Epyc™ Processors Security Vulnerabilities
Summary IBM Virtualization Engine TS7700 is susceptible to denial of service due to the use of IBM SDK Java Technology Edition, Version 8 (CVE-2023-22081, CVE-2023-5676). The Java SDK is used by the TS7700 to provide the Management Interface, to perform cache management, and to provide Transparent....
5.9CVSS
5.9AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 5 and 7 that is used by Content Manager Enterprise Edition. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These...
3.4CVSS
3.3AI Score
0.975EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.7 that is used by Content Manager Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as “SLOTH”. ...
5.9CVSS
6.2AI Score
0.003EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 5 and 7, that is used by Content Manager Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring....
4.5AI Score
0.698EPSS
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition that is shipped with IBM Content Management Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in July 2017. Information about the security vulnerability affecting IBM SDK Java...
7.1AI Score
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 & 8 used by Content Manager Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. Vulnerability Details If you run your own Java code using the IBM Java Runtime...
7.5CVSS
7.7AI Score
0.005EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 & 8 used by Content Manager Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in Oct 2017. Vulnerability Details If you run your own Java code using the IBM Java Runtime...
6.2CVSS
7AI Score
0.004EPSS
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition that is shipped with IBM Content Management Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in April 2017. Information about the security vulnerability affecting IBM SDK Java...
7.1AI Score
Introducing the Wallarm 2024 API ThreatStatsTM Report
The Wallarm Security Research team is pleased to share the latest version of our API ThreatStats report. This report serves as a key resource for API, Application security practitioners. It emphasizes the need for a proactive stance in API security, advocating for continuous monitoring, regular...
8.3AI Score
Riding the AI Waves: The Rise of Artificial Intelligence to Combat Cyber Threats
In nearly every segment of our lives, AI (artificial intelligence) now makes a significant impact: It can deliver better healthcare diagnoses and treatments; detect and reduce the risk of financial fraud; improve inventory management; and serve up the right recommendation for a streaming movie on.....
6.8AI Score
Summary There are multiple vulnerabilities in IBM® Semeru Runtime Version 11 used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An...
7.8CVSS
7.8AI Score
0.001EPSS
Linux kernel (Azure) vulnerabilities
Releases Ubuntu 18.04 ESM Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-4.15 - Linux kernel for Microsoft Azure Cloud systems Details It was discovered that the ASUS HID driver in the Linux kernel did not properly handle...
7.8CVSS
8AI Score
0.001EPSS
Chatbots and Human Conversation
For most of history, communicating with a computer has not been like communicating with a person. In their earliest years, computers required carefully constructed instructions, delivered through punch cards; then came a command-line interface, followed by menus and options and text boxes. If you.....
6.9AI Score
7.8CVSS
7.2AI Score
0.001EPSS
7.8CVSS
7.2AI Score
0.001EPSS
Prevent BEC with AI-Powered Email and Collaboration
Latest Trend Vision One™ platform integration addresses growing need for streamlined IT and security operations across email and messaging...
7.5AI Score
Summary IBM Storage Defender – Data Protect is vulnerable and that can result in denial of service attacks, cross-site scripting, execution of arbitrary code, gaining elevated privileges, low integrity and confidentiality impacts, and the ability to obtain sensitive information. The...
9.8CVSS
9.9AI Score
0.011EPSS
It was discovered that the ASUS HID driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (system crash). (CVE-2023-1079) Jana...
7.8CVSS
7.8AI Score
0.001EPSS
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-20588) It was discovered.....
7.8CVSS
7.8AI Score
0.001EPSS
Ubuntu 16.04 ESM : Linux kernel vulnerabilities (USN-6602-1)
The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6602-1 advisory. A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. (CVE-2023-20588) An...
7.8CVSS
7.3AI Score
0.001EPSS
Releases Ubuntu 23.10 Ubuntu 22.04 LTS Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-6.2 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-6.2 - Linux kernel for...
7.8CVSS
7.8AI Score
0.0004EPSS
Releases Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-hwe - Linux kernel for Amazon Web Services (AWS-HWE) systems linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems linux-gcp-4.15 - Linux...
7.8CVSS
8AI Score
0.001EPSS
Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel...
7.8CVSS
7.7AI Score
0.0004EPSS
Ubuntu 16.04 ESM / 18.04 ESM : Linux kernel vulnerabilities (USN-6604-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6604-1 advisory. A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a...
7.8CVSS
7.5AI Score
0.001EPSS
Releases Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-kvm - Linux kernel for cloud environments linux-lts-xenial - Linux hardware enablement kernel from Xenial for Trusty Details Jana Hofmann, Emanuele...
7.8CVSS
8.1AI Score
0.001EPSS
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2023-22045 ...
3.7CVSS
6AI Score
0.001EPSS
Qualys WAS Unveils New Features in an Upgraded User Interface
Qualys Web Application Scanning (WAS) has been at the forefront of web application and API security innovation, and today, we're excited to announce a significant leap - the launch of our New User Interface (UI). From improved performance and reliability to cutting-edge technology adoption and...
7.5AI Score
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.7.1.5)
The version of AOS installed on the remote host is prior to 6.7.1.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.7.1.5 advisory. Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat...
7.5CVSS
7.9AI Score
0.946EPSS
Reduce Risk Faster With the Qualys Risk Reduction Recommendation Report
New vulnerabilities are found almost daily. However, most organizations struggle to identify, prioritize, and remediate vulnerabilities efficiently—making their environments vulnerable to risk. Last year, Qualys introduced Qualys VMDR with TruRiskTM, which helps organizations quantify cyber risk...
7.6AI Score
Cracked software beats gold: new macOS backdoor stealing cryptowallets
A month ago, we discovered some cracked apps circulating on pirating websites and infected with a Trojan proxy. The malicious actors repackaged pre-cracked applications as PKG files with an embedded Trojan proxy and a post-install script initiating the infection. We recently caught sight of a new,....
7.5AI Score
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-3 (SUSE-SU-2024:0172-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0172-1 advisory. Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug...
6.5CVSS
7AI Score
0.001EPSS
Security Bulletin: NVIDIA BlueField 2 and 3 BMC - January 2024
NVIDIA has released a firmware update for NVIDIA BlueField DPU Baseboard Management Controller (BMC). To protect your system, download and install this firmware update from the NVIDIA DOCA Software Framework page. Go to NVIDIA Product Security. Details This section provides a summary of potential.....
7.2CVSS
7.7AI Score
0.001EPSS
Webinar: Join us for the latest in API Threats on January 24, 2024
In today's complex digital landscape, the security of APIs has become paramount. As we move into 2024, it's essential to stay ahead of the evolving API security threats and vulnerabilities. The upcoming webinar on "API ThreatStats™ Report: 2023 Year-In-Review" is your quickest way to learn about...
7.7AI Score
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7.1.5.19 and earlier, 8.0.8.11 and earlier used by IBM® Db2®. These issues were disclosed as part of the IBM Java SDK updates in October 2023. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An...
5.9CVSS
6.2AI Score
0.001EPSS
Reduce Business Email Compromise with Collaboration
Here's the latest Trend Vision One™ platform integration addressing the growing need for collaboration in business email security...
7.5AI Score
Intel BIOS Firmware CVE-2022-21198 (INTEL-SA-00688)
The version of the Intel BIOS on the remote device is affected by a vulnerability as identified in the INTEL-SA-00688 advisory. Time-of-check time-of-use race condition in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege...
7.9CVSS
7.3AI Score
0.0004EPSS
EulerOS Virtualization 2.10.0 : kernel (EulerOS-SA-2023-3473)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on...
7.8CVSS
7.7AI Score
0.001EPSS
GPU kernel implementations susceptible to memory leak
Overview General-purpose graphics processing unit (GPGPU) platforms from AMD, Apple, and Qualcomm fail to adequately isolate process memory, thereby enabling a local attacker to read memory from other processes. An attacker with access to GPU capabilities using a vulnerable GPU's programmable...
6.5CVSS
5.6AI Score
0.001EPSS
Bulletin ID: AMD-SB-6010 Potential Impact: Data leakage Severity: Medium Summary Researchers from Trail of Bits reported a potential vulnerability, titled “LeftoverLocals.” According to their research, a compromised GPU kernel could potentially read local memory values from another kernel. CVE...
6.5CVSS
6.2AI Score
0.001EPSS
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2023-3275)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R)...
8.8CVSS
8.3AI Score
0.024EPSS
EulerOS 2.0 SP11 : openssl (EulerOS-SA-2023-3283)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of...
7.8CVSS
7.8AI Score
0.0004EPSS
Intel BIOS Firmware CVE-2022-26006 (INTEL-SA-00688)
The version of the Intel BIOS on the remote device is affected by a vulnerability as identified in the INTEL-SA-00688 advisory. Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local...
8.2CVSS
7.4AI Score
0.0004EPSS
EulerOS 2.0 SP11 : openssl (EulerOS-SA-2023-3255)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of...
7.8CVSS
7.8AI Score
0.0004EPSS
EulerOS 2.0 SP9 : kernel (EulerOS-SA-2023-3336)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific...
9.8CVSS
7.6AI Score
0.001EPSS
EulerOS 2.0 SP10 : kernel (EulerOS-SA-2023-3217)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific...
7.8CVSS
7.7AI Score
0.001EPSS
EulerOS Virtualization 2.9.0 : kernel (EulerOS-SA-2024-1011)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on...
9.8CVSS
7.6AI Score
0.001EPSS
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2023-3247)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R)...
8.8CVSS
8.3AI Score
0.024EPSS
Summary Vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVEs. Vulnerability Details ** CVEID: CVE-2023-22049 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component.....
5.9CVSS
5.5AI Score
0.001EPSS
Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms
It’s no secret that ransomware is top of mind for many chief information security officers (CISOs) as the number of attacks has increased exponentially. As seen in the latest Microsoft Digital Defense Report, our “telemetry indicates that organizations faced an increased rate of ransomware attacks....
7.2AI Score
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in....
5.9CVSS
6.7AI Score
0.0004EPSS