Summary Multiple vulnerabilities were disclosed in the Oracle April 2023 Quarterly CPU Update. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an...
9.1CVSS
8AI Score
0.002EPSS
Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their July 2023 Critical Patch Update. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Test...
3.7CVSS
6.3AI Score
0.001EPSS
Summary IBM Sterling Connect:Direct Web Services uses IBM® Runtime Environment Java™ Versions which has a remote code execution vulnerability. IBM Sterling Connect:Direct Web Services has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM SDK, Java...
9.8CVSS
9.4AI Score
0.003EPSS
Summary IBM Sterling Connect:Direct Browser User Interface uses IBM® Runtime Environment Java™ Versions 8.0 which has a remote code execution vulnerability. IBM Sterling Connect:Direct Browser User Interface has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2022-40609 ...
9.8CVSS
9.4AI Score
0.003EPSS
2023 OWASP Top-10 Series: API6:2023 Unrestricted Access to Sensitive Business Flows
Welcome to the 7th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API6:2023 Unrestricted Access to Sensitive Business Flows. In this series we are taking an in-depth look at each category – the...
7AI Score
7AI Score
Intel® ArcTM Graphics Cards Advisory
Summary: Potential security vulnerabilities in some Intel® Arc™ Limited Edition graphics cards may allow denial of service or information disclosure. Intel is releasing prescriptive guidance to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2022-41984 Description:...
6.8AI Score
0.0004EPSS
Numbers Don't Lie: Exposing the Harsh Truths of Cyberattacks in New Report
How often do cyberattacks happen? How frequently do threat actors target businesses and governments around the world? The BlackBerry® Threat Research and Intelligence Team recently analyzed 90 days of real-world data to answer these questions. Full results are in the latest BlackBerry Global...
6.6AI Score
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition in version 8, that is used by IBM Tivoli Composite Application Manager for Transactions - Robotic Response Time. An update has been released to address the vulnerability. Vulnerability Details CVEID: CVE-2022-40609...
9.8CVSS
7.5AI Score
0.003EPSS
Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition
Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their July 2023 Critical Patch Update. For more information please refer to Oracle's July 2023 CPU Advisory and the X-Force database entries referenced below. Vulnerability Details ** CVEID: CVE-2023-22045 ...
3.7CVSS
4.9AI Score
0.001EPSS
Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Monitoring.
Summary Vulnerabilities in IBM® Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components. CVEs: CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597 and CVE-2022-40609 Vulnerability.....
9.8CVSS
9.2AI Score
0.003EPSS
Summary A vulnerability exists in IBM® Runtime Environment Java™ Versions 8, which is used by the desktop version of IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow. IBM Process Designer has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-21967 ...
5.9CVSS
7.7AI Score
0.001EPSS
Security Bulletin: NVIDIA DGX H100 - August 2023
NVIDIA has released a firmware security update for the NVIDIA DGX™ H100 system. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. To protect your system, download and install this firmware update...
9.8CVSS
9.1AI Score
0.002EPSS
Security Bulletin: NVIDIA GeForce NOW for Android - August 2023
NVIDIA has released a firmware security update for the NVIDIA GeForce NOW Android mobile and TV app. This update addresses issues that may lead to code execution, denial of service, and information disclosure. To protect customer systems, the NVIDIA GeForce NOW for Android app will prompt...
4.8CVSS
6.6AI Score
0.0004EPSS
2023 OWASP Top-10 Series: API5:2023 Broken Function Level Authorization
Welcome to the 6th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API5:2023 Broken Function Level Authorization. In this series we are taking an in-depth look at each category – the details, the...
7.1AI Score
Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to an attacker executing arbitrary code due to an unsafe deserialization flaw as described in the vulnerability details section. The vulnerability is fixed by applying an IBM i Group PTF for...
9.8CVSS
7.3AI Score
0.003EPSS
Security Bulletin: Vulnerabilities in IBM Java Runtime affect z/Transaction Processing Facility
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-21967 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise.....
5.9CVSS
6.2AI Score
0.001EPSS
SolarView Compact unauthenticated remote command execution vulnerability.
CONTEC's SolarView™ Series enables you to monitor and visualize solar power and is only available in Japan. This module exploits a command injection vulnerability on the SolarView Compact v6.00 web application via vulnerable endpoint downloader.php. After exploitation, an attacker will have full...
9.8CVSS
7.5AI Score
0.963EPSS
7.1AI Score
7.1AI Score
2023 OWASP Top-10 Series: API4:2023 Unrestricted Resource Consumption
Welcome to the 5th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API4:2023 Unrestricted Resource Consumption. In this series we are taking an in-depth look at each category – the details, the...
7.4AI Score
Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to denial of service, availability, integrity, and confidentiality impacts as described in the vulnerability details section (CVE-2022-21426, CVE-2023-2597, CVE-2023-21830, CVE-2023-21843,...
9.1CVSS
7.6AI Score
0.002EPSS
Summary There is vulnerability in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM SDK,...
9.8CVSS
7.3AI Score
0.003EPSS
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel...
6.7CVSS
6.4AI Score
0.0004EPSS
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel...
6.7CVSS
6.4AI Score
0.0004EPSS
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of...
4.4CVSS
4.9AI Score
0.0004EPSS
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of...
4.4CVSS
5.1AI Score
0.0004EPSS
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of...
4.4CVSS
4.8AI Score
0.0004EPSS
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel...
6.7CVSS
6.4AI Score
0.0004EPSS
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of...
5.2AI Score
0.0004EPSS
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel...
6.6AI Score
0.0004EPSS
Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Report
The just-released BlackBerry Global Threat Intelligence Report reveals a 40% increase in cyberattacks against government and public service organizations versus the previous quarter. This includes public transit, utilities, schools, and other government services we rely on daily. With limited...
6.7AI Score
7.1AI Score
2023 OWASP Top-10 Series: API3:2023 Broken Object Property Level Authorization
Welcome to the 4th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API3:2023 Broken Object Property Level Authorization. In this series we are taking an in-depth look at each category – the...
6.8AI Score
Summary IBM® Runtime Environment Java™ is used by CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. The fix updates the Java Runtime Environment to resolve the following vulnerabilities. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM...
9.8CVSS
9.2AI Score
0.003EPSS
Summary IBM® Runtime Environment Java™ is used by CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. The fix updates the Java Runtime Environment to resolve the following vulnerabilities. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM...
9.8CVSS
9.2AI Score
0.003EPSS
Summary There is a vulnerability in the IBM® SDK, Java™ Technology Edition that is shipped with IBM Liberty for Java for IBM Cloud. The CVE(s) listed in this document might affect some configurations of IBM Liberty for Java for IBM Cloud. This product has addressed the applicable CVE. If you run...
9.8CVSS
7.2AI Score
0.003EPSS
A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any...
9.8CVSS
9.6AI Score
0.001EPSS
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of...
5.5CVSS
6.7AI Score
0.001EPSS
A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any...
9.8CVSS
9.5AI Score
0.001EPSS
An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code...
6.8CVSS
6.7AI Score
0.001EPSS
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information...
4.7CVSS
6.6AI Score
0.0004EPSS
Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in...
7.8CVSS
7.7AI Score
0.0004EPSS
A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any...
9.8CVSS
9.5AI Score
0.001EPSS
CVE-2023-20586 Radeon™ Software Crimson ReLive Edition
A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any...
9.8AI Score
0.001EPSS
Intel® Unison™ Software Advisory
Summary: Potential security vulnerabilities in some Intel® Unison™ software may allow escalation of privilege or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-25757 Description: Improper access...
6.8AI Score
0.001EPSS
Intel® RealSenseTM SDK Advisory
Summary: A potential security vulnerability in some Intel® RealSense™ Software Development Kits (SDKs) may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-32663 Description: Incorrect default...
7.3AI Score
0.0004EPSS
SMM Memory Corruption Vulnerability
Bulletin ID: AMD-SB-4003 Potential Impact: Arbitrary Code Execution Severity: High Summary SMM memory corruption vulnerability in SMM driver on some AMD Processors. CVE-2023-20555 Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an...
7.8CVSS
8.2AI Score
0.0004EPSS
AMD® Ryzen Master™ SDK February 2023 Security Update
AMD has informed HP of a potential security vulnerability identified in the AMD® Ryzen Master™ Monitoring SDK, which might allow escalation of privilege. AMD has released software to mitigate the potential vulnerability. AMD has released updates to mitigate the potential vulnerability. HP has...
7.8CVSS
7AI Score
0.0004EPSS