Security Bulletin: Multiple vulnerabilities in the GSKit builds affect IBM Rational ClearQuest
Summary There are multiple vulnerabilities in the GSKit, which are used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-33850 DESCRIPTION: **IBM GSKit-Crypto could allow a remote attacker to obtain sensitive...
6.3AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. Vulnerability Details ** CVEID: CVE-2023-29256 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to an...
6.8AI Score
0.001EPSS
Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affects IBM Rational ClearCase.
Summary There are vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which is used by IBM Rational ClearCase. CVE-2023-33850, CVE-2023-32342, CVE-2023-21930, CVE-2023-21967 Vulnerability Details ** CVEID: CVE-2023-33850 DESCRIPTION: **IBM GSKit-Crypto could allow a remote...
6.7AI Score
0.001EPSS
Electrolink FM/DAB/TV Transmitter Unauthenticated Remote Denial Of Service Vulnerability
Electrolink FM/DAB/TV Transmitter from a denial of service scenario. An unauthenticated attacker can reset the board as well as stop the transmitter operations by sending one GET request to the command.cgi...
7AI Score
7.1AI Score
7.1AI Score
Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credential Disclosure Vulnerability
Electrolink FM/DAB/TV Transmitter suffers from a disclosure of clear-text credentials in controlloLogin.js that can allow security bypass and system...
7.4AI Score
Electrolink FM/DAB/TV Transmitter Remote Authentication Removal Exploit
Electrolink FM/DAB/TV Transmitter suffers from an unauthenticated parameter manipulation that allows an attacker to set the credentials to blank giving her access to the admin panel. It is also vulnerable to account takeover and arbitrary password...
7.7AI Score
7.1AI Score
7.1AI Score
Electrolink FM/DAB/TV Transmitter Vertical Privilege Escalation Vulnerability
Electrolink FM/DAB/TV Transmitter suffers from a privilege escalation vulnerability. An attacker can escalate his privileges by poisoning the Cookie from GUEST to ADMIN to effectively become Administrator or poisoning to ZSL to become Super...
7.4AI Score
Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) Credential Disclosure Vulnerability
The Electrolink FM/DAB/TV Transmitter suffers from a disclosure of clear-text credentials in login.htm and mail.htm that can allow security bypass and system...
7.4AI Score
Electrolink FM/DAB/TV Transmitter (Login Cookie) Authentication Bypass Vulnerability
Electrolink FM/DAB/TV Transmitter suffers from an authentication bypass vulnerability affecting the Login Cookie. An attacker can set an arbitrary value except NO to the Login Cookie and have full system...
7.7AI Score
7.1AI Score
7.1AI Score
7.1AI Score
Electrolink FM/DAB/TV Transmitter Pre-Auth MPFS Image Remote Code Execution Vulnerability
Electrolink FM/DAB/TV Transmitter allows access to an unprotected endpoint that allows an MPFS File System binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial Flash, or...
7.6AI Score
7.1AI Score
Electrolink FM/DAB/TV Transmitter SuperAdmin Hidden Functionality Vulnerability
Electrolink FM/DAB/TV Transmitter allows an unauthenticated attacker to bypass authentication and modify the Cookie to reveal hidden pages that allows more critical operations to the...
7.7AI Score
[SECURITY] [DLA 3596-1] firmware-nonfree security update
Debian LTS Advisory DLA-3596-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost September 30, 2023 https://wiki.debian.org/LTS Package : firmware-nonfree Version :...
7.8CVSS
7.4AI Score
0.0004EPSS
Hello everyone! On the last day of September, I decided to record another retrospective episode on how my Vulnerability Management month went. Alternative video link (for Russia): https://vk.com/video-149273431_456239136 September was quite a busy month for me. Vulnerability Management courses I...
9.2AI Score
0.976EPSS
2023 OWASP Top-10 Series: API10:2023 Unsafe Consumption of APIs
Welcome to the 11th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API10:2023 Unsafe Consumption of APIs. In this series we are taking an in-depth look at each category – the details, the impact...
8.1AI Score
Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could.....
7.3AI Score
0.003EPSS
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE,...
8AI Score
0.001EPSS
Electrolink FM/DAB/TV Transmitter (Login Cookie) Authentication Bypass
Title: Electrolink FM/DAB/TV Transmitter (Login Cookie) Authentication Bypass Advisory ID: ZSL-2023-5791 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data Risk: (5/5) Release...
7.6AI Score
0.0004EPSS
Electrolink FM/DAB/TV Transmitter Pre-Auth MPFS Image Remote Code Execution
Title: Electrolink FM/DAB/TV Transmitter Pre-Auth MPFS Image Remote Code Execution Advisory ID: ZSL-2023-5796 Type: Local/Remote Impact: Security Bypass, System Access, DoS Risk: (5/5) Release Date: 30.09.2023 Summary Since 1990 Electrolink has been dealing with design and manufacturing of...
8.4AI Score
0.0004EPSS
Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) Credentials Disclosure
Title: Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) Credentials Disclosure Advisory ID: ZSL-2023-5789 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, Exposure of System Information, Exposure of Sensitive Information Risk: (5/5) Release Date: 30.09.2023 ...
7.2AI Score
0.0004EPSS
Electrolink FM/DAB/TV Transmitter Vertical Privilege Escalation
Title: Electrolink FM/DAB/TV Transmitter Vertical Privilege Escalation Advisory ID: ZSL-2023-5793 Type: Local/Remote Impact: Privilege Escalation, Manipulation of Data Risk: (4/5) Release Date: 30.09.2023 Summary Since 1990 Electrolink has been dealing with design and manufacturing of advanced...
7.8AI Score
0.0004EPSS
Electrolink FM/DAB/TV Transmitter SuperAdmin Hidden Functionality
Title: Electrolink FM/DAB/TV Transmitter SuperAdmin Hidden Functionality Advisory ID: ZSL-2023-5794 Type: Local/Remote Impact: Security Bypass, Privilege Escalation Risk: (4/5) Release Date: 30.09.2023 Summary Since 1990 Electrolink has been dealing with design and manufacturing of advanced...
7.7AI Score
0.0004EPSS
Electrolink FM/DAB/TV Transmitter Remote Authentication Removal
Title: Electrolink FM/DAB/TV Transmitter Remote Authentication Removal Advisory ID: ZSL-2023-5792 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data Risk: (5/5) Release Date:...
7.8AI Score
0.0004EPSS
Electrolink FM/DAB/TV Transmitter Unauthenticated Remote DoS
Title: Electrolink FM/DAB/TV Transmitter Unauthenticated Remote DoS Advisory ID: ZSL-2023-5795 Type: Local/Remote Impact: DoS Risk: (4/5) Release Date: 30.09.2023 Summary Since 1990 Electrolink has been dealing with design and manufacturing of advanced technologies for radio and television...
7.5AI Score
0.0004EPSS
Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credentials Disclosure
Title: Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credentials Disclosure Advisory ID: ZSL-2023-5790 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, Exposure of System Information, Exposure of Sensitive Information Risk: (5/5) Release Date: 30.09.2023 ...
7.2AI Score
0.0004EPSS
Rockwell Automation PanelView 800
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: PanelView 800 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose...
9.9AI Score
0.028EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : binutils (SUSE-SU-2023:3825-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3825-1 advisory. An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data...
7.6AI Score
kernel security, bug fix, and enhancement update
An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating....
7.3AI Score
0.001EPSS
Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090) kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch...
7.8AI Score
0.001EPSS
2023 OWASP Top-10 Series: API9:2023 Improper Inventory Management
Welcome to the 10th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API9:2023 Improper Inventory Management. In this series we are taking an in-depth look at each category – the details, the impact....
6.8AI Score
Improved Ticket Forging Metasploit’s admin/kerberos/forge_ticket module has been updated to work with Server 2022. In Windows Server 2022, Microsoft started requiring additional new PAC elements to be present - the PAC requestor and PAC attributes. The newly forged tickets will have the necessary.....
9.8CVSS
9.3AI Score
0.971EPSS
Summary IBM® SDK Java™ Technology Edition is used by IBM Workload Scheduler. (CVE-2023-21830, CVE-2023-21843) Vulnerability Details ** CVEID: CVE-2023-21830 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Serialization component could allow a remote attacker to cause a...
6.1AI Score
0.001EPSS
SUSE SLES12 Security Update : binutils (SUSE-SU-2023:3695-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3695-1 advisory. An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to...
9.8AI Score
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local...
5.5CVSS
5AI Score
0.0004EPSS
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local...
4.4CVSS
5.1AI Score
0.0004EPSS
Rapid7 doubles down on a platform approach for Vulnerability Risk Management
This week, Rapid7 was named a Strong Performer in The Forrester Wave™: Vulnerability Risk Management, Q3 2023. The report, which included 11 vulnerability risk management vendors, represented Rapid7's inclusion in the Wave report for vulnerability management. We are proud to be recognized for our.....
6.7AI Score
Bulletin ID: AMD-SB-4007 Potential Impact:Data Leakage Severity:Medium Summary Potential memory leak vulnerabilities in AMD Driver Execution Environment (DXE) driver may allow a highly privileged user to obtain sensitive information. CVE Details Refer to Glossary for explanation of terms CVE|...
5.5CVSS
5.2AI Score
0.0004EPSS
Forrester names Microsoft a Leader in the 2023 Zero Trust Platform Providers Wave™ report
Microsoft is proud to be recognized as a Leader in the Forrester Wave™: Zero Trust Platform Providers, Q3 2023 report. At Microsoft, we understand modernizing security is a complex task in this era of ever-evolving cyberthreats and complex digital environments. Serious threats have necessitated a.....
6.6AI Score
Forrester names Microsoft a Leader in the 2023 Zero Trust Platform Providers Wave™ report
Microsoft is proud to be recognized as a Leader in the Forrester Wave™: Zero Trust Platform Providers, Q3 2023 report. At Microsoft, we understand modernizing security is a complex task in this era of ever-evolving cyberthreats and complex digital environments. Serious threats have necessitated a.....
6.6AI Score
(RHSA-2023:5244) Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090) kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch...
7.9AI Score
0.003EPSS
ShroudedSnooper's HTTPSnoop Backdoor Targets Middle East Telecom Companies
Telecommunication service providers in the Middle East are the target of a new intrusion set dubbed ShroudedSnooper that employs a stealthy backdoor called HTTPSnoop. "HTTPSnoop is a simple, yet effective, backdoor that consists of novel techniques to interface with Windows HTTP kernel drivers and....
7.3AI Score
Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090) kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch...
7.4AI Score
0.001EPSS
Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090) kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch...
7.8AI Score
0.001EPSS