Intel® Security Vulnerabilities

Security Bulletin: Vulnerabilities in IBM Java Runtime affect z/Transaction Processing Facility

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-21967 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise.....

Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Monitoring.

Summary Vulnerabilities in IBM® Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components. CVEs: CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597 and CVE-2022-40609 Vulnerability.....

Numbers Don't Lie: Exposing the Harsh Truths of Cyberattacks in New Report

How often do cyberattacks happen? How frequently do threat actors target businesses and governments around the world? The BlackBerry® Threat Research and Intelligence Team recently analyzed 90 days of real-world data to answer these questions. Full results are in the latest BlackBerry Global...

Navigating privacy in a data-driven world with Microsoft Priva

Data protection and privacy have become business imperatives. In a global survey conducted by Microsoft and leaders in the academic privacy space, 90 percent of respondents said they would not buy from an organization that does not properly protect its data.1 More than ever, people have a high...

Navigating privacy in a data-driven world with Microsoft Priva

Data protection and privacy have become business imperatives. In a global survey conducted by Microsoft and leaders in the academic privacy space, 90 percent of respondents said they would not buy from an organization that does not properly protect its data.1 More than ever, people have a high...

Security Bulletin: Multiple vulnerabilities in IBM DB2 affect IBM Operations Analytics Predictive Insights

Summary There are multiple vulnerabilities in IBM® DB2 used by IBM Operations Analytics Predictive Insights 1.3.6 and earlier. IBM Operations Analytics Predictive Insights has addressed the applicable CVEs (CVE-2023-30447, CVE-2023-30446, CVE-2023-30443, CVE-2023-30448, CVE-2023-30445,...

CVE-2023-32499 WordPress Radio Station Plugin <= 2.4.0.9 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tony Zeoli, Tony Hayes Radio Station by netmix® – Manage and play your Show Schedule in WordPress! plugin &lt;= 2.4.0.9...

Security Bulletin: IBM Security Guardium is affected by multiple Oracle® MySQL vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities by upgrading the version of Oracle® MySQL that it uses. Vulnerability Details ** CVEID: CVE-2023-21881 DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a...

Intel BIOS Firmware DoS (INTEL-SA-00813) (CVE-2022-43505)

Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access. (CVE-2022-43505) Note that Nessus has not tested for this issue but has instead relied only on the application's...

Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Report

The just-released BlackBerry Global Threat Intelligence Report reveals a 40% increase in cyberattacks against government and public service organizations versus the previous quarter. This includes public transit, utilities, schools, and other government services we rely on daily. With limited...

Intel BIOS Firmware Information Disclosure (INTEL-SA-00813) (CVE-2022-27879)

Improper buffer restrictions in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access(CVE-2022-27879) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...

Intel BIOS Firmware Information Disclosure (INTEL-SA-00813) (CVE-2022-38083)

Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. (CVE-2022-38083) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...

Intel BIOS Firmware Privilege Escalation (INTEL-SA-00813) (CVE-2022-44611)

Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. (CVE-2022-44611) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported.....

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2022-21282, CVE-2022-21296, CVE-2022-21299)

Summary There are multiple vulnerabilities in IBM® Semeru Runtime Version 8 used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2022-21299 DESCRIPTION: An unspecified.....

Intel BIOS Firmware Privilege Escalation (INTEL-SA-00813) (CVE-2022-37343)

Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2022-37343) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...

Exploit for CVE-2022-32862

%PDF-1.5 %���� 16 0 obj &lt;&lt; /Length 972 /Filter...

Imperva Clinches 2023 SC Media Trust Award for Best Database Security Solution: A Back-to-Back Victory

Imperva, a global leader in cybersecurity, is proud to announce that we have once again been honored for our industry-leading database security solutions, earning the prestigious 2023 SC Media Trust Award for Best Database Security Solution. This accolade marks the second consecutive year that...

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester

Summary There is vulnerability in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM SDK,...

Security Bulletin: Mutiple Vulnerabilties Affecting IBM Watson Machine Learning Accelerator

Summary IBM Watson Machine Learning Accelerator 1.2.x is vulnerable to several vulnerabilities coming from dependent compoents. These are addressed. Vulnerability Details ** CVEID: CVE-2023-20863 DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper.....

Intel® Unite® Hub Software August 2023 Security Update

Intel has informed HP of a potential vulnerability identified in the Intel® Unite® Hub software, which may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...

Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to denial of service, availability, integrity, and confidentiality impacts due to multiple vulnerabilities.

Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to denial of service, availability, integrity, and confidentiality impacts as described in the vulnerability details section (CVE-2022-21426, CVE-2023-2597, CVE-2023-21830, CVE-2023-21843,...

Security Bulletin: Vulnerability in IBM Java SDK affects WebSphere Service Registry and Repository (CVE-2022-40609)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a vulnerability in the IBM SDK, Java Technology Edition that is shipped with IBM WebSphere Application Server has been published in a security bulletin. Vulnerability...

Security Bulletin: OpenSSL publicly disclosed vulnerabilities affect IBM® MobileFirst Platform

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerabilities by updating the version of OpenSSL Vulnerability Details ** CVEID: CVE-2023-2650 DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a flaw when using OBJ_obj2txt() directly, or use any of...

AMD® Ryzen Master™ SDK February 2023 Security Update

AMD has informed HP of a potential security vulnerability identified in the AMD® Ryzen Master™ Monitoring SDK, which might allow escalation of privilege. AMD has released software to mitigate the potential vulnerability. AMD has released updates to mitigate the potential vulnerability. HP has...

Security Bulletin: Multiple vulnerabilities found on thirdparty libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details ** CVEID: CVE-2022-45688 DESCRIPTION: **Hutool is vulnerable to a denial of service, caused by stack-based buffer overflow. By...

Security Bulletin: Vulnerability in IBM® Java SDK affects IBM Liberty for Java for IBM Cloud due to CVE-2022-40609

Summary There is a vulnerability in the IBM® SDK, Java™ Technology Edition that is shipped with IBM Liberty for Java for IBM Cloud. The CVE(s) listed in this document might affect some configurations of IBM Liberty for Java for IBM Cloud. This product has addressed the applicable CVE. If you run...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager

Summary Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager (CVE-2023-35012, CVE-2023-27558, CVE-2023-29256, CVE-2023-30442, CVE-2023-27869, CVE-2023-27867, CVE-2023-27868, CVE-2023-30431, CVE-2023-23487, CVE-2023-30447,...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server shipped with IBM Business Automation Workflow containers - April 2023 CPU

Summary IBM Business Automation Workflow containers package IBM® Java SDK 8 (V21.0.3) or IBM® Semeru Runtime 11 (V23.0.1). Information about security vulnerabilities in these Java runtumes have been published. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An unspecified...

Security Bulletin: Vulnerability in IBM® Java SDK affects IBM WebSphere Application Server due to CVE-2022-40609

Summary There is a vulnerability in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server traditional . This product has addressed the applicable CVE. If.....

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Automation Workflow (CVE-2022-40609)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s).....

Security Bulletin: IBM® Db2® has multiple denial of service vulnerabilities with a specially crafted query

Summary IBM® Db2® has multiple denial of service vulnerabilities with a specially crafted query Vulnerability Details ** CVEID: CVE-2023-30447 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially...

CVE-2021-40161

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7...

CVE-2021-40167

A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current...

Security Bulletin: Multiple vulnerabilities may affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.

Summary IBM® Runtime Environment Java™ is used by CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. The fix updates the Java Runtime Environment to resolve the following vulnerabilities. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM...

Security Bulletin: Multiple vulnerabilities may affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.

Summary IBM® Runtime Environment Java™ is used by CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. The fix updates the Java Runtime Environment to resolve the following vulnerabilities. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM...

Security Bulletin: A remote code execution vulnerability in IBM Java SDK affects IBM InfoSphere Information Server (CVE-2022-40609)

Summary A remote code execution vulnerability in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a...

Intel® Unite® Software Advisory

Summary: Potential security vulnerabilities in some Intel® Unite® software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-25773 Description: Improper access control in the Intel(R) Unite(R).....

Security Bulletin: CVE-2022-40609 affects IBM® SDK, Java™ Technology Edition

Summary CVE-2022-40609 affects the Object Request Broker (ORB) in IBM SDK, Java Technology Edition. An update has been released to address the vulnerability. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM SDK, Java Technology Edition could allow a remote attacker to execute...

Intel® Quartus® for Linux Advisory

Summary: A potential security vulnerability in some Intel® Quartus® Prime Pro and Standard edition software for linux may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-24016 Description:...

2023.3 IPU - Intel® Xeon® Processor Advisory

Summary: A potential security vulnerability in some Intel® Xeon® Processors with Intel® Software Guard Extensions (SGX) may allow escalation of privilege. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-41804 Description:...

2023.3 IPU - Intel® Xeon® Scalable Processors Advisory

Summary: A potential security vulnerability in some 3rd Generation Intel® Xeon® Scalable processors may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-23908 Description: Improper access control in...

Intel Agilex® Advisory

Summary: A potential security vulnerability in some Intel Agilex®software included as part of Intel® Quartus® Prime Pro Edition for linux may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-24478...

Intel® oneMKL Software Advisory 

Summary: Potential security vulnerabilities in some Intel® oneAPI Math Kernel Library (oneMKL) may allow ecsalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2022-25864 Description: Uncontrolled search path in...

Intel® VROC Software Advisory

Summary: A potential security vulnerability in some Intel® Virtual RAID on CPU (VROC) software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-45112 Description: Improper access control in some.....

Intel® PCSD BIOS Advisory

Summary: A potential security vulnerability in some Intel® Product Collaboration and Systems Division (PCSD) system BIOS may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-34657 Description:...

Intel® DTT Software Advisory

Summary: A potential security vulnerability in the Intel® Dynamic Tuning Technology (DTT) software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-29470 Description: Improper access control in...

Intel® PSR SDK Advisory

Summary: A potential security vulnerability in some Intel® Platform Service Record (PSR) Software Development Kit (SDK) software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-29151...

Intel® RealSenseTM SDK Advisory

Summary: A potential security vulnerability in some Intel® RealSense™ Software Development Kits (SDKs) may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-32663 Description: Incorrect default...

Intel® NUC CID Advisory

Summary: A potential security vulnerability in some ITE Tech consumer infrared drivers (CID) for some Intel® NUCs may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-23577 Description: Uncontrolled.....

Intel® ITS Software Advisory

Summary: A potential security vulnerability in the Intel® Intelligent Test System (ITS) software may allow escalation of privilege. Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for Intel® ITS software. Vulnerability...