Security Bulletin: Vulnerabilities in IBM Java Runtime affect z/Transaction Processing Facility
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-21967 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise.....
5.9CVSS
6.2AI Score
0.001EPSS
Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Monitoring.
Summary Vulnerabilities in IBM® Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components. CVEs: CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597 and CVE-2022-40609 Vulnerability.....
9.8CVSS
9.2AI Score
0.003EPSS
Numbers Don't Lie: Exposing the Harsh Truths of Cyberattacks in New Report
How often do cyberattacks happen? How frequently do threat actors target businesses and governments around the world? The BlackBerry® Threat Research and Intelligence Team recently analyzed 90 days of real-world data to answer these questions. Full results are in the latest BlackBerry Global...
6.6AI Score
Navigating privacy in a data-driven world with Microsoft Priva
Data protection and privacy have become business imperatives. In a global survey conducted by Microsoft and leaders in the academic privacy space, 90 percent of respondents said they would not buy from an organization that does not properly protect its data.1 More than ever, people have a high...
6.5AI Score
Navigating privacy in a data-driven world with Microsoft Priva
Data protection and privacy have become business imperatives. In a global survey conducted by Microsoft and leaders in the academic privacy space, 90 percent of respondents said they would not buy from an organization that does not properly protect its data.1 More than ever, people have a high...
6.5AI Score
Summary There are multiple vulnerabilities in IBM® DB2 used by IBM Operations Analytics Predictive Insights 1.3.6 and earlier. IBM Operations Analytics Predictive Insights has addressed the applicable CVEs (CVE-2023-30447, CVE-2023-30446, CVE-2023-30443, CVE-2023-30448, CVE-2023-30445,...
8.8CVSS
7.5AI Score
EPSS
CVE-2023-32499 WordPress Radio Station Plugin <= 2.4.0.9 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tony Zeoli, Tony Hayes Radio Station by netmix® – Manage and play your Show Schedule in WordPress! plugin <= 2.4.0.9...
7.1CVSS
6.4AI Score
0.0005EPSS
Security Bulletin: IBM Security Guardium is affected by multiple Oracle® MySQL vulnerabilities
Summary IBM Security Guardium has addressed these vulnerabilities by upgrading the version of Oracle® MySQL that it uses. Vulnerability Details ** CVEID: CVE-2023-21881 DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a...
6.5CVSS
5.6AI Score
0.002EPSS
Intel BIOS Firmware DoS (INTEL-SA-00813) (CVE-2022-43505)
Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access. (CVE-2022-43505) Note that Nessus has not tested for this issue but has instead relied only on the application's...
4.4CVSS
6.4AI Score
0.0004EPSS
Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Report
The just-released BlackBerry Global Threat Intelligence Report reveals a 40% increase in cyberattacks against government and public service organizations versus the previous quarter. This includes public transit, utilities, schools, and other government services we rely on daily. With limited...
6.7AI Score
Intel BIOS Firmware Information Disclosure (INTEL-SA-00813) (CVE-2022-27879)
Improper buffer restrictions in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access(CVE-2022-27879) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...
5.3CVSS
6.2AI Score
0.0004EPSS
Intel BIOS Firmware Information Disclosure (INTEL-SA-00813) (CVE-2022-38083)
Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. (CVE-2022-38083) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...
6.1CVSS
6.1AI Score
0.0004EPSS
Intel BIOS Firmware Privilege Escalation (INTEL-SA-00813) (CVE-2022-44611)
Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. (CVE-2022-44611) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported.....
8CVSS
7.2AI Score
0.0004EPSS
Summary There are multiple vulnerabilities in IBM® Semeru Runtime Version 8 used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2022-21299 DESCRIPTION: An unspecified.....
5.3CVSS
5.8AI Score
0.002EPSS
Intel BIOS Firmware Privilege Escalation (INTEL-SA-00813) (CVE-2022-37343)
Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2022-37343) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...
7.2CVSS
7AI Score
0.0004EPSS
5.5CVSS
5.5AI Score
0.001EPSS
Imperva, a global leader in cybersecurity, is proud to announce that we have once again been honored for our industry-leading database security solutions, earning the prestigious 2023 SC Media Trust Award for Best Database Security Solution. This accolade marks the second consecutive year that...
6.7AI Score
Summary There is vulnerability in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM SDK,...
9.8CVSS
7.3AI Score
0.003EPSS
Security Bulletin: Mutiple Vulnerabilties Affecting IBM Watson Machine Learning Accelerator
Summary IBM Watson Machine Learning Accelerator 1.2.x is vulnerable to several vulnerabilities coming from dependent compoents. These are addressed. Vulnerability Details ** CVEID: CVE-2023-20863 DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper.....
7.5CVSS
7.9AI Score
0.003EPSS
Intel® Unite® Hub Software August 2023 Security Update
Intel has informed HP of a potential vulnerability identified in the Intel® Unite® Hub software, which may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...
7.8CVSS
7AI Score
0.0004EPSS
Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to denial of service, availability, integrity, and confidentiality impacts as described in the vulnerability details section (CVE-2022-21426, CVE-2023-2597, CVE-2023-21830, CVE-2023-21843,...
9.1CVSS
7.6AI Score
0.002EPSS
Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a vulnerability in the IBM SDK, Java Technology Edition that is shipped with IBM WebSphere Application Server has been published in a security bulletin. Vulnerability...
9.8CVSS
6.3AI Score
0.003EPSS
Security Bulletin: OpenSSL publicly disclosed vulnerabilities affect IBM® MobileFirst Platform
Summary IBM MobileFirst Platform Foundation has addressed the following vulnerabilities by updating the version of OpenSSL Vulnerability Details ** CVEID: CVE-2023-2650 DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a flaw when using OBJ_obj2txt() directly, or use any of...
7.5CVSS
6.9AI Score
0.003EPSS
AMD® Ryzen Master™ SDK February 2023 Security Update
AMD has informed HP of a potential security vulnerability identified in the AMD® Ryzen Master™ Monitoring SDK, which might allow escalation of privilege. AMD has released software to mitigate the potential vulnerability. AMD has released updates to mitigate the potential vulnerability. HP has...
7.8CVSS
7AI Score
0.0004EPSS
Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details ** CVEID: CVE-2022-45688 DESCRIPTION: **Hutool is vulnerable to a denial of service, caused by stack-based buffer overflow. By...
7.5CVSS
7AI Score
0.001EPSS
Summary There is a vulnerability in the IBM® SDK, Java™ Technology Edition that is shipped with IBM Liberty for Java for IBM Cloud. The CVE(s) listed in this document might affect some configurations of IBM Liberty for Java for IBM Cloud. This product has addressed the applicable CVE. If you run...
9.8CVSS
7.2AI Score
0.003EPSS
Summary Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager (CVE-2023-35012, CVE-2023-27558, CVE-2023-29256, CVE-2023-30442, CVE-2023-27869, CVE-2023-27867, CVE-2023-27868, CVE-2023-30431, CVE-2023-23487, CVE-2023-30447,...
8.8CVSS
7.9AI Score
EPSS
Summary IBM Business Automation Workflow containers package IBM® Java SDK 8 (V21.0.3) or IBM® Semeru Runtime 11 (V23.0.1). Information about security vulnerabilities in these Java runtumes have been published. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An unspecified...
9.1CVSS
8AI Score
0.002EPSS
Summary There is a vulnerability in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server traditional . This product has addressed the applicable CVE. If.....
9.8CVSS
7.2AI Score
0.003EPSS
Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s).....
9.8CVSS
8.8AI Score
0.003EPSS
Summary IBM® Db2® has multiple denial of service vulnerabilities with a specially crafted query Vulnerability Details ** CVEID: CVE-2023-30447 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially...
7.5CVSS
7.4AI Score
EPSS
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7...
7.8CVSS
7.8AI Score
0.001EPSS
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current...
7.8CVSS
7.8AI Score
0.001EPSS
Summary IBM® Runtime Environment Java™ is used by CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. The fix updates the Java Runtime Environment to resolve the following vulnerabilities. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM...
9.8CVSS
9.2AI Score
0.003EPSS
Summary IBM® Runtime Environment Java™ is used by CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. The fix updates the Java Runtime Environment to resolve the following vulnerabilities. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM...
9.8CVSS
9.2AI Score
0.003EPSS
Summary A remote code execution vulnerability in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a...
9.8CVSS
9.4AI Score
0.003EPSS
Intel® Unite® Software Advisory
Summary: Potential security vulnerabilities in some Intel® Unite® software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-25773 Description: Improper access control in the Intel(R) Unite(R).....
7.5AI Score
0.0004EPSS
Security Bulletin: CVE-2022-40609 affects IBM® SDK, Java™ Technology Edition
Summary CVE-2022-40609 affects the Object Request Broker (ORB) in IBM SDK, Java Technology Edition. An update has been released to address the vulnerability. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM SDK, Java Technology Edition could allow a remote attacker to execute...
9.8CVSS
7.1AI Score
0.003EPSS
Intel® Quartus® for Linux Advisory
Summary: A potential security vulnerability in some Intel® Quartus® Prime Pro and Standard edition software for linux may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-24016 Description:...
7.2AI Score
0.0004EPSS
2023.3 IPU - Intel® Xeon® Processor Advisory
Summary: A potential security vulnerability in some Intel® Xeon® Processors with Intel® Software Guard Extensions (SGX) may allow escalation of privilege. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-41804 Description:...
7.1AI Score
0.0004EPSS
2023.3 IPU - Intel® Xeon® Scalable Processors Advisory
Summary: A potential security vulnerability in some 3rd Generation Intel® Xeon® Scalable processors may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-23908 Description: Improper access control in...
6.2AI Score
0.0004EPSS
Summary: A potential security vulnerability in some Intel Agilex®software included as part of Intel® Quartus® Prime Pro Edition for linux may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-24478...
6.3AI Score
0.0004EPSS
Intel® oneMKL Software Advisory
Summary: Potential security vulnerabilities in some Intel® oneAPI Math Kernel Library (oneMKL) may allow ecsalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2022-25864 Description: Uncontrolled search path in...
7.3AI Score
0.0004EPSS
Summary: A potential security vulnerability in some Intel® Virtual RAID on CPU (VROC) software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-45112 Description: Improper access control in some.....
7.2AI Score
0.0004EPSS
Summary: A potential security vulnerability in some Intel® Product Collaboration and Systems Division (PCSD) system BIOS may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-34657 Description:...
6.4AI Score
0.0004EPSS
Summary: A potential security vulnerability in the Intel® Dynamic Tuning Technology (DTT) software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-29470 Description: Improper access control in...
7.1AI Score
0.0004EPSS
Summary: A potential security vulnerability in some Intel® Platform Service Record (PSR) Software Development Kit (SDK) software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-29151...
7.2AI Score
0.0004EPSS
Intel® RealSenseTM SDK Advisory
Summary: A potential security vulnerability in some Intel® RealSense™ Software Development Kits (SDKs) may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-32663 Description: Incorrect default...
7.3AI Score
0.0004EPSS
Summary: A potential security vulnerability in some ITE Tech consumer infrared drivers (CID) for some Intel® NUCs may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-23577 Description: Uncontrolled.....
7.2AI Score
0.0004EPSS
Summary: A potential security vulnerability in the Intel® Intelligent Test System (ITS) software may allow escalation of privilege. Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for Intel® ITS software. Vulnerability...
7.2AI Score
0.0004EPSS