What Developers Need to Fight the Battle Against Common Vulnerabilities
Today's threat landscape is constantly evolving, and now more than ever, organizations and businesses in every sector have a critical need to consistently produce and maintain secure software. While some verticals - like the finance industry, for example - have been subject to regulatory and...
-0.6AI Score
NVIDIA has released a software update for NVIDIA® Jetson AGX Xavier™ series, Jetson Xavier™ NX, Jetson TX1, Jetson TX2 series (including Jetson TX2 NX), and Jetson Nano™ devices (including Jetson Nano 2GB) in the NVIDIA JetPack™ software development kit (SDK). The update addresses security issues.....
7.9CVSS
2.6AI Score
0.001EPSS
-0.2AI Score
0.002EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, used by WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in October 2022. These issues are addressed by WebSphere Application Server shipped with WebSphere...
1.7AI Score
Security Bulletin: NVIDIA GPU Display Driver - November 2022
NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. To protect your system, download and install this software update...
8.8CVSS
7.5AI Score
0.001EPSS
Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM CPLEX Optimization Studio. IBM CPLEX Optimization Studio has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2021-28167 DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to bypass...
6.5CVSS
0.8AI Score
0.001EPSS
Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM CPLEX Optimization Studio. IBM CPLEX Optimization Studio has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2022-3676 DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to bypass...
6.5CVSS
1AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to a denial of service after entering a specially crafted malformed SQL statement into the db2expln tool. Vulnerability Details ** CVEID: CVE-2022-35637 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of...
6.5CVSS
0.8AI Score
0.001EPSS
Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM CPLEX Optimization Studio. IBM CPLEX Optimization Studio has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2021-41041 DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to bypass...
5.3CVSS
0.8AI Score
0.001EPSS
How the MITRE ATT&CK Framework Enhances Cloud Security
Upgrade your cybersecurity game with MITRE ATT&CK™. Discover how this framework can help you protect your business—now and in the...
2.1AI Score
Microsoft supports the DoD’s Zero Trust strategy
The Department of Defense (DoD) released its formal Zero Trust strategy today, marking a major milestone in its goal of achieving enterprise-wide implementation by 2027. The strategy comes at a critical time as United States government networks continue to face nearly half the global nation-state.....
-0.5AI Score
Microsoft supports the DoD’s Zero Trust strategy
The Department of Defense (DoD) released its formal Zero Trust strategy today, marking a major milestone in its goal of achieving enterprise-wide implementation by 2027. The strategy comes at a critical time as United States government networks continue to face nearly half the global nation-state.....
-0.5AI Score
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities).....
3AI Score
Summary IBM® Db2® is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. Vulnerability Details ** CVEID: CVE-2022-22483 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows 9.7, 10.1,...
6.5CVSS
0.4AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 & 8 used by Tivoli Netcool Performance Manager for Wireless. Tivoli Netcool Performance Manager for Wireless has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates...
0.3AI Score
Summary IBM® SDK Java™ Technology Edition, is used by IBM Tivoli Application Dependency Discovery Manager (TADDM) and is vulnerable to a denial of service (CVE-2021-35561, CVE-2022-21443, CVE-2022-21434,CVE-2022-21496,CVE-2022-21299). Vulnerability Details ** CVEID: CVE-2022-21299 DESCRIPTION:...
5.3CVSS
1AI Score
0.002EPSS
Trellix Global Defenders: Analysis and Protections for Destructive Wipers
Trellix Global Defenders: Analysis and Protections for Destructive Wipers By Ayed Al Qartah · November 17, 2022 Modern cyber warfare involves the actions of a nation-state or their proxies (organized crime and hacker groups) to attack and attempt to damage other nations’ computers or information...
-0.1AI Score
Trellix Global Defenders: Analysis and Protections for Destructive Wipers
Trellix Global Defenders: Analysis and Protections for Destructive Wipers By Ayed Al Qartah · November 17, 2022 Modern cyber warfare involves the actions of a nation-state or their proxies (organized crime and hacker groups) to attack and attempt to damage other nations’ computers or information...
8.2AI Score
Security Bulletin: IBM SDK, Java Technology Edition, Security Update July 2022
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8* that is used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates up to July 2022. IBM 8 SR7 FP15 (1.8.0_341). Vulnerability Details CVEID: CVE-2022-21496...
5.9CVSS
1AI Score
0.002EPSS
Summary Multiple issues were identified with IBM® Runtime Environment Java™ Technology Edition, version 7 that is packaged with IBM MQ 8.0 and version 8 that is packaged with IBM MQ 9.0, 9.1 and 9.2. Vulnerability Details CVEID: CVE-2021-35603 DESCRIPTION: An unspecified vulnerability in Java SE...
5.9CVSS
2.1AI Score
0.002EPSS
Summary IBM® Db2® is vulnerable to an information disclosure caused by improper privilege management when table function is used. Vulnerability Details ** CVEID: CVE-2022-22390 DESCRIPTION: **IBM Db2 may be vulnerable to an information disclousre caused by improper privilege management when table.....
7.5CVSS
0.8AI Score
0.001EPSS
Summary Apache Log4j open source library used by IBM® Db2® is affected by multiple vulnerabilities that could allow a remote attacker to execute arbitrary code on the system or cause a denial of service. This library is used by the Db2 Federation feature. The fix for the vulnerability is to update....
10CVSS
1.2AI Score
0.976EPSS
Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-44228)
Summary Apache Log4j open source library used by IBM® Db2® is affected by a vulnerability that could allow a remote attacker to execute arbitrary code on the system. This library is used by the Db2 Federation feature. The fix for the vulnerability is to update the log4j library. Please see...
10CVSS
AI Score
0.976EPSS
Summary The Apache Log4j open source library used by IBM® Db2® is affected by a vulnerability that could allow a remote attacker to execute arbitrary code on the system. This library is used by the Db2 Federation feature. The fix for the vulnerability is to update the log4j library to version...
10CVSS
1.2AI Score
0.976EPSS
Summary There is a vulnerability in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVE and we recommend updating to the latest version to remediate....
5.3CVSS
2.8AI Score
0.002EPSS
Q3-2022 API ThreatStats™ Report
The latest quarterly review and analysis of API vulnerabilities and exploits is in. Our initial take had us thinking it was smooth sailing for the state of API vulnerabilities in Q3—or was it just a lull in the storm? As it turns out, it’s neither. Read on to learn more about Wallarm’s analysis of....
-0.2AI Score
Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Express.
Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition Version 7 that is used by IBM Cognos Express. This issue was disclosed as part of the IBM Java SDK updates in July 2016. OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM...
7.5CVSS
0.9AI Score
0.566EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM Cognos Express. These issues were disclosed as part of the IBM Java SDK updates in July 2014. Vulnerability Details CVEID: CVE-2014-4263 DESCRIPTION: An unspecified vulnerability related to the...
2.2AI Score
0.009EPSS
Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition Version 7 that is used by IBM Planning Analytics Express and IBM Cognos Express. These issues were disclosed as part of the IBM Java SDK updates in Oct 2016 and Jan 2017. OpenSSL vulnerabilities were...
7.5CVSS
1.3AI Score
0.009EPSS
Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Express.
Summary There are multiple vulnerabilities in Open Source Apache Tomcat that is used by IBM Cognos Express. Additionally, there are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM Cognos Express. This bulletin also addresses LOGJAM: The.....
5.5CVSS
6.5AI Score
0.974EPSS
Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious...
7.8CVSS
8AI Score
0.0004EPSS
Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of...
5.5CVSS
6.1AI Score
0.0004EPSS
Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Planning Analytics and IBM Planning Analytics Workspace. There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by IBM Planning Analytics and IBM Planning Analytics Workspace....
5.3CVSS
0.7AI Score
0.002EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 & 8 used by Tivoli Netcool Performance Manager for Wireless. Tivoli Netcool Performance Manager for Wireless has addressed the applicable CVEs.T hese issues were disclosed as part of the IBM Java SDK updates...
0.2AI Score
Microsoft Patch Tuesday Summary Microsoft has fixed 65 new vulnerabilities (aka flaws) in the November 2022 update, including ten (10) vulnerabilities classified as Critical as they allow Denial of Service (DoS), Elevation of Privilege (EoP), and Remote Code Execution (RCE). This month's Patch...
9.8CVSS
0.2AI Score
EPSS
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Security Guardium. These issues were disclosed as part of the IBM Java SDK updates in April 2022 and Includes Oracle April 2022 CPU. Vulnerability Details ** CVEID: CVE-2022-21299 DESCRIPTION:...
5.3CVSS
1.7AI Score
0.002EPSS
OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard (*) assigned to a tupleset relation (the...
9.8CVSS
9.4AI Score
0.002EPSS
Azure RTOS FileX is a FAT-compatible file system that’s fully integrated with Azure RTOS ThreadX. In versions before 6.2.0, the Fault Tolerant feature of Azure RTOS FileX includes integer under and overflows which may be exploited to achieve buffer overflow and modify memory contents. When a...
7.8CVSS
7.8AI Score
0.001EPSS
Bulletin ID: AMD-SB-1046 Potential Impact: Denial of service Severity:Medium Summary AMD μProf (“MICRO-prof”) is a software profiling analysis tool for x86 applications running on Windows, Linux and FreeBSD operating systems and provides event information unique to the AMD “Zen”-based processors...
7.5CVSS
7.4AI Score
0.001EPSS
Intel® PROSet/Wireless WiFi, Intel vPro® CSME WiFi and Killer™ WiFi Advisory
Summary: A potential security vulnerability in some Intel® PROSet/Wireless WiFi, Intel vPro® CSME WiFi and Killer™ WiFi products may allow denial of service. Intel is releasing a firmware update to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-26047 Description:...
0.8AI Score
0.001EPSS
IBPB and Return Stack Buffer Interactions
Bulletin ID: AMD-SB-1040 Potential Impact: Information Disclosure Severity:Medium Summary AMD is aware of a potential vulnerability affecting AMD CPUs where the OS relies on IBPB to flush the return address predictor. This may allow for CVE-2017-5715 (previously known as Spectre Variant 2) attacks....
5.6CVSS
6.2AI Score
0.975EPSS
Summary: Potential security vulnerabilities in the BIOS firmware for some Intel® Processors may allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2022-26006 Description: Improper input validation in the....
2.2AI Score
0.0004EPSS
AMD Graphics Driver Vulnerabilities – November 2022
Bulletin ID: AMD-SB-1029 Potential Impact: Varies by CVE, see descriptions below Severity:Varies by CVE, see descriptions below Summary AMD received reports of vulnerabilities potentially affecting some AMD Graphics products. Refer to the CVE Details section for information about each CVE. CVE...
7.8CVSS
7.6AI Score
0.0004EPSS
Intel® VTune™ Profiler Advisory
Summary: A potential security vulnerability in the Intel® VTune™ Profiler software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-26028 Description: Uncontrolled search path in the Intel(R)...
1.8AI Score
0.0004EPSS
Intel® Distribution of OpenVINO™ Toolkit Advisory
Summary: A potential security vulnerability in the Intel® Distribution of OpenVINO™ Toolkit software may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2021-26251 Description: Improper input validation in the....
1.7AI Score
0.001EPSS
Intel® PROSet/Wireless WiFi, Intel vPro® CSME WiFi, and Killer™ WiFi November 2022 Security Update
Intel has informed HP of a potential vulnerability identified in some Intel® PROSet/Wireless WiFi, Intel vPro® CSME WiFi, and Killer™ WiFi products, which might allow denial of service. Intel is releasing a firmware update to mitigate this potential vulnerability. Intel has released updates to...
6.5CVSS
7.1AI Score
0.001EPSS
Intel® XMM™ 7560 Modem November 2022 Security Update
Intel has informed HP of potential security vulnerabilities in some Intel® XMM™ 7560 Modem software, which might allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Intel has released updates to mitigate the potential vulnerabilities. HP.....
9.6CVSS
1.3AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7, and 8 that are used in IBM PureData System for Operational Analytics AIX based LPARs. These issues were disclosed as part of the IBM Java SDK updates between January 2019 and July 2022....
9.8CVSS
10.8AI Score
0.898EPSS
Summary There are one or more vulnerabilities in Eclipse OpenJ9 that is used in IBM PureData System for Operational Analytics AIX based LPARs (CVE-2021-41041). Vulnerability Details ** CVEID: CVE-2021-41041 DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to bypass security...
5.3CVSS
1.3AI Score
0.001EPSS
Microsoft named a Leader in 2022 Gartner® Magic Quadrant™ for Access Management for the 6th year
We are honored to announce that Microsoft has been named a Leader in the 2022 Gartner® Magic QuadrantTM for Access Management for Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra. We thank our customers who guide our strategy and product innovation, engage with us deeply in...
0.2AI Score