BD Pyxis™ MedBank Security Vulnerabilities
Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition
Summary Java SE issues disclosed in the Oracle July 2022 Critical Patch Update Vulnerability Details ** CVEID: CVE-2022-21541 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause no confidentiality impact, high...
5.9CVSS
6.1AI Score
0.001EPSS
Security Bulletin: CVE-2021-2163 may affect IBM® SDK, Java™ Technology Edition
Summary CVE-2021-2163 was disclosed as part of the Oracle April 2021 Critical Patch Update. Vulnerability Details ** CVEID: CVE-2021-2163 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality...
5.3CVSS
5.4AI Score
0.002EPSS
Security Bulletin: NVIDIA Data Plane Development Kit (MLNX_DPDK) - August 2022
NVIDIA has released a software update for MLNX_DPDK to address a security issue that may lead to denial of service, and some impact to data integrity and confidentiality. To protect your system, contact your NVIDIA representative to obtain the MLNX_DPDK version that contains the update and install....
6.5CVSS
3AI Score
0.002EPSS
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2021-35603 ...
3.7CVSS
0.6AI Score
0.002EPSS
This month, Microsoft has been recognized by Gartner® as a Leader in the 2022 Magic Quadrant for Unified Endpoint Management (UEM) Tools. This blog post outlines the “so what” for IT leaders, and why we believe this Gartner analysis deserves your focus right now. As you see in the Magic Quadrant...
-0.5AI Score
This month, Microsoft has been recognized by Gartner® as a Leader in the 2022 Magic Quadrant for Unified Endpoint Management (UEM) Tools. This blog post outlines the “so what” for IT leaders, and why we believe this Gartner analysis deserves your focus right now. As you see in the Magic Quadrant...
-0.5AI Score
Qualys VMDR Recognized as Best VM Solution by SC Awards 2022 & Leader by GigaOm
Qualys VMDR has been recognized for its commanding industry leadership by both the 2022 SC Awards and analyst firm GigaOm. SC Magazine has chosen Qualys VMDR as the winner of the Best Vulnerability Management Solution category in its SC Awards 2022. The SC Awards honors the best solutions in...
-0.2AI Score
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool (LMT) and IBM BigFix Inventory (BFI). These issues were disclosed as part of the IBM Java SDK updates in April 2017.Fixes are already included in LMT and BFI version 9.2.8 or.....
7.7CVSS
0.5AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool and IBM BigFix Inventory. These issues were disclosed as part of the IBM Java SDK updates in Oct 2017 Vulnerability Details CVEID: CVE-2017-10356 DESCRIPTION: An unspecified...
6.2CVSS
1.4AI Score
0.002EPSS
Summary Vulnerability CVE-2015-2590 exists in IBM® Runtime Environment Java™ Technology Edition, Version 6.0.16.5 and earlier that is shipped with Tivoli Storage Productivity Center for download and use with its Java WebStart GUI. Vulnerability Details CVEID: CVE-2015-2590 DESCRIPTION: An...
4.7AI Score
0.024EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with Tivoli Storage Productivity Center. These issues were disclosed as part of the IBM Java SDK updates in July 2014. Vulnerability Details The following advisories are included in the IBM® SDK Java™...
0.9AI Score
0.567EPSS
Summary Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server and is included in the products that are listed in this document. Vulnerability Details The products that are listed in the Affected products section are shipped with a...
0.2AI Score
0.055EPSS
Summary WebSphere Application Server that is shipped and used by Tivoli Storage Productivity Center could allow a remote attacker to execute arbitrary code by connecting to a management port and executing a specific sequence of instructions. Vulnerability Details CVEID: CVE-2015-1920 DESCRIPTION:.....
0.1AI Score
0.008EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ Technology Edition that is shipped and used by Tivoli Storage Productivity Center. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details....
5.6AI Score
0.063EPSS
Summary There are multiple vulnerabilities in IBM® SDK for Java™ Technology Edition that is used by WebSphere Business Services Fabric. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These issues were disclosed as part.....
3.4CVSS
4.2AI Score
0.975EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and 8 that are used in IBM License Metric Tool v9, IBM Endpoint Manager for Software Use Analysis v2.2 and IBM BigFix Inventory v9. These issues were disclosed as part of the IBM Java SDK...
5.6AI Score
0.008EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM Tivoli Storage Productivity Center. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These issues were disclosed as.....
3.4CVSS
5AI Score
0.975EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ Technology Edition that is shipped and used by Tivoli Storage Productivity Center. These issues were disclosed as part of the IBM Java SDK updates in January 2015. Vulnerability...
5.8AI Score
0.698EPSS
Summary There are multiple vulnerabilities in IBM® SDK for Java™ Technology Edition that is used by WebSphere Business Services Fabric. These issues were disclosed as part of the IBM SDK for Java™ Technology Edition updates in January 2015. Vulnerability Details CVEID: CVE-2014-3566 DESCRIPTION:...
3.4CVSS
4.9AI Score
0.975EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool and IBM BigFix Inventory. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017 Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could...
7.5CVSS
1.4AI Score
0.005EPSS
Summary IBM WebSphere Application Server is shipped as a component of IBM Intelligent Operations Center and related products. Oracle released the October 2015 critical patch updates which contain multiple fixes for security vulnerabilities in the IBM Java Development Kit that is included with IBM.....
2AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6.0.16.21 and earlier that is shipped with Tivoli Storage Productivity Center for download and use with its Java WebStart GUI. These issues were disclosed as part of the IBM Java SDK updates in April 2016....
8.1CVSS
2.1AI Score
0.032EPSS
Summary There were multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool (LMT) and IBM BigFix Inventory (BFI). These issues were disclosed as part of the IBM Java SDK updates in July 2017. Fixes are already included in LMT and BFI version 9.2.9 or....
7.5CVSS
0.6AI Score
0.002EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM License Metric Tool v9, v7.5 & v7.2.2, IBM Tivoli Asset Discovery for Distributed v7.5 & v7.2.2 and IBM Endpoint Manager for Software Use Analysis v9. These issues were disclosed as part of the IBM.....
0.5AI Score
0.698EPSS
Hardware-based threat defense against increasingly complex cryptojackers
Even with the dip in the value of cryptocurrencies in the past few months, cryptojackers – trojanized coin miners that attackers distribute to use compromised devices’ computing power for their objectives – continue to be widespread. In the past several months, Microsoft Defender Antivirus...
0.3AI Score
Hardware-based threat defense against increasingly complex cryptojackers
Even with the dip in the value of cryptocurrencies in the past few months, cryptojackers – trojanized coin miners that attackers distribute to use compromised devices’ computing power for their objectives – continue to be widespread. In the past several months, Microsoft Defender Antivirus...
0.3AI Score
In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP...
5.3CVSS
5.5AI Score
0.001EPSS
In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP...
5.3CVSS
0.001EPSS
In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP...
5.3CVSS
5.5AI Score
0.001EPSS
In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP...
5.8AI Score
0.001EPSS
3 Mistakes Companies Make in Their Detection and Response Programs
The goal of a detection and response (D&R) program is to act as quickly as possible to identify and remove threats while minimizing any fallout. Many organizations have identified the need for D&R as a critical piece of their security program, but it's often the hardest — and most costly — piece...
-0.3AI Score
Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to an unauthorized attacker causing a denial of service or causing a low integrity impact on the server as described in the vulnerability details section. IBM i has addressed the...
5.3CVSS
1.6AI Score
0.002EPSS
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in April 2022. Vulnerability Details CVEID: CVE-2021-35561 DESCRIPTION: An unspecified...
5.3CVSS
2AI Score
0.002EPSS
Microsoft Patch Tuesday Summary Microsoft has fixed 121 vulnerabilities (aka flaws) in the August 2022 update, including 17 vulnerabilities classified as Critical as they allow Elevation of Privilege (EoP) and Remote Code Execution (RCE). This month's Patch Tuesday fixes two (2) zero-day...
10CVSS
0.2AI Score
0.972EPSS
Intel® PROSet/Wireless WiFi and Killer™ WiFi Advisory
Summary: Potential security vulnerabilities in some Intel® PROSet/Wireless WiFi and Killer™ WiFi products may allow escalation of privilege, information disclosure or denial of service. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. Vulnerability...
1.4AI Score
0.001EPSS
Execution Unit Scheduler Contention Side-Channel Vulnerability on AMD Processors
Bulletin ID: AMD-SB-1039 Potential Impact: Information Disclosure Severity:Medium Summary Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2”, “Zen 3” and “Zen 4” that use simultaneous multithreading (SMT). By.....
5.6CVSS
5.6AI Score
0.0004EPSS
Intel® Wireless Bluetooth® and Killer™ Bluetooth® August 2022 Security Update
Intel has informed HP of potential security vulnerabilities identified in some Intel® Wireless Bluetooth® and Killer™ Bluetooth® products, which might allow escalation of privilege, denial of service, or information disclosure. Intel is releasing software and firmware updates to mitigate these...
7.8CVSS
1.2AI Score
0.0004EPSS
Intel® VTune™ Profiler Advisory
Summary: A potential security vulnerability in the Intel® VTune™ Profiler software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.**** Vulnerability Details: CVEID: CVE-2022-21807 Description: Uncontrolled search path elements in the....
2AI Score
0.0004EPSS
Intel® Wireless Bluetooth® and Killer™ Bluetooth® Advisory
Summary: Potential security vulnerabilities in some Intel® Wireless Bluetooth® and Killer™ Bluetooth® products may allow escalation of privilege, denial of service or information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details:...
1.8AI Score
0.0004EPSS
Intel® PROSet/Wireless WiFi and Killer™ WiFi August 2022 Security Update
Intel has informed HP of potential vulnerabilities identified in some Intel® PROSet/Wireless WiFi and Killer™ WiFi products, which might allow escalation of privilege, information disclosure or denial of service. Intel is releasing firmware and software updates to mitigate these potential...
8.8CVSS
1.3AI Score
0.001EPSS
A Deep Dive into VMDR 2.0 with Qualys TruRisk™
The old way of ranking vulnerabilities doesn’t work anymore. Instead, enterprise security teams need to rate the true risks to their business. In this blog, we examine each of the risk scores delivered by Qualys TruRisk, the criteria used to compute them, and how they can be used to prioritize...
9.1CVSS
-0.5AI Score
0.816EPSS
Summary Vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8, that is used by IBM Workload Scheduler. This issue was disclosed as part of the Oracle October 2021 Critical Patch Update. Vulnerability Details CVEID: CVE-2021-35586 DESCRIPTION: An unspecified vulnerability in Java SE...
9.8CVSS
1.4AI Score
0.003EPSS
Summary There are multiple vulnerabilities in IBM® Java™ SDK Technology Edition, Oct 2021, used by IBM Security Identity Manager Virtual Appliance. IBM Security Identity Manager Virtual Appliance has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2021-35603 DESCRIPTION: **An...
5.9CVSS
2.5AI Score
0.002EPSS
Security Bulletin: NVIDIA GPU Display Driver - August 2022
NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, information disclosure, escalation of privileges, code execution, or data tampering. To protect your system, download and install this software update...
7.8CVSS
2.2AI Score
0.0004EPSS
Australian Hacker Charged with Creating, Selling Spyware to Cyber Criminals
A 24-year-old Australian national has been charged for his purported role in the creation and sale of spyware for use by domestic violence perpetrators and child sex offenders. Jacob Wayne John Keen, who currently resides at Frankston, Melbourne, is said to have created the remote access trojan...
2AI Score
Join Qualys at Black Hat USA 2022!
Need to get more security? As a Titanium Sponsor of Black Hat USA 2022 Qualys will be located front and center in Booth 1320 on the show floor. Stop by and visit us to learn about our latest techniques, best practices, and solutions for risk-based vulnerability management, external attack surface.....
-0.3AI Score
Summary There are multiple vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which are used by IBM Rational ClearQuest. These issues were disclosed in the IBM Java SDK updates in April 2022. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details...
5.3CVSS
1.7AI Score
0.002EPSS
Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest
Summary There are multiple vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which are used by IBM Rational ClearQuest. These issues were disclosed in the IBM Java SDK updates in October 2021. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details...
5.9CVSS
1.5AI Score
0.002EPSS
Summary There are vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which is used by IBM Rational ClearCase. These issues were disclosed as part of the IBM Java SDK updates in October 2021 and January 2022. Vulnerability Details ** CVEID: CVE-2021-35578 DESCRIPTION: **An...
5.9CVSS
1AI Score
0.002EPSS
Security Advisory ID : BSA-2022-2012 Component : Brocade Fabric OS Revision : 1.1: Final ** Brocade has received a report from Black Lantern Security of a potential Privileged Directory Traversal vulnerability on Brocade Fabric OS: v7.4.1b, v7.3.1d stating that: “From within the restricted...
5.7AI Score
0.0004EPSS