Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms
It’s no secret that ransomware is top of mind for many chief information security officers (CISOs) as the number of attacks has increased exponentially. As seen in the latest Microsoft Digital Defense Report, our “telemetry indicates that organizations faced an increased rate of ransomware attacks....
7.2AI Score
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in....
5.9CVSS
6.7AI Score
0.0004EPSS
2023.3 IPU - Intel® Chipset Firmware Advisory
Summary: Potential security vulnerabilities in the Intel® Converged Security Management Engine (CSME), Active Management Technology (AMT) and Intel® Standard Manageability software may allow escalation of privilege or denial of service. Intel is releasing software updates to mitigate these...
7.8AI Score
0.001EPSS
Summary There are vulnerabilities in IBM® Semeru Java™ Version 11 and Eclipse Jetty used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.5 has addressed the applicable CVEs by upgrading to IBM® Semeru JRE 11.0.20.0 (CVE-2023-22049, CVE-2023-22036) and Eclipse Jetty 10.0.17...
7.5CVSS
8AI Score
0.732EPSS
Summary CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938 and CVE-2023-2597 may affect IBM® SDK, Java™ Technology Edition shipped with IBM TXSeries for Multiplatforms. IBM TXSeries for Multiplatforms has addressed the applicable CVEs....
9.1CVSS
8.4AI Score
0.002EPSS
Summary CVE-2023-21830 and CVE-2023-21843 may affect IBM® SDK, Java™ Technology Edition shipped with IBM TXSeries for Multiplatforms. IBM TXSeries for Multiplatforms has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-21830 DESCRIPTION: **An unspecified vulnerability in...
5.3CVSS
5AI Score
0.001EPSS
A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug...
3.2CVSS
4AI Score
0.0004EPSS
Summary CVE-2022-21426 may affect IBM® SDK, Java™ Technology Edition shipped with IBM TXSeries for Multiplatforms. IBM TXSeries for Multiplatforms has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2022-21426 DESCRIPTION: **An unspecified vulnerability in Java SE related to the.....
5.3CVSS
5.6AI Score
0.001EPSS
Security Bulletin: NVIDIA DGX A100 - January 2024
NVIDIA has released a firmware security update for the NVIDIA DGX™ A100 system. To protect your system, download and install this firmware update through the NVIDIA Enterprise Support Portal. Go to NVIDIA Product...
9.8CVSS
5.7AI Score
0.002EPSS
7.6AI Score
0.0004EPSS
Security Bulletin: Vulnerabilities in IBM Java Runtime affect z/Transaction Processing Facility
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-22049 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries...
5.9CVSS
9.4AI Score
0.001EPSS
This Week in Spring - January 9th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the second week of 2024, and I am already thinking about 2025! And, a bit more immediatelt than that: the next two weeks. I'll be at both VOXXED DAYS Ticino and VOXXED DAYS CERN, both in Switzerland. If you're about, come....
7AI Score
Debug Exception Delivery in Secure Nested Paging
Bulletin ID: AMD-SB-3006 Potential Impact: Suppression of guest debug exceptions Severity: Low Summary A researcher has reported that a host can potentially suppress delivery of debug exceptions to SEV-SNP guests that have the restricted injection feature enabled. For example, a software-based...
3.2CVSS
7.3AI Score
0.0004EPSS
Summary IBM® Db2® is vulnerable to a denial of service when a specially crafted cursor is used. Vulnerability Details ** CVEID: CVE-2023-45193 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) federated server is vulnerable to a denial of service when a specially...
7.5CVSS
6.7AI Score
0.001EPSS
Summary IBM® SDK, Java™ Technology Edition is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM SDK, Java Technology Edition has been published in multiple security bulletins. These products have addressed the applicable CVE(s). For a...
7AI Score
Summary IBM® Db2® under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. Vulnerability Details ** CVEID: CVE-2023-50308 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server)...
6.5CVSS
6.3AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to a denial of service when a specially crafted query is used Vulnerability Details ** CVEID: CVE-2023-47746 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user with CONNECT privileges to cause a denial.....
6.5CVSS
6.4AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to remote code execution caused by installing like-named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like-named jar file in another database. Vulnerability Details ** CVEID:...
6.5CVSS
7.4AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to a denial of service when using a specially crafted query. Vulnerability Details ** CVEID: CVE-2023-47747 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user with CONNECT privileges to cause a denial...
6.5CVSS
6.4AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query Vulnerability Details ** CVEID: CVE-2023-47141 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user with CONNECT privileges to cause a denial of...
6.5CVSS
6.7AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query. Vulnerability Details ** CVEID: CVE-2023-47158 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user with CONNECT privileges to cause a denial of...
6.5CVSS
6.4AI Score
0.001EPSS
Summary IBM® Db2® Federated is affected by a vulnerability in the consumed open source presto-jdbc library that may lead to information disclosure. Vulnerability Details ** IBM X-Force ID: 268195 DESCRIPTION: **Presto is vulnerable to server-side request forgery, caused by improper validating the.....
5.8AI Score
Exploit for Server-Side Request Forgery in Apache Ofbiz
CVE-2023-51467 图形化 Apache Ofbiz CVE-2023-51467 远程代码执行漏洞利用工具...
9.8CVSS
7.2AI Score
0.571EPSS
Summary There are multiple vulnerabilities in IBM® SDK, Java™ Technology Edition, Versions 7 and 8, that are used by IBM Virtualization Engine TS7700. These issues were disclosed as part of the IBM Java SDK updates in October 2017, January 2018 and April 2018. Vulnerability Details CVEID:...
8.3CVSS
1.6AI Score
0.003EPSS
Addressing the Rising Threat of API Leaks
In the realm of cybersecurity, the metaphor of "Leaky Buckets" has become an increasingly prevalent concern, particularly in the context of API security. This term encapsulates the hidden vulnerabilities and exposures in API infrastructures that many organizations struggle to identify and address.....
6.9AI Score
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION:.....
5.9CVSS
7AI Score
0.001EPSS
Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains IPPROTO_NONE as the next...
7.5CVSS
7.5AI Score
0.0004EPSS
7.8CVSS
7.9AI Score
0.0004EPSS
8.4CVSS
7.8AI Score
0.0004EPSS
9.3CVSS
7.8AI Score
0.0004EPSS
An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclave_ecall function and system...
5.5CVSS
5.3AI Score
0.0004EPSS
An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an "AEPIC...
5.5CVSS
5.3AI Score
0.0004EPSS
An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclave_ecall function and system...
5.5CVSS
0.0004EPSS
An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an "AEPIC...
5.5CVSS
0.0004EPSS
An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclave_ecall function and system...
5.5CVSS
6.9AI Score
0.0004EPSS
An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an "AEPIC...
5.5CVSS
6.9AI Score
0.0004EPSS
An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclave_ecall function and system...
5.6AI Score
0.0004EPSS
An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an "AEPIC...
5.6AI Score
0.0004EPSS
In 2023, the public primarily confronted two varieties of online scams: the technical and the topical. Technical scams abuse legitimate aspects of modern internet infrastructure to lead users to illegitimate or compromised sites. A team of hackers can, say, boost their own info-stealing websites...
7.1AI Score
Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining
Poorly secured Linux SSH servers are being targeted by bad actors to install port scanners and dictionary attack tools with the goal of targeting other vulnerable servers and co-opting them into a network to carry out cryptocurrency mining and distributed denial-of-service (DDoS) attacks. "Threat.....
7.4AI Score
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities).....
6.7AI Score
Linpmem - A Physical Memory Acquisition Tool For Linux
Like its Windows counterpart, Winpmem, this is not a traditional memory dumper. Linpmem offers an API for reading from any physical address, including reserved memory and memory holes, but it can also be used for normal memory dumping. Furthermore, the driver offers a variety of access modes to...
6.6AI Score
Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the consumed PCRE library.
Summary IBM® Db2® is affected by multiple vulnerabilities in the consumed PCRE library. Vulnerability Details ** CVEID: CVE-2015-8383 DESCRIPTION: **PCRE is vulnerable to a heap-based buffer overflow, caused by the improper handling of certain repeated conditional groups. By using a specially...
9.8CVSS
9.2AI Score
0.059EPSS
Summary IBM® Db2® is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. Vulnerability Details ** CVEID: CVE-2023-29258 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service...
7.5CVSS
7.9AI Score
0.001EPSS
Summary IBM® Db2® federated server is vulnerable to a denial of service when a specially crafted cursor is used. Vulnerability Details ** CVEID: CVE-2023-46167 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) federated server is vulnerable to a denial of service...
7.5CVSS
6.8AI Score
0.001EPSS
Summary IBM® Db2® could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. Vulnerability Details ** CVEID: CVE-2023-47701 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated...
7.5CVSS
6.7AI Score
0.001EPSS
Security Bulletin: Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated.
Summary Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated. These vulnerabilities were fixed in the images published on December 01, 2023 but the CVEs were not included in the bulletin. Vulnerability Details ** CVEID: CVE-2022-1471 DESCRIPTION: **SnakeYaml could allow a...
9.8CVSS
9.6AI Score
0.022EPSS
Security Bulletin: Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated.
Summary Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated. Vulnerability Details ** CVEID: CVE-2023-1370 DESCRIPTION: **netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By sending a specially crafted...
7.5CVSS
7.9AI Score
0.002EPSS
Summary IBM® Db2® is vulnerable to denial of service with a specially crafted SQL statement. Vulnerability Details ** CVEID: CVE-2023-38727 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted SQL statement....
7.5CVSS
7.7AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query. Vulnerability Details ** CVEID: CVE-2023-43020 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query. CVSS Base score:...
8.6AI Score
EPSS