Lucene search

K

BD Pyxis™ ParAssist Security Vulnerabilities

wallarmlab
wallarmlab

2023 OWASP Top-10 Series: API4:2023 Unrestricted Resource Consumption

Welcome to the 5th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API4:2023 Unrestricted Resource Consumption. In this series we are taking an in-depth look at each category – the details, the...

7.4AI Score

2023-08-19 01:45 PM
20
ibm
ibm

Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to denial of service, availability, integrity, and confidentiality impacts due to multiple vulnerabilities.

Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to denial of service, availability, integrity, and confidentiality impacts as described in the vulnerability details section (CVE-2022-21426, CVE-2023-2597, CVE-2023-21830, CVE-2023-21843,...

9.1CVSS

7.6AI Score

0.001EPSS

2023-08-18 09:41 PM
16
ibm
ibm

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester

Summary There is vulnerability in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM SDK,...

9.8CVSS

7.3AI Score

0.003EPSS

2023-08-16 06:50 PM
4
nvd
nvd

CVE-2023-20564

Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel...

6.7CVSS

6.4AI Score

0.0004EPSS

2023-08-15 10:15 PM
cve
cve

CVE-2023-20564

Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel...

6.7CVSS

6.4AI Score

0.0004EPSS

2023-08-15 10:15 PM
23
nvd
nvd

CVE-2023-20560

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of...

4.4CVSS

5.1AI Score

0.0004EPSS

2023-08-15 10:15 PM
cve
cve

CVE-2023-20560

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of...

4.4CVSS

4.9AI Score

0.0004EPSS

2023-08-15 10:15 PM
21
prion
prion

Input validation

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of...

4.4CVSS

4.8AI Score

0.0004EPSS

2023-08-15 10:15 PM
6
prion
prion

Input validation

Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel...

6.7CVSS

6.4AI Score

0.0004EPSS

2023-08-15 10:15 PM
4
cvelist
cvelist

CVE-2023-20560

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of...

5.2AI Score

0.0004EPSS

2023-08-15 09:08 PM
cvelist
cvelist

CVE-2023-20564

Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel...

6.6AI Score

0.0004EPSS

2023-08-15 09:07 PM
thn
thn

Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Report

The just-released BlackBerry Global Threat Intelligence Report reveals a 40% increase in cyberattacks against government and public service organizations versus the previous quarter. This includes public transit, utilities, schools, and other government services we rely on daily. With limited...

6.7AI Score

2023-08-15 12:15 PM
29
packetstorm

7.1AI Score

2023-08-15 12:00 AM
125
wallarmlab
wallarmlab

2023 OWASP Top-10 Series: API3:2023 Broken Object Property Level Authorization

Welcome to the 4th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API3:2023 Broken Object Property Level Authorization. In this series we are taking an in-depth look at each category – the...

6.8AI Score

2023-08-12 01:45 PM
7
ibm
ibm

Security Bulletin: Multiple vulnerabilities may affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.

Summary IBM® Runtime Environment Java™ is used by CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. The fix updates the Java Runtime Environment to resolve the following vulnerabilities. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM...

9.8CVSS

9.2AI Score

0.003EPSS

2023-08-11 01:10 PM
8
ibm
ibm

Security Bulletin: Multiple vulnerabilities may affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.

Summary IBM® Runtime Environment Java™ is used by CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. The fix updates the Java Runtime Environment to resolve the following vulnerabilities. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM...

9.8CVSS

9.2AI Score

0.003EPSS

2023-08-11 01:08 PM
10
ibm
ibm

Security Bulletin: Vulnerability in IBM® Java SDK affects IBM Liberty for Java for IBM Cloud due to CVE-2022-40609

Summary There is a vulnerability in the IBM® SDK, Java™ Technology Edition that is shipped with IBM Liberty for Java for IBM Cloud. The CVE(s) listed in this document might affect some configurations of IBM Liberty for Java for IBM Cloud. This product has addressed the applicable CVE. If you run...

9.8CVSS

7.2AI Score

0.003EPSS

2023-08-09 04:46 PM
8
nvd
nvd

CVE-2023-20586

A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any...

9.8CVSS

9.6AI Score

0.001EPSS

2023-08-08 06:15 PM
cve
cve

CVE-2023-20588

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of...

5.5CVSS

6.7AI Score

0.001EPSS

2023-08-08 06:15 PM
181
cve
cve

CVE-2023-20586

A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any...

9.8CVSS

9.5AI Score

0.001EPSS

2023-08-08 06:15 PM
13
cve
cve

CVE-2023-20589

An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code...

6.8CVSS

6.7AI Score

0.001EPSS

2023-08-08 06:15 PM
21
cve
cve

CVE-2023-20569

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information...

4.7CVSS

6.6AI Score

0.0004EPSS

2023-08-08 06:15 PM
182
cve
cve

CVE-2023-20555

Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in...

7.8CVSS

7.7AI Score

0.0004EPSS

2023-08-08 06:15 PM
31
prion
prion

Code injection

A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any...

9.8CVSS

9.5AI Score

0.001EPSS

2023-08-08 06:15 PM
3
cvelist
cvelist

CVE-2023-20586 Radeon™ Software Crimson ReLive Edition

A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any...

9.8AI Score

0.001EPSS

2023-08-08 05:05 PM
intel
intel

Intel® RealSenseTM SDK Advisory

Summary: A potential security vulnerability in some Intel® RealSense™ Software Development Kits (SDKs) may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-32663 Description: Incorrect default...

7.3AI Score

0.0004EPSS

2023-08-08 12:00 AM
5
intel
intel

Intel® Unison™ Software Advisory

Summary: Potential security vulnerabilities in some Intel® Unison™ software may allow escalation of privilege or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-25757 Description: Improper access...

6.8AI Score

0.001EPSS

2023-08-08 12:00 AM
5
amd
amd

SMM Memory Corruption Vulnerability

Bulletin ID: AMD-SB-4003 Potential Impact: Arbitrary Code Execution Severity: High Summary SMM memory corruption vulnerability in SMM driver on some AMD Processors. CVE-2023-20555 Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an...

7.8CVSS

8.2AI Score

0.0004EPSS

2023-08-08 12:00 AM
21
hp
hp

AMD® Ryzen Master™ SDK February 2023 Security Update

AMD has informed HP of a potential security vulnerability identified in the AMD® Ryzen Master™ Monitoring SDK, which might allow escalation of privilege. AMD has released software to mitigate the potential vulnerability. AMD has released updates to mitigate the potential vulnerability. HP has...

7.8CVSS

7AI Score

0.0004EPSS

2023-08-08 12:00 AM
13
intel
intel

2023.3 IPU - BIOS Advisory

Summary: Potential security vulnerabilities in the BIOS firmware for some Intel® Processors may allow escalation of privilege, information disclosure or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2022-37343.....

7.9AI Score

0.0004EPSS

2023-08-08 12:00 AM
12
intel
intel

Intel® RST Software Installer Advisory

Summary: A potential security vulnerability in some Intel® Rapid Storage Technology (RST) software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-43456 Description: Uncontrolled search path in.....

7.2AI Score

0.0004EPSS

2023-08-08 12:00 AM
11
intel
intel

Intel® oneAPI Toolkit and Component Software Installers Advisory

Summary: Potential security vulnerabilities in some Intel® oneAPI Toolkit and component software installers may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-27391 Description: Improper...

7.4AI Score

0.0004EPSS

2023-08-08 12:00 AM
5
intel
intel

Intel® RealSense™ ID Software Advisory

Summary: Potential security vulnerabilities in some Intel® RealSense™ ID software for Intel® RealSense™ 450 Face Authentication (FA) may allow escalation of privilege, denial of service and/or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities......

7.7AI Score

0.0004EPSS

2023-08-08 12:00 AM
3
intel
intel

Intel® PROSet/Wireless WiFi and KillerTM WiFi Advisory

Summary: Potential security vulnerabilities in some Intel® PROSet/Wireless WiFi and Killer™ WiFi products may allow escalation of privilege or denial of service. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID:...

7.5AI Score

0.0005EPSS

2023-08-08 12:00 AM
11
amd
amd

OpenSSL Vulnerabilities

Bulletin ID:AMD-SB-7001 Potential Impact: Denial of Service, Remote Code Execution Severity:High Summary OpenSSL announced two high severity vulnerabilities affecting certain versions of their product. Currently, AMD believes potential impact is limited to the ReLive streaming feature which makes.....

7.5CVSS

7.5AI Score

0.087EPSS

2023-08-08 12:00 AM
32
intel
intel

Intel® Distribution of OpenVINO™ Toolkit Advisory

Summary: A potential security vulnerability in the Intel® Distribution of OpenVINO™ Toolkit may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-28405 Description: Uncontrolled search path in the...

7.2AI Score

0.0004EPSS

2023-08-08 12:00 AM
5
amd
amd

Return Address Security Bulletin

Bulletin ID:AMD-SB-7005 Potential Impact: Data Confidentiality Severity:Medium Summary AMD has received an external report titled ‘INCEPTION’, describing a new speculative side channel attack. The attack can result in speculative execution at an attacker-controlled address, potentially leading to.....

4.7CVSS

6.8AI Score

0.0004EPSS

2023-08-08 12:00 AM
68
hp
hp

Intel® PROSet/Wireless WiFi and Killer™ WiFi August 2023 Security Update

Intel has informed HP of potential vulnerabilities identified in some Intel® PROSet/Wireless WiFi and Killer™ WiFi products, which might allow escalation of privilege or denial of service. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. Intel has...

8.2CVSS

7.3AI Score

0.0005EPSS

2023-08-08 12:00 AM
14
amd
amd

fTPM Voltage Fault Injection

Bulletin ID:AMD-SB-4005 Potential Impact: Arbitrary Code Execution Severity:High Summary CVE-2023-20589 Researchers at the Technische Universität Berlin have reported the use of voltage fault injection attacks on ASP secure boot targeting fTPM. An attacker with specialized hardware and physical...

6.8CVSS

8AI Score

0.001EPSS

2023-08-08 12:00 AM
23
amd
amd

AMD Ryzen™ Master Security Bulletin

Bulletin ID:AMD-SB-7004 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary AMD Ryzen™ Master is a software tool that provides users access to advanced settings, such as clock and voltage settings, to control system performance in...

6.7CVSS

5.7AI Score

0.0004EPSS

2023-08-08 12:00 AM
7
amd
amd

Radeon™ Software Crimson ReLive Edition

Bulletin ID:AMD-SB-6007 Potential Impact: Escalation of Privilege Severity:High Summary Radeon™ Software Crimson ReLive Edition is an advanced graphics software designed for enabling high-performance gaming and engaging VR experiences. A potential vulnerability was reported in Radeon™ Software...

9.8CVSS

7.2AI Score

0.001EPSS

2023-08-08 12:00 AM
9
amd
amd

AMD μProf Security Bulletin

Bulletin ID:AMD-SB-7003 Potential Impact: Varies by CVE, see descriptions below Severity:Varies by CVE, see descriptions below Summary AMD μProf (“MICRO-prof”) is a software profiling analysis tool for x86 applications running on Windows, Linux and FreeBSD operating systems and provides event...

7.8CVSS

6.9AI Score

0.0004EPSS

2023-08-08 12:00 AM
24
amd
amd

Speculative Leaks Security Notice

Bulletin ID:AMD-SB-7007 Potential Impact: Loss of Confidentiality Severity:Low Summary External researchers have reported that on some AMD processors a division-by-zero can potentially return speculative data. CVE Details Refer to Glossary for explanation of terms CVE| Severity| CVE Description...

5.5CVSS

6.6AI Score

0.001EPSS

2023-08-08 12:00 AM
22
ibm
ibm

Security Bulletin: A remote code execution vulnerability in IBM Java SDK affects IBM InfoSphere Information Server (CVE-2022-40609)

Summary A remote code execution vulnerability in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a...

9.8CVSS

9.4AI Score

0.003EPSS

2023-08-07 09:40 PM
16
ibm
ibm

Security Bulletin: Vulnerability in IBM® Java SDK affects IBM WebSphere Application Server due to CVE-2022-40609

Summary There is a vulnerability in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server traditional . This product has addressed the applicable CVE. If.....

9.8CVSS

7.2AI Score

0.003EPSS

2023-08-07 05:13 PM
11
wallarmlab
wallarmlab

2023 OWASP Top-10 Series: API2:2023 Broken Authentication

Welcome to the 3rd post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API2:2023 Broken Authentication. In this series we are taking an in-depth look at each category – the details, the impact and what....

7.1AI Score

2023-08-05 01:45 PM
20
ibm
ibm

Security Bulletin: IBM® Db2® has multiple denial of service vulnerabilities with a specially crafted query

Summary IBM® Db2® has multiple denial of service vulnerabilities with a specially crafted query Vulnerability Details ** CVEID: CVE-2023-30447 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially...

7.5CVSS

7.4AI Score

EPSS

2023-08-04 03:19 PM
26
mssecure
mssecure

Cyber Signals: Sporting events and venues draw cyberthreats at increasing rates

Today we released the fifth edition of Cyber Signals, spotlighting threats to large venues, and sporting and entertainment events, based on our learnings and telemetry from delivering cybersecurity support to critical infrastructure facilities during the State of Qatar’s hosting of the FIFA World.....

6.7AI Score

2023-08-03 10:00 AM
4
mmpc
mmpc

Cyber Signals: Sporting events and venues draw cyberthreats at increasing rates

Today we released the fifth edition of Cyber Signals, spotlighting threats to large venues, and sporting and entertainment events, based on our learnings and telemetry from delivering cybersecurity support to critical infrastructure facilities during the State of Qatar’s hosting of the FIFA World.....

6.7AI Score

2023-08-03 10:00 AM
5
nvidia
nvidia

Security Bulletin - Omniverse Launcher - August 2023

NVIDIA has released a software update for the Omniverse Workstation Launcher to address a security issue that may lead to information disclosure. To protect your system, download and apply the update for the Omniverse platform that you are using. If you are using the licensed NVIDIA Omniverse...

5.3CVSS

6.4AI Score

0.0005EPSS

2023-08-03 12:00 AM
7
Total number of security vulnerabilities7895