Rocket Software UniRPC Exploits Ron Bowes submitted two exploit modules for vulnerabilities he discovered in the UniRPC server for Rocket Software’s UniData product. The first exploit module, exploit/linux/misc/unidata_udadmin_auth_bypass exploits an authentication bypass to ultimately gain...
9.8CVSS
10.7AI Score
0.155EPSS
Adobe ColdFusion Unauthenticated Arbitrary File Read
This module exploits a remote unauthenticated deserialization of untrusted data vulnerability in Adobe ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier, in order to read an arbitrary file from the server. To run this module you must provide a valid ColdFusion...
8.6CVSS
8.6AI Score
0.957EPSS
Adobe ColdFusion Unauthenticated Remote Code Execution
This module exploits a remote unauthenticated deserialization of untrusted data vulnerability in Adobe ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier, in order to gain remote code...
8.6CVSS
9AI Score
0.957EPSS
Summary Vulnerabilities may affect IBM® SDK, Java™ Technology Edition. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Workflow Management, Global Configuration Management, IBM...
5.3CVSS
5.6AI Score
0.001EPSS
Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to...
8.4CVSS
7.9AI Score
0.0004EPSS
8.2CVSS
7.4AI Score
0.001EPSS
Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command...
7.8CVSS
7.8AI Score
0.0004EPSS
Memory corruption due to integer overflow to buffer overflow in Modem while parsing Traffic Channel Neighbor List Update...
7.8CVSS
8AI Score
0.0004EPSS
Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection...
9.3CVSS
9AI Score
0.0004EPSS
Transient DOS due to time-of-check time-of-use race condition in Modem while processing RRC Reconfiguration...
7.5CVSS
5.7AI Score
0.001EPSS
Memory corruption due to integer overflow or wraparound in Core while DDR memory...
9.3CVSS
7.9AI Score
0.0004EPSS
9.3CVSS
7.8AI Score
0.0004EPSS
VMware Workspace ONE Access CVE-2022-22960
This module exploits CVE-2022-22960 which allows the user to overwrite the permissions of the certproxyService.sh script so that it can be modified by the horizon user. This allows a local attacker with the uid 1001 to escalate their privileges to root...
7.8CVSS
8.5AI Score
0.001EPSS
Security Bulletin: CVE-2022-21426 may affect IBM® SDK, Java™ Technology Edition
Summary CVE-2022-21426 was disclosed as part of the Oracle April 2022 Critical Patch Update. Vulnerability Details ** CVEID: CVE-2022-21426 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service...
5.3CVSS
5.7AI Score
0.001EPSS
Bulletin ID: AMD-SB-7002 Potential Impact:Varies by CVE, see descriptions below Severity:Varies by CVE, see descriptions below Summary Researchers have identified two potential vulnerabilities that affect systems using the TPM 2.0 reference implementation, including some systems using AMD CPUs....
7.8CVSS
7.4AI Score
0.001EPSS
Siemens RUGGEDCOM, SCALANCE, SIMATIC, SINEMA Improper Input Validation (CVE-2018-5391)
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation...
7AI Score
0.017EPSS
9.8CVSS
9.4AI Score
0.23EPSS
9.8CVSS
9.8AI Score
EPSS
9.8CVSS
9.4AI Score
0.23EPSS
Fedora 36 : xen (2023-04b5338dd0)
The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-04b5338dd0 advisory. x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one...
7.8AI Score
0.002EPSS
A flaw was found in mod_auth_openidc, an OpenID Certified™ authentication and authorization module for the Apache HTTP server. It is possible to trigger a NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied, leading to a segmentation fault and a denial of.....
7.5CVSS
7.2AI Score
0.002EPSS
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server...
5.3CVSS
6.8AI Score
0.001EPSS
A Royal Analysis of Royal Ransom
A Royal Analysis of Royal Ransom By Alexandre Mundo, and Max Kersten · April 3, 2023 We would like to thank Advanced Cyber Services team within Trellix Professional Services for the incident response-related data. Emerging in early 2022 as a private group which used multiple strains of ransomware,....
7.4AI Score
Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of...
8.8CVSS
8.6AI Score
0.001EPSS
7.8CVSS
7.6AI Score
0.001EPSS
7.8CVSS
7.6AI Score
EPSS
Windows 11 ADF WinSock Priv Esc The new windows/local/cve_2023_21768_afd_lpe exploit makes use of a brand new Windows kernel exploitation technique that leverages the new I/O ring feature introduced in Windows 11 21H2. This technique comes from Yarden Shafir research and provides a full...
9.8CVSS
8.5AI Score
0.945EPSS
Security Bulletin: NVIDIA DCGM - March 2023
NVIDIA has released a software update for NVIDIA® Data Center GPU Manager (DCGM). The update addresses security issues that may lead to denial of service and data tampering. To protect your system, download and install the latest DCGM release from the CUDA repositories. Go to NVIDIA Product...
8.4CVSS
7AI Score
0.0004EPSS
Summary There is a vulnerability in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVE and we recommend updating to the latest version to remediate....
3.7CVSS
4.2AI Score
0.002EPSS
Welcome to this week's edition of the Threat Source newsletter. Everyone loves a good video of someone slipping on their icy steps in the winter, captured thanks to their home security camera or smart doorbell. But what about when that camera is just kind of chilling out and not catching the...
6.2AI Score
Security Bulletin: NVIDIA GPU Display Driver - March 2023
NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. To protect your system, download and install this software update...
8.8CVSS
6.6AI Score
0.001EPSS
Summary Vulnerabilities in the IBM® Runtime Environment Java™ Technology Edition affect IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. The...
7.4CVSS
0.9AI Score
0.027EPSS
Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM SAN Volume Controller and Storwize Family. These issue was disclosed as part of the IBM Java SDK updates in Jan 2015. Vulnerability Details CVEID: CVE-2014-6593 DESCRIPTION: A...
5.2AI Score
0.698EPSS
Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM SAN Volume Controller and Storwize Family. This issue was disclosed as part of the IBM Java SDK updates in July 2014. Vulnerability Details CVEID: CVE-2014-4263 DESCRIPTION: An...
4.8AI Score
0.009EPSS
Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7 that is used by IBM SAN Volume Controller and Storwize Family. These issues were disclosed as part of the IBM Java SDK updates in October 2015. SAN Volume Controller and Storwize Family has addressed.....
6AI Score
0.008EPSS
Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM SAN Volume Controller and Storwize Family. These issue was disclosed as part of the IBM Java SDK updates in Apr 2015. Vulnerability Details CVEID:CVE-2015-0488 DESCRIPTION:An...
5.2AI Score
0.948EPSS
Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7 that is used by IBM SAN Volume Controller and Storwize Family. These issues were disclosed as part of the IBM Java SDK updates in January 2016. SAN Volume Controller and Storwize Family has addressed.....
5.5AI Score
0.004EPSS
Summary A vulnerability in the IBM® Runtime Environment Java™ Technology Edition affects IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. The...
7.5CVSS
1.2AI Score
0.003EPSS
Summary Multiple vulnerabilities in the IBM® Runtime Environment Java™ Technology Edition affect IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. The....
5.6CVSS
0.9AI Score
0.018EPSS
Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition that is used by IBM SAN Volume Controller, Storwize Family and FlashSystem V9000 products . These issues were disclosed as part of the IBM Java SDK updates in February 2017. The applicable CVEs are...
7.5CVSS
0.7AI Score
0.005EPSS