Security Bulletin - Omniverse Launcher - August 2023
NVIDIA has released a software update for the Omniverse Workstation Launcher to address a security issue that may lead to information disclosure. To protect your system, download and apply the update for the Omniverse platform that you are using. If you are using the licensed NVIDIA Omniverse...
5.3CVSS
6.4AI Score
0.0005EPSS
Beware of BOLA (IDOR) Vulnerabilities in Web Apps and APIs
Introduction In a recent advisory, the Cybersecurity and Infrastructure Security Agency (CISA) warned vendors, designers, developers, and end-user organizations of web applications about the dangers posed by Insecure Direct Object Reference (IDOR) vulnerabilities, now commonly referred to as BOLA.....
7.1AI Score
Security Bulletin: CVE-2022-40609 affects IBM® SDK, Java™ Technology Edition
Summary CVE-2022-40609 affects the Object Request Broker (ORB) in IBM SDK, Java Technology Edition. An update has been released to address the vulnerability. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM SDK, Java Technology Edition could allow a remote attacker to execute...
9.8CVSS
7.1AI Score
0.003EPSS
Software based Power Side Channel on AMD CPUs
Bulletin ID:AMD-SB-7006 Potential Impact: Information disclosure Severity:Low Summary A potential leakage of data using software-based power side channels on AMD CPUs was reported to AMD. This issue has also been referred to as ‘Collide + Power’. CVE Details Refer to Glossary for explanation of...
4.7CVSS
6.9AI Score
0.0004EPSS
Summary IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities due to use of IBM® SDK Java™ Technology Edition, Version 8 (CVE-2023-21967, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937). The Java SDK is used by the TS7700 to provide the Management Interface, to perform cache.....
5.9CVSS
6.2AI Score
0.001EPSS
2023 OWASP Top-10 Series: API1:2023 Broken Object Level Authorization
Welcome to the 2nd post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API1:2023 Broken Object Level Authorization. In this series we are taking an in-depth look at each category – the details, the...
7.7AI Score
Summary There is a vulnerability in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVE and we recommend updating to the latest version to remediate....
7.4CVSS
6.1AI Score
0.001EPSS
7.1AI Score
7.1AI Score
7.1AI Score
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Decision Optimization for ICP4Data. IBM Decision Optimization for ICP4Data has addressed the applicable CVEs. Vulnerability Details If you run your own Java code using the IBM Java Runtime...
3.7CVSS
1.3AI Score
0.018EPSS
How MDR Helps Solve the Cybersecurity Talent Gap
How do you overcome today's talent gap in cybersecurity? This is a crucial issue — particularly when you find executive leadership or the board asking pointed questions about your security team's ability to defend the organization against new and current threats. This is why many security leaders.....
6.6AI Score
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive...
5.5CVSS
6.9AI Score
0.001EPSS
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts......
8.1CVSS
7.9AI Score
0.001EPSS
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts......
8.1CVSS
7.4AI Score
0.001EPSS
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts......
5.9CVSS
5.5AI Score
0.0004EPSS
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts......
7.5CVSS
6.6AI Score
0.001EPSS
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts......
8.8CVSS
7.4AI Score
0.001EPSS
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts......
5.4CVSS
5.8AI Score
0.0004EPSS
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts......
7.5CVSS
7.4AI Score
0.001EPSS
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts......
8.8CVSS
8.5AI Score
0.001EPSS
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts......
5.4CVSS
5.5AI Score
0.0004EPSS
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts......
8.1CVSS
7.9AI Score
0.001EPSS
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts......
7.5CVSS
7.4AI Score
0.001EPSS
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts......
8.8CVSS
8.5AI Score
0.001EPSS
CVE-2023-3324 Insecure deserialization in zenon internal DLLs
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts......
6.3CVSS
7.7AI Score
0.001EPSS
CVE-2023-3323 Code Execution through overwriting project file on zenon engineering studio system
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts......
5.9CVSS
5.9AI Score
0.0004EPSS
CVE-2023-3322 Code Execution through overwriting service executable in utilities directory
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts......
7CVSS
8.2AI Score
0.001EPSS
CVE-2023-3321 Code Execution through Writable Mosquitto Configuration File
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts......
7CVSS
8.8AI Score
0.001EPSS
Microsoft Defender Experts for XDR helps triage, investigate, and respond to cyberthreats
It has been an eventful time since the introduction of Microsoft Security Experts.1 We launched Defender Experts for Hunting, our first-party managed threat hunting service for customers who want Microsoft to help them proactively hunt threats across endpoints, Microsoft Office 365, cloud...
6.7AI Score
Trend Vision One™ - A Cybersecurity Consolidation Path
A single-platform approach delivers value greater than the sum of its...
7.1AI Score
7.1AI Score
Cross-Process Information Leak
Bulletin ID:AMD-SB-7008 Potential Impact:Information disclosure Severity:Medium Summary Under specific microarchitectural circumstances, a register in “Zen 2” CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register, which may.....
5.5CVSS
7AI Score
0.001EPSS
Security Bulletin: Vulnerability in IBM Java Runtime affects Host On-Demand
Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by Host On-Demand. Host On-Demand has provided a fix for the applicable CVE. The issue was disclosed as part of the IBM Java SDK and Runtime Environment update from part of Oracle's April 2023 Critical Patch Update......
7.4CVSS
6AI Score
0.001EPSS
Security Bulletin: Vulnerability in IBM Java Runtime affects Host On-Demand
Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by Host On-Demand. Host On-Demand has provided a fix for the applicable CVEs. This issue was disclosed as part of the IBM Java SDK and Runtime Environment updates in CVE-2023-30441. Vulnerability Details ** CVEID:...
7.5CVSS
5.9AI Score
0.002EPSS
7.1AI Score
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java...
9.1CVSS
7.2AI Score
0.001EPSS
A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server. An attacker would need to be authenticated into ESCWA to attempt to...
7.1CVSS
6.3AI Score
0.0005EPSS
A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server. An attacker would need to be authenticated into ESCWA to attempt to...
6.5CVSS
6.8AI Score
0.0005EPSS
A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server. An attacker would need to be authenticated into ESCWA to attempt to...
6.5CVSS
6.3AI Score
0.0005EPSS
A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server. An attacker would need to be authenticated into ESCWA to attempt to...
7.1CVSS
7AI Score
0.0005EPSS
7.1AI Score
Q2-2023 API ThreatStats™ Report: API Exploits Are Everywhere: from NVIDIA to Reddit and more!
Our Q2-2023 API ThreatStats™ report is out. It provides API builders, defenders, breakers, and decision-makers with a comprehensive look at the API security vulnerabilities, threats and exploits reported this past quarter. This report provides everyone involved in API development, security and...
7AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score