SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2024:0515-1)
The remote SUSE Linux SLED15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0515-1 advisory. Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer...
7.8CVSS
7.5AI Score
0.002EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:0469-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0469-1 advisory. Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer...
7.8CVSS
7.5AI Score
0.002EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:0483-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0483-1 advisory. Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer...
7.8CVSS
6.9AI Score
0.002EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:0476-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0476-1 advisory. Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue...
7.8CVSS
7.4AI Score
0.002EPSS
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:0484-1)
The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0484-1 advisory. Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows ...
7.8CVSS
7.1AI Score
0.002EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:0516-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0516-1 advisory. Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem...
7.8CVSS
7.5AI Score
0.002EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:0514-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0514-1 advisory. Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced...
7.8CVSS
7.5AI Score
0.002EPSS
7.8CVSS
7.7AI Score
0.002EPSS
9CVSS
7.2AI Score
0.004EPSS
linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15 vulnerabilities
Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32250, CVE-2023-32252,...
9CVSS
7.6AI Score
0.004EPSS
Update AMD CPU microcode to 2023-10-19: Addition AMD CPU microcode for processor family 19h: sig 0x00a10f12, sig 0x00aa0f02, sig 0x00aa0f01, sig 0x00a10f11; Update AMD CPU microcode for processor family 17h: sig...
7.3AI Score
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details **...
9.8CVSS
10AI Score
EPSS
How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities
With many of the highly publicized 2023 cyber attacks revolving around one or more SaaS applications, SaaS has become a cause for genuine concern in many boardroom discussions. More so than ever, considering that GenAI applications are, in fact, SaaS applications. Wing Security (Wing), a SaaS...
6.8AI Score
A vulnerability was found in AMD hardware due to insufficient verification of data authenticity in AGESA. This issue may allow a local unauthenticated attacker to update SPI ROM data, potentially resulting in denial of service or privilege...
7.2AI Score
EPSS
linux-intel-iotg-5.15 vulnerabilities
Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32250, CVE-2023-32252,...
9CVSS
7.7AI Score
0.004EPSS
A vulnerability was found in AMD hardware due to improper access control in System Management Mode (SMM). This issue could allow a local unauthenticated attacker to execute arbitrary...
7.7AI Score
0.0004EPSS
A vulnerability was found in AMD hardware due to improper access control in the AMD SPI protection feature. This issue may allow a local user with Ring0 (kernel mode) privileged access to bypass protections, potentially resulting in loss of integrity and...
7AI Score
0.0004EPSS
A vulnerability was found in AMD hardware due to a heap overflow in the SMM module. This issue could allow a local unauthenticated attacker to enable writing to SPI flash to execute arbitrary...
8AI Score
EPSS
9CVSS
8AI Score
0.004EPSS
Linux kernel (Intel IoTG) vulnerabilities
Releases Ubuntu 20.04 LTS Packages linux-intel-iotg-5.15 - Linux kernel for Intel IoT platforms Details Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial...
9CVSS
8.1AI Score
0.004EPSS
Linux kernel (Azure) vulnerabilities
Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.15 - Linux kernel for Microsoft Azure cloud systems linux-azure-fde - Linux kernel for Microsoft Azure CVM cloud systems linux-azure-fde-5.15 - Linux kernel for...
9CVSS
8AI Score
0.004EPSS
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components (e.g., framework libraries) that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details ** CVEID: CVE-2022-43552 DESCRIPTION: **cURL libcurl is vulnerable to a denial of service,.....
9.8CVSS
8.9AI Score
0.004EPSS
Summary IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities. IBM has addressed the relevant vulnerabilities with updates. Vulnerability Details ** CVEID: CVE-2020-19909 DESCRIPTION: **cURL libcurl is vulnerable to a denial of service, caused by an integer overflow...
9.8CVSS
9.8AI Score
0.003EPSS
Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID:...
9.8CVSS
10AI Score
0.116EPSS
PINs for Cryptography with Hardware Secure Elements
I'm a big fan of technologies that enable otherwise impossible security properties and user experiences, like cryptography often can. One such technology is hardware secure elements. Here's a thing you can't do with cryptography: encrypt data securely with a low-entropy secret, like a PIN. If a...
6.5AI Score
Summary CVE-2023-22081 and CVE-2023-22067 were disclosed in the Oracle October 2023 Critical Patch Update. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cause no confidentiality...
5.3CVSS
5.8AI Score
0.001EPSS
Summary CVE-2023-22049 was disclosed in the Oracle July 2023 Quarterly CPU Update. Vulnerability Details ** CVEID: CVE-2023-22049 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow a remote attacker to cause low integrity impacts. CVSS Base...
3.7CVSS
4.4AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cause no...
5.9CVSS
5.8AI Score
0.001EPSS
Summary There is a vulnerability in IBM® Java™ version 8 and 11 used by IBM CPLEX Optimization Studio. This issue was disclosed as part of the Oracle / OpenJDK October 2023 Critical Patch Updates. Vulnerability Details ** CVEID: CVE-2023-5676 DESCRIPTION: **Eclipse OpenJ9 is vulnerable to a...
5.9CVSS
5.4AI Score
0.0004EPSS
Summary Multiple Vulnerabilities were disclosed as part of the Oracle July 2023 Critical Patch Update. Vulnerability Details ** CVEID: CVE-2023-22045 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality...
3.7CVSS
4.9AI Score
0.001EPSS
linux-lowlatency, linux-raspi vulnerabilities
Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32250, CVE-2023-32252,...
9CVSS
7.6AI Score
0.004EPSS
Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days
Microsoft has released patches to address 73 security flaws spanning its software lineup as part of its Patch Tuesday updates for February 2024, including two zero-days that have come under active exploitation. Of the 73 vulnerabilities, 5 are rated Critical, 65 are rated Important, and three and.....
9.8CVSS
9.1AI Score
0.192EPSS
Releases Ubuntu 22.04 LTS Packages linux-lowlatency - Linux low latency kernel linux-raspi - Linux kernel for Raspberry Pi systems Details Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote...
9CVSS
7.8AI Score
0.004EPSS
A flaw was found in mod_auth_openidc, an OpenID Certified™ authentication and authorization module for the Apache HTTP server. Missing input validation in the mod_auth_openidc_session_chunks cookie value can make the server vulnerable to a denial of service attack. This issue may allow a remote...
7.5CVSS
7.5AI Score
0.0004EPSS
Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other...
6.5AI Score
0.0004EPSS
Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code...
7AI Score
0.0004EPSS
Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of guest...
6.8AI Score
0.0004EPSS
Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other...
6.3AI Score
0.0004EPSS
Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and...
6.4AI Score
0.0004EPSS
Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and...
6.7AI Score
0.0004EPSS
Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of guest...
6.6AI Score
0.0004EPSS
Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code...
7.2AI Score
0.0004EPSS
Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege...
6.5AI Score
0.0004EPSS
Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege...
9.2AI Score
0.0004EPSS
Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and...
7.3AI Score
0.0004EPSS
Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other...
6.9AI Score
0.0004EPSS
Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege...
7.4AI Score
0.0004EPSS
Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code...
8.1AI Score
0.0004EPSS
Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of guest...
7.2AI Score
0.0004EPSS
Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and...
6.7AI Score
0.0004EPSS