Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and...
6.7AI Score
0.0004EPSS
Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code...
7.2AI Score
0.0004EPSS
Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege...
9.2AI Score
0.0004EPSS
Microsoft and Adobe Patch Tuesday, February 2024 Security Update Review
The new Microsoft Patch Tuesday Edition for February 2024 is now live! We invite you to join us to review and discuss the details of these security updates and patches. Microsoft Patch Tuesday for February 2024 Microsoft Patch Tuesday's February 2024 edition addressed 79 vulnerabilities,...
9.8CVSS
10AI Score
0.074EPSS
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the server vulnerable.....
7.5CVSS
7.3AI Score
0.0004EPSS
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the server vulnerable.....
7.5CVSS
7.4AI Score
0.0004EPSS
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the server vulnerable.....
7.5CVSS
7.5AI Score
0.0004EPSS
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the server vulnerable.....
7.5CVSS
7.4AI Score
0.0004EPSS
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the server vulnerable.....
7.5CVSS
7.4AI Score
0.0004EPSS
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the server vulnerable.....
7.5CVSS
7.7AI Score
0.0004EPSS
Insufficient verification of data authenticity in the configuration state machine may allow a local attacker to potentially load arbitrary...
6.5AI Score
0.0004EPSS
Intel® PROSet/Wireless and Killer™ Wi-Fi Software February 2024 Security Update
Intel has informed HP of potential security vulnerabilities in some Intel® PROSet/Wireless and Intel® Killer™ Wi-Fi software, which might allow escalation of privilege, information disclosure or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. ...
7.1CVSS
7.7AI Score
0.0004EPSS
Intel Thunderbolt Controller February 2024 Security Update
Intel has informed HP of a potential security vulnerability in some Intel® Thunderbolt™ Controllers, which might allow denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...
6.1CVSS
7.2AI Score
0.0004EPSS
Intel® SDK for OpenCL™ Applications Software Advisory
Summary: A potential security vulnerability in some Intel® SDK for OpenCL™ Applications software may allow escalation of privilege. Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for Intel® SDK for OpenCL™ Applications...
7.1AI Score
0.0004EPSS
Unbreakable Enterprise kernel security update
[5.15.0-203.146.5.1] - Revert 'selftests/bpf: Test tail call counting with bpf2bpf and data on stack' (Samasth Norway Ananda) [Orabug: 36277693] - Revert 'tcp: fix excessive TLP and RACK timeouts from HZ rounding' (Sherry Yang) [Orabug: 36277684] [5.15.0-203.146.5] - i2c: core: Fix atomic xfer...
9.8CVSS
7.4AI Score
0.001EPSS
Intel Thunderbolt DCH Drivers for Windows February 2024 Security Updates
Intel has informed HP of potential security vulnerabilities in some Intel® Thunderbolt™ Declarative Componentized Hardware (DCH) drivers for Windows, which might allow escalation of privilege, denial of service, and/or information disclosure. Intel is releasing software updates to mitigate these...
8.2CVSS
7.7AI Score
0.0004EPSS
AMD Embedded Processors Vulnerabilities – February 2024
Bulletin ID: AMD-SB-5001 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in AMD Embedded processors were reported, and mitigations are being provided through Platform Initialization (PI) firmware packages....
9.8CVSS
9.8AI Score
0.013EPSS
Intel® Optane™ PMem Management Software Advisory
Summary: Potential security vulnerabilities in some Intel® Optane™ Persistent Memory (PMem) management software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-22311 Description: Improper...
7.3AI Score
0.0004EPSS
SEV-SNP Firmware Vulnerabilities
Bulletin ID: AMD-SB-3007 Potential Impact:Data leakage (CVE-2023-31346) and loss of integrity (CVE-2023-31347) Severity:Refer to the CVE Details section Summary This bulletin addresses two SEV firmware vulnerabilities reported by an external researcher. Refer to the CVE Details section below. CVE.....
7.3AI Score
0.0004EPSS
Intel® PROSet/Wireless and Intel® KillerTM Wi-Fi Software Advisory
Summary: Potential security vulnerabilities in some Intel® PROSet/Wireless and Intel® Killer™ Wi-Fi software may allow escalation of privilege, information disclosure or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details:...
7.3AI Score
0.0004EPSS
Intel® oneAPI Software Installers Advisory
Summary: Potential security vulnerabilities in some Intel® oneAPI Toolkit and component software installers may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-32618 Description: Uncontrolled...
7.6AI Score
0.0004EPSS
Intel® ThunderboltTM DCH Drivers for Windows Advisory
Summary: Potential security vulnerabilities in some Intel® Thunderbolt™ Declarative Componentized Hardware (DCH) drivers for Windows may allow escalation of privilege, denial of service, and/or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities.....
8AI Score
0.0004EPSS
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the server vulnerable.....
7.5CVSS
7.5AI Score
0.0004EPSS
Intel® Unison™ Software Advisory
Summary: Potential security vulnerabilities in some Intel® Unison™ software may allow denial of service or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-2804(Non-Intel issued) Description: Improper...
7.1AI Score
0.001EPSS
Intel® Thunderbolt™ Controller Advisory
Summary: A potential security vulnerability in some Intel® Thunderbolt™ Controllers may allow denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-28396 Description: Improper access control in firmware for some...
6.8AI Score
0.0004EPSS
AMD UltraScale™/UltraScale+™ FPGA Series RSA Authentication
Bulletin ID: AMD-SB-8002 Potential Impact: Information Integrity Severity: Refer to the Summary section for details Summary Insufficient verification of data authenticity in the configuration state machine may allow a local attacker to potentially load arbitrary bitstreams. CVE| Severity| CVE...
7AI Score
0.0004EPSS
Bulletin ID: AMD-SB-7009 Potential Impact: Refer to the CVE Details section Severity: Refer to the CVE Details section Summary Researchers disclosed multiple potential vulnerabilities that may impact some AMD processors. AMD has assessed the researchers’ findings and is publishing CVEs and...
8AI Score
EPSS
A security update for 3.20.5 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Security Fix(es): json-path: stack-based buffer overflow in Criteria.parse method (CVE-2023-51074) A Red Hat Security Bulletin which addresses further details...
7.5AI Score
0.0005EPSS
(RHSA-2024:0777) Important: jenkins and jenkins-2-plugins security update
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Security Fix(es): golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple HTTP/2...
10AI Score
0.972EPSS
Why Are Compromised Identities the Nightmare to IR Speed and Efficiency?
Incident response (IR) is a race against time. You engage your internal or external team because there's enough evidence that something bad is happening, but you're still blind to the scope, the impact, and the root cause. The common set of IR tools and practices provides IR teams with the ability....
7.4AI Score
Unbreakable Enterprise kernel security update
[4.14.35-2047.533.3] - net: rfkill: gpio: set GPIO direction (Rouven Czerwinski) - sched/fair: Fix tg->load when offlining a CPU (Vincent Guittot) [Orabug: 36185208] - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (Mark Zhang) [Orabug: 36143229] - sched/rt:...
9.8CVSS
10AI Score
0.001EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.328.3.el8] - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (Mark Zhang) [Orabug: 36143228] - KSPLICE: make sure the stack is zeroed. (Gregory Herrero) [Orabug: 36154654] - sched/fair: Fix tg->load when offlining a CPU (Vincent Guittot) [Orabug: 36185207] - i2c:....
9.8CVSS
9.6AI Score
0.001EPSS
Unbreakable Enterprise kernel security update
[5.4.17-2136.328.3] - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (Mark Zhang) [Orabug: 36143228] - KSPLICE: make sure the stack is zeroed. (Gregory Herrero) [Orabug: 36154654] - sched/fair: Fix tg->load when offlining a CPU (Vincent Guittot) [Orabug: 36185207] - i2c:...
9.8CVSS
9.5AI Score
0.001EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.328.3.el7] - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (Mark Zhang) [Orabug: 36143228] - KSPLICE: make sure the stack is zeroed. (Gregory Herrero) [Orabug: 36154654] - sched/fair: Fix tg->load when offlining a CPU (Vincent Guittot) [Orabug: 36185207] - i2c:....
9.8CVSS
9.6AI Score
0.001EPSS
Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition
Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their January 2024 Critical Patch Update, plus CVE-2023-33850. For more information please refer to Oracle's January 2024 CPU Advisory and the X-Force database entries referenced below. Vulnerability Details **....
7.5CVSS
6.7AI Score
0.001EPSS
Wazuh in the Cloud Era: Navigating the Challenges of Cybersecurity
Cloud computing has innovated how organizations operate and manage IT operations, such as data storage, application deployment, networking, and overall resource management. The cloud offers scalability, adaptability, and accessibility, enabling businesses to achieve sustainable growth. However,...
7.2AI Score
(RHSA-2024:0664) Important: OpenShift Container Platform 4.12.49 bug fix update and security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.49. See the following advisory for the RPM...
7.3AI Score
0.002EPSS
(RHSA-2024:0682) Important: OpenShift Container Platform 4.11.58 bug fix and security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.58. See the following advisory for the RPM...
7.3AI Score
0.051EPSS
A Kickoff Discussion on Core Aspects of Avro & Protobuf When deliberating on the subject of data structure encoding, a tandem of tools frequently emerges in technical discussions: Avro and Protobuf. Originating from a vision of precise data compression, the distinguishable features and...
6.9AI Score
Security Bulletin: NVIDIA DGX Station A100 and DGX Station A800 - February 2024
NVIDIA has released a firmware security update for the NVIDIA DGX™ Station A100 and DGX™ Station A800 systems. To protect your system, download and install this firmware update through the NVIDIA Enterprise Support Portal. Go to NVIDIA Product Security. Details This section provides a summary of...
8.8CVSS
9.4AI Score
0.001EPSS
(RHSA-2024:0642) Critical: OpenShift Container Platform 4.14.11 bug fix and security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.14.11. See the following advisory for the RPM...
7.3AI Score
0.732EPSS
(RHSA-2024:0660) Important: OpenShift Container Platform 4.13.32 bug fix and security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.32. See the following advisory for the RPM...
7.3AI Score
0.732EPSS
Announcing TotalCloud™ 2.0 with TruRisk™ Insights: The Future of Cloud and SaaS Security
Rapid cloud and SaaS adoption is driving digital transformation that's reshaping business agility and scalability, making cloud and SaaS security more critical than ever. Recognizing this shift, in November 2022, Qualys launched TotalCloud – an AI-powered cloud-native application protection...
9.8CVSS
7.1AI Score
0.09EPSS
Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to a remote attacker causing a denial of service (CVE-2023-22081 and CVE-2023-5676) and an integrity impact (CVE-2023-22067) as described in the vulnerability details section. This bulletin...
5.9CVSS
7.5AI Score
0.001EPSS
SaaS applications are the darlings of the software world. They enable work from anywhere, facilitate collaboration, and offer a cost-effective alternative to owning the software outright. At the same time, the very features that make SaaS apps so embraced – access from anywhere and collaboration –....
9.8CVSS
9.8AI Score
0.074EPSS
Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap...
7.8CVSS
7.6AI Score
0.0004EPSS
Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap...
7.8CVSS
7.9AI Score
0.0004EPSS
Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap...
7.8CVSS
7.2AI Score
0.0004EPSS
CVE-2023-33067 Use of Out-of-range Pointer Offset in Audio
Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap...
6.7CVSS
8.2AI Score
0.0004EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVEs and we recommend updating to the latest version to...
5.9CVSS
7AI Score
0.001EPSS