Intel® Optane™ SSD and Intel® Optane™ SSD DC Firmware Advisory
Summary: Potential security vulnerabilities in some Intel® Optane™ SSD and some Intel® Optane™ SSD DC products may allow escalation of privilege, information disclosure or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details:...
7.8AI Score
0.001EPSS
Summary: Potential security vulnerabilities in the BIOS firmware for some Intel® Processors may allow escalation of privilege or denial of service. Intel is releasing BIOS updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-25756 Description: Out-of-bounds...
7.8AI Score
0.0004EPSS
AMD Graphics Driver Vulnerabilities – November 2023
Bulletin ID: AMD-SB-6003 Potential Impact: Varies by CVE, see descriptions below Severity:Varies by CVE, see descriptions below Summary AMD received reports of vulnerabilities potentially affecting some AMD Graphics products. Refer to the CVE Details section for information about each CVE. CVE...
7.5CVSS
8AI Score
0.0005EPSS
AMD Client Vulnerabilities – November 2023
Bulletin ID: AMD-SB-4002 Potential Impact: Varies by CVE, see descriptions below Severity:Varies by CVE, see descriptions below ****Summary Potential vulnerabilities in AMD Secure Processor (ASP), AMD System Management Unit (SMU), and other platform components were reported, and mitigations are...
9.8CVSS
8.7AI Score
EPSS
Summary: Summary: Potential security vulnerabilities in some Intel® NUC Software may allow escalation of privilege, denial of service, and information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-28737...
8.7AI Score
EPSS
Intel® Arc™ RGB Controller Software Advisory
Summary: A potential security vulnerability in some Intel® Arc™ RGB Controller software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-32638 Description: Incorrect default permissions in some...
7.2AI Score
0.0004EPSS
Summary: A potential security vulnerability in some Intel® Field Programmable Gate Array (FPGA) products may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-22327 Description: Out-of-bounds write...
6.4AI Score
0.0004EPSS
Moderate: libreoffice security update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
7.8CVSS
7AI Score
0.001EPSS
Moderate: libreoffice security update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
7.8CVSS
6.4AI Score
0.001EPSS
Intel® Graphics Drivers Advisory
Summary: Potential security vulnerabilities in some Intel® Graphics drivers may allow escalation of privilege, denial of service and information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-29165 Description:...
7.5AI Score
0.0004EPSS
New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks
Cybersecurity researchers have warned about a Windows version of a wiper malware that was previously observed targeting Linux systems in cyber attacks aimed at Israel. Dubbed BiBi-Windows Wiper by BlackBerry, the wiper is the Windows counterpart of BiBi-Linux Wiper, which has been put to use by a.....
7.2AI Score
GitLab 10.3 < 16.3.6 / 16.4.0 < 16.4.2 / 16.5.0 < 16.5.1 (CVE-2023-3246)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows...
4.3CVSS
4.3AI Score
0.0004EPSS
kernel security, bug fix, and enhancement update
[5.14.0-362.8.1_3.OL9] Update Oracle Linux certificates (Kevin Lyons) Disable signing for aarch64 (Ilya Okomin) Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] Update x509.genkey [Orabug: 24817676] Conflict with shim-ia32...
8.2CVSS
7.8AI Score
EPSS
De-risking in Practice: How Qualys Customers are Driving Value in Their Organizations
As the threat landscape continues to grow in complexity, it has become more important than ever for the modern enterprise to measure, communicate, and eliminate cyber risk with efficiency. What does that mean in practice? Over the last two days, during the 2023 Qualys Security Conference (QSC)...
7.6AI Score
Grasping the Fundamentals of API Breaches API, short for Application Programming Interface, consists of a stipulated set of guidelines and procedures enabling heterogeneous software applications to establish communication amongst them. Conceptualize it as an interconnecting channel that unites...
8AI Score
Leveraging AI-informed Cybersecurity to Measure, Communicate, and Eliminate Cyber Risk
Dilip Bachwani, Qualys CTO, shares the Qualys AI strategy with TruRisk AI at QSC 2023. The threat landscape is constantly evolving, and so are the implications of cyber risk across any organization. As attacker tactics become more sophisticated and persistent, cybersecurity strategies must grow...
7.2AI Score
Red Canary Mac Monitor is an advanced, stand-alone system monitoring tool tailor-made for macOS security research, malware triage, and system troubleshooting. Harnessing Apple Endpoint Security (ES), it collects and enriches system events, displaying them graphically, with an expansive feature set....
6.8AI Score
Malvertiser copies PC news site to deliver infostealer
The majority of malvertising campaigns delivering malicious utilities that we have tracked so far typically deceive victims with pages that are almost the exact replica of the software vendor being impersonated. For example, we have seen fake websites appearing like the real Webex, AnyDesk or...
7.2AI Score
NewStart CGSL MAIN 6.06 : sudo Vulnerability (NS-SA-2023-0135)
The remote NewStart CGSL host, running version MAIN 6.06, has sudo packages installed that are affected by a vulnerability: Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer...
7AI Score
0.0004EPSS
An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). A buffer copy, without checking the size of the input, can cause...
7.5CVSS
7.5AI Score
0.0005EPSS
An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). Improper handling of a length parameter inconsistency can cause...
7.5CVSS
7.5AI Score
0.0005EPSS
An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). A buffer copy, without checking the size of the input, can cause...
7.5CVSS
0.0005EPSS
An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). Improper handling of a length parameter inconsistency can cause...
7.5CVSS
0.0005EPSS
An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). Improper handling of a length parameter inconsistency can cause...
7.5CVSS
7.1AI Score
0.0005EPSS
An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). A buffer copy, without checking the size of the input, can cause...
7.5CVSS
7.2AI Score
0.0005EPSS
An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). A buffer copy, without checking the size of the input, can cause...
7.1CVSS
7.8AI Score
0.0005EPSS
An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). Improper handling of a length parameter inconsistency can cause...
7.1CVSS
7.7AI Score
0.0005EPSS
Navigating Threats – Insights from the Wallarm API ThreatStats™ Report Q3’2023
The world of digital technology is perpetually evolving, positioning cybersecurity as a frontline defense in safeguarding essential digital assets. A primary challenge in this sector, accentuated by the Wallarm API ThreatStats™ report Q3’2023, is ensuring robust API security. This in-depth report.....
6.6AI Score
7.8CVSS
7.8AI Score
0.0004EPSS
Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data...
7.8CVSS
7.8AI Score
0.0004EPSS
Information Disclosure in Qualcomm IPC while reading values from shared memory in...
6.1CVSS
5.3AI Score
0.0004EPSS
9.8CVSS
9.6AI Score
0.001EPSS
9.8CVSS
9.3AI Score
0.001EPSS
9.8CVSS
7.2AI Score
0.001EPSS
(RHSA-2023:6508) Moderate: libreoffice security update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
6.8AI Score
0.001EPSS
CVE-2023-22388 Use of Out-of-range Pointer Offset in Multi-mode Call Processor
Memory Corruption in Multi-mode Call Processor while processing bit mask...
9.8CVSS
9.7AI Score
0.001EPSS
Moderate: libreoffice security update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
7.8CVSS
7.2AI Score
0.001EPSS
Moderate: libreoffice security update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
7.8CVSS
6.4AI Score
0.001EPSS
Rocky Linux 8 : thunderbird (RLSA-2022:6708)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:6708 advisory. When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the inner HTML document, remote objects...
8.8CVSS
8AI Score
0.002EPSS
Apache NiFi Credentials Gather
This module will grab Apache NiFi credentials from various files on...
7.4AI Score
An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job...
4.3CVSS
4.3AI Score
0.0004EPSS
An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job...
4.3CVSS
4.7AI Score
0.0004EPSS
An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job...
4.3CVSS
4.2AI Score
0.0004EPSS
An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job...
4.3CVSS
6.2AI Score
0.0004EPSS
An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job...
4.3CVSS
6.7AI Score
0.0004EPSS
CVE-2023-3246 Uncontrolled Resource Consumption in GitLab
An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job...
4.3CVSS
5AI Score
0.0004EPSS
Summary IBM® Runtime Environment Java™ Version 8.0.7.0 through 8.0.7.11 used by IBM® Db2® is vulnerable to information disclosure. The fix for this issue was already published in an earlier bulletin. If you have already applied the appropriate Db2 special build or Java version 8.0.8.6 or higher...
7.5CVSS
9.1AI Score
0.002EPSS
Summary IBM® Db2® is vulnerable to an information disclosure vulnerability due to the consumed GSKit library. The fix for this issue was already published in an earlier bulletin. If you have already applied the appropriate Db2 special build or installed GSKit version 8.0.55.31, which contains the.....
7.5CVSS
6AI Score
0.001EPSS
First handset with MTE on the market
By Mark Brand, Google Project Zero Introduction It's finally time for me to fulfill a long-standing promise. Since I first heard about ARM's Memory Tagging Extensions, I've said (to far too many people at this point to be able to back out…) that I'd immediately switch to the first available device....
8AI Score
F5 Networks BIG-IP : Side-channel processor vulnerability (K35135935)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K35135935 advisory. Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an...
5.6CVSS
5.4AI Score
0.001EPSS