Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code...
6.7CVSS
7AI Score
0.0004EPSS
A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege...
8.1CVSS
6.8AI Score
0.001EPSS
Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local...
7.8CVSS
8.7AI Score
0.0004EPSS
Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code...
9.8CVSS
9.5AI Score
0.001EPSS
SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory...
5.3CVSS
6.3AI Score
0.0005EPSS
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in...
7.5CVSS
7.8AI Score
0.001EPSS
Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of...
4.9CVSS
6.1AI Score
0.0004EPSS
Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of...
5.5CVSS
6.1AI Score
0.0004EPSS
Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of...
5.5CVSS
5.9AI Score
0.0004EPSS
Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code...
9.8CVSS
8.5AI Score
0.013EPSS
Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and...
6.1CVSS
6.6AI Score
0.0004EPSS
Intel® RealSense™ Dynamic Calibration Software Advisory
Summary: A potential security vulnerability in some Intel® RealSense™ Dynamic Calibration software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-29504 Description: Uncontrolled search path...
7.2AI Score
0.001EPSS
AMD Server Vulnerabilities – Nov 2023
Bulletin ID: AMD-SB-3002 Potential Impact:Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in the AMD Secure Processor (ASP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV), AMD Secure Encrypted...
9.8CVSS
8.7AI Score
0.013EPSS
Intel® Core™ Processors with Radeon™ RX Vega M Graphics Advisory
Summary: Potential security vulnerabilities in some Intel® Core™ processors with Radeon™ RX Vega M integrated graphics may allow escalation of privilege, denial of service or information disclosure. Intel and AMD are releasing driver updates to mitigate these potential vulnerabilities....
8AI Score
0.0004EPSS
Intel® OpenVINO™ Software Advisory
Summary: Potential security vulnerabilities in some Intel® OpenVINO™ software may allow denial of service, information disclosure. Intel is releasing sotfware updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-25080 Description: Protection mechanism...
7.3AI Score
0.001EPSS
AMD INVD Instruction Security Notice
Bulletin ID: AMD-SB-3005 Potential Impact: Memory integrity Severity:Medium Summary External researchers reported a potential vulnerability with the INVD instruction that may lead to a loss of SEV-ES and SEV-SNP guest virtual machine (VM) memory integrity. CVE Details Refer to Glossary for...
6.5CVSS
7.3AI Score
0.0005EPSS
Intel® Unison™ Software Advisory
Summary: Potential security vulnerabilities in some Intel® Unison™ software may allow escalation of privilege, information disclosure or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-36860 Description:...
7.9AI Score
0.001EPSS
2023.4 IPU - Intel® Processor Advisory
Summary: A potential security vulnerability in some Intel® Processors may allow escalation of privilege and/or information disclosure and/or denial of service via local access. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID:...
7.2AI Score
0.0004EPSS
Summary: Summary: Potential security vulnerabilities in some Intel® NUC Software may allow escalation of privilege, denial of service, and information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-28737...
8.7AI Score
EPSS
AMD SMM Supervisor Vulnerability Security Notice
Bulletin ID: AMD-SB-7011 Potential Impact: Loss of confidentiality, integrity, and availability Severity:High Summary External researchers reported a potential vulnerability during SMM Supervisor initialization which may impact some AMD processors. On systems that do not have Supervisor Mode...
9.8CVSS
9.9AI Score
0.001EPSS
Intel® Optane™ SSD and Intel® Optane™ SSD DC Firmware Advisory
Summary: Potential security vulnerabilities in some Intel® Optane™ SSD and some Intel® Optane™ SSD DC products may allow escalation of privilege, information disclosure or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details:...
7.8AI Score
0.001EPSS
Intel® Arc™ RGB Controller Software Advisory
Summary: A potential security vulnerability in some Intel® Arc™ RGB Controller software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-32638 Description: Incorrect default permissions in some...
7.2AI Score
0.0004EPSS
Summary: Potential security vulnerabilities in the BIOS firmware for some Intel® Processors may allow escalation of privilege or denial of service. Intel is releasing BIOS updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-25756 Description: Out-of-bounds...
7.8AI Score
0.0004EPSS
AMD Graphics Driver Vulnerabilities – November 2023
Bulletin ID: AMD-SB-6003 Potential Impact: Varies by CVE, see descriptions below Severity:Varies by CVE, see descriptions below Summary AMD received reports of vulnerabilities potentially affecting some AMD Graphics products. Refer to the CVE Details section for information about each CVE. CVE...
7.5CVSS
8AI Score
0.0005EPSS
AMD Client Vulnerabilities – November 2023
Bulletin ID: AMD-SB-4002 Potential Impact: Varies by CVE, see descriptions below Severity:Varies by CVE, see descriptions below ****Summary Potential vulnerabilities in AMD Secure Processor (ASP), AMD System Management Unit (SMU), and other platform components were reported, and mitigations are...
9.8CVSS
8.7AI Score
EPSS
Summary: A potential security vulnerability in some Intel® Field Programmable Gate Array (FPGA) products may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-22327 Description: Out-of-bounds write...
6.4AI Score
0.0004EPSS
Intel® Graphics Drivers Advisory
Summary: Potential security vulnerabilities in some Intel® Graphics drivers may allow escalation of privilege, denial of service and information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-29165 Description:...
7.5AI Score
0.0004EPSS
De-risking in Practice: How Qualys Customers are Driving Value in Their Organizations
As the threat landscape continues to grow in complexity, it has become more important than ever for the modern enterprise to measure, communicate, and eliminate cyber risk with efficiency. What does that mean in practice? Over the last two days, during the 2023 Qualys Security Conference (QSC)...
7.6AI Score
Grasping the Fundamentals of API Breaches API, short for Application Programming Interface, consists of a stipulated set of guidelines and procedures enabling heterogeneous software applications to establish communication amongst them. Conceptualize it as an interconnecting channel that unites...
8AI Score
Leveraging AI-informed Cybersecurity to Measure, Communicate, and Eliminate Cyber Risk
Dilip Bachwani, Qualys CTO, shares the Qualys AI strategy with TruRisk AI at QSC 2023. The threat landscape is constantly evolving, and so are the implications of cyber risk across any organization. As attacker tactics become more sophisticated and persistent, cybersecurity strategies must grow...
7.2AI Score
Navigating Threats – Insights from the Wallarm API ThreatStats™ Report Q3’2023
The world of digital technology is perpetually evolving, positioning cybersecurity as a frontline defense in safeguarding essential digital assets. A primary challenge in this sector, accentuated by the Wallarm API ThreatStats™ report Q3’2023, is ensuring robust API security. This in-depth report.....
6.6AI Score
Summary IBM® Runtime Environment Java™ Version 8.0.7.0 through 8.0.7.11 used by IBM® Db2® is vulnerable to information disclosure. The fix for this issue was already published in an earlier bulletin. If you have already applied the appropriate Db2 special build or Java version 8.0.8.6 or higher...
7.5CVSS
9.1AI Score
0.002EPSS
Summary IBM® Db2® is vulnerable to an information disclosure vulnerability due to the consumed GSKit library. The fix for this issue was already published in an earlier bulletin. If you have already applied the appropriate Db2 special build or installed GSKit version 8.0.55.31, which contains the.....
7.5CVSS
6AI Score
0.001EPSS
Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Monitoring.
Summary Vulnerabilities in IBM® Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components. CVEs: CVE-2023-22045 and CVE-2023-22049, Vulnerability Details ** CVEID: CVE-2023-22045 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM...
3.7CVSS
4.5AI Score
0.001EPSS
What is a Polymorphic Virus detection and best practices ?
In the ever-evolving sphere of digital tech, the persistent threat of cyber intrusions remains a formidable concern. A notable example is the polymorphic virus, an insidiously clever adversary in the landscape of cyber threats. Let's probe the intrinsic nature, attributes, and behaviors of this...
7.5AI Score
What is a Cloud Native Application Protection Platform CNAPP ?
Revealing the Secrets of the Cloud-specific Application Safety Platform (CSASP) In the landscape of online safety, the notion of the Cloud-specific Application Safety Platform (CSASP) is something relatively unheard of, but rapidly gaining popularity. Intuitively from its name, CSASP is a system...
7.6AI Score
Security Bulletin: NVIDIA GPU Display Driver - October 2023
NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin. To protect your system, download and install this software update through the NVIDIA Driver Downloads page or, for the vGPU software and Cloud Gaming updates,...
8.2CVSS
8.2AI Score
0.001EPSS
What is a Cloud Workload Protection Platform ? (CWPP)
Diving into the Depths of Cloud Workload Defense Framework (CWDF) Mysteries Setting out to understand cloud security, one frequently encounters the term - Cloud Workload Defense Framework (CWDF). What exact role does CWDF play? Let's decode this riddle. At its core, the Cloud Workload Defense...
7.5AI Score
Security Bulletin: IBM® Db2® is vulnerable to insufficient audit logging. (CVE-2023-23487)
Summary IBM® Db2® is vulnerable to insufficient audit logging. Vulnerability Details ** CVEID: CVE-2023-23487 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to insufficient audit logging. CVSS Base score: 4.3 CVSS Temporal Score: See: ...
4.3CVSS
6AI Score
0.001EPSS
Summary Multiple vulnerabilities exist in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Manager IP Edition v4.2. CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597 Vulnerability Details...
9.1CVSS
8.6AI Score
0.002EPSS
Summary Vulnerabilities (CVE-2023-22045, CVE-2023-22049) exist in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Manager IP Edition v4.2. Vulnerability Details ** CVEID: CVE-2023-22045 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM...
3.7CVSS
6AI Score
0.001EPSS
Gaining Insight: Decoding MDR's Functions As we navigate the continually evolving cybersecurity landscape, Managed Detection and Response (MDR) surfaces as a game-changing strategy. But, what does MDR truly signify? In its purest form, MDR marries technical expertise with sector-specific knowledge....
7.8AI Score
Unraveling the Enigma of Traffic Modulation Within the realm of digital information, data traffic parallels a high-speed freeway, ferrying packets of details to-and-fro. So what transpires when there's an excessive influx, leading to an overburdened data expressway? This is where the enigma of...
7.6AI Score
Security Bulletin: IBM® Db2® db2set is vulnerable to arbitrary code execution. (CVE-2023-30431)
Summary IBM® Db2® db2set is vulnerable to arbitrary code execution. Vulnerability Details ** CVEID: CVE-2023-30431 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) db2set is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could...
8.4CVSS
7.6AI Score
0.0004EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities).....
6.5AI Score
Top insights and best practices from the new Microsoft Data Security Index report
A whopping 74 percent of organizations recently surveyed experienced at least one data security incident with their business data exposed in the previous year. That’s just one of our interesting insights from Microsoft’s new Data Security Index: Trends, insights, and strategies to secure data...
6.6AI Score
Top insights and best practices from the new Microsoft Data Security Index report
A whopping 74 percent of organizations recently surveyed experienced at least one data security incident with their business data exposed in the previous year. That’s just one of our interesting insights from Microsoft’s new Data Security Index: Trends, insights, and strategies to secure data...
6.3AI Score
Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Business Developer. Rational Business Developer has provided a fix for the applicable CVE. This issue was disclosed as part of the IBM Java SDK and Runtime....
9.8CVSS
7.3AI Score
0.003EPSS
Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus. These were disclosed as part of the IBM Java SDK updates in April 2023. Affected platforms are AIX, Linux, Linux on zSystems, and Windows. Vulnerability Details....
9.8CVSS
9.7AI Score
0.003EPSS
Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus. These were disclosed as part of the IBM Java SDK updates in November 2022 and February 2023. Vulnerability Details ** CVEID: CVE-2022-21426 DESCRIPTION: **An...
5.3CVSS
8.5AI Score
0.002EPSS