Athlon™ X4 Processor Security Vulnerabilities

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted RUNSTATS command. (CVE-2023-40687)

Summary IBM® Db2® is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB or larger table. Vulnerability Details ** CVEID: CVE-2023-40687 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a...

Security Bulletin: IBM® Db2® is vulnerable to denial of service under extreme stress conditions. (CVE-2023-40692)

Summary IBM® Db2® is vulnerable to denial of service under extreme stress conditions. Vulnerability Details ** CVEID: CVE-2023-40692 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service under extreme stress conditions. CVSS Base...

Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the open source zlib library.

Summary IBM® Db2® is affected by multiple vulnerabilities in the open source zlib library. Vulnerability Details ** CVEID: CVE-2018-25032 DESCRIPTION: **Zlib is vulnerable to a denial of service, caused by a memory corruption in the deflate operation. By using many distant matches, a remote...

Security Bulletin: IBM® Db2® is vulnerable to privilege escalation with DATAACCESS. (CVE-2023-38003)

Summary IBM® Db2® could allow a user with DATAACCESS privileges to execute routines that they should not have access to. Vulnerability Details ** CVEID: CVE-2023-38003 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user with DATAACCESS privileges to.....

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM Business Automation Workflow due to July 2023 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped IBM Business Automation Workflow. CVE-2023-22045, CVE-2023-22049) Vulnerability Details ** CVEID: CVE-2023-22045 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component...

Product Explained: Memcyco's Real-Time Defense Against Website Spoofing

Hands-On Review: Memcyco's Threat Intelligence Solution Website impersonation, also known as brandjacking or website spoofing, has emerged as a significant threat to online businesses. Malicious actors clone legitimate websites to trick customers, leading to financial scams and data theft causing.....

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8, which is used by the desktop version of IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow. IBM Process Designer has addressed the applicable CVEs. Vulnerability Details ** CVEID:...

Intel BIOS Firmware CVE-2022-30704 (INTEL-SA-00717)

The version of the Intel BIOS on the remote device is affected by a vulnerability as identified in the INTEL-SA-00717 advisory. Improper initialization in the Intel(R) TXT SINIT ACM for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via...

Intel BIOS Firmware CVE-2022-30539 (INTEL-SA-00717)

The version of the Intel BIOS on the remote device is affected by a vulnerability as identified in the INTEL-SA-00717 advisory. Use after free in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access....

Intel BIOS Firmware CVE-2022-32231 (INTEL-SA-00717)

The version of the Intel BIOS on the remote device is affected by a vulnerability as identified in the INTEL-SA-00717 advisory. Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access....

Intel BIOS Firmware CVE-2021-0187 (INTEL-SA-00717)

The version of the Intel BIOS on the remote device is affected by a vulnerability as identified in the INTEL-SA-00717 advisory. Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local...

Intel BIOS Firmware CVE-2022-26837 (INTEL-SA-00717)

The version of the Intel BIOS on the remote device is affected by a vulnerability as identified in the INTEL-SA-00717 advisory. Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local...

Intel BIOS Firmware CVE-2022-26343 (INTEL-SA-00717)

The version of the Intel BIOS on the remote device is affected by a vulnerability as identified in the INTEL-SA-00717 advisory. Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access....

Debian DLA-3690-1 : intel-microcode - LTS security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3690 advisory. Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of...

Security Bulletin: IBM Storage Protect Server using IBM® SDK, Java™ Technology Edition is affected by multiple vulnerabilities (CVE-2023-22045, CVE-2023-22049)

Summary Vulnerabilities (CVE-2023-22045, CVE-2023-22049) exist in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Storage Protect Server and may be affected by this vulnerabilities. Vulnerability Details ** CVEID: CVE-2023-22045 DESCRIPTION: **An unspecified vulnerability in...

Wordfence CLI 2.1.0 Adds Email Capability and Unattended Configuration

Note: This post refers to Wordfence CLI, the command line tool for operations teams to rapidly scan large numbers of WordPress websites for vulnerabilities and malware, not the Wordfence plugin which is deeply integrated into WordPress and provides additional functionality, like a firewall,...

Security Bulletin: Multiple vulnerabilities in IBM Liberty for Java for IBM Cloud

Summary There are vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM Liberty for Java for IBM Cloud. This product has addressed the applicable CVE. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to....

CVE-2023-50268

jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this...

CVE-2023-50268

jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this...

CVE-2023-50268

jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this...

CVE-2023-50268

jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this...

CVE-2023-50268

jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this...

CVE-2023-50246

jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this...

CVE-2023-50246

jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this...

CVE-2023-50246

jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this...

CVE-2023-50246

jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this...

CVE-2023-50246

jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this...

Stack overflow

jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this...

Heap overflow

jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this...

CVE-2023-50268 jq has stack-based buffer overflow in decNaNs

jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this...

CVE-2023-50246 jq has heap-buffer-overflow vulnerability in the function decToString in decNumber.c

jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (October 2023) affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in October 2023. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Storage Scale packaged in Elastic Storage Server

Summary There are multiple vulnerabilities in Java™ Technology Edition used by the Elastic Storage Server. Fixes for all these vulnerabilities are available. Vulnerability Details ** CVEID: CVE-2023-22045 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool. These issues were disclosed as part of the IBM Java SDK updates in Oct 2023. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in...

[SECURITY] Fedora 38 Update: libreoffice-7.5.9.2-1.fc38

LibreOffice is an Open Source, community-developed, office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. ...

CVE-2023-43122

Samsung Mobile Processor and Wearable Processor (Exynos 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, and W920) allow Information Disclosure in the...

CVE-2023-45864

A race condition issue discovered in Samsung Mobile Processor Exynos 9820, 980, 1080, 2100, 2200, 1280, and 1380 allows unintended modifications of values within certain...

CVE-2023-43122

Samsung Mobile Processor and Wearable Processor (Exynos 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, and W920) allow Information Disclosure in the...

CVE-2023-45864

A race condition issue discovered in Samsung Mobile Processor Exynos 9820, 980, 1080, 2100, 2200, 1280, and 1380 allows unintended modifications of values within certain...

CVE-2023-42483

A TOCTOU race condition in Samsung Mobile Processor Exynos 9820, Exynos 980, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, and Exynos 1380 can cause unexpected termination of a...

CVE-2023-42483

A TOCTOU race condition in Samsung Mobile Processor Exynos 9820, Exynos 980, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, and Exynos 1380 can cause unexpected termination of a...

Race condition

A race condition issue discovered in Samsung Mobile Processor Exynos 9820, 980, 1080, 2100, 2200, 1280, and 1380 allows unintended modifications of values within certain...

Race condition

A TOCTOU race condition in Samsung Mobile Processor Exynos 9820, Exynos 980, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, and Exynos 1380 can cause unexpected termination of a...

Information disclosure

Samsung Mobile Processor and Wearable Processor (Exynos 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, and W920) allow Information Disclosure in the...

CVE-2023-50268

jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this...

CVE-2023-45864

A race condition issue discovered in Samsung Mobile Processor Exynos 9820, 980, 1080, 2100, 2200, 1280, and 1380 allows unintended modifications of values within certain...

Fedora: Security Advisory for libreoffice (FEDORA-2023-0d971cd6aa)

The remote host is missing an update for...

CVE-2023-50246

jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this...

Intel BIOS Firmware CVE-2023-25756 (INTEL-SA-00924)

The version of the Intel BIOS on the remote device is affected by a vulnerability as identified in the INTEL-SA-00924 advisory. Out-of-bounds read in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via adjacent...

CVE-2023-43122

Samsung Mobile Processor and Wearable Processor (Exynos 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, and W920) allow Information Disclosure in the...