Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...
8.3CVSS
10AI Score
0.005EPSS
Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability. This vulnerability allows local attackers to downgrade Parallels software on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target.....
7.8CVSS
0.001EPSS
Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Poly Plantronics Hub. An attacker must first obtain the ability to execute low-privileged code on the target system in order...
7.8CVSS
7.2AI Score
0.001EPSS
Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability. This vulnerability allows local attackers to downgrade Parallels software on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target.....
7.8CVSS
6.6AI Score
0.001EPSS
Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Poly Plantronics Hub. An attacker must first obtain the ability to execute low-privileged code on the target system in order...
7.8CVSS
0.001EPSS
Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability. This vulnerability allows local attackers to downgrade Parallels software on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target.....
7.8CVSS
0.001EPSS
Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability. This vulnerability allows local attackers to downgrade Parallels software on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target.....
7.8CVSS
6.6AI Score
0.001EPSS
CVE-2024-6147 Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability
Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Poly Plantronics Hub. An attacker must first obtain the ability to execute low-privileged code on the target system in order...
7.8CVSS
0.001EPSS
Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service
Impact A parsing vulnerability in lnd's onion processing logic led to a DoS vector due to excessive memory allocation. Patches The issue was patched in lnd v0.17.0. Users should update to a version >= v0.17.0 to be protected. References Detailed blog post:...
6.5CVSS
7AI Score
0.0004EPSS
Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service
Impact A parsing vulnerability in lnd's onion processing logic led to a DoS vector due to excessive memory allocation. Patches The issue was patched in lnd v0.17.0. Users should update to a version >= v0.17.0 to be protected. References Detailed blog post:...
6.5CVSS
6.8AI Score
0.0004EPSS
KrebsOnSecurity Threatened with Defamation Lawsuit Over Fake Radaris CEO
On March 8, 2024, KrebsOnSecurity published a deep dive on the consumer data broker Radaris, showing how the original owners are two men in Massachusetts who operated multiple Russian language dating services and affiliate programs, in addition to a dizzying array of people-search websites. The...
6.8AI Score
Summary Potential VMware Tanzu Spring Boot arbitrary denial of service vulnerability (CVE-2023-34053) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details **...
7.5CVSS
7.8AI Score
0.0005EPSS
Summary Potential VMware Tanzu Spring Boot arbitrary denial of service vulnerability (CVE-2023-34053) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details **...
7.5CVSS
7.8AI Score
0.0005EPSS
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Apache Tomcat, caused by improper input validation by the HTTP/2 header [CVE-2024-24549]. Apache Tomcat is used by our Speech microservices. This vulnerabilitiy has been addressed....
6.6AI Score
0.0004EPSS
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in libexpat, caused by improper system resource allocation [CVE-2023-52425]. libexpat is included as a Base OS package used by our Speech Services. This vulnerabilitiy has been addressed....
7.5CVSS
6.7AI Score
0.001EPSS
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to sensitive information exposure in Kubernetes, caused by a flaw when kube-apiserver is using logLevel >= 9 [CVE-2020-8565]. Kubernetes is included in the Speech utilities used by our service. This...
5.5CVSS
5.4AI Score
0.0004EPSS
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to sensitive information exposure in Kubernetes, caused by storing credentials in the log by the client-go library [CVE-2019-11250]. Kubernetes is included in the Speech utilities used by our service. This...
6.5CVSS
5.5AI Score
0.001EPSS
Summary Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND, caused by an error when parsing large DNS messages [CVE-2023-4408]. ISC BIND is included as a Base OS package used by our Service Runtimes. This...
7.5CVSS
6.7AI Score
0.001EPSS
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND, caused by an error when processing responses coming from specially crafted DNSSEC-signed zones [CVE-2023-50387]. ISC BIND is included as a Base OS package used by our Service...
7.5CVSS
7AI Score
0.05EPSS
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Amazon Ion, caused by a stack-based overflow in ion-java for applications [CVE-2024-21634]. Amazon Ion is a package used in our Speech Microservices. This vulnerabilitiy has been...
7.5CVSS
6.8AI Score
0.0005EPSS
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND, caused by an error when preparing an NSEC3 closest encloser proof. [CVE-2023-50868]. ISC BIND is included as a Base OS package used by our Service Runtimes. This vulnerabilitiy....
6.8AI Score
0.0005EPSS
Tabletop exercises are headed to the next frontier: Space
I think we can all agree that tabletop exercises are a good thing. They allow organizations of all sizes to test their incident response plans without the potentially devastating effects of a real-world cyber attack or intrusion. As part of my role at Talos, I've read hundreds of tabletop...
9.8CVSS
8.2AI Score
0.321EPSS
Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities
Summary There are vulnerabilities in Open-Source Software (OSS) components consumed by IBM Cognos Analytics. IBM Cognos Analytics has addressed the applicable CVEs by upgrading or removing the vulnerable libraries in the latest available versions or previously released versions. Additionally, IBM.....
9.1CVSS
9.4AI Score
0.732EPSS
A proof-of-concept User-Defined Reflective Loader (UDRL) which aims to recreate, integrate, and enhance Cobalt Strike's evasion features! Contributors: Contributor | Twitter | Notable Contributions ---|---|--- Bobby Cooke | @0xBoku | Project original author and maintainer Santiago Pecin |...
7.5AI Score
Security Bulletin: IBM Analytics Content Hub is affected by security vulnerabilities
Summary Security Bulletin: IBM Analytics Content Hub is affected, but not classified as vulnerable, based on current information, to vulnerabilities in Open Source Software. IBM Analytics Content Hub has addressed the applicable CVEs by upgrading the vulnerable libraries. Vulnerability Details **.....
8CVSS
8.8AI Score
0.004EPSS
Undertow's url-encoded request path information can be broken on ajp-listener
A vulnerability was found in Undertow. URL-encoded request path information can be broken for concurrent requests on ajp-listener, causing the wrong path to be processed and resulting in a possible denial of...
7.5CVSS
6.9AI Score
0.0004EPSS
Undertow's url-encoded request path information can be broken on ajp-listener
A vulnerability was found in Undertow. URL-encoded request path information can be broken for concurrent requests on ajp-listener, causing the wrong path to be processed and resulting in a possible denial of...
7.5CVSS
6.6AI Score
0.0004EPSS
Summary IBM i is vulnerable to a privilege escalation due to a user without privilege being able to configure a physical file trigger in Db2 for IBM i as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the...
7.4CVSS
6.6AI Score
0.0004EPSS
A vulnerability was found in Undertow. URL-encoded request path information can be broken for concurrent requests on ajp-listener, causing the wrong path to be processed and resulting in a possible denial of...
7.5CVSS
6.7AI Score
0.0004EPSS
A vulnerability was found in Undertow. URL-encoded request path information can be broken for concurrent requests on ajp-listener, causing the wrong path to be processed and resulting in a possible denial of...
7.5CVSS
7.4AI Score
0.0004EPSS
A vulnerability was found in Undertow. URL-encoded request path information can be broken for concurrent requests on ajp-listener, causing the wrong path to be processed and resulting in a possible denial of...
7.5CVSS
0.0004EPSS
AIX is vulnerable to security restrictions bypass due to cURL libcurl (CVE-2024-0853)
IBM SECURITY ADVISORY First Issued: Thu Jun 20 15:10:42 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/curl_advisory5.asc Security Bulletin: AIX is vulnerable to security restrictions bypass due to cURL libcurl...
5.3CVSS
6.2AI Score
0.001EPSS
Can an attacker execute arbitrary commands on a remote server just by sending JSON? Yes, if the running code contains unsafe deserialization vulnerabilities. But how is that possible? In this blog post, we’ll describe how unsafe deserialization vulnerabilities work and how you can detect them in...
8.5AI Score
CVE-2024-6162 Undertow: url-encoded request path information can be broken on ajp-listener
A vulnerability was found in Undertow. URL-encoded request path information can be broken for concurrent requests on ajp-listener, causing the wrong path to be processed and resulting in a possible denial of...
7.5CVSS
6.7AI Score
0.0004EPSS
CVE-2024-6162 Undertow: url-encoded request path information can be broken on ajp-listener
A vulnerability was found in Undertow. URL-encoded request path information can be broken for concurrent requests on ajp-listener, causing the wrong path to be processed and resulting in a possible denial of...
7.5CVSS
0.0004EPSS
A vulnerability was found in Undertow. URL-encoded request path information can be broken for concurrent requests on ajp-listener, causing the wrong path to be processed and resulting in a possible denial of...
7.5CVSS
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: efi: runtime: avoid EFIv2 runtime services on Apple x86 machines Aditya reports [0] that his recent MacbookPro crashes in the firmware when using the variable services at runtime. The culprit appears to be a call to...
6.8AI Score
0.0004EPSS
Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 23.0.2-IF003 addresses the following vulnerability CVE-2024-1135. Vulnerability Details ** CVEID: CVE-2024-1135 DESCRIPTION: **Gunicorn is vulnerable to HTTP request...
7.5CVSS
6AI Score
0.0004EPSS
French Diplomatic Entities Targeted in Russian-Linked Cyber Attacks
State-sponsored actors with ties to Russia have been linked to targeted cyber attacks aimed at French diplomatic entities, the country's information security agency ANSSI said in an advisory. The attacks have been attributed to a cluster tracked by Microsoft under the name Midnight Blizzard...
7AI Score
HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode, resulting in the corruption of the instruction pointer and causing denial of service or potential code...
7.9AI Score
EPSS
HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_fletcher32, resulting in the corruption of the instruction pointer and causing denial of service or potential code...
7.8AI Score
EPSS
HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap, resulting in the corruption of the instruction pointer and causing denial of service or potential code...
7.8AI Score
EPSS
HDF5 through 1.14.3 contains a heap buffer overflow in H5T__bit_find, resulting in the corruption of the instruction pointer and causing denial of service or potential code...
7.8AI Score
EPSS
HDF5 through 1.13.3 and/or 1.14.2 contains a stack buffer overflow in H5HG_read, resulting in denial of service or potential code...
7.6AI Score
EPSS
HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_release_table, resulting in the corruption of the instruction pointer and causing denial of service or potential code...
7.9AI Score
EPSS
HDF5 through 1.14.3 contains a heap buffer overflow in H5HG__cache_heap_deserialize, resulting in the corruption of the instruction pointer and causing denial of service or potential code...
7.8AI Score
EPSS
HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_scaleoffset, resulting in the corruption of the instruction pointer and causing denial of service or potential code...
7.9AI Score
EPSS
HDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_malloc, resulting in the corruption of the instruction pointer and causing denial of service or potential code...
7.8AI Score
EPSS
HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read, resulting in the corruption of the instruction pointer and causing denial of service or potential code...
7.9AI Score
EPSS
In the Linux kernel, the following vulnerability has been resolved: efi: runtime: avoid EFIv2 runtime services on Apple x86 machines Aditya reports [0] that his recent MacbookPro crashes in the firmware when using the variable services at runtime. The culprit appears to be a call to...
6.4AI Score
0.0004EPSS