8.8CVSS
8.8AI Score
0.002EPSS
2023 OWASP Top-10 Series: Spotlight on Injection
Welcome to the 12th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it. To see previous posts you might...
8AI Score
Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090) kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch...
7.8CVSS
7.8AI Score
0.001EPSS
kernel security, bug fix, and enhancement update
An update is available for kernel. This update affects Rocky Linux SIG Cloud 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux....
7.8CVSS
7.3AI Score
0.001EPSS
New module content (3) LDAP Login Scanner Author: Dean Welch Type: Auxiliary Pull request: #18197 contributed by dwelch-r7 Path: scanner/ldap/ldap_login Description: This PR adds a new login scanner module for LDAP. Login scanners are the classes that provide functionality for testing...
8.8CVSS
8.9AI Score
0.965EPSS
Summary A vulnerability in libqb affects IBM® Db2® High-Availability deployments using Pacemaker. Vulnerability Details ** CVEID: CVE-2023-39976 DESCRIPTION: **ClusterLabs libqb is vulnerable to a buffer overflow, caused by improper bounds checking by the qb_vsnprintf_serialize function in...
9.8CVSS
7.8AI Score
0.001EPSS
NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations
A plea for network defenders and software manufacturers to fix common problems. EXECUTIVE SUMMARY The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint cybersecurity advisory (CSA) to highlight the most common cybersecurity...
10CVSS
10AI Score
0.976EPSS
Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their July 2023 Critical Patch Update. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Lifecycle Optimization -...
3.7CVSS
6.3AI Score
0.001EPSS
Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest
Summary There are multiple vulnerabilities in the IBM® Runtime Environment Java™ 8, which is used by IBM Rational ClearQuest v9.0.2. These issues were disclosed in the IBM Java SDK updates including IBM Java XML vulnerability CVE-2022-21426, deferred from Oracle Apr 2022 CPU and Oracle April 2023.....
9.1CVSS
8.3AI Score
0.002EPSS
Security Bulletin: Multiple vulnerabilities in the GSKit builds affect IBM Rational ClearQuest
Summary There are multiple vulnerabilities in the GSKit, which are used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-33850 DESCRIPTION: **IBM GSKit-Crypto could allow a remote attacker to obtain sensitive...
7.5CVSS
6.3AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. Vulnerability Details ** CVEID: CVE-2023-29256 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to an...
6.5CVSS
6.8AI Score
0.001EPSS
Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affects IBM Rational ClearCase.
Summary There are vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which is used by IBM Rational ClearCase. CVE-2023-33850, CVE-2023-32342, CVE-2023-21930, CVE-2023-21967 Vulnerability Details ** CVEID: CVE-2023-33850 DESCRIPTION: **IBM GSKit-Crypto could allow a remote...
7.5CVSS
6.7AI Score
0.002EPSS
8.4CVSS
7.7AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
9.8CVSS
8.3AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0004EPSS
Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available...
7.8CVSS
7.8AI Score
0.0004EPSS
9.1CVSS
7.5AI Score
0.0005EPSS
Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming...
6.1CVSS
5.5AI Score
0.0004EPSS
8.2CVSS
7.3AI Score
0.001EPSS
Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted...
7.8CVSS
7.5AI Score
0.0004EPSS
8.4CVSS
7.6AI Score
0.0004EPSS
Memory corruption in Modem while processing security related configuration before AS Security...
9.8CVSS
8.4AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line...
8.2CVSS
7.3AI Score
0.001EPSS
Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address...
8.4CVSS
7.5AI Score
0.0004EPSS
9.8CVSS
9.3AI Score
0.001EPSS
8.7CVSS
7.5AI Score
0.0004EPSS
7.1AI Score
7.1AI Score
Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credential Disclosure Vulnerability
Electrolink FM/DAB/TV Transmitter suffers from a disclosure of clear-text credentials in controlloLogin.js that can allow security bypass and system...
7.4AI Score
Electrolink FM/DAB/TV Transmitter Unauthenticated Remote Denial Of Service Vulnerability
Electrolink FM/DAB/TV Transmitter from a denial of service scenario. An unauthenticated attacker can reset the board as well as stop the transmitter operations by sending one GET request to the command.cgi...
7AI Score
Electrolink FM/DAB/TV Transmitter Remote Authentication Removal Exploit
Electrolink FM/DAB/TV Transmitter suffers from an unauthenticated parameter manipulation that allows an attacker to set the credentials to blank giving her access to the admin panel. It is also vulnerable to account takeover and arbitrary password...
7.7AI Score
7.1AI Score
Electrolink FM/DAB/TV Transmitter Vertical Privilege Escalation Vulnerability
Electrolink FM/DAB/TV Transmitter suffers from a privilege escalation vulnerability. An attacker can escalate his privileges by poisoning the Cookie from GUEST to ADMIN to effectively become Administrator or poisoning to ZSL to become Super...
7.4AI Score
7.1AI Score
7.1AI Score
Electrolink FM/DAB/TV Transmitter (Login Cookie) Authentication Bypass Vulnerability
Electrolink FM/DAB/TV Transmitter suffers from an authentication bypass vulnerability affecting the Login Cookie. An attacker can set an arbitrary value except NO to the Login Cookie and have full system...
7.7AI Score
7.1AI Score
7.1AI Score
Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) Credential Disclosure Vulnerability
The Electrolink FM/DAB/TV Transmitter suffers from a disclosure of clear-text credentials in login.htm and mail.htm that can allow security bypass and system...
7.4AI Score
Electrolink FM/DAB/TV Transmitter SuperAdmin Hidden Functionality Vulnerability
Electrolink FM/DAB/TV Transmitter allows an unauthenticated attacker to bypass authentication and modify the Cookie to reveal hidden pages that allows more critical operations to the...
7.7AI Score
7.1AI Score
Electrolink FM/DAB/TV Transmitter Pre-Auth MPFS Image Remote Code Execution Vulnerability
Electrolink FM/DAB/TV Transmitter allows access to an unprotected endpoint that allows an MPFS File System binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial Flash, or...
7.6AI Score
[SECURITY] [DLA 3596-1] firmware-nonfree security update
Debian LTS Advisory DLA-3596-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost September 30, 2023 https://wiki.debian.org/LTS Package : firmware-nonfree Version :...
8.2CVSS
7.3AI Score
0.0005EPSS
Hello everyone! On the last day of September, I decided to record another retrospective episode on how my Vulnerability Management month went. Alternative video link (for Russia): https://vk.com/video-149273431_456239136 September was quite a busy month for me. Vulnerability Management courses I...
9.8CVSS
9.2AI Score
0.976EPSS
2023 OWASP Top-10 Series: API10:2023 Unsafe Consumption of APIs
Welcome to the 11th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API10:2023 Unsafe Consumption of APIs. In this series we are taking an in-depth look at each category – the details, the impact...
8.1AI Score
Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could.....
9.8CVSS
7.3AI Score
0.003EPSS