Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service (paravirtualized device unavailability). (CVE-2023-34324) Zheng Wang...
7.8CVSS
7.1AI Score
0.001EPSS
Security Bulletin: IBM Cognos Transformer is affected by security vulnerabilities
Summary There are vulnerabilities in Apache Xalan, Apache Commons Codec, IBM® Java™ Version 8, and OpenSSL that are consumed by IBM Cognos Transformer. These have been addressed by upgrading or removing the vulnerable libraries. Please refer to the table in the Related Information section for...
9.8CVSS
9.7AI Score
0.004EPSS
Summary Sterling Connect:Direct Browser User Interface uses IBM® Runtime Environment Java™ Versions. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE.....
5.9CVSS
6.9AI Score
0.001EPSS
Summary Sterling Connect:Direct Browser User Interface uses IBM® Runtime Environment Java™ Versions. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2023-22045 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM...
3.7CVSS
6.9AI Score
0.001EPSS
Releases Ubuntu 23.10 Ubuntu 22.04 LTS Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems linux-hwe-6.5 - Linux hardware enablement (HWE) kernel linux-laptop - Linux kernel for Lenovo...
7.8CVSS
8.2AI Score
0.0004EPSS
Linux kernel (Azure) vulnerabilities
Releases Ubuntu 23.10 Packages linux-azure - Linux kernel for Microsoft Azure Cloud systems Details Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this...
7.8CVSS
7.2AI Score
0.001EPSS
TruRisk™️ Insights – The Story Behind a TruRisk Score
In the world of cloud and SaaS security, where risks arise not only from vulnerabilities but also from misconfigurations and various threats, the task of prioritizing and managing them becomes increasingly complex. It's not just about identifying vulnerabilities; it's also crucial to recognize and....
7.7AI Score
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Business Developer
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle October 2023...
5.9CVSS
9.4AI Score
0.001EPSS
Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-bluefield - Linux kernel for NVIDIA BlueField platforms linux-gcp - Linux kernel for...
7.8CVSS
7.3AI Score
0.0004EPSS
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s)...
7.5CVSS
6.5AI Score
0.001EPSS
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server...
7.5CVSS
7.2AI Score
0.001EPSS
November 14, 2023—KB5032190 (OS Builds 22621.2715 and 22631.2715)
November 14, 2023—KB5032190 (OS Builds 22621.2715 and 22631.2715) UPDATED 2/27/24 IMPORTANT: New dates for the end of non-security updates for Windows 11, version 22H2The new end date is June 24, 2025 for Windows 11, version 22H2 Enterprise, Education, IoT Enterprise, and Enterprise multi-session.....
9.8CVSS
8.2AI Score
0.57EPSS
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.5.5.5)
The version of AOS installed on the remote host is prior to 6.5.5.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.5.5.5 advisory. An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5....
7.8CVSS
8.2AI Score
0.002EPSS
GLSA-202402-22 : intel-microcode: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202402-22 (intel-microcode: Multiple Vulnerabilities) Insufficient control flow management in some Intel(R) Processors may allow an authenticated user to potentially enable a denial of service via local access....
6.8CVSS
6.7AI Score
0.001EPSS
9CVSS
8AI Score
0.004EPSS
SUSE SLED15 / SLES15 Security Update : openssl-3 (SUSE-SU-2024:0518-1)
The remote SUSE Linux SLED15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0518-1 advisory. Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the...
6.5CVSS
7.1AI Score
0.002EPSS
9CVSS
7.2AI Score
0.004EPSS
linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15 vulnerabilities
Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32250, CVE-2023-32252,...
9CVSS
7.6AI Score
0.004EPSS
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details **...
9.8CVSS
10AI Score
EPSS
linux-intel-iotg-5.15 vulnerabilities
Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32250, CVE-2023-32252,...
9CVSS
7.7AI Score
0.004EPSS
Linux kernel (Intel IoTG) vulnerabilities
Releases Ubuntu 20.04 LTS Packages linux-intel-iotg-5.15 - Linux kernel for Intel IoT platforms Details Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial...
9CVSS
8.1AI Score
0.004EPSS
9CVSS
8AI Score
0.004EPSS
Linux kernel (Azure) vulnerabilities
Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.15 - Linux kernel for Microsoft Azure cloud systems linux-azure-fde - Linux kernel for Microsoft Azure CVM cloud systems linux-azure-fde-5.15 - Linux kernel for...
9CVSS
8AI Score
0.004EPSS
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components (e.g., framework libraries) that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details ** CVEID: CVE-2022-43552 DESCRIPTION: **cURL libcurl is vulnerable to a denial of service,.....
9.8CVSS
8.9AI Score
0.004EPSS
Summary IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities. IBM has addressed the relevant vulnerabilities with updates. Vulnerability Details ** CVEID: CVE-2020-19909 DESCRIPTION: **cURL libcurl is vulnerable to a denial of service, caused by an integer overflow...
9.8CVSS
9.8AI Score
0.003EPSS
Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID:...
9.8CVSS
10AI Score
0.116EPSS
Summary CVE-2023-22081 and CVE-2023-22067 were disclosed in the Oracle October 2023 Critical Patch Update. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cause no confidentiality...
5.3CVSS
5.8AI Score
0.001EPSS
Summary CVE-2023-22049 was disclosed in the Oracle July 2023 Quarterly CPU Update. Vulnerability Details ** CVEID: CVE-2023-22049 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow a remote attacker to cause low integrity impacts. CVSS Base...
3.7CVSS
4.4AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cause no...
5.9CVSS
5.8AI Score
0.001EPSS
Summary There is a vulnerability in IBM® Java™ version 8 and 11 used by IBM CPLEX Optimization Studio. This issue was disclosed as part of the Oracle / OpenJDK October 2023 Critical Patch Updates. Vulnerability Details ** CVEID: CVE-2023-5676 DESCRIPTION: **Eclipse OpenJ9 is vulnerable to a...
5.9CVSS
5.4AI Score
0.0004EPSS
Summary Multiple Vulnerabilities were disclosed as part of the Oracle July 2023 Critical Patch Update. Vulnerability Details ** CVEID: CVE-2023-22045 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality...
3.7CVSS
4.9AI Score
0.001EPSS
linux-lowlatency, linux-raspi vulnerabilities
Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32250, CVE-2023-32252,...
9CVSS
7.6AI Score
0.004EPSS
Releases Ubuntu 22.04 LTS Packages linux-lowlatency - Linux low latency kernel linux-raspi - Linux kernel for Raspberry Pi systems Details Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote...
9CVSS
7.8AI Score
0.004EPSS
A flaw was found in mod_auth_openidc, an OpenID Certified™ authentication and authorization module for the Apache HTTP server. Missing input validation in the mod_auth_openidc_session_chunks cookie value can make the server vulnerable to a denial of service attack. This issue may allow a remote...
7.5CVSS
7.5AI Score
0.0004EPSS
Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other...
6.5AI Score
0.0004EPSS
Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of guest...
6.8AI Score
0.0004EPSS
Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and...
6.7AI Score
0.0004EPSS
Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code...
7.2AI Score
0.0004EPSS
Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege...
9.2AI Score
0.0004EPSS
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the server vulnerable.....
7.5CVSS
7.4AI Score
0.0004EPSS
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the server vulnerable.....
7.5CVSS
7.3AI Score
0.0004EPSS
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the server vulnerable.....
7.5CVSS
7.5AI Score
0.0004EPSS
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the server vulnerable.....
7.5CVSS
7.4AI Score
0.0004EPSS
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the server vulnerable.....
7.5CVSS
7.4AI Score
0.0004EPSS
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the server vulnerable.....
7.5CVSS
7.7AI Score
0.0004EPSS
Insufficient verification of data authenticity in the configuration state machine may allow a local attacker to potentially load arbitrary...
6.5AI Score
0.0004EPSS
Intel Thunderbolt Controller February 2024 Security Update
Intel has informed HP of a potential security vulnerability in some Intel® Thunderbolt™ Controllers, which might allow denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...
6.1CVSS
7.2AI Score
0.0004EPSS
Intel® SDK for OpenCL™ Applications Software Advisory
Summary: A potential security vulnerability in some Intel® SDK for OpenCL™ Applications software may allow escalation of privilege. Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for Intel® SDK for OpenCL™ Applications...
7.1AI Score
0.0004EPSS
Intel® PROSet/Wireless and Killer™ Wi-Fi Software February 2024 Security Update
Intel has informed HP of potential security vulnerabilities in some Intel® PROSet/Wireless and Intel® Killer™ Wi-Fi software, which might allow escalation of privilege, information disclosure or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. ...
7.1CVSS
7.7AI Score
0.0004EPSS
Intel Thunderbolt DCH Drivers for Windows February 2024 Security Updates
Intel has informed HP of potential security vulnerabilities in some Intel® Thunderbolt™ Declarative Componentized Hardware (DCH) drivers for Windows, which might allow escalation of privilege, denial of service, and/or information disclosure. Intel is releasing software updates to mitigate these...
8.2CVSS
7.7AI Score
0.0004EPSS