BD Pyxis™ ParAssist Security Vulnerabilities

CVE-2021-46769

Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to execute arbitrary DMA copies, which can lead to code...

CVE-2021-46764

Improper validation of DRAM addresses in SMU may allow an attacker to overwrite sensitive memory locations within the ASP potentially resulting in a denial of...

CVE-2023-20524

An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out of bounds write, potentially leading to a loss a loss of...

CVE-2021-46762

Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or denial of...

CVE-2021-46753

Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and...

CVE-2021-26379

Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege...

CVE-2021-26354

Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of...

CVE-2021-46749

Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of...

CVE-2021-26365

Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory...

CVE-2021-26406

Insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application can lead to a host crash potentially resulting in denial of...

CVE-2021-26397

Insufficient address validation, may allow an attacker with a compromised ABL and UApp to corrupt sensitive memory locations potentially resulting in a loss of integrity or...

CVE-2021-26356

A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information...

CVE-2021-26371

A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information...

Managed XDR Investigation of Ducktail in Trend Micro Vision One™

The Trend Micro Managed XDR team investigated several Ducktail-related web browser credential dumping incidents involving different...

AMD Server Vulnerabilities – May 2023

Bulletin ID: AMD-SB-3001 Potential Impact: Varies by CVE, see descriptions below Severity:Varies by CVE, see descriptions below Summary Potential vulnerabilities in the AMD Secure Processor (ASP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV) and other platform...

Intel® VTuneTM Profiler Advisory

Summary: Potential security vulnerabilities in the Intel® VTune™ Profiler software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2022-41982 Description: Uncontrolled search path element in the...

Intel® oneAPI Toolkit and Component Software Installers Advisory

Summary: A potential security vulnerability in some Intel® oneAPI Toolkit and component software installers may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-22355 Description: Uncontrolled search....

Intel® FPGA Firmware Advisory

Summary: A potential security vulnerability in some Intel® Field Programmable Gate Array (FPGA) products may allow escalation of privilege. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-38787 Description: Improper input...

AMD Client UEFI Firmware May 2023 Security Update

AMD has informed HP of potential vulnerabilities identified in client platform components for some AMD Athlon™ Processors and Ryzen™ Processors, which might allow arbitrary code execution, denial of service, and/or information disclosure. AMD is releasing firmware updates to mitigate these...

Client Vulnerabilities – May 2023

Bulletin ID:AMD-SB-4001 Potential Impact:Varies by CVE, see descriptions below Severity:Varies by CVE, see descriptions below Summary Potential vulnerabilities in AMD Secure Processor (ASP), AMD System Management Unit (SMU), and other platform components were discovered, and mitigations are being.....

Managed XDR Investigation of Ducktail in Trend Vision One™

The Trend Micro Managed XDR team investigated several Ducktail-related web browser credential dumping incidents involving different...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (January 2023) affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in January 2023 and April 2022. Vulnerability Details ** CVEID: CVE-2023-21830 ...

Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities

Summary There are vulnerabilities in IBM® Semeru Java™ Version 11 used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.4 Fix Pack 1 IF17 has addressed the applicable CVEs by upgrading to IBM® Semeru JRE 11.0.18.0 (CVE-2022-21449, CVE-2022-21434, CVE-2022-21443, CVE-2022-21624,...

pyxis-suisse.ch Cross Site Scripting vulnerability OBB-3294130

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

How Microsoft can help you go passwordless this World Password Day

It’s that time of year again. World Password Day is May 4, 2023.1 There’s a reason it’s still going strong 10 years after being created by cybersecurity professionals. A recent study that analyzed more than 15 billion passwords found that the top 10 most popular passwords still include...

How Microsoft can help you go passwordless this World Password Day

It’s that time of year again. World Password Day is May 4, 2023.1 There’s a reason it’s still going strong 10 years after being created by cybersecurity professionals. A recent study that analyzed more than 15 billion passwords found that the top 10 most popular passwords still include...

Forrester names Microsoft a Leader in 2023 Infrastructure-as-a-Service Platform Native Security report

As we continue to drive toward making the world safer and more productive for all, it is vital we empower our customers to secure every aspect of their organization. Each day we are seeing more advanced security threats as bad actors develop new tactics that aim to take advantage of businesses as.....

Forrester names Microsoft a Leader in 2023 Infrastructure-as-a-Service Platform Native Security report

As we continue to drive toward making the world safer and more productive for all, it is vital we empower our customers to secure every aspect of their organization. Each day we are seeing more advanced security threats as bad actors develop new tactics that aim to take advantage of businesses as.....

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - January 2023 - Includes Oracle January 2023 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities).....

Security Bulletin: Multiple CVEs - Vulnerabilities in IBM Java Runtime affect IBM Integration Designer used in IBM Business Automation Workflow and IBM Business Process Manager

Summary Vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVEs. Vulnerability Details ** CVEID: CVE-2023-30441 DESCRIPTION: **IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE...

Security Bulletin: IBM Spectrum Scale Transparent Cloud Tiering is affected by a vulnerability in IBM® Runtime Environment Java™ (CVE-2021-2161)

Summary CVE-2021-2161 was disclosed as part of the Oracle April 2021 Critical Patch Update. Vulnerability Details ** CVEID: CVE-2021-2161 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality...

Security Bulletin: IBM Spectrum Scale Transparent Cloud Tiering is affected by multiple vulnerabilities in IBM® Runtime Environment Java™

Summary Multiple vulnerabilities were disclosed as part of the Oracle October 2021 Critical Patch Update. Vulnerability Details ** CVEID: CVE-2021-35560 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take...

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple vulnerabilities due to IBM Java Runtime

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling External Authentication Server. IBM Sterling External Authentication Server has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2022-21628 DESCRIPTION: **Java SE is...

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple vulnerabilities due to IBM Java Runtime

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling Secure Proxy. IBM Sterling Secure Proxy has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2022-21426 DESCRIPTION: **An unspecified vulnerability in Java SE related to.....

Security Bulletin: A vulnerability in IBM Java SDK affects IBM InfoSphere Information Server (CVE-2023-30441)

Summary A vulnerability in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-30441 DESCRIPTION: **IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE components could expose...

Security Bulletin: A vulnerability in IBM Java Runtime and in IBM Semeru Runtime affects z/Transaction Processing Facility

Summary IBM® SDK, Java™ Technology Edition, Version 8 and IBM Semeru Runtime Certified Edition 11 that are used by the z/Transaction Processing Facility (z/TPF) system are both vulnerable to CVE-2023-30441. The z/TPF system was updated to address this CVE for both IBM Java SDK and IBM Semeru...

Security Bulletin:Vulnerability in IBM® Java SDK affects IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to CVE-2023-30441

Summary There is a vulnerability in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server traditional and IBM....

APC warns about critical vulnerabilities in online UPS monitoring software

In a security notification, APC has warned home and corporate users about critical vulnerabilities in the software used to monitor and control their UPS systems online. APC, which started as the American Power Conversion in 1981, today is a part of Schneider Electric™. APC is an industry leader...

Security Bulletin: IBM® Db2® is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. (CVE-2023-29257)

Summary IBM® Db2® is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. Vulnerability Details ** CVEID: CVE-2023-29257 DESCRIPTION: **IBM Db2 is vulnerable to remote code execution as.....

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as as it may trap when compiling a variation of an anonymous block. (CVE-2023-29255)

Summary IBM® Db2® is vulnerable to a denial of service as as it may trap when compiling a variation of an anonymous block. Vulnerability Details ** CVEID: CVE-2023-29255 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as it may.....

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when when attempting to use ACR client affinity for unfenced DRDA federation wrappers. (CVE-2023-27555)

Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when when attempting to use ACR client affinity for unfenced DRDA federation wrappers. Vulnerability Details ** CVEID: CVE-2023-27555 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) is...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. (CVE-2023-26021)

Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted SQL query using a LIMIT clause. Vulnerability Details ** CVEID: CVE-2023-26021 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. (CVE-2023-25930)

Summary IBM® Db2® is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. Vulnerability Details ** CVEID: CVE-2023-25930 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable.....

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when an Out of Memory occurs. (CVE-2023-26022)

Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when an Out of Memory occurs. Vulnerability Details ** CVEID: CVE-2023-26022 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash.....

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. (CVE-2023-27559)

Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. Vulnerability Details ** CVEID: CVE-2023-27559 DESCRIPTION: **IBM Db2 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. CVSS...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-21830 DESCRIPTION:.....

Security Bulletin: NVIDIA CUDA Toolkit - April 2023

NVIDIA has released a software update for NVIDIA® CUDA® Toolkit software. This update addresses security issues that may lead to code execution, limited denial of service, and limited information disclosure. To protect your system, download and install this software update from the CUDA Toolkit...

Microsoft Entra delivers 240 percent ROI, according to new Forrester study

Every day we easily move between apps and devices while identity professionals work hard behind the scenes to improve technologies that make this digital experience more secure. With nearly 50 percent of data breaches caused by stolen credentials, it's important for identity professionals to arm...

Microsoft Entra delivers 240 percent ROI, according to new Forrester study

Every day we easily move between apps and devices while identity professionals work hard behind the scenes to improve technologies that make this digital experience more secure. With nearly 50 percent of data breaches caused by stolen credentials, it's important for identity professionals to arm...

Security Bulletin: CVE-2023-30441 affects IBM® SDK, Java™ Technology Edition

Summary CVE-2023-30441 affects IBM SDK, Java Technology Edition. An update has been released to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-30441 DESCRIPTION: **IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE components could expose sensitive...