Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Tivoli Application Dependency Discovery Manager (TADDM). These issues were disclosed as part of the IBM Java SDK updates in January 2024. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An...
7.5CVSS
7.2AI Score
0.001EPSS
Security Bulletin: NVIDIA CUDA Toolkit - April 2024
NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. To protect your system, download and install this software update from the CUDA Toolkit Downloads page. Go to NVIDIA Product Security. Details This section provides a summary of potential vulnerabilities that this security update...
3.3CVSS
6.7AI Score
0.0004EPSS
Summary IBM® Db2® is vulnerable to a denial of service with a specially crafted query on certain columnar table. Vulnerability Details ** CVEID: CVE-2024-22360 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service with a specially...
5.3CVSS
6.7AI Score
0.0004EPSS
Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query under certain conditions. Vulnerability Details ** CVEID: CVE-2024-27254 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server is vulnerable to denial of service with a...
5.3CVSS
6.7AI Score
0.0004EPSS
Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query. Vulnerability Details ** CVEID: CVE-2024-25046 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service by an authenticated user using a specially...
5.3CVSS
6.6AI Score
0.0004EPSS
Summary IBM® Db2® is vulnerable to denial of service when quering a specific UDF built-in function concurrently. Vulnerability Details ** CVEID: CVE-2023-52296 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service when quering a...
5.3CVSS
6.6AI Score
0.0004EPSS
Summary IBM Maximo Application Suite uses cryptography-41.0.2-cp37-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2023-49083.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2023-4807 DESCRIPTION: **OpenSSL is...
7.8CVSS
9.9AI Score
0.003EPSS
Updated microcode packages fix security vulnerabilities
Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2023-22655) Information exposure through microarchitectural state after...
6.5CVSS
7.8AI Score
0.001EPSS
Fedora 38 : xen (2024-29f57f1b4e)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-29f57f1b4e advisory. Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors...
6.5CVSS
7.4AI Score
0.0004EPSS
Fedora 39 : xen (2024-9e9f53d01d)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-9e9f53d01d advisory. Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors...
6.5CVSS
7.4AI Score
0.0004EPSS
Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to confidentiality impacts [CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945] and a timing-based side-channel attack [CVE-2023-33850] as described in the...
7.5CVSS
7AI Score
0.001EPSS
Incorrect Authorization vulnerability in OpenText™ ZENworks Configuration Management (ZCM) allows Unauthorized Use of Device Resources.This issue affects ZENworks Configuration Management (ZCM) versions: 2020 update 3, 23.3, and...
7.4CVSS
7.5AI Score
0.0004EPSS
Incorrect Authorization vulnerability in OpenText™ ZENworks Configuration Management (ZCM) allows Unauthorized Use of Device Resources.This issue affects ZENworks Configuration Management (ZCM) versions: 2020 update 3, 23.3, and...
7.4CVSS
7AI Score
0.0004EPSS
Incorrect Authorization vulnerability in OpenText™ ZENworks Configuration Management (ZCM) allows Unauthorized Use of Device Resources.This issue affects ZENworks Configuration Management (ZCM) versions: 2020 update 3, 23.3, and...
7.4CVSS
7.8AI Score
0.0004EPSS
Intel® oneAPI Toolkit Software Advisory
Summary: Potential security vulnerabilities in some Intel® oneAPI Toolkits and standalone component software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-35121 Description: Improper...
7.1AI Score
0.0004EPSS
7.8CVSS
7.2AI Score
0.003EPSS
VMware ESXi 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2022-0016)
The version of VMware ESXi installed on the remote host is prior to 6.7 P07, or 7.x prior to 7.0 Update 3e. It is, therefore, affected by multiple vulnerabilities as referenced in the VMSA-2022-0016 advisory: Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow...
5.5CVSS
6.5AI Score
0.001EPSS
Security Bulletin: NVIDIA ChatRTX - March 2024
NVIDIA has released a software update for NVIDIA® ChatRTX. To protect your system, download and install this software update from the ChatRTX Download page. Go to NVIDIA Product Security. Details This section provides a summary of potential vulnerabilities that this security update addresses and...
8.2CVSS
8AI Score
0.0004EPSS
linux-aws-hwe, linux-azure, linux-azure-4.15, linux-oracle vulnerabilities
Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service (bluetooth communication). (CVE-2023-2002) It was discovered that the NVIDIA...
7.8CVSS
8AI Score
0.003EPSS
A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™...
5.3CVSS
6.7AI Score
0.0004EPSS
A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™...
5.3CVSS
5.3AI Score
0.0004EPSS
A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™...
5.3CVSS
5.6AI Score
0.0004EPSS
Combine Qualys TruRisk™ and MITRE ATT&CK to Adopt Threat-Informed Defense to Reduce Risk
There are so many vulnerabilities disclosed daily that no one can patch all of them. Unfortunately, attackers can exploit them while you are still in the process of reviewing, prioritizing, and patching. Effective risk-based prioritization focuses your limited resources and remediation efforts...
10CVSS
10AI Score
0.973EPSS
New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys
A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic operations. Dubbed GoFetch, the vulnerability relates to a microarchitectural side-channel attack that takes advantage of a feature known as data memory-dependent...
6.2AI Score
The remote host is missing one or more known mitigation(s) on Linux Kernel side for the...
6.5CVSS
7.5AI Score
0.0004EPSS
Releases Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages linux-aws-hwe - Linux kernel for Amazon Web Services (AWS-HWE) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-4.15 - Linux kernel for Microsoft Azure Cloud systems linux-oracle - Linux kernel for Oracle Cloud...
7.8CVSS
8.3AI Score
0.003EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:0976-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0976-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after...
7.8CVSS
7.6AI Score
EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:0926-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0926-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap...
7.8CVSS
7.4AI Score
EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:0977-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0977-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after...
7.8CVSS
8.3AI Score
EPSS
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:0925-1)
The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0925-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free ...
7.8CVSS
7.7AI Score
EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:0975-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0975-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap...
7.8CVSS
8.1AI Score
EPSS
SUSE SLES12 Security Update : ucode-intel (SUSE-SU-2024:0917-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0917-1 advisory. Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R)...
6.5CVSS
8.1AI Score
0.001EPSS
VMware ESXi 6.5 / 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2022-0020)
The remote VMware ESXi host is version 6.5, 6.7 or 7.0 and is affected by multiple vulnerabilities, as follows: Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker...
6.5CVSS
7.5AI Score
EPSS
A vulnerability was found in some Intel Xeon D Processors with Intel SGX. This issue may allow a local attacker to achieve sensitive information disclosure, impacting the data confidentiality of the targeted...
5.3CVSS
6.1AI Score
0.0004EPSS
A vulnerability was found in the bus lock regulator mechanism for some Intel processors models. This issue may allow a malicious actor to achieve a Denial of Service attack, impacting the system availability of the targeted...
6.5CVSS
6.7AI Score
0.001EPSS
A vulnerability was found in some Intel processors that may allow a malicious actor to achieve a local information disclosure, impacting the data confidentiality of the targeted...
5.5CVSS
6.7AI Score
0.0004EPSS
Summary Multiple vulnerabilities exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Manager IP Edition . CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850 Vulnerability Details ** CVEID:...
7.5CVSS
6.8AI Score
0.001EPSS
Summary Vulnerability in IBM® SDK, Java™ Technology affect Cloud Pak System. Vulnerability Details ** CVEID: CVE-2022-3676 DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by improper runtime type check by the interface calls. By sending a...
6.5CVSS
6.4AI Score
0.001EPSS
Security Bulletin: IBM QRadar SIEM M7 Appliances are vulnerable to CVE-2022-21216
Summary IBM QRadar SIEM M7 Appliances could be vulnerable to an Intel CVE. IBM has addressed the relevant CVE. Vulnerability Details ** CVEID: CVE-2022-21216 DESCRIPTION: **IntelAtom and Intel Xeon Scalable Processors could allow a remote authenticated attacker to gain elevated privileges on the...
7.5CVSS
7.1AI Score
0.0004EPSS
EulerOS Virtualization 2.11.0 : kernel (EulerOS-SA-2024-1443)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Information exposure through microarchitectural state after transient execution in certain vector execution units for some...
8.8CVSS
8.8AI Score
0.024EPSS
7.8CVSS
7.2AI Score
0.003EPSS
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2024-1417)
The remote host is missing an update for the Huawei...
7.8CVSS
6.3AI Score
0.002EPSS
EulerOS Virtualization 2.11.1 : kernel (EulerOS-SA-2024-1415)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Information exposure through microarchitectural state after transient execution in certain vector execution units for some...
8.8CVSS
8.8AI Score
0.024EPSS
K000138966 : Intel Xeon CPU vulnerability CVE-2023-23908
Security Advisory Description Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. (CVE-2023-23908) Impact This vulnerability may allow a privileged user to enable information.....
4.4CVSS
6AI Score
0.0004EPSS
EulerOS Virtualization 2.11.1 : openssl (EulerOS-SA-2024-1417)
According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal...
7.8CVSS
8AI Score
0.002EPSS
EulerOS Virtualization 2.11.0 : openssl (EulerOS-SA-2024-1445)
According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal...
7.8CVSS
8AI Score
0.002EPSS
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2024-1445)
The remote host is missing an update for the Huawei...
7.8CVSS
6.3AI Score
0.002EPSS
linux-gcp, linux-gcp-4.15 vulnerabilities
Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service (bluetooth communication). (CVE-2023-2002) It was discovered that the NVIDIA...
7.8CVSS
8AI Score
0.003EPSS
Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-gcp-5.4 - Linux kernel for Google Cloud Platform (GCP) systems linux-raspi - Linux kernel for Raspberry Pi...
7.8CVSS
7.6AI Score
0.002EPSS
Releases Ubuntu 23.10 Ubuntu 22.04 LTS Packages linux - Linux kernel linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems linux-gcp-6.5 - Linux kernel for Google Cloud Platform (GCP) systems linux-hwe-6.5 - Linux hardware...
7.8CVSS
7.7AI Score
0.002EPSS