BD Pyxis™ SupplyStation™ RF Auxiliary Security Vulnerabilities
9.8CVSS
7.1AI Score
0.97EPSS
Atlassian Confluence Data Center and Server Authentication Bypass via Broken Access Control
This module exploits a broken access control vulnerability in Atlassian Confluence servers leading to an authentication bypass. A specially crafted request can be create new admin account without authentication on the target Atlassian...
9.8CVSS
9.7AI Score
0.973EPSS
Summary Multiple vulnerabilities were found with IBM® Runtime Environment Java™ Technology Edition, Version 8 which is shipped with IBM MQ (CVE-2022-21624, CVE-2022-21626) Vulnerability Details CVEID: CVE-2022-21626 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security...
5.3CVSS
5.5AI Score
0.002EPSS
Summary Multipe vulnerabilities exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration v6.4.2. CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597 Vulnerability Details **...
9.1CVSS
7.9AI Score
0.002EPSS
Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2 Vulnerability Details ** CVEID: CVE-2023-22045 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow.....
3.7CVSS
5.8AI Score
0.001EPSS
8.8CVSS
7.1AI Score
0.002EPSS
DakshSCRA - Source Code Review Assist
Daksh SCRA (Source Code Review Assist) tool is built to enhance the efficiency of the source code review process, providing a well-structured and organized approach for code reviewers. Rather than indiscriminately flagging everything as a potential issue, Daksh SCRA promotes thoughtful analysis,...
7.3AI Score
8.8CVSS
9AI Score
EPSS
8.8CVSS
8.8AI Score
0.002EPSS
2023 OWASP Top-10 Series: Spotlight on Injection
Welcome to the 12th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it. To see previous posts you might...
8AI Score
Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090) kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch...
7.8CVSS
7.8AI Score
0.001EPSS
kernel security, bug fix, and enhancement update
An update is available for kernel. This update affects Rocky Linux SIG Cloud 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux....
7.8CVSS
7.3AI Score
0.001EPSS
New module content (3) LDAP Login Scanner Author: Dean Welch Type: Auxiliary Pull request: #18197 contributed by dwelch-r7 Path: scanner/ldap/ldap_login Description: This PR adds a new login scanner module for LDAP. Login scanners are the classes that provide functionality for testing...
8.8CVSS
8.9AI Score
0.966EPSS
Summary A vulnerability in libqb affects IBM® Db2® High-Availability deployments using Pacemaker. Vulnerability Details ** CVEID: CVE-2023-39976 DESCRIPTION: **ClusterLabs libqb is vulnerable to a buffer overflow, caused by improper bounds checking by the qb_vsnprintf_serialize function in...
9.8CVSS
7.8AI Score
0.001EPSS
NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations
A plea for network defenders and software manufacturers to fix common problems. EXECUTIVE SUMMARY The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint cybersecurity advisory (CSA) to highlight the most common cybersecurity...
10CVSS
10AI Score
0.976EPSS
Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their July 2023 Critical Patch Update. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Lifecycle Optimization -...
3.7CVSS
6.3AI Score
0.001EPSS
Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest
Summary There are multiple vulnerabilities in the IBM® Runtime Environment Java™ 8, which is used by IBM Rational ClearQuest v9.0.2. These issues were disclosed in the IBM Java SDK updates including IBM Java XML vulnerability CVE-2022-21426, deferred from Oracle Apr 2022 CPU and Oracle April 2023.....
9.1CVSS
8.3AI Score
0.002EPSS
Security Bulletin: Multiple vulnerabilities in the GSKit builds affect IBM Rational ClearQuest
Summary There are multiple vulnerabilities in the GSKit, which are used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-33850 DESCRIPTION: **IBM GSKit-Crypto could allow a remote attacker to obtain sensitive...
7.5CVSS
6.3AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. Vulnerability Details ** CVEID: CVE-2023-29256 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to an...
6.5CVSS
6.8AI Score
0.001EPSS
Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affects IBM Rational ClearCase.
Summary There are vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which is used by IBM Rational ClearCase. CVE-2023-33850, CVE-2023-32342, CVE-2023-21930, CVE-2023-21967 Vulnerability Details ** CVEID: CVE-2023-33850 DESCRIPTION: **IBM GSKit-Crypto could allow a remote...
7.5CVSS
6.7AI Score
0.002EPSS
8.4CVSS
7.7AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
9.8CVSS
8.3AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0004EPSS
Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available...
7.8CVSS
7.8AI Score
0.0004EPSS
9.1CVSS
7.5AI Score
0.0005EPSS
Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming...
6.1CVSS
5.5AI Score
0.0004EPSS
8.2CVSS
7.3AI Score
0.001EPSS
Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted...
7.8CVSS
7.5AI Score
0.0004EPSS
8.4CVSS
7.6AI Score
0.0004EPSS
Memory corruption in Modem while processing security related configuration before AS Security...
9.8CVSS
8.4AI Score
0.001EPSS
Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line...
8.2CVSS
7.3AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address...
8.4CVSS
7.5AI Score
0.0004EPSS
9.8CVSS
9.3AI Score
0.001EPSS
8.7CVSS
7.5AI Score
0.0004EPSS
7.1AI Score
7.1AI Score
Electrolink FM/DAB/TV Transmitter Unauthenticated Remote Denial Of Service Vulnerability
Electrolink FM/DAB/TV Transmitter from a denial of service scenario. An unauthenticated attacker can reset the board as well as stop the transmitter operations by sending one GET request to the command.cgi...
7AI Score
Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credential Disclosure Vulnerability
Electrolink FM/DAB/TV Transmitter suffers from a disclosure of clear-text credentials in controlloLogin.js that can allow security bypass and system...
7.4AI Score
7.1AI Score
Electrolink FM/DAB/TV Transmitter Remote Authentication Removal Exploit
Electrolink FM/DAB/TV Transmitter suffers from an unauthenticated parameter manipulation that allows an attacker to set the credentials to blank giving her access to the admin panel. It is also vulnerable to account takeover and arbitrary password...
7.7AI Score
7.1AI Score
Electrolink FM/DAB/TV Transmitter Vertical Privilege Escalation Vulnerability
Electrolink FM/DAB/TV Transmitter suffers from a privilege escalation vulnerability. An attacker can escalate his privileges by poisoning the Cookie from GUEST to ADMIN to effectively become Administrator or poisoning to ZSL to become Super...
7.4AI Score
7.1AI Score
7.1AI Score
7.1AI Score
Electrolink FM/DAB/TV Transmitter (Login Cookie) Authentication Bypass Vulnerability
Electrolink FM/DAB/TV Transmitter suffers from an authentication bypass vulnerability affecting the Login Cookie. An attacker can set an arbitrary value except NO to the Login Cookie and have full system...
7.7AI Score