Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities
Summary IBM Cognos Analytics is affected and considered vulnerable, based on current information, to vulnerabilities in Open-Source Software (OSS) components consumed by IBM Cognos Analytics. IBM Cognos Analytics has addressed the applicable CVEs by upgrading or removing the vulnerable libraries......
9.8CVSS
10AI Score
0.86EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: prevent memory leak In dcn*_create_resource_pool the allocated memory should be released if construct pool...
6.7AI Score
0.0004EPSS
Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Monitoring.
Summary Vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components. CVEs: CVE-2023-22067, CVE-2023-22081, CVE-2023-33850, CVE-2023-5676, CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945 and...
7.5CVSS
7.7AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: drivers/amd/pm: fix a use-after-free in kv_parse_power_table When ps allocated by kzalloc equals to NULL, kv_parse_power_table frees adev->pm.dpm.ps that allocated before. However, after the control flow goes through the followi...
7.8CVSS
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drivers/amd/pm: fix a use-after-free in kv_parse_power_table When ps allocated by kzalloc equals to NULL, kv_parse_power_table frees adev->pm.dpm.ps that allocated before. However, after the control flow goes through the followi...
7.8CVSS
7.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drivers/amd/pm: fix a use-after-free in kv_parse_power_table When ps allocated by kzalloc equals to NULL, kv_parse_power_table frees adev->pm.dpm.ps that allocated before. However, after the control flow goes through the...
7.8CVSS
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drivers/amd/pm: fix a use-after-free in kv_parse_power_table When ps allocated by kzalloc equals to NULL, kv_parse_power_table frees adev->pm.dpm.ps that allocated before. However, after the control flow goes through the followi...
7.3AI Score
0.0004EPSS
(RHSA-2024:0979) Moderate: linux-firmware security update
The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine memory integrity problem (CVE-2023-20592) For more details about the security issue(s), including...
6.8AI Score
0.0005EPSS
(RHSA-2024:0978) Moderate: linux-firmware security update
The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine memory integrity problem (CVE-2023-20592) For more details about the security issue(s), including...
6.8AI Score
0.0005EPSS
RHEL 7 : linux-firmware (RHSA-2024:0978)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0978 advisory. The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): * hw: amd: INVD...
6.5CVSS
7AI Score
0.0005EPSS
7.8CVSS
6.9AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: drivers/amd/pm: fix a use-after-free in kv_parse_power_table When ps allocated by kzalloc equals to NULL, kv_parse_power_table frees adev->pm.dpm.ps that allocated before. However, after the control flow goes through the followi...
7.8CVSS
7.8AI Score
0.0004EPSS
CVE-2023-52469 drivers/amd/pm: fix a use-after-free in kv_parse_power_table
In the Linux kernel, the following vulnerability has been resolved: drivers/amd/pm: fix a use-after-free in kv_parse_power_table When ps allocated by kzalloc equals to NULL, kv_parse_power_table frees adev->pm.dpm.ps that allocated before. However, after the control flow goes through the followi...
7.8AI Score
0.0004EPSS
Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service (paravirtualized device unavailability). (CVE-2023-34324) Zheng Wang...
7.8CVSS
7.1AI Score
0.001EPSS
Security Bulletin: IBM Cognos Transformer is affected by security vulnerabilities
Summary There are vulnerabilities in Apache Xalan, Apache Commons Codec, IBM® Java™ Version 8, and OpenSSL that are consumed by IBM Cognos Transformer. These have been addressed by upgrading or removing the vulnerable libraries. Please refer to the table in the Related Information section for...
9.8CVSS
9.7AI Score
0.004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference at hibernate During hibernate sequence the source context might not have a clk_mgr. So don't use it to look for DML2...
5.5CVSS
5.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference at hibernate During hibernate sequence the source context might not have a clk_mgr. So don't use it to look for DML2...
5.5CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference at hibernate During hibernate sequence the source context might not have a clk_mgr. So don't use it to look for DML2...
5.5CVSS
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference at hibernate During hibernate sequence the source context might not have a clk_mgr. So don't use it to look for DML2...
7.3AI Score
0.0004EPSS
CVE-2023-52460 drm/amd/display: Fix NULL pointer dereference at hibernate
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference at hibernate During hibernate sequence the source context might not have a clk_mgr. So don't use it to look for DML2...
5.6AI Score
0.0004EPSS
CVE-2023-52460 drm/amd/display: Fix NULL pointer dereference at hibernate
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference at hibernate During hibernate sequence the source context might not have a clk_mgr. So don't use it to look for DML2...
6.8AI Score
0.0004EPSS
Summary Sterling Connect:Direct Browser User Interface uses IBM® Runtime Environment Java™ Versions. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE.....
5.9CVSS
6.9AI Score
0.001EPSS
Summary Sterling Connect:Direct Browser User Interface uses IBM® Runtime Environment Java™ Versions. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2023-22045 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM...
3.7CVSS
6.9AI Score
0.001EPSS
FTC Slams Avast with $16.5 Million Fine for Selling Users' Browsing Data
The U.S. Federal Trade Commission (FTC) has hit antivirus vendor Avast with a $16.5 million fine over charges that the firm sold users' browsing data to advertisers after claiming its products would block online tracking. In addition, the company has been banned from selling or licensing any web...
6.7AI Score
Releases Ubuntu 23.10 Ubuntu 22.04 LTS Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems linux-hwe-6.5 - Linux hardware enablement (HWE) kernel linux-laptop - Linux kernel for Lenovo...
7.8CVSS
8.2AI Score
0.0004EPSS
Linux kernel (Azure) vulnerabilities
Releases Ubuntu 23.10 Packages linux-azure - Linux kernel for Microsoft Azure Cloud systems Details Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this...
7.8CVSS
7.2AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference at hibernate During hibernate sequence the source context might not have a clk_mgr. So don't use it to look for DML2...
5.5CVSS
6.7AI Score
0.0004EPSS
TruRisk™️ Insights – The Story Behind a TruRisk Score
In the world of cloud and SaaS security, where risks arise not only from vulnerabilities but also from misconfigurations and various threats, the task of prioritizing and managing them becomes increasingly complex. It's not just about identifying vulnerabilities; it's also crucial to recognize and....
7.7AI Score
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Business Developer
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle October 2023...
5.9CVSS
9.4AI Score
0.001EPSS
Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-bluefield - Linux kernel for NVIDIA BlueField platforms linux-gcp - Linux kernel for...
7.8CVSS
7.3AI Score
0.0004EPSS
(RHSA-2024:0930) Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546) kernel: malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory (CVE-2021-33655) ...
6.3AI Score
0.002EPSS
RHEL 8 : kernel (RHSA-2024:0930)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0930 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: GSM multiplexing race...
8.8CVSS
9AI Score
0.002EPSS
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s)...
7.5CVSS
6.5AI Score
0.001EPSS
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server...
7.5CVSS
7.2AI Score
0.001EPSS
November 14, 2023—KB5032190 (OS Builds 22621.2715 and 22631.2715)
November 14, 2023—KB5032190 (OS Builds 22621.2715 and 22631.2715) UPDATED 2/27/24 IMPORTANT: New dates for the end of non-security updates for Windows 11, version 22H2The new end date is June 24, 2025 for Windows 11, version 22H2 Enterprise, Education, IoT Enterprise, and Enterprise multi-session.....
9.8CVSS
8.2AI Score
0.57EPSS
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.5.5.5)
The version of AOS installed on the remote host is prior to 6.5.5.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.5.5.5 advisory. An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5....
7.8CVSS
8.2AI Score
0.002EPSS
Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20220304.480)
The version of AHV installed on the remote host is prior to 20220304.480. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20220304.480 advisory. An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before...
7.5CVSS
7.1AI Score
0.002EPSS
GLSA-202402-22 : intel-microcode: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202402-22 (intel-microcode: Multiple Vulnerabilities) Insufficient control flow management in some Intel(R) Processors may allow an authenticated user to potentially enable a denial of service via local access....
6.8CVSS
6.7AI Score
0.001EPSS
7.4AI Score
Microsoft Windows Defender - VBScript Detection Bypass Vulnerability
This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using...
7.2AI Score
9CVSS
8AI Score
0.004EPSS
7.4AI Score
A potential solution is attached as 0001-improve-bytesMatch.patch Summary: I was investigating for some low hanging fruits regarding performance bottlenecks in undici, when I found this potential security issue in undici, and thus in nodejs. First I wrote a benchmark for bytesMatch and saw the...
2.6CVSS
7.3AI Score
0.0004EPSS
SUSE SLED15 / SLES15 Security Update : openssl-3 (SUSE-SU-2024:0518-1)
The remote SUSE Linux SLED15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0518-1 advisory. Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the...
6.5CVSS
7.1AI Score
0.002EPSS
SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2024:0515-1)
The remote SUSE Linux SLED15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0515-1 advisory. Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer...
7.8CVSS
7.5AI Score
0.002EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:0469-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0469-1 advisory. Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer...
7.8CVSS
7.5AI Score
0.002EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:0483-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0483-1 advisory. Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer...
7.8CVSS
6.9AI Score
0.002EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:0476-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0476-1 advisory. Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue...
7.8CVSS
7.4AI Score
0.002EPSS
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:0484-1)
The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0484-1 advisory. Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows ...
7.8CVSS
7.1AI Score
0.002EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:0516-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0516-1 advisory. Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem...
7.8CVSS
7.5AI Score
0.002EPSS