Security Bulletin: IBM Integration Designer is vulnerable to a denial of service (CVE-2023-38264)
Summary Vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVE. Vulnerability Details ** CVEID: CVE-2023-38264 DESCRIPTION: **The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0...
0.0004EPSS
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2023-22081 ...
7AI Score
0.001EPSS
Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local access. Bugs https://bugzilla.redhat.com/show_bug.cgi?id=2278989...
0.0004EPSS
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1677)
The remote host is missing an update for the Huawei...
0.001EPSS
0.0005EPSS
Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local...
6.3AI Score
0.0004EPSS
Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local...
6.4CVSS
6.7AI Score
0.0004EPSS
Improper conditions check in the Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow an privileged user to potentially enable denial of service via local...
6CVSS
6.5AI Score
0.0004EPSS
Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local...
4.7AI Score
0.0004EPSS
Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local...
4.7CVSS
6.4AI Score
0.0004EPSS
Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local...
4.6AI Score
0.0004EPSS
Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local...
0.0004EPSS
Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...
2.8CVSS
5.8AI Score
0.0004EPSS
Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...
3.4AI Score
0.0004EPSS
Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...
0.0004EPSS
Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...
3.3AI Score
0.0004EPSS
Improper conditions check in the Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow an privileged user to potentially enable denial of service via local...
0.0004EPSS
Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...
0.0004EPSS
Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local...
0.0004EPSS
Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local...
0.0004EPSS
See a Sneak Peek of Tuesday’s Take Command Summit
In just a few short days, some of the best minds in cybersecurity will come together at Take Command to discuss the most pressing challenges and opportunities we face as an industry. The sessions include in-depth discussions on attacker trends and behaviors, a look into the Rapid7 SOC, top guest...
7.4AI Score
An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable....
7.8AI Score
0.0004EPSS
CVE-2024-3640 Rockwell Automation FactoryTalk® Remote Access™ has Unquoted Executables
An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable....
7.5AI Score
0.0004EPSS
How the Qualys Enterprise TruRisk™ Platform Supports CISA Vulnrichment
Introduction In today's interconnected digital landscape, cybersecurity threats pose significant risks to organizations across various sectors. Recognizing the need for a structured approach to identify, prioritize, and address vulnerabilities, the Cybersecurity and Infrastructure Security Agency.....
6.9AI Score
Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-47233) Sander....
0.0005EPSS
TotalCloud Container Security Best Practices
Qualys Container Security (CS), an integral part of TotalCloud 2.0, provides a comprehensive view of the security posture of containerized applications. Operationalizing a new technology tool in an enterprise often presents its own challenges. This blog seeks to help the operations team...
7.1AI Score
Mitsubishi Electric MELSEC-Q/L Series (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC-Q/L Series Vulnerabilities: Incorrect Pointer Scaling, Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of these vulnerabilities...
10AI Score
0.0004EPSS
Siemens SIMATIC RTLS Locating Manager
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.2AI Score
0.009EPSS
Mitsubishi Electric MELSEC iQ-R Series Safety CPU and SIL2 Process CPU (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R Series Safety CPU and SIL2 Process CPU Vulnerability: Incorrect Privilege Assignment 2. RISK EVALUATION Successful exploitation of this...
6.6AI Score
0.0004EPSS
K000139652: Intel CPU vulnerability CVE-2023-23583
Security Advisory Description Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access. (CVE-2023-23583) Impact.....
6.5AI Score
0.0004EPSS
Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel...
0.0004EPSS
7.1AI Score
0.0005EPSS
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1647)
The remote host is missing an update for the Huawei...
7.1AI Score
0.001EPSS
Releases Ubuntu 23.10 Ubuntu 22.04 LTS Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-6.5 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-6.5 - Linux kernel for...
6.5AI Score
0.0005EPSS
CVE-2024-3488 File Upload vulnerability in unauthenticated session found in iManager.
File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without...
CVE-2024-3487 Broken Authentication vulnerability in iManager
Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This vulnerability allows an attacker to manipulate certain parameters to bypass...
CVE-2024-3486 XML External Entity injection vulnerability in iManager
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code...
CVE-2024-3485 Server-Side Request Forgery vulnerability in iManager
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information...
CVE-2024-3484 Path Traversal vulnerability found in iManager
Path Traversal found in OpenText™ iManager 3.2.6.0200. This can lead to privilege escalation or file...
CVE-2024-3483 Remote Code Execution vulnerability in the iManager
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization...
CVE-2024-3967 Remote Code Execution vulnerability in the iManager
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object...
CVE-2024-3968 Remote Code Execution vulnerability in the iManager
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload...
CVE-2024-3970 Server-Side Request Forgery vulnerability in iManager
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure by directory...
linux-hwe-5.15, linux-raspi vulnerabilities
It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-1151) Sander Wiebing, Alvise de Faveri Tron,...
6.9AI Score
0.0005EPSS
Unbreakable Enterprise kernel security update
[5.15.0-206.153.7] - mmc: core: Initialize mmc_blk_ioc_data (Mikko Rapeli) - ahci: asm1064: asm1166: don't limit reported ports (Conrad Kostecki) - mmc: core: Fix switch on gp3 partition (Dominique Martinet) - Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory (Michael....
8.3AI Score
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1644-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1644-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: return -ENOMEM if...
7.6AI Score
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1648-1)
The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1648-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory ...
7.4AI Score
Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux-hwe-5.15 - Linux hardware enablement (HWE) kernel linux-raspi - Linux kernel for Raspberry Pi systems Details It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action...
7.2AI Score
0.0005EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1643-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1643-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two...
7.6AI Score
Grafana proxy Cross-site Scripting
Today we are releasing Grafana 8.3.5 and 7.5.15. This patch release includes MEDIUM severity security fix for XSS for Grafana. Release v.8.3.5, only containing security fixes: Download Grafana 8.3.5 Release notes Release v.7.5.15, only containing security fixes: Download Grafana 7.5.15 Release...
5.3AI Score
0.001EPSS