Summary IBM® Db2® is vulnerable to remote code execution caused by installing like-named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like-named jar file in another database. Vulnerability Details ** CVEID:...
6.5CVSS
7.4AI Score
0.001EPSS
Summary CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938 and CVE-2023-2597 may affect IBM® SDK, Java™ Technology Edition shipped with IBM TXSeries for Multiplatforms. IBM TXSeries for Multiplatforms has addressed the applicable CVEs....
9.1CVSS
8.4AI Score
0.002EPSS
Summary IBM® Db2® Federated is affected by a vulnerability in the consumed open source presto-jdbc library that may lead to information disclosure. Vulnerability Details ** IBM X-Force ID: 268195 DESCRIPTION: **Presto is vulnerable to server-side request forgery, caused by improper validating the.....
5.8AI Score
Summary There are vulnerabilities in IBM® Semeru Java™ Version 11 and Eclipse Jetty used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.5 has addressed the applicable CVEs by upgrading to IBM® Semeru JRE 11.0.20.0 (CVE-2023-22049, CVE-2023-22036) and Eclipse Jetty 10.0.17...
7.5CVSS
8AI Score
0.732EPSS
Summary IBM® Db2® under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. Vulnerability Details ** CVEID: CVE-2023-50308 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server)...
6.5CVSS
6.3AI Score
0.001EPSS
Summary CVE-2022-21426 may affect IBM® SDK, Java™ Technology Edition shipped with IBM TXSeries for Multiplatforms. IBM TXSeries for Multiplatforms has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2022-21426 DESCRIPTION: **An unspecified vulnerability in Java SE related to the.....
5.3CVSS
5.6AI Score
0.001EPSS
Summary CVE-2023-21830 and CVE-2023-21843 may affect IBM® SDK, Java™ Technology Edition shipped with IBM TXSeries for Multiplatforms. IBM TXSeries for Multiplatforms has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-21830 DESCRIPTION: **An unspecified vulnerability in...
5.3CVSS
5AI Score
0.001EPSS
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in....
5.9CVSS
6.7AI Score
0.0004EPSS
Rockwell Automation FactoryTalk Service Platform
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: FactoryTalk Service Platform Vulnerability: Incorrect Execution-Assigned Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow malicious users with...
9CVSS
9.3AI Score
0.0004EPSS
Intel Optane™ SSD Firmware November 2023 Security Update
Intel has informed HP of potential security vulnerabilities in some Intel® Optane™ SSD and some Intel® Optane™ SSD DC products, which might allow escalation of privilege, information disclosure or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities. .....
7.8CVSS
7.4AI Score
0.001EPSS
Metasploit Weekly Wrap-Up 02/23/2024
LDAP Capture module Metasploit now has an LDAP capture module thanks to the work of JustAnda7. This work was completed as part of the Google Summer of Code program. When the module runs it will by default require privileges to listen on port 389. The module implements a default implementation for.....
9.8CVSS
9.8AI Score
0.969EPSS
Intel Rapid Storage Technology Software November 2023 Security Update
Intel has informed HP of a potential security vulnerability in some Intel® Rapid Storage Technology software, which might allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential...
7.8CVSS
7.1AI Score
0.0004EPSS
Security Bulletin: Multiple vulnerabilities affect IBM Db2® REST
Summary IBM has released the below fix for IBM Db2® REST in response to multiple vulnerabilities found in multiple components. The vulnerabilities have been addressed. Vulnerability Details ** CVEID: CVE-2023-39323 DESCRIPTION: **Golang Go could allow a remote attacker to execute arbitrary code...
8.1CVSS
7.9AI Score
0.002EPSS
Summary Vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVEs. Vulnerability Details ** CVEID: CVE-2023-22049 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component.....
5.9CVSS
5.5AI Score
0.001EPSS
Intel® Virtual RAID on CPU (VROC) August 2023 Security Updates
Intel has informed HP of a potential security vulnerability identified in the Intel® Virtual RAID on CPU (VROC) software, which might allow escalation of privilege. Intel is releasing software updates to mitigate the potential vulnerability. Intel has released updates to mitigate the potential...
7.8CVSS
7.2AI Score
0.0004EPSS
Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been...
7.5CVSS
9.2AI Score
0.732EPSS
Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms
It’s no secret that ransomware is top of mind for many chief information security officers (CISOs) as the number of attacks has increased exponentially. As seen in the latest Microsoft Digital Defense Report, our “telemetry indicates that organizations faced an increased rate of ransomware attacks....
7.2AI Score
A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26...
9.8CVSS
9.4AI Score
0.001EPSS
A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26...
10CVSS
9.2AI Score
0.001EPSS
Intel BIOS Firmware CVE-2022-26006 (INTEL-SA-00688)
The version of the Intel BIOS on the remote device is affected by a vulnerability as identified in the INTEL-SA-00688 advisory. Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local...
8.2CVSS
7.4AI Score
0.0004EPSS
Summary There are multiple vulnerabilities in IBM® SDK, Java™ Technology Edition, Versions 7 and 8, that are used by IBM Virtualization Engine TS7700. These issues were disclosed as part of the IBM Java SDK updates in October 2017, January 2018 and April 2018. Vulnerability Details CVEID:...
8.3CVSS
1.6AI Score
0.003EPSS
KLA60730 Multiple vulnerabilities in Microsoft Apps
Multiple vulnerabilities were found in Microsoft Apps. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service. Below is a complete list of vulnerabilities: A remote code execution vulnerability in Autodesk® FBX® SDK 2020...
7.8CVSS
8.9AI Score
0.001EPSS
Intel BIOS Firmware CVE-2022-21198 (INTEL-SA-00688)
The version of the Intel BIOS on the remote device is affected by a vulnerability as identified in the INTEL-SA-00688 advisory. Time-of-check time-of-use race condition in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege...
7.9CVSS
7.3AI Score
0.0004EPSS
Metasploit Weekly Wrap-Up 02/16/2024
New Fetch Payload It has been almost a year since Metasploit released the new fetch payloads and since then, 43 of the 79 exploit modules have had support for fetch payloads. The original payloads supported transferring the second stage over HTTP, HTTPS and FTP. This week, Metasploit has expanded.....
7.3AI Score
Intel Dynamic Tuning Technology Software August 2023 Security Update
Intel has informed HP of a potential security vulnerability in the Intel® Dynamic Tuning Technology (DTT) software which may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential...
7.8CVSS
7.1AI Score
0.0004EPSS
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...
9.8CVSS
7.8AI Score
0.001EPSS
Security Bulletin: Vulnerabilities in IBM Java Runtime affect z/Transaction Processing Facility
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-22049 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries...
5.9CVSS
9.4AI Score
0.001EPSS
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an...
7.5CVSS
9.6AI Score
0.001EPSS
5 Insights from the Latest Cybersecurity Trends Research
Rapid7 is committed to promoting research that identifies the latest cybersecurity trends so that organizations can leverage these insights and create programs that make sense for the modern SOC. To that end, we’ve singled out five quick insights security professionals and stakeholders should...
7.3AI Score
Metasploit Weekly Wrap-Up 02/02/2024
Shared RubySMB Service Improvements This week’s updates include improvements to Metasploit Framework’s SMB server implementation: the SMB server can now be reused across various SMB modules, which are now able to register their own unique shares and files. SMB modules can also now be executed...
9.8CVSS
9.6AI Score
0.956EPSS
A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26...
10CVSS
9.4AI Score
0.001EPSS
KLA60570 Multiple vulnerabilities in Microsoft Apps
Multiple vulnerabilities were found in Microsoft Apps. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities: A remote code execution vulnerability in 3D Builder can be exploited remotely to execute arbitrary code. A remote code...
7.8CVSS
8.7AI Score
0.001EPSS
Summary IBM SDK, Java Technology Edition is used by IBM Security Directory products as part of the IBM SDK, Java Technology Edition. See security bulletin for more details. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and...
5.3CVSS
5.7AI Score
0.001EPSS
Summary IBM® SDK, Java™ Technology Edition is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM SDK, Java Technology Edition has been published in multiple security bulletins. These products have addressed the applicable CVE(s). For a...
7AI Score
KLA50317 Multiple vulnerabilities in Microsoft Developer Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code, bypass security restrictions, obtain sensitive information, spoof user interface. Below is a complete list of...
7.8CVSS
9.8AI Score
0.01EPSS
Riding the AI Waves: The Rise of Artificial Intelligence to Combat Cyber Threats
In nearly every segment of our lives, AI (artificial intelligence) now makes a significant impact: It can deliver better healthcare diagnoses and treatments; detect and reduce the risk of financial fraud; improve inventory management; and serve up the right recommendation for a streaming movie on.....
6.8AI Score
Summary: Potential security vulnerabilities in some Intel® NUC BIOS firmware may allow escalation of privilege, information disclosure or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-42429 Description:...
7.7AI Score
0.0004EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION:.....
5.9CVSS
7AI Score
0.001EPSS
Summary: Potential security vulnerabilities in some Intel® NUC software installers may allow escalation of privilege or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-32272 Description: Uncontrolled search.....
7.6AI Score
0.0004EPSS
Intel® NUC BIOS Firmware Advisory
Summary: Potential security vulnerabilities in some Intel® NUC BIOS firmware may allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-28738 Description: Improper input validation for some Intel® NUC...
7.6AI Score
0.0004EPSS
Security Bulletin: Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated.
Summary Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated. These vulnerabilities were fixed in the images published on December 01, 2023 but the CVEs were not included in the bulletin. Vulnerability Details ** CVEID: CVE-2022-1471 DESCRIPTION: **SnakeYaml could allow a...
9.8CVSS
9.6AI Score
0.022EPSS
Security Bulletin: Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated.
Summary Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated. Vulnerability Details ** CVEID: CVE-2023-1370 DESCRIPTION: **netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By sending a specially crafted...
7.5CVSS
7.9AI Score
0.002EPSS
Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the consumed PCRE library.
Summary IBM® Db2® is affected by multiple vulnerabilities in the consumed PCRE library. Vulnerability Details ** CVEID: CVE-2015-8383 DESCRIPTION: **PCRE is vulnerable to a heap-based buffer overflow, caused by the improper handling of certain repeated conditional groups. By using a specially...
9.8CVSS
9.2AI Score
0.059EPSS
Security Bulletin: IBM® Db2® is vulnerable to privilege escalation with DATAACCESS. (CVE-2023-38003)
Summary IBM® Db2® could allow a user with DATAACCESS privileges to execute routines that they should not have access to. Vulnerability Details ** CVEID: CVE-2023-38003 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user with DATAACCESS privileges to.....
7.2CVSS
7.5AI Score
0.001EPSS
Summary IBM® Db2® is affected by multiple vulnerabilities in the open source zlib library. Vulnerability Details ** CVEID: CVE-2018-25032 DESCRIPTION: **Zlib is vulnerable to a denial of service, caused by a memory corruption in the deflate operation. By using many distant matches, a remote...
9.8CVSS
9.6AI Score
0.473EPSS
Rockwell Automation FactoryTalk Service Platform
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Service Platform Vulnerability: Improper Verification of Cryptographic Signature 2. RISK EVALUATION Successful exploitation of this vulnerability...
9.8CVSS
5.5AI Score
0.001EPSS
Unified security operations with Microsoft Sentinel and Microsoft Defender XDR
Numerous cybersecurity tools exist to help organizations protect their data, people, and systems. There are different tools that check emails for phishing attempts, secure infrastructure and cloud, and provide generative AI to detect threats and uplevel response beyond human ability. While each of....
7.1AI Score
Summary IBM® Db2® is vulnerable to denial of service under extreme stress conditions. Vulnerability Details ** CVEID: CVE-2023-40692 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service under extreme stress conditions. CVSS Base...
7.5CVSS
7.8AI Score
0.001EPSS
Microsoft is addressing 73 vulnerabilities this February 2024 Patch Tuesday, including two (actually, three!) zero-day/exploited-in-the-wild vulnerabilities, both of which are already included on the CISA KEV list. Today also brings patches for two critical remote code execution (RCE)...
9.8CVSS
10AI Score
0.074EPSS
Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query. Vulnerability Details ** CVEID: CVE-2023-43020 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query. CVSS Base score:...
8.6AI Score
EPSS