Athlon™ X4 Processor Security Vulnerabilities

Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

It’s no secret that ransomware is top of mind for many chief information security officers (CISOs) as the number of attacks has increased exponentially. As seen in the latest Microsoft Digital Defense Report, our “telemetry indicates that organizations faced an increased rate of ransomware attacks....

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM SDK, Java Technology Edition Quarterly CPU - Oct 2023 - Includes Oracle October 2023 CPU plus are vulnerable to CVE-2023-5676

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in....

2023.3 IPU - Intel® Chipset Firmware Advisory

Summary: Potential security vulnerabilities in the Intel® Converged Security Management Engine (CSME), Active Management Technology (AMT) and Intel® Standard Manageability software may allow escalation of privilege or denial of service. Intel is releasing software updates to mitigate these...

Security Bulletin: IBM Cognos Command Center has addressed vulnerabilities in IBM® Semeru Java™ Version 11 and Eclipse Jetty

Summary There are vulnerabilities in IBM® Semeru Java™ Version 11 and Eclipse Jetty used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.5 has addressed the applicable CVEs by upgrading to IBM® Semeru JRE 11.0.20.0 (CVE-2023-22049, CVE-2023-22036) and Eclipse Jetty 10.0.17...

Security Bulletin: Multiple CVEs may affect IBM® SDK, Java™ Technology Edition shipped with IBM TXSeries for Multiplatforms

Summary CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938 and CVE-2023-2597 may affect IBM® SDK, Java™ Technology Edition shipped with IBM TXSeries for Multiplatforms. IBM TXSeries for Multiplatforms has addressed the applicable CVEs....

Security Bulletin: CVE-2023-21830 and CVE-2023-21843 may affect IBM® SDK, Java™ Technology Edition shipped with IBM TXSeries for Multiplatforms

Summary CVE-2023-21830 and CVE-2023-21843 may affect IBM® SDK, Java™ Technology Edition shipped with IBM TXSeries for Multiplatforms. IBM TXSeries for Multiplatforms has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-21830 DESCRIPTION: **An unspecified vulnerability in...

CVE-2023-20573

A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug...

Security Bulletin: CVE-2022-21426 may affect IBM® SDK, Java™ Technology Edition shipped with IBM TXSeries for Multiplatforms

Summary CVE-2022-21426 may affect IBM® SDK, Java™ Technology Edition shipped with IBM TXSeries for Multiplatforms. IBM TXSeries for Multiplatforms has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2022-21426 DESCRIPTION: **An unspecified vulnerability in Java SE related to the.....

Security Bulletin: NVIDIA DGX A100 - January 2024

NVIDIA has released a firmware security update for the NVIDIA DGX™ A100 system. To protect your system, download and install this firmware update through the NVIDIA Enterprise Support Portal. Go to NVIDIA Product...

Exploit for CVE-2024-22369

CVE-2024-22369 Credits This POC is based on the...

Security Bulletin: Vulnerabilities in IBM Java Runtime affect z/Transaction Processing Facility

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-22049 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries...

This Week in Spring - January 9th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the second week of 2024, and I am already thinking about 2025! And, a bit more immediatelt than that: the next two weeks. I'll be at both VOXXED DAYS Ticino and VOXXED DAYS CERN, both in Switzerland. If you're about, come....

Debug Exception Delivery in Secure Nested Paging

Bulletin ID: AMD-SB-3006 Potential Impact: Suppression of guest debug exceptions Severity: Low Summary A researcher has reported that a host can potentially suppress delivery of debug exceptions to SEV-SNP guests that have the restricted injection feature enabled. For example, a software-based...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a specially crafted cursor is used. (CVE-2023-45193)

Summary IBM® Db2® is vulnerable to a denial of service when a specially crafted cursor is used. Vulnerability Details ** CVEID: CVE-2023-45193 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) federated server is vulnerable to a denial of service when a specially...

Security Bulletin: Multiple security vulnerabilities in IBM SDK, Java Technology Edition affects IBM OpenPages

Summary IBM® SDK, Java™ Technology Edition is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM SDK, Java Technology Edition has been published in multiple security bulletins. These products have addressed the applicable CVE(s). For a...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a statement is run on columnar tables under specific conditions (CVE-2023-50308)

Summary IBM® Db2® under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. Vulnerability Details ** CVEID: CVE-2023-50308 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server)...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a specially crafted query is used (CVE-2023-47746)

Summary IBM® Db2® is vulnerable to a denial of service when a specially crafted query is used Vulnerability Details ** CVEID: CVE-2023-47746 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user with CONNECT privileges to cause a denial.....

Security Bulletin: IBM® Db2® is vulnerable to remote code execution caused by installing like-named jar files across multiple databases. (CVE-2023-27859)

Summary IBM® Db2® is vulnerable to remote code execution caused by installing like-named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like-named jar file in another database. Vulnerability Details ** CVEID:...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when using a specially crafted query (CVE-2023-47747)

Summary IBM® Db2® is vulnerable to a denial of service when using a specially crafted query. Vulnerability Details ** CVEID: CVE-2023-47747 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user with CONNECT privileges to cause a denial...

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2023-47141)

Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query Vulnerability Details ** CVEID: CVE-2023-47141 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user with CONNECT privileges to cause a denial of...

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2023-47158)

Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query. Vulnerability Details ** CVEID: CVE-2023-47158 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user with CONNECT privileges to cause a denial of...

Security Bulletin: IBM® Db2® Federated is affected by a vulnerability in the consumed open source presto-jdbc library that may lead to information disclosure

Summary IBM® Db2® Federated is affected by a vulnerability in the consumed open source presto-jdbc library that may lead to information disclosure. Vulnerability Details ** IBM X-Force ID: 268195 DESCRIPTION: **Presto is vulnerable to server-side request forgery, caused by improper validating the.....

Exploit for Server-Side Request Forgery in Apache Ofbiz

CVE-2023-51467 图形化 Apache Ofbiz CVE-2023-51467 远程代码执行漏洞利用工具...

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Virtualization Engine TS7700 - October 2017, January 2018 and April 2018

Summary There are multiple vulnerabilities in IBM® SDK, Java™ Technology Edition, Versions 7 and 8, that are used by IBM Virtualization Engine TS7700. These issues were disclosed as part of the IBM Java SDK updates in October 2017, January 2018 and April 2018. Vulnerability Details CVEID:...

Addressing the Rising Threat of API Leaks

In the realm of cybersecurity, the metaphor of "Leaky Buckets" has become an increasingly prevalent concern, particularly in the context of API security. This term encapsulates the hidden vulnerabilities and exposures in API infrastructures that many organizations struggle to identify and address.....

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION:.....

CVE-2023-43511

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains IPPROTO_NONE as the next...

CVE-2023-33120

Memory corruption in Audio when memory map command is executed consecutively in...

CVE-2023-33033

Memory corruption in Audio during playback with speaker...

CVE-2023-33030

Memory corruption in HLOS while running playready...

CVE-2023-38021

An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclave_ecall function and system...

CVE-2023-38023

An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an "AEPIC...

CVE-2023-38021

An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclave_ecall function and system...

CVE-2023-38023

An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an "AEPIC...

Design/Logic Flaw

An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclave_ecall function and system...

Design/Logic Flaw

An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an "AEPIC...

CVE-2023-38021

An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclave_ecall function and system...

CVE-2023-38023

An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an "AEPIC...

4 sneaky scams from 2023

In 2023, the public primarily confronted two varieties of online scams: the technical and the topical. Technical scams abuse legitimate aspects of modern internet infrastructure to lead users to illegitimate or compromised sites. A team of hackers can, say, boost their own info-stealing websites...

Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining

Poorly secured Linux SSH servers are being targeted by bad actors to install port scanners and dictionary attack tools with the goal of targeting other vulnerable servers and co-opting them into a network to carry out cryptocurrency mining and distributed denial-of-service (DDoS) attacks. "Threat.....

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - April 2023 - Includes Oracle October 2023 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities).....

Linpmem - A Physical Memory Acquisition Tool For Linux

Like its Windows counterpart, Winpmem, this is not a traditional memory dumper. Linpmem offers an API for reading from any physical address, including reserved memory and memory holes, but it can also be used for normal memory dumping. Furthermore, the driver offers a variety of access modes to...

Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the consumed PCRE library.

Summary IBM® Db2® is affected by multiple vulnerabilities in the consumed PCRE library. Vulnerability Details ** CVEID: CVE-2015-8383 DESCRIPTION: **PCRE is vulnerable to a heap-based buffer overflow, caused by the improper handling of certain repeated conditional groups. By using a specially...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. (CVE-2023-29258)

Summary IBM® Db2® is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. Vulnerability Details ** CVEID: CVE-2023-29258 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service...

Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service when a specially crafted cursor is used. (CVE-2023-46167)

Summary IBM® Db2® federated server is vulnerable to a denial of service when a specially crafted cursor is used. Vulnerability Details ** CVEID: CVE-2023-46167 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) federated server is vulnerable to a denial of service...

Security Bulletin: IBM® Db2® could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. (CVE-2023-47701)

Summary IBM® Db2® could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. Vulnerability Details ** CVEID: CVE-2023-47701 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated...

Security Bulletin: Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated.

Summary Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated. These vulnerabilities were fixed in the images published on December 01, 2023 but the CVEs were not included in the bulletin. Vulnerability Details ** CVEID: CVE-2022-1471 DESCRIPTION: **SnakeYaml could allow a...

Security Bulletin: Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated.

Summary Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated. Vulnerability Details ** CVEID: CVE-2023-1370 DESCRIPTION: **netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By sending a specially crafted...

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted SQL statement. (CVE-2023-38727)

Summary IBM® Db2® is vulnerable to denial of service with a specially crafted SQL statement. Vulnerability Details ** CVEID: CVE-2023-38727 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted SQL statement....

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query. (CVE-2023-43020)

Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query. Vulnerability Details ** CVEID: CVE-2023-43020 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query. CVSS Base score:...