Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code...
9.8CVSS
9.6AI Score
0.003EPSS
Improper input validation in ABL may enable an attacker with physical access, to perform arbitrary memory overwrites, potentially leading to a loss of integrity and code...
6.8CVSS
7.2AI Score
0.001EPSS
Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to execute arbitrary DMA copies, which can lead to code...
8.8CVSS
9.1AI Score
0.001EPSS
Improper validation of DRAM addresses in SMU may allow an attacker to overwrite sensitive memory locations within the ASP potentially resulting in a denial of...
7.5CVSS
7.8AI Score
0.001EPSS
An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out of bounds write, potentially leading to a loss a loss of...
7.5CVSS
8AI Score
0.001EPSS
Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or denial of...
9.1CVSS
9AI Score
0.001EPSS
Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and...
9.1CVSS
9AI Score
0.001EPSS
Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege...
9.8CVSS
9.2AI Score
0.002EPSS
Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of...
5.5CVSS
7.2AI Score
0.0004EPSS
Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of...
7.5CVSS
7.9AI Score
0.001EPSS
Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory...
8.2CVSS
8.6AI Score
0.001EPSS
Insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application can lead to a host crash potentially resulting in denial of...
7.5CVSS
8.5AI Score
0.001EPSS
Insufficient address validation, may allow an attacker with a compromised ABL and UApp to corrupt sensitive memory locations potentially resulting in a loss of integrity or...
7.1CVSS
7.3AI Score
0.0004EPSS
A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information...
5.5CVSS
7.2AI Score
0.0004EPSS
A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information...
7.4CVSS
8.5AI Score
0.001EPSS
Managed XDR Investigation of Ducktail in Trend Micro Vision One™
The Trend Micro Managed XDR team investigated several Ducktail-related web browser credential dumping incidents involving different...
7.1AI Score
AMD Server Vulnerabilities – May 2023
Bulletin ID: AMD-SB-3001 Potential Impact: Varies by CVE, see descriptions below Severity:Varies by CVE, see descriptions below Summary Potential vulnerabilities in the AMD Secure Processor (ASP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV) and other platform...
9.8CVSS
8.1AI Score
0.001EPSS
Intel® VTuneTM Profiler Advisory
Summary: Potential security vulnerabilities in the Intel® VTune™ Profiler software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2022-41982 Description: Uncontrolled search path element in the...
7AI Score
Intel® oneAPI Toolkit and Component Software Installers Advisory
Summary: A potential security vulnerability in some Intel® oneAPI Toolkit and component software installers may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-22355 Description: Uncontrolled search....
6.8AI Score
Summary: A potential security vulnerability in some Intel® Field Programmable Gate Array (FPGA) products may allow escalation of privilege. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-38787 Description: Improper input...
6.8AI Score
AMD Client UEFI Firmware May 2023 Security Update
AMD has informed HP of potential vulnerabilities identified in client platform components for some AMD Athlon™ Processors and Ryzen™ Processors, which might allow arbitrary code execution, denial of service, and/or information disclosure. AMD is releasing firmware updates to mitigate these...
7.3AI Score
0.001EPSS
Managed XDR Investigation of Ducktail in Trend Vision One™
The Trend Micro Managed XDR team investigated several Ducktail-related web browser credential dumping incidents involving different...
7.1AI Score
Client Vulnerabilities – May 2023
Bulletin ID:AMD-SB-4001 Potential Impact:Varies by CVE, see descriptions below Severity:Varies by CVE, see descriptions below Summary Potential vulnerabilities in AMD Secure Processor (ASP), AMD System Management Unit (SMU), and other platform components were discovered, and mitigations are being.....
9.8CVSS
8.2AI Score
0.001EPSS
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in January 2023 and April 2022. Vulnerability Details ** CVEID: CVE-2023-21830 ...
6.5AI Score
0.001EPSS
Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities
Summary There are vulnerabilities in IBM® Semeru Java™ Version 11 used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.4 Fix Pack 1 IF17 has addressed the applicable CVEs by upgrading to IBM® Semeru JRE 11.0.18.0 (CVE-2022-21449, CVE-2022-21434, CVE-2022-21443, CVE-2022-21624,...
8.9AI Score
0.802EPSS
pyxis-suisse.ch Cross Site Scripting vulnerability OBB-3294130
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6AI Score
How Microsoft can help you go passwordless this World Password Day
It’s that time of year again. World Password Day is May 4, 2023.1 There’s a reason it’s still going strong 10 years after being created by cybersecurity professionals. A recent study that analyzed more than 15 billion passwords found that the top 10 most popular passwords still include...
7.3AI Score
How Microsoft can help you go passwordless this World Password Day
It’s that time of year again. World Password Day is May 4, 2023.1 There’s a reason it’s still going strong 10 years after being created by cybersecurity professionals. A recent study that analyzed more than 15 billion passwords found that the top 10 most popular passwords still include...
7.3AI Score
As we continue to drive toward making the world safer and more productive for all, it is vital we empower our customers to secure every aspect of their organization. Each day we are seeing more advanced security threats as bad actors develop new tactics that aim to take advantage of businesses as.....
6.6AI Score
As we continue to drive toward making the world safer and more productive for all, it is vital we empower our customers to secure every aspect of their organization. Each day we are seeing more advanced security threats as bad actors develop new tactics that aim to take advantage of businesses as.....
6.7AI Score
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities).....
7AI Score
0.001EPSS
Summary Vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVEs. Vulnerability Details ** CVEID: CVE-2023-30441 DESCRIPTION: **IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE...
5.3AI Score
0.002EPSS
Summary CVE-2021-2161 was disclosed as part of the Oracle April 2021 Critical Patch Update. Vulnerability Details ** CVEID: CVE-2021-2161 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality...
5.3AI Score
0.002EPSS
Summary Multiple vulnerabilities were disclosed as part of the Oracle October 2021 Critical Patch Update. Vulnerability Details ** CVEID: CVE-2021-35560 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take...
8.7AI Score
0.003EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling External Authentication Server. IBM Sterling External Authentication Server has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2022-21628 DESCRIPTION: **Java SE is...
6.6AI Score
0.002EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling Secure Proxy. IBM Sterling Secure Proxy has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2022-21426 DESCRIPTION: **An unspecified vulnerability in Java SE related to.....
6.6AI Score
0.002EPSS
Summary A vulnerability in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-30441 DESCRIPTION: **IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE components could expose...
6.8AI Score
0.002EPSS
Summary IBM® SDK, Java™ Technology Edition, Version 8 and IBM Semeru Runtime Certified Edition 11 that are used by the z/Transaction Processing Facility (z/TPF) system are both vulnerable to CVE-2023-30441. The z/TPF system was updated to address this CVE for both IBM Java SDK and IBM Semeru...
6.9AI Score
0.002EPSS
Summary There is a vulnerability in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server traditional and IBM....
7.1AI Score
0.002EPSS
APC warns about critical vulnerabilities in online UPS monitoring software
In a security notification, APC has warned home and corporate users about critical vulnerabilities in the software used to monitor and control their UPS systems online. APC, which started as the American Power Conversion in 1981, today is a part of Schneider Electric™. APC is an industry leader...
9.8CVSS
8.2AI Score
0.002EPSS
Summary IBM® Db2® is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. Vulnerability Details ** CVEID: CVE-2023-29257 DESCRIPTION: **IBM Db2 is vulnerable to remote code execution as.....
7.3AI Score
0.003EPSS
Summary IBM® Db2® is vulnerable to a denial of service as as it may trap when compiling a variation of an anonymous block. Vulnerability Details ** CVEID: CVE-2023-29255 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as it may.....
6.9AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when when attempting to use ACR client affinity for unfenced DRDA federation wrappers. Vulnerability Details ** CVEID: CVE-2023-27555 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) is...
6.9AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted SQL query using a LIMIT clause. Vulnerability Details ** CVEID: CVE-2023-26021 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial...
7.3AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. Vulnerability Details ** CVEID: CVE-2023-25930 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable.....
5.6AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when an Out of Memory occurs. Vulnerability Details ** CVEID: CVE-2023-26022 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash.....
6.9AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. Vulnerability Details ** CVEID: CVE-2023-27559 DESCRIPTION: **IBM Db2 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. CVSS...
7AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-21830 DESCRIPTION:.....
5.6AI Score
0.001EPSS
Security Bulletin: NVIDIA CUDA Toolkit - April 2023
NVIDIA has released a software update for NVIDIA® CUDA® Toolkit software. This update addresses security issues that may lead to code execution, limited denial of service, and limited information disclosure. To protect your system, download and install this software update from the CUDA Toolkit...
5.8AI Score
0.0005EPSS
Microsoft Entra delivers 240 percent ROI, according to new Forrester study
Every day we easily move between apps and devices while identity professionals work hard behind the scenes to improve technologies that make this digital experience more secure. With nearly 50 percent of data breaches caused by stolen credentials, it's important for identity professionals to arm...
6.3AI Score