Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9.
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool. These issues were disclosed as part of the IBM Java SDK updates in Oct 2023. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in...
5.9CVSS
7.2AI Score
0.001EPSS
Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise...
7.4CVSS
7AI Score
0.002EPSS
Summary IBM Operations Analytics Predictive Insights uses BM® SDK, Java™ Technology Edition, and vulnerability CVE-2022-40609 may expose Java process to a variety of malicious attacks Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM SDK, Java Technology Edition 7.1.5.18 and...
9.8CVSS
7.4AI Score
0.003EPSS
Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code...
7.8CVSS
0.0004EPSS
Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code...
7.8CVSS
7.9AI Score
0.0004EPSS
Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code...
7.8CVSS
7.9AI Score
0.0004EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM System Networking Switch Center (SNSC). These issues were disclosed as part of the IBM Java SDK updates in January 2018 and April 2018. Vulnerability Details VEID: CVE-2018-2579 DESCRIPTION: An...
5.3CVSS
1.4AI Score
0.004EPSS
Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code...
8.1AI Score
0.0004EPSS
Integrated DFIR Tool Can Simplify and Accelerate Cyber Forensics
Explore real use cases demonstrating the transformative impact of Trend Vision One™ – Forensics, an integrated Digital Forensics and Incident Response (DFIR)...
7.4AI Score
Summary IBM® SDK Java™ Technology Edition is shipped as a component of IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable issues, CVE-2023-22045 and CVE-2023-22049 Vulnerability Details ** CVEID: CVE-2023-22045 DESCRIPTION: **An unspecified vulnerability in Java SE...
3.7CVSS
6.4AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to denial of service with a specially crafted XML query statement. Vulnerability Details ** CVEID: CVE-2023-38728 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted XML query...
7.5CVSS
7.5AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to an information disclosure vulnerability due to the consumed GSKit library. Vulnerability Details ** CVEID: CVE-2023-33850 DESCRIPTION: **IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the...
7.5CVSS
7.4AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to denial of service with a specially crafted ALTER TABLE statement. Vulnerability Details ** CVEID: CVE-2023-38720 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted ALTER...
7.5CVSS
7.5AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query. Vulnerability Details ** CVEID: CVE-2023-30991 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query. CVSS Base score:...
7.5CVSS
7.4AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to denial of service via a specially crafted query on certain databases. Vulnerability Details ** CVEID: CVE-2023-30987 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a...
7.5CVSS
7.5AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query containing common table expressions. Vulnerability Details ** CVEID: CVE-2023-40373 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a...
7.5CVSS
7.8AI Score
0.001EPSS
Summary There was a vulnerability in IBM® Runtime Environment Java™ Version 7.1.5.18 and earlier, 8.0.8.4 and earlier used by IBM® Db2®. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute...
9.8CVSS
9.4AI Score
0.003EPSS
Summary IBM® Db2® is vulnerable to a denial of service with a specially crafted SQL statement. Vulnerability Details ** CVEID: CVE-2023-38740 DESCRIPTION: **IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) is vulnerable to a denial of service with a specially crafted SQL...
7.5CVSS
6.3AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7.1.5.17 and earlier, 8.0.8.4 and earlier used by IBM® Db2®. These issues were disclosed as part of the IBM Java SDK updates in April 2023. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An...
9.1CVSS
8.7AI Score
0.002EPSS
Maintaining a secure and optimized digital environment allows new ideas to flourish wherever they occur. In the modern workplace, where devices and locations are no longer fixed, Microsoft Intune eases the task of managing and protecting the endpoints of businesses everywhere. It helps secure...
7.3AI Score
Maintaining a secure and optimized digital environment allows new ideas to flourish wherever they occur. In the modern workplace, where devices and locations are no longer fixed, Microsoft Intune eases the task of managing and protecting the endpoints of businesses everywhere. It helps secure...
7.3AI Score
Wallarm to Unveil New API Security Solution and Strategic Shift at Black Hat Europe 2023
If you're involved with cybersecurity and are based in Europe, then Black Hat Europe 2023 in London, December 6 and 7 is a must-attend event. Wallarm, the experts in API and Application Security, will be attending the event, and we're excited to connect with you. If you are planning to attend,...
7.3AI Score
Deciphering SSL VPN: An In-depth Perspective Pivoting our lens towards data in this digital era, akin to the transition observed during the oil boom, we've realized that the fodder for importance today is safeguarding data while it voyages through global networks. SSL VPN (Secure Sockets Layer...
7.5AI Score
Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to a remote attacker causing a low integrity impact due to an unspecified vulnerability in the libraries component as described in the vulnerability details section. The vulnerability is fixed....
3.7CVSS
6.4AI Score
0.001EPSS
RenderDoc: Multiple Vulnerabilities
Background RenderDoc is a free MIT licensed stand-alone graphics debugger that allows quick and easy single-frame capture and detailed introspection of any application using Vulkan, D3D11, OpenGL & OpenGL ES or D3D12 across Windows, Linux, Android, or Nintendo Switch™. Description Multiple...
9.8CVSS
7.5AI Score
0.011EPSS
Microsoft named a Leader in 2023 Gartner® Magic Quadrant™ for Access Management for the 7th year
Protecting identity from compromise is top of mind for security professionals as identity attacks continue to intensify. Earlier this year we reported that we had observed a nearly three-fold increase in password attacks per second in the last two years, from 579 in 2021 to 4,000 in 2023.1...
7.1AI Score
Microsoft named a Leader in 2023 Gartner® Magic Quadrant™ for Access Management for the 7th year
Protecting identity from compromise is top of mind for security professionals as identity attacks continue to intensify. Earlier this year we reported that we had observed a nearly three-fold increase in password attacks per second in the last two years, from 579 in 2021 to 4,000 in 2023.1...
7.2AI Score
Intel Optane™ SSD Firmware November 2023 Security Update
Intel has informed HP of potential security vulnerabilities in some Intel® Optane™ SSD and some Intel® Optane™ SSD DC products, which might allow escalation of privilege, information disclosure or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities. .....
7.8CVSS
7.4AI Score
0.001EPSS
AMD Ryzen Master™ SDK August 2023 Security Update
AMD has informed HP of potential security vulnerabilities identified in the AMD® Ryzen Master™ SDK, which might allow arbitrary code execution, denial of service, or information disclosure. AMD has released software updates to mitigate the potential vulnerabilities. AMD has released updates to...
6.7CVSS
7.5AI Score
0.0004EPSS
container-tools:ol8 security and bug fix update
aardvark-dns [2:1.7.0-1] - update to https://github.com/containers/aardvark-dns/releases/tag/v1.7.0 - Related: #2176055 [2:1.6.0-1] - update to https://github.com/containers/aardvark-dns/releases/tag/v1.6.0 - Related: #2176055 buildah [1:1.31.3-1] - update to...
9.8CVSS
8.8AI Score
0.024EPSS
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server...
5.9CVSS
7.5AI Score
0.001EPSS
Decoding the Term: Deciphering the Significance of Multi-Homing? The term multi-homing, in the realm of computer networking, finds itself surrounded by considerable confusion owing to its multifaceted technical nuances. Nevertheless, it stands as a pillar of network security and dependability....
7.2AI Score
Summary There are vulnerabilities in IBM® Java™ Version 8, IBM WebSphere Application Server Liberty and IBM® Global Security Kit (GSKit) used by IBM Planning Analytics and IBM Planning Analytics Workspace. IBM Planning Analytics 2.0.9.19 and IBM Planning Analytics Workspace 2.0.91 have addressed...
9.8CVSS
9.5AI Score
0.034EPSS
What is a Network Management Station (NMS) ?
The Bedrock of the Network Coordination Hub (NCH) Delving into the substantial domain of digital networks, the Network Coordination Hub (NCH) is unveiled as a critical component ensuring fluid network operations. Let us unravel this concept - an NCH signifies a control console employed for...
7.2AI Score
What Is Microservices Architecture
Mastering the Essential Elements of Services-Focused Programming The methodology of programming using tiny, interdependent software units, often simplified to 'Microservices', has seen a marked uptick in usage in recent times. This distinct architectural paradigm shapes an application as a group...
7.9AI Score
Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: from 4.3.0.0 before 4.3.0.203 from 4.3.1.0 before 4.3.1.163 * from 4.4.0.0 before 4.4.0.217 * from 4.5.0.0 before...
8.4CVSS
6.9AI Score
0.0004EPSS
Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: from 4.3.0.0 before 4.3.0.203 from 4.3.1.0 before 4.3.1.163 * from 4.4.0.0 before 4.4.0.217 * from 4.5.0.0 before...
7.1CVSS
0.0004EPSS
Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: from 4.3.0.0 before 4.3.0.203 from 4.3.1.0 before 4.3.1.163 * from 4.4.0.0 before 4.4.0.217 * from 4.5.0.0 before...
7.1CVSS
7.2AI Score
0.0004EPSS
Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: from 4.3.0.0 before 4.3.0.203 from 4.3.1.0 before 4.3.1.163 * from 4.4.0.0 before 4.4.0.217 * from 4.5.0.0 before...
8.4CVSS
8.6AI Score
0.0004EPSS
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server...
3.7CVSS
5.6AI Score
0.001EPSS
Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of...
7.5CVSS
7.3AI Score
0.0005EPSS
Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code...
9.8CVSS
9.6AI Score
0.001EPSS
Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory...
6.5CVSS
6.5AI Score
0.0005EPSS
TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of...
5.7CVSS
6.1AI Score
0.0005EPSS
Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local...
7.8CVSS
8.7AI Score
0.0004EPSS
A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest...
3.3CVSS
6.2AI Score
0.0004EPSS
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in...
7.5CVSS
7.5AI Score
0.001EPSS
Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code...
6.7CVSS
7AI Score
0.0004EPSS
Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory...
7.5CVSS
7.1AI Score
0.0005EPSS
Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of...
4.6CVSS
5.9AI Score
0.001EPSS