Intel® QAT Software Drivers Advisory
Summary: A potential security vulnerability in some Intel® QuickAssist Technology (QAT) software drivers for Windows may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-41252 Description: Out-of-bounds...
6.8AI Score
0.0004EPSS
Intel® oneAPI Toolkit Software Advisory
Summary: Potential security vulnerabilities in some Intel® oneAPI Toolkits and standalone component software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-35121 Description: Improper...
7.1AI Score
0.0004EPSS
Intel® oneAPI Software Installers Advisory
Summary: Potential security vulnerabilities in some Intel® oneAPI Toolkit and component software installers may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-32618 Description: Uncontrolled...
7.6AI Score
0.0004EPSS
Intel® Chipset Driver Software Advisory
Summary: Potential security vulnerabilities in some Intel® Chipset Driver Software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-28739 Description: Incorrect default permissions in some...
7.5AI Score
0.0004EPSS
Intel® Server OpenBMC Firmware Advisory
Summary: Potential security vulnerabilities in some Intel® OpenBMC firmware may allow escalation of privilege and information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-32280 Description: Insufficiently...
7.6AI Score
0.0004EPSS
Intel® Binary Configuration Tool Software Advisory
Summary: A potential security vulnerability in some Intel® Binary Configuration Tool software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-24591 Description: Uncontrolled search path in some.....
7.2AI Score
0.0004EPSS
Intel® SUR for Gameplay Software Advisory
Summary: Potential security vulnerabilities in the Intel® System Usage Report (SUR) for Gameplay Software may allow escalation of privilege. Intel is not releasing updates to mitigate these potential vulnerabilities and has issued a Product Discontinuation Notice for Intel® System Usage Report for....
7.5AI Score
0.0004EPSS
Intel® QSFP+ Configuration Utility Software Advisory
Summary: A potential security vulnerability in some Intel® QSFP+ Configuration Utility software may allow escalation of privilege. Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for Intel® QSFP+ Configuration Utility...
7.1AI Score
0.0004EPSS
New module content (3) GitLab Password Reset Account Takeover Authors: asterion04 and h00die Type: Auxiliary Pull request: #18716 contributed by h00die Path: admin/http/gitlab_password_reset_account_takeover AttackerKB reference: CVE-2023-7028 Description: This adds an exploit module that...
9.8CVSS
8.7AI Score
0.972EPSS
CVE-2024-21917 Rockwell Automation FactoryTalk® Service Platform Service Token Vulnerability
A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. If exploited, a...
9.8CVSS
9.6AI Score
0.001EPSS
Intel® Optane™ PMem Management Software Advisory
Summary: Potential security vulnerabilities in some Intel® Optane™ Persistent Memory (PMem) management software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-22311 Description: Improper...
7.3AI Score
0.0004EPSS
A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. If exploited, a...
9.1CVSS
9.4AI Score
0.001EPSS
Summary IBM Operations Analytics Predictive Insights is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details Refer to the.....
7.8AI Score
Intel® Battery Life Diagnostic Tool Software Advisory
Summary: A potential security vulnerability in some Intel® Battery Life Diagnostic Tool software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-35060 Description: Uncontrolled search path in...
7.2AI Score
0.0004EPSS
Intel® ThunderboltTM DCH Drivers for Windows Advisory
Summary: Potential security vulnerabilities in some Intel® Thunderbolt™ Declarative Componentized Hardware (DCH) drivers for Windows may allow escalation of privilege, denial of service, and/or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities.....
8AI Score
0.0004EPSS
Intel® SDK for OpenCL™ Applications Software Advisory
Summary: A potential security vulnerability in some Intel® SDK for OpenCL™ Applications software may allow escalation of privilege. Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for Intel® SDK for OpenCL™ Applications...
7.1AI Score
0.0004EPSS
Intel® Ethernet Tools and Driver Install Software Advisory
Summary: Potential security vulnerabilities in some Intel® Ethernet tools and driver install software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-39432 Description: Improper access...
7.4AI Score
0.0004EPSS
Arm DS for Intel® SoC FPGA Software Advisory
Summary: Potential security vulnerabilities in some Arm Development Studio (DS) for Intel® System-on-a-Chip (SoC) FPGA software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID:...
7.7AI Score
0.001EPSS
Security Bulletin: IBM Cognos Transformer is affected by security vulnerabilities
Summary There are vulnerabilities in Apache Xalan, Apache Commons Codec, IBM® Java™ Version 8, and OpenSSL that are consumed by IBM Cognos Transformer. These have been addressed by upgrading or removing the vulnerable libraries. Please refer to the table in the Related Information section for...
9.8CVSS
9.7AI Score
0.004EPSS
Summary IBM Virtualization Engine TS7700 is susceptible to denial of service due to the use of IBM SDK Java Technology Edition, Version 8 (CVE-2023-22081, CVE-2023-5676). The Java SDK is used by the TS7700 to provide the Management Interface, to perform cache management, and to provide Transparent....
5.9CVSS
5.9AI Score
0.001EPSS
Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-47158, CVE-2023-47145, CVE-2023-47747, CVE-2023-27859, CVE-2023-47746, CVE-2023-47152, CVE-2023-47141, CVE-2023-45193,...
8.4CVSS
8.2AI Score
0.001EPSS
Microsoft is addressing 149 vulnerabilities this April 2024 Patch Tuesday, which is significantly more than usual. For the second month in a row, Microsoft indicated that they weren't aware of prior public disclosure or exploitation in the wild for any of the vulnerabilities patched today....
9CVSS
10AI Score
EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7.1.5.19 and earlier, 8.0.8.11 and earlier used by IBM® Db2®. These issues were disclosed as part of the IBM Java SDK updates in October 2023. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An...
5.9CVSS
6.2AI Score
0.001EPSS
Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities
Summary IBM Cognos Analytics is affected and considered vulnerable, based on current information, to vulnerabilities in Open-Source Software (OSS) components consumed by IBM Cognos Analytics. IBM Cognos Analytics has addressed the applicable CVEs by upgrading or removing the vulnerable libraries......
9.8CVSS
10AI Score
0.86EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 22, 2024 to April 28, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 304 vulnerabilities disclosed in 232...
9.1AI Score
EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVEs and we recommend updating to the latest version to...
5.9CVSS
7AI Score
0.001EPSS
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2023-22045 ...
3.7CVSS
6AI Score
0.001EPSS
Summary Multiple security vulnerabilities have been identified in IBM DB2 shipped with IBM Intelligent Operations Center. Information about security vulnerabilities affecting IBM DB2 has been published in a security bulletin (CVE-2023-47158, CVE-2023-47145, CVE-2023-47747, CVE-2023-27859,...
8.4CVSS
8.2AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 that is used by Content Manager Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in April 2016. Vulnerability Details If you run your own Java code using the IBM Java Runtime...
5.6CVSS
8AI Score
0.038EPSS
TCG TPM2.0 implementations vulnerable to memory corruption
Overview Two buffer overflow vulnerabilities were discovered in the Trusted Platform Module (TPM) 2.0 reference library specification, currently at Level 00, Revision 01.59 November 2019. An attacker who has access to a TPM-command interface can send maliciously-crafted commands to the module and.....
8.8CVSS
8.6AI Score
EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.7 that is used by Content Manager Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as “SLOTH”. ...
5.9CVSS
6.2AI Score
0.003EPSS
NVIDIA® GPU Display Driver October 2023 Security Update
NVIDIA has informed HP of potential security vulnerabilities identified in the NVIDIA® GPU Display Driver for Windows which may allow escalation of privilege, code execution, denial of service, or information disclosure. NVIDIA has released updates to mitigate these vulnerabilities. NVIDIA has...
8.2CVSS
8AI Score
0.001EPSS
Summary: A potential security vulnerability in some Assistive Context-Aware Toolkit (ACAT) software maintained by Intel® may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-41231 Description:...
7.2AI Score
0.0004EPSS
Metasploit Weekly Wrap-Up 03/01/2024
Connect the dots from authentication bypass to remote code execution This week, our very own sfewer-r7 added a new exploit module that leverages an authentication bypass vulnerability in ConnectWise ScreenConnect to achieve remote code execution. This vulnerability, CVE-2024-1709, affects all...
10CVSS
9AI Score
0.946EPSS
org.grails:grails-databinding is vulnerable to Denial Of Service Attack. The vulnerability is due to a lack of validation in processing of web requests. An attacker can send specially crafted requests to cause a JVM crash or Denial of...
7.5CVSS
6.7AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 & 8 used by Content Manager Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. Vulnerability Details If you run your own Java code using the IBM Java Runtime...
7.5CVSS
7.7AI Score
0.005EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 5 and 7 that is used by Content Manager Enterprise Edition. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These...
3.4CVSS
3.3AI Score
0.975EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 5 and 7, that is used by Content Manager Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring....
4.5AI Score
0.698EPSS
Summary There are multiple vulnerabilities in IBM® Semeru Runtime Version 11 used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-22049 DESCRIPTION: **An...
3.7CVSS
4.3AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® Semeru Runtime Version 11 used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An...
7.8CVSS
7.8AI Score
0.001EPSS
Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. Vulnerability Details ** CVEID: CVE-2023-43646 DESCRIPTION: **Chai.js Assertion Library get-func-name is...
9.8CVSS
9.9AI Score
0.002EPSS
Summary IBM® Db2® is vulnerable to a privilege escalation to SYSTEM user via MSI repair functionality on Windows. Vulnerability Details ** CVEID: CVE-2023-47145 DESCRIPTION: **IBM Db2 for Windows (includes Db2 Connect Server) could allow a local user to escalate their privileges to the SYSTEM...
8.4CVSS
8.1AI Score
0.0004EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 & 8 used by Content Manager Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in Oct 2017. Vulnerability Details If you run your own Java code using the IBM Java Runtime...
6.2CVSS
7AI Score
0.004EPSS
Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query. Vulnerability Details ** CVEID: CVE-2023-47158 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user with CONNECT privileges to cause a denial of...
6.5CVSS
6.4AI Score
0.001EPSS
SVR Cyber Actors Adapt Tactics for Initial Cloud Access
How SVR-Attributed Actors are Adapting to the Move of Government and Corporations to Cloud Infrastructure OVERVIEW This advisory details recent tactics, techniques, and procedures (TTPs) of the group commonly known as APT29, also known as Midnight Blizzard, the Dukes, or Cozy Bear. The UK National....
7.6AI Score
Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query Vulnerability Details ** CVEID: CVE-2023-47141 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user with CONNECT privileges to cause a denial of...
6.5CVSS
6.7AI Score
0.001EPSS
A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26...
9.8CVSS
7.1AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to a denial of service when a specially crafted cursor is used. Vulnerability Details ** CVEID: CVE-2023-45193 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) federated server is vulnerable to a denial of service when a specially...
7.5CVSS
6.7AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to a denial of service when using a specially crafted query. Vulnerability Details ** CVEID: CVE-2023-47747 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user with CONNECT privileges to cause a denial...
6.5CVSS
6.4AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to a denial of service when a specially crafted query is used Vulnerability Details ** CVEID: CVE-2023-47746 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user with CONNECT privileges to cause a denial.....
6.5CVSS
6.4AI Score
0.001EPSS