 a.m.21 views

This Week in Spring - SpringOne Essentials 2023 edition - January 24th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! Today is a very day for you see, today we kick off SpringOne Essentials, the online incarnation of SpringOne, online. We'll see you live, on stream, in just a few hours!. SpringOne Essentials is going to be amazing, but befor...

2.4AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/10 10:53 a.m.42 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to security bypass due to Spring Security (CVE-2022-31692)

Summary IBM Sterling Partner Engagement Manager has addressed a vulnerablity in Spring Security. Vulnerability Details CVEID:CVE-2022-31692 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions, caused by a flaw when using forward or include...

9.8CVSS9.2AI score0.03425EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/10 10:47 a.m.39 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to multiple issues due to IBM® SDK, Java™ Technology Edition ( CVE-2022-21541, CVE-2022-21540 )

Summary IBM Sterling Partner Engagement Manager has addressed all applicable Java SE CVEs published by Oracle as part of their July 2022 Critical Patch Update. Vulnerability Details CVEID:CVE-2022-21541 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a...

5.9CVSS6.3AI score0.0296EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/10 10:45 a.m.22 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to SQL injection attack (CVE-2022-40615)

Summary IBM Sterling Partner Engagement Manager has addressed a SQL injection vulnerability. Vulnerability Details CVEID:CVE-2022-40615 DESCRIPTION: IBM Sterling Partner Engagement Manager is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could...

9.8CVSS8.2AI score0.00688EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/10 10:35 a.m.33 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to denial of service due to sshd-core (CVE-2021-30129)

Summary IBM Sterling Partner Engagement Manager has addressed a vulnerablity in sshd-core. Vulnerability Details CVEID:CVE-2021-30129 DESCRIPTION: Apache Mina SSHD is vulnerable to a denial of service, caused by an OutOfMemory flaw in the SFTP and port forwarding features in sshd-core. By sending...

6.5CVSS6.7AI score0.03394EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/17 12:0 a.m.5 views

PT-2022-18936 · Tenable · Nessus Essentials +2

Name of the Vulnerable Software and Affected Versions: Nessus Essentials and Professional affected versions not specified Description: The issue allows an authenticated user with debug privileges to retrieve stored Nessus policy credentials from the "nessusd" process in cleartext via process...

6.5CVSS6.2AI score0.00638EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/10/17 12:0 a.m.22 views

CVE-2022-28291

Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an...

6.5AI score0.00638EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/23 6:9 a.m.39 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to a denial of service due to Vmware Tanzu Spring Framework (CVE-2022-22971)

Summary IBM Sterling Partner Engagement Manager uses Vmware Tanzu Spring Framework that is vulnerable to a denial of service, caused by a flaw with a STOMP over WebSocket endpoint. The issue has been addressed. Vulnerability Details CVEID:CVE-2022-22971 DESCRIPTION: Vmware Tanzu Spring Framework ...

6.5CVSS6.4AI score0.02931EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/22 3:2 a.m.22 views

Security Bulletin: Security Vulnerability in IBM WebSphere Application Server (CVE-2015-1920) affects Asset and Service Management

Summary A vulnerability in WebSphere Application Server could allow a remote attacker to execute arbitrary code by connecting to a management port and executing a specific sequence of instructions. The vulnerability affects Maximo Asset Management, Maximo Asset Management Essentials, Maximo...

10CVSS6.8AI score0.06885EPSS
Exploits0Affected Software15
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/22 3:2 a.m.25 views

Security Bulletin: IBM Maximo Asset Management contains a vulnerability that could allow a remote authenticated user to view ticket worklog entries that they should not have access to (CVE-2015-5016)

Summary IBM Maximo Asset Management contains a vulnerability that could allow a remote authenticated user to view ticket worklog entries that they should not have access to. This vulnerability could allow a local attacker to obtain sensitive information. The vulnerability affects Maximo Asset...

4.3CVSS4.1AI score0.00993EPSS
Exploits0Affected Software15
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/22 3:2 a.m.33 views

Security Bulletin: Security Vulnerability in IBM WebSphere Application Server (CVE-2015-4000) Affects Asset and Service Management

Summary The LogJam Attack on Diffie-Hellman ciphers CVE-2015-4000 may affect some configurations of IBM WebSphere Application Server. The vulnerability affects Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Energy Optimization, Maximo f...

3.7CVSS4.2AI score0.9986EPSS
Exploits1Affected Software15
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/22 3:2 a.m.21 views

Security Bulletin: Potential denial of service may affect IBM HTTP Server on Windows (CVE-2015-1829), impacting Asset and Service Management

Summary There is a potential denial of service that may affect IBM HTTP Server on Windows CVE-2015-1829. To exploit the attack requires local access to the server system. The attack affects Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for...

5CVSS7.7AI score0.02552EPSS
Exploits0Affected Software15
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/22 3:2 a.m.18 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2017-1504)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life...

6.5CVSS6.6AI score0.00944EPSS
Exploits0Affected Software15
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/18 11:51 a.m.38 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to LDAP injection (CVE-2022-22360)

Summary IBM Sterling Partner Engagement Manager is vulnerable to LDAP injection. The issue has been addressed. Vulnerability Details CVEID:CVE-2022-22360 DESCRIPTION: IBM Sterling Partner Engagement Manager could allow a remote authenticated attacker to conduct an LDAP injection. By using a...

8.8CVSS8.2AI score0.01413EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/18 11:43 a.m.37 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to cross-site request forgery (CVE-2022-22359)

Summary IBM Sterling Partner Engagement Manager could allow a remote attacker to enable Cross-Site Request Forgery CSRF on the system, caused by a parameter from a user request. The issue has been addressed. Vulnerability Details CVEID:CVE-2022-22359 DESCRIPTION: IBM Sterling Partner Engagement...

6.5CVSS5.6AI score0.0026EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2022/05/04 8:10 a.m.20 views

Prototype Pollution

jsgui-lang-essentials is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the llset function in the jsgui-lang-essentials.js and modify attributes such as proto, constructor, and prototype...

9.8CVSS4.2AI score0.01182EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder