Summary Decision Optimization in IBM Cloud Pak for Data is vulnerable to a denial of service in Node.js semver package with details below. This vulnerability has been addressed. Vulnerability Details ** CVEID: CVE-2022-25883 DESCRIPTION: **Node.js semver package is vulnerable to a denial of...
7.5CVSS
6.5AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® Semeru Runtime Versions 8 and 11 used by IBM ILOG CPLEX Optimization Studio. These issues were disclosed as part of the Oracle / OpenJDK April 2023 Critical Patch Updates. Vulnerability Details ** CVEID: CVE-2023-21968 DESCRIPTION: **An...
3.7CVSS
6.1AI Score
0.001EPSS
6.9AI Score
0.001EPSS
Getting RCE in Chrome with incomplete object initialization in the Maglev compiler
In this post I'll exploit CVE-2023-4069, a type confusion vulnerability that I reported in July 2023. The vulnerability—which allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site—is found in v8, the Javascript engine of Chrome. It was filed as.....
8.8CVSS
8.5AI Score
0.002EPSS
Hook: Network Sluggish? Learn What WAN Acceleration Is Ever been in a virtual meeting that froze at the worst possible moment? Or had your staff grumble about slow data transfers that are as slow as molasses? If your answer is a weary "yes," it's high time to turn your eyes toward WAN...
7.6AI Score
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : xmltok library vulnerabilities (USN-5455-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5455-1 advisory. Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context- dependent...
9.8CVSS
10.1AI Score
0.582EPSS
Runtime efficiency with Spring (today and tomorrow)
With Spring Framework 6.1 and Spring Boot 3.2 general availability approaching, we would like to share an overview about several efforts the Spring team is pursuing to allow developers to optimize the runtime efficiency of their applications. We are going to cover the following technologies and...
6.6AI Score
DarkGate Malware Spreading via Messaging Services Posing as PDF Files
A piece of malware known as DarkGate has been observed being spread via instant messaging platforms such as Skype and Microsoft Teams. In these attacks, the messaging apps are used to deliver a Visual Basic for Applications (VBA) loader script that masquerades as a PDF document, which, when...
7AI Score
The Ultimate Guide to Price Optimization
By Owais Sultan Price optimization transcends the domain of business buzzwords; it emerges as a foundational strategy that possesses the potential… This is a post from HackRead.com Read the original post: The Ultimate Guide to Price...
6.9AI Score
Summary An issue was discovered in netplex json-smart which affect affect IBM Engineering Lifecycle Optimization - Publishing. The vulnerability has been addressed. Vulnerability Details ** CVEID: CVE-2021-27568 DESCRIPTION: **Netplex json-smart-v1 and json-smart-v2 are vulnerable to a denial of...
7.5CVSS
6.7AI Score
0.01EPSS
Siemens Tecnomatix Plant Simulation Out-of-Bounds Write Vulnerability (CNVD-2023-75587)
Siemens Tecnomatix Plant Simulation is an industrial control device from Siemens, Germany. Using the function of discrete event simulation for production volume analysis and optimization, and thus improve the manufacturing system performance. An out-of-bounds write vulnerability exists in Siemens.....
7.8CVSS
7.2AI Score
0.001EPSS
Siemens Tecnomatix Plant Simulation Out-of-Bounds Write Vulnerability (CNVD-2023-75586)
Siemens Tecnomatix Plant Simulation is an industrial control device from Siemens, Germany. Using the function of discrete event simulation for production volume analysis and optimization, and thus improve the manufacturing system performance. An out-of-bounds write vulnerability exists in Siemens.....
7.8CVSS
7.4AI Score
0.001EPSS
Siemens Tecnomatix Plant Simulation Out-of-Bounds Read Vulnerability (CNVD-2023-75583)
Siemens Tecnomatix Plant Simulation is an industrial control device from Siemens, Germany. Using the function of discrete event simulation for production volume analysis and optimization, and thus improve the manufacturing system performance. Siemens Tecnomatix Plant Simulation suffers from an...
7.8CVSS
7.1AI Score
0.001EPSS
Siemens Tecnomatix Plant Simulation Out-of-Bounds Write Vulnerability (CNVD-2023-75585)
Siemens Tecnomatix Plant Simulation is an industrial control device from Siemens, Germany. Using the function of discrete event simulation for production volume analysis and optimization, and thus improve the manufacturing system performance. An out-of-bounds write vulnerability exists in Siemens.....
7.8CVSS
7.4AI Score
0.001EPSS
Siemens Tecnomatix Plant Simulation Out-of-Bounds Read Vulnerability (CNVD-2023-75582)
Siemens Tecnomatix Plant Simulation is an industrial control device from Siemens, Germany. Using the function of discrete event simulation for production volume analysis and optimization, and thus improve the manufacturing system performance. Siemens Tecnomatix Plant Simulation suffers from an...
7.8CVSS
7.1AI Score
0.001EPSS
Siemens Tecnomatix Plant Simulation File Analysis Vulnerability
Siemens Tecnomatix Plant Simulation is an industrial control device from Siemens, Germany. Using the function of discrete event simulation for production volume analysis and optimization, and thus improve the manufacturing system performance. A file analysis vulnerability exists in Siemens...
7.8CVSS
7.1AI Score
0.001EPSS
Siemens Tecnomatix Plant Simulation Out-of-Bounds Read Vulnerability (CNVD-2023-75581)
Siemens Tecnomatix Plant Simulation is an industrial control device from Siemens, Germany. Using the function of discrete event simulation for production volume analysis and optimization, and thus improve the manufacturing system performance. Siemens Tecnomatix Plant Simulation suffers from an...
7.8CVSS
7.1AI Score
0.001EPSS
Siemens Tecnomatix Plant Simulation Out-of-Bounds Read Vulnerability (CNVD-2023-75584)
Siemens Tecnomatix Plant Simulation is an industrial control device from Siemens, Germany. Using the function of discrete event simulation for production volume analysis and optimization, and thus improve the manufacturing system performance. Siemens Tecnomatix Plant Simulation suffers from an...
7.8CVSS
7.1AI Score
0.001EPSS
Unbreakable Enterprise kernel security update
[5.15.0-106.131.4] - jbd2: check 'jh->b_transaction' before removing it from checkpoint (Zhihao Cheng) - jbd2: fix checkpoint cleanup performance regression (Zhang Yi) - scsi: qla2xxx: Fix TMF leak through (Quinn Tran) - scsi: qla2xxx: Fix command flush during TMF (Quinn Tran) - scsi: qla2xxx:.....
7.8CVSS
7.6AI Score
0.001EPSS
Optimize Database after Deleting Revisions <= 5.1 - Database Optimization via CSRF
Description The plugin does not have CSRF check when starting the database optimization process, which could allow attackers to make logged in admins perform such action via a CSRF...
8.8CVSS
6.4AI Score
0.001EPSS
glibc ld.so Local Privilege Escalation Vulnerability
Dubbed Looney Tunables, Qualys discovered a buffer overflow vulnerability in the glibc dynamic loader's processing of the GLIBC_TUNABLES environment variable. This vulnerability was introduced in April 2021 (glibc 2.34) by commit...
7.8CVSS
8.5AI Score
0.014EPSS
7.8CVSS
7.1AI Score
0.014EPSS
Summary Vulnerability in Apache Xerces2 Java XML Parser affect IBM Engineering Lifecycle Optimization - Publishing Vulnerability Details ** CVEID: CVE-2022-23437 DESCRIPTION: **Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By...
6.5CVSS
7.2AI Score
0.004EPSS
Summary This security vulnerablity has been addressed in IBM Engineering Lifecycle Optimization - Publishing newer releases Vulnerability Details ** IBM X-Force ID: 240628 DESCRIPTION: **Java Native Access (JNA) is vulnerable to a denial of service, caused by an out-of-bounds read flaw in the...
6.3AI Score
Summary This Security Bulletin addresses security vulnerabilities with JQuery that have been remediated in latest iFixes of IBM Engineering Lifecycle Optimization - Publishing Vulnerability Details ** CVEID: CVE-2021-41184 DESCRIPTION: **jQuery jQuery-UI is vulnerable to cross-site scripting,...
6.5CVSS
6.9AI Score
0.005EPSS
Summary This security bulletin addresses security vulnerabilities with Apache Commons Codec that have been remediated in latest iFixes of IBM Engineering Lifecycle Optimization - Publishing Vulnerability Details ** IBM X-Force ID: 177835 DESCRIPTION: **Apache Commons Codec could allow a remote...
6.3AI Score
Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their July 2023 Critical Patch Update. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Lifecycle Optimization -...
3.7CVSS
6.3AI Score
0.001EPSS
Summary There are multiple vulnerabilities in Apache HttpClient, HttpComponents and HttpCommons libraries. This has been addressed. Vulnerability Details ** CVEID: CVE-2015-5262 DESCRIPTION: **Apache Commons is vulnerable to a denial of service, caused by the failure to apply a configured...
5.3CVSS
6.1AI Score
0.033EPSS
Summary IBM Engineering Lifecycle Optimization - Publishing is vulnerable to a remote attack due to Apache Jena-arq Vulnerability Details ** CVEID: CVE-2023-22665 DESCRIPTION: **Apache Jena could allow a remote attacker to execute arbitrary code on the system, caused by improper checking of user...
5.4CVSS
7.6AI Score
0.002EPSS
Summary BM Engineering Lifecycle Optimization - Publishing is vulnerable to a remote attack due to Apache Jena Core Vulnerability Details ** CVEID: CVE-2021-39239 DESCRIPTION: **Apache Jena could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external...
9.8CVSS
8.8AI Score
0.029EPSS
Summary Apache Commons IO is used by IBM Engineering Lifecycle Optimization - Publishing Vulnerability Details ** CVEID: CVE-2021-29425 DESCRIPTION: **Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the...
4.8CVSS
6.5AI Score
0.002EPSS
Summary A vulnerability in JDOM affects IBM Engineering Lifecycle Optimization - Publishing Vulnerability Details ** CVEID: CVE-2021-33813 DESCRIPTION: **JDOM is vulnerable to a denial of service, caused by an XXE issue in SAXBuilder. By sending a specially-crafted HTTP request, a remote attacker.....
7.5CVSS
6.5AI Score
0.005EPSS
Summary A security vulnerability has been identified in FasterXML jackson-databind affect IBM Engineering Lifecycle Optimization - Publishing. Information about a security vulnerability affecting jackson-databind has been published in a security bulletin. Vulnerability Details ** CVEID:...
7.5CVSS
5.7AI Score
0.003EPSS
Summary The IBM® Engineering Lifecycle Engineering product is as IBM ORB does not honour JEP 290 deserialization filters when deserializing serialised object data. This exposes the Java process to a variety of attacks ranging from denial of service to remote code execution via "gadgets" in third...
9.8CVSS
7.5AI Score
0.003EPSS
Researchers Uncover New GPU Side-Channel Vulnerability Leaking Sensitive Data
A novel side-channel attack called GPU.zip renders virtually all modern graphics processing units (GPU) vulnerable to information leakage. "This channel exploits an optimization that is data dependent, software transparent, and present in nearly all modern GPUs: graphical data compression," a...
6.4AI Score
Amazon Linux 2 : firefox (ALASFIREFOX-2023-008)
The version of firefox installed on the remote host is prior to 102.6.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2023-008 advisory. An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary ...
9.8CVSS
8.2AI Score
0.007EPSS
Amazon Linux 2 : firefox (ALASFIREFOX-2023-006)
The version of firefox installed on the remote host is prior to 102.10.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2023-006 advisory. Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially ...
8.8CVSS
8AI Score
0.002EPSS
Amazon Linux 2 : firefox (ALASFIREFOX-2023-013)
The version of firefox installed on the remote host is prior to 102.7.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2023-013 advisory. Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, ...
9.8CVSS
8.7AI Score
0.007EPSS
Getting RCE in Chrome with incorrect side effect in the JIT compiler
In this post, I'll explain how to exploit CVE-2023-3420, a type confusion vulnerability in v8 (the Javascript engine of Chrome), that I reported in June 2023 as bug 1452137. The bug was fixed in version 114.0.5735.198/199. It allows remote code execution (RCE) in the renderer sandbox of Chrome by.....
9.6CVSS
8.3AI Score
0.971EPSS
Sekiryu - Comprehensive Toolkit For Ghidra Headless
This Ghidra Toolkit is a comprehensive suite of tools designed to streamline and automate various tasks associated with running Ghidra in Headless mode. This toolkit provides a wide range of scripts that can be executed both inside and alongside Ghidra, enabling users to perform tasks such as...
7.4AI Score
Hi, Spring fans! Get the bits Before we get started, do something for me quickly. If you haven’t already, go install SKDMAN. Then run: sdk install java 21-graalce && sdk default java 21-graalce There you have it. You now have Java 21 and graalvm supporting Java 21 on your machine, ready to go....
6.9AI Score
(RHSA-2023:5249) Moderate: ncurses security update
The ncurses (new curses) library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses packages contain support utilities including a terminfo compiler tic, a decompiler infocmp, clear, tput, tset, and a termcap conversion tool...
7.4AI Score
0.0004EPSS
Moderate: ncurses security update
The ncurses (new curses) library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses packages contain support utilities including a terminfo compiler tic, a decompiler infocmp, clear, tput, tset, and a termcap conversion tool...
7.8CVSS
7.2AI Score
0.0004EPSS
Moderate: ncurses security update
The ncurses (new curses) library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses packages contain support utilities including a terminfo compiler tic, a decompiler infocmp, clear, tput, tset, and a termcap conversion tool...
7.8CVSS
7.3AI Score
0.0004EPSS
Virtuozzo Hybrid Infrastructure 5.4 Update 4 (5.4.4-112)
This update delivers a new feature for the compute service, performance optimization for the object storage, as well as stability, security, and performance improvements. Vulnerability id: VSTOR-74916 VMs with Windows Server 2019, Windows Server 2022, and Windows 10 fail to boot after installation....
6.9AI Score
A constant-time-defeating optimization issue was found in python. This issue occurs when sending a specially crafted request, which could allow an attacker to obtain sensitive information. Mitigation As per upstream, either make the accumulator variable result a volatile unsigned char instead of...
5.9CVSS
7.5AI Score
0.001EPSS
Exploit for Infinite Loop in Openssl
OpenSSL 1.1.1g 21 Apr 2020 Copyright (c) 1998-2020 The...
7.5CVSS
6.9AI Score
0.013EPSS
Exploit for Vulnerability in Openssl
OpenSSL 1.1.1g 21 Apr 2020 Copyright (c) 1998-2020 The...
5.9CVSS
6.9AI Score
0.004EPSS
Exploit for Integer Overflow or Wraparound in Openssl
OpenSSL 1.1.1g 21 Apr 2020 Copyright (c) 1998-2020 The...
7.5CVSS
6.9AI Score
0.008EPSS
Exploit for Out-of-bounds Read in Openssl
OpenSSL 1.1.1g 21 Apr 2020 Copyright (c) 1998-2020 The...
7.4CVSS
6.9AI Score
0.004EPSS