Security above all else—expanding Microsoft’s Secure Future Initiative
Last November, we launched the Secure Future Initiative (SFI) to prepare for the increasing scale and high stakes of cyberattacks. SFI brings together every part of Microsoft to advance cybersecurity protection across our company and products. Since then, the threat landscape has continued to...
9.7AI Score
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus.
Summary Multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus running on Solaris. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote...
8.8AI Score
0.003EPSS
Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Host On-Demand
Summary There is a vulnerability in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by Host On-Demand. Host On-Demand has addressed the applicable CVE. This issue was disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle October 2023 Critical....
5.6AI Score
0.0004EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle April 2023 Critical Patch.....
6.7AI Score
0.001EPSS
[8.2.0-11] - kvm-coroutine-cap-per-thread-local-pool-size.patch [RHEL-28947] - kvm-coroutine-reserve-5-000-mappings.patch [RHEL-28947] - Resolves: RHEL-28947 (Qemu crashing with 'failed to set up stack guard page: Cannot allocate memory') [8.2.0-10] -...
7.8AI Score
0.002EPSS
Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus
Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus have been addressed. Vulnerability Details ** CVEID: CVE-2023-22049 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow...
7.4AI Score
0.001EPSS
Security Bulletin: NVIDIA ChatRTX - May 2024
NVIDIA has released a software update for NVIDIA® ChatRTX. To protect your system, download and install this software update from the ChatRTX Download page. Go to NVIDIA Product Security. Details This section provides a summary of potential vulnerabilities that this security update addresses and...
7AI Score
0.0004EPSS
Security Bulletin: Triton Inference Server - April 2024
NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the Triton Inference Server Releases page on GitHub, and view the Secure Deployment Considerations Guide. Go to NVIDIA...
7.8AI Score
0.0004EPSS
Summary A vulnerability in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details ** CVEID: CVE-2023-30441 DESCRIPTION: **IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0...
5.8AI Score
0.002EPSS
Introducing the Wallarm Q1 2024 API ThreatStats™ Report
As we have in previous editions of the ThreatStats report, we highlight the industry’s top API-related attacks and trends. New to this version, however, is a detailed analysis of API attacks targeting AI-based applications, representing a new and rapidly expanding threat vector. And while we...
7.5AI Score
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java SE related...
6.8AI Score
0.001EPSS
Summary Vulnerabilities in IBM Java SDK affect IBM Cloud Pak System. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an unauthenticated attacker to cause high...
8.6AI Score
0.001EPSS
An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code...
5.3CVSS
5.7AI Score
0.0004EPSS
An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code...
5.3CVSS
5.7AI Score
0.0004EPSS
An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code...
7.3AI Score
0.0004EPSS
An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code...
7.3AI Score
0.0004EPSS
Summary There are vulnerabilities in IBM® Semeru Java™ Version 11, Apache Commons Compress and Apache Commons Configuration used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.5 IF2 has addressed the applicable CVEs by upgrading to non-vulnerable versions of these libraries. Please...
8.3AI Score
0.001EPSS
Summary Db2 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. Vulnerability Details ** CVEID: CVE-2021-20373 DESCRIPTION: **IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable...
7.6AI Score
0.001EPSS
QIDs/CVEs When it comes to cybersecurity, speed is key in getting an edge over attackers. But when you consider that vulnerabilities weaponize 24 days faster than then they are remediated on average, cybersecurity stakeholders have a lot of catching up to do. While there are many ways defenders...
7AI Score
Summary IBM® Db2® is affected by a vulnerability in an open source library boost. Vulnerability Details ** CVEID: CVE-2012-2677 DESCRIPTION: **Boost is vulnerable to a buffer overflow, caused by improper bounds checking by the ordered_malloc() function. By persuading a victim to open a...
7AI Score
0.014EPSS
Summary Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details ** CVEID: CVE-2023-22036 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Utility component could allow...
6.9AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT. Vulnerability Details ** CVEID: CVE-2023-38729 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to sensitive information disclosure when...
6.1AI Score
0.0004EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Tivoli Application Dependency Discovery Manager (TADDM). These issues were disclosed as part of the IBM Java SDK updates in January 2024. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An...
7.2AI Score
0.001EPSS
Security Bulletin: NVIDIA CUDA Toolkit - April 2024
NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. To protect your system, download and install this software update from the CUDA Toolkit Downloads page. Go to NVIDIA Product Security. Details This section provides a summary of potential vulnerabilities that this security update...
6.7AI Score
0.0004EPSS
Summary IBM® Db2® is vulnerable to a denial of service with a specially crafted query on certain columnar table. Vulnerability Details ** CVEID: CVE-2024-22360 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service with a specially...
6.7AI Score
0.0004EPSS
Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query under certain conditions. Vulnerability Details ** CVEID: CVE-2024-27254 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server is vulnerable to denial of service with a...
6.7AI Score
0.0004EPSS
Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query. Vulnerability Details ** CVEID: CVE-2024-25046 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service by an authenticated user using a specially...
6.6AI Score
0.0004EPSS
Summary IBM® Db2® is vulnerable to denial of service when quering a specific UDF built-in function concurrently. Vulnerability Details ** CVEID: CVE-2023-52296 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service when quering a...
6.6AI Score
0.0004EPSS
Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to confidentiality impacts [CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945] and a timing-based side-channel attack [CVE-2023-33850] as described in the...
7AI Score
0.001EPSS
Incorrect Authorization vulnerability in OpenText™ ZENworks Configuration Management (ZCM) allows Unauthorized Use of Device Resources.This issue affects ZENworks Configuration Management (ZCM) versions: 2020 update 3, 23.3, and...
7.4CVSS
7.5AI Score
0.0004EPSS
Incorrect Authorization vulnerability in OpenText™ ZENworks Configuration Management (ZCM) allows Unauthorized Use of Device Resources.This issue affects ZENworks Configuration Management (ZCM) versions: 2020 update 3, 23.3, and...
7.1AI Score
0.0004EPSS
Intel® oneAPI Toolkit Software Advisory
Summary: Potential security vulnerabilities in some Intel® oneAPI Toolkits and standalone component software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-35121 Description: Improper...
7.1AI Score
Security Bulletin: NVIDIA ChatRTX - March 2024
NVIDIA has released a software update for NVIDIA® ChatRTX. To protect your system, download and install this software update from the ChatRTX Download page. Go to NVIDIA Product Security. Details This section provides a summary of potential vulnerabilities that this security update addresses and...
8AI Score
0.0004EPSS
A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™...
5.3CVSS
7.4AI Score
0.0004EPSS
A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™...
6.8AI Score
0.0004EPSS
Combine Qualys TruRisk™ and MITRE ATT&CK to Adopt Threat-Informed Defense to Reduce Risk
There are so many vulnerabilities disclosed daily that no one can patch all of them. Unfortunately, attackers can exploit them while you are still in the process of reviewing, prioritizing, and patching. Effective risk-based prioritization focuses your limited resources and remediation efforts...
10CVSS
10AI Score
0.972EPSS
Summary Multiple vulnerabilities exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Manager IP Edition . CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850 Vulnerability Details ** CVEID:...
6.8AI Score
0.001EPSS
Summary Vulnerability in IBM® SDK, Java™ Technology affect Cloud Pak System. Vulnerability Details ** CVEID: CVE-2022-3676 DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by improper runtime type check by the interface calls. By sending a...
6.4AI Score
0.001EPSS
Misinterpretation of Input vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX), and OpenText™ Hybrid Cloud Management X (HCMX) products. The vulnerability could allow Input data manipulation.This issue affects Service Management Automation X (SMAX)....
6.5CVSS
7.4AI Score
0.0004EPSS
Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Service Management Automation X (SMAX) versions 2020.05,...
6.5CVSS
7.4AI Score
0.0004EPSS
Misinterpretation of Input vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX), and OpenText™ Hybrid Cloud Management X (HCMX) products. The vulnerability could allow Input data manipulation.This issue affects Service Management Automation X (SMAX)....
7AI Score
0.0004EPSS
Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Service Management Automation X (SMAX) versions 2020.05,...
7AI Score
0.0004EPSS
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9.
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool. These issues were disclosed as part of the IBM Java SDK updates in Jan 2024. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in...
8AI Score
0.001EPSS
C++ guru Herb Sutter writes about how we can improve the programming language for better security. The immediate problem "is" that it’s Too Easy By Default™ to write security and safety vulnerabilities in C++ that would have been caught by stricter enforcement of known rules for type, bounds,...
7.7AI Score
Summary IBM® SDK, Java™ Technology Edition is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM SDK, Java Technology Edition has been published in multiple security bulletins. These products have addressed the applicable CVE(s). For a...
7AI Score
HTML injection in OpenText™ Exceed Turbo X affecting version 12.5.1. The vulnerability could result in Cross site...
6.4CVSS
7.3AI Score
0.0004EPSS
Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.1 and 12.5.2. The vulnerability could compromise the cryptographic...
4.7CVSS
7.4AI Score
0.0004EPSS
Improper authentication vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.0 and 12.5.1. The vulnerability could allow disclosure of restricted information in unauthenticated...
8.6CVSS
7.4AI Score
0.0004EPSS
Improper authentication vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.0 and 12.5.1. The vulnerability could allow disclosure of restricted information in unauthenticated...
8.6CVSS
7.4AI Score
0.0004EPSS
HTML injection in OpenText™ Exceed Turbo X affecting version 12.5.1. The vulnerability could result in Cross site...
6.4CVSS
7.1AI Score
0.0004EPSS