jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this...
6.2CVSS
7.4AI Score
0.0004EPSS
Samsung Mobile Processor and Wearable Processor (Exynos 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, and W920) allow Information Disclosure in the...
4.8CVSS
5.3AI Score
0.001EPSS
A TOCTOU race condition in Samsung Mobile Processor Exynos 9820, Exynos 980, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, and Exynos 1380 can cause unexpected termination of a...
6.3CVSS
6.5AI Score
0.0004EPSS
Intel BIOS Firmware CVE-2023-22329 (INTEL-SA-00924)
The version of the Intel BIOS on the remote device is affected by a vulnerability as identified in the INTEL-SA-00924 advisory. Improper input validation in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via adjacent...
3.5CVSS
7.2AI Score
0.0004EPSS
Microsoft is addressing 34 vulnerabilities this December Patch Tuesday, including a single zero-day vulnerability and three critical remote code execution (RCE) vulnerabilities. December Patch Tuesday has historically seen fewer patches than a typical month, and this trend continues in 2023. This.....
9.6CVSS
8.7AI Score
0.035EPSS
Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise...
7.4CVSS
7AI Score
0.002EPSS
The version of Atlassian Jira Service Management Data Center and Server (Jira Service Desk) running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-14746 advisory. Json-smart is a performance focused, JSON processor lib. When reaching a [ or { character in the...
7.5CVSS
8.7AI Score
0.001EPSS
Intel 2023.4 IPU Out-of-Band (OOB) Processor Security Update
Intel has informed HP of a potential security vulnerability in some Intel® Processors, which might allow escalation of privilege and/or information disclosure and/or denial of service via local access. Intel is releasing firmware updates to mitigate this potential vulnerability. Intel has...
8.8CVSS
7.4AI Score
0.0004EPSS
SLAM Attack: New Spectre-based Vulnerability Impacts Intel, AMD, and Arm CPUs
Researchers from the Vrije Universiteit Amsterdam have disclosed a new side-channel attack called SLAM that could be exploited to leak sensitive information from kernel memory on current and upcoming CPUs from Intel, AMD, and Arm. The attack is an end-to-end exploit for Spectre based on a new...
7.5CVSS
6.9AI Score
0.002EPSS
Summary IBM Operations Analytics Predictive Insights uses BM® SDK, Java™ Technology Edition, and vulnerability CVE-2022-40609 may expose Java process to a variety of malicious attacks Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM SDK, Java Technology Edition 7.1.5.18 and...
9.8CVSS
7.4AI Score
0.003EPSS
Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code...
7.8CVSS
0.0004EPSS
Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code...
7.8CVSS
7.9AI Score
0.0004EPSS
Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code...
7.8CVSS
7.9AI Score
0.0004EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM System Networking Switch Center (SNSC). These issues were disclosed as part of the IBM Java SDK updates in January 2018 and April 2018. Vulnerability Details VEID: CVE-2018-2579 DESCRIPTION: An...
5.3CVSS
1.4AI Score
0.004EPSS
Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code...
8.1AI Score
0.0004EPSS
Mitsubishi Electric FA Engineering Software Products
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 Vendor: Mitsubishi Electric Equipment: MELIPC , MELSEC iQ-R, and MELSEC Q Series Vulnerabilities: Processor Optimization Removal or Modification of Security-Critical Code, Observable Discrepancy 2. RISK EVALUATION Successful exploitation of these...
5.5CVSS
7.2AI Score
0.0005EPSS
Integrated DFIR Tool Can Simplify and Accelerate Cyber Forensics
Explore real use cases demonstrating the transformative impact of Trend Vision One™ – Forensics, an integrated Digital Forensics and Incident Response (DFIR)...
7.4AI Score
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL...
7.1CVSS
5.6AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
7.8CVSS
7.7AI Score
0.0004EPSS
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in...
6.5CVSS
6.4AI Score
0.0004EPSS
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input...
7.8CVSS
7.9AI Score
0.0004EPSS
7.8CVSS
7.6AI Score
0.0004EPSS
Memory corruption in MPP performance while accessing DSM watermark using external memory...
7.8CVSS
7.8AI Score
0.0004EPSS
Security Advisory 0090 _._CSAF PDF Date: December 5, 2023 Revision | Date | Changes ---|---|--- 1.0 | December 5, 2023 | Initial release The CVE-ID tracking this issue: CVE-2023-24547 CVSSv3.1 Base Score: 5.9 (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H) Common Weakness Enumeration: CWE-212:...
6.5CVSS
5.7AI Score
0.0005EPSS
HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL
Summary HtmlUnit 3.8.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage Details Vulnerability code location: org.htmlunit.activex.javascript.msxml.XSLProcessor#transform(org.htmlunit.activex.javascript.msxml.XMLDOMNode) The reason for the vulnerability...
9.8CVSS
8AI Score
0.003EPSS
HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL
Summary HtmlUnit 3.8.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage Details Vulnerability code location: org.htmlunit.activex.javascript.msxml.XSLProcessor#transform(org.htmlunit.activex.javascript.msxml.XMLDOMNode) The reason for the vulnerability...
9.8CVSS
8AI Score
0.003EPSS
New P2PInfect Botnet MIPS Variant Targeting Routers and IoT Devices
Cybersecurity researchers have discovered a new variant of an emerging botnet called P2PInfect that's capable of targeting routers and IoT devices. The latest version, per Cado Security Labs, is compiled for Microprocessor without Interlocked Pipelined Stages (MIPS) architecture, broadening its...
10CVSS
7.3AI Score
0.971EPSS
USN-6485-1: Intel Microcode vulnerability | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Benoit Morgan, Paul Grosen, Thais Moreira Hamasaki, Ke Sun, Alyssa Milburn, Hisham Shafi, Nir Shlomovich, Tavis Ormandy, Daniel Moghimi, Josh Eads, Salman...
8.8CVSS
7.1AI Score
0.0004EPSS
Summary IBM® SDK Java™ Technology Edition is shipped as a component of IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable issues, CVE-2023-22045 and CVE-2023-22049 Vulnerability Details ** CVEID: CVE-2023-22045 DESCRIPTION: **An unspecified vulnerability in Java SE...
3.7CVSS
6.4AI Score
0.001EPSS
Apache NiFi cross-site scripting vulnerability (CNVD-2023-9665850)
Apache NiFi is a data processing and distribution system from the Apache (USA) Foundation. The system is primarily used for data routing, transformation and system mediation logic. Apache NiFi suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and...
5.4CVSS
6.3AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to denial of service with a specially crafted XML query statement. Vulnerability Details ** CVEID: CVE-2023-38728 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted XML query...
7.5CVSS
7.5AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to an information disclosure vulnerability due to the consumed GSKit library. Vulnerability Details ** CVEID: CVE-2023-33850 DESCRIPTION: **IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the...
7.5CVSS
7.4AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to denial of service with a specially crafted ALTER TABLE statement. Vulnerability Details ** CVEID: CVE-2023-38720 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted ALTER...
7.5CVSS
7.5AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query. Vulnerability Details ** CVEID: CVE-2023-30991 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query. CVSS Base score:...
7.5CVSS
7.4AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to denial of service via a specially crafted query on certain databases. Vulnerability Details ** CVEID: CVE-2023-30987 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a...
7.5CVSS
7.5AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query containing common table expressions. Vulnerability Details ** CVEID: CVE-2023-40373 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a...
7.5CVSS
7.8AI Score
0.001EPSS
Summary There was a vulnerability in IBM® Runtime Environment Java™ Version 7.1.5.18 and earlier, 8.0.8.4 and earlier used by IBM® Db2®. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute...
9.8CVSS
9.4AI Score
0.003EPSS
Summary IBM® Db2® is vulnerable to a denial of service with a specially crafted SQL statement. Vulnerability Details ** CVEID: CVE-2023-38740 DESCRIPTION: **IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) is vulnerable to a denial of service with a specially crafted SQL...
7.5CVSS
6.3AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7.1.5.17 and earlier, 8.0.8.4 and earlier used by IBM® Db2®. These issues were disclosed as part of the IBM Java SDK updates in April 2023. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An...
9.1CVSS
8.7AI Score
0.002EPSS
Maintaining a secure and optimized digital environment allows new ideas to flourish wherever they occur. In the modern workplace, where devices and locations are no longer fixed, Microsoft Intune eases the task of managing and protecting the endpoints of businesses everywhere. It helps secure...
7.3AI Score
Maintaining a secure and optimized digital environment allows new ideas to flourish wherever they occur. In the modern workplace, where devices and locations are no longer fixed, Microsoft Intune eases the task of managing and protecting the endpoints of businesses everywhere. It helps secure...
7.3AI Score
Wallarm to Unveil New API Security Solution and Strategic Shift at Black Hat Europe 2023
If you're involved with cybersecurity and are based in Europe, then Black Hat Europe 2023 in London, December 6 and 7 is a must-attend event. Wallarm, the experts in API and Application Security, will be attending the event, and we're excited to connect with you. If you are planning to attend,...
7.3AI Score
Deciphering SSL VPN: An In-depth Perspective Pivoting our lens towards data in this digital era, akin to the transition observed during the oil boom, we've realized that the fodder for importance today is safeguarding data while it voyages through global networks. SSL VPN (Secure Sockets Layer...
7.5AI Score
intel-microcode is vulnerable to Privilege Escalation. The vulnerability exists due to a sequence of processor instructions that results in unexpected behavior for certain Intel(R) Processors. An authenticated user may exploit this issue to potentially enable escalation of privilege, information...
8.8CVSS
6.7AI Score
0.0004EPSS
Improper Neutralization of Input in Advanced User Interface for Jolt
Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, then....
7.9CVSS
5.3AI Score
0.001EPSS
Improper Neutralization of Input in Advanced User Interface for Jolt
Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, then....
7.9CVSS
6.7AI Score
0.001EPSS