Intel® Security Vulnerabilities

Intel® QSFP+ Configuration Utility Software Advisory

Summary: A potential security vulnerability in some Intel® QSFP+ Configuration Utility software may allow escalation of privilege. Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for Intel® QSFP+ Configuration Utility...

CVE-2024-21917 Rockwell Automation FactoryTalk® Service Platform Service Token Vulnerability

A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. If exploited, a...

Metasploit Wrap-Up 03/15/2024

New module content (3) GitLab Password Reset Account Takeover Authors: asterion04 and h00die Type: Auxiliary Pull request: #18716 contributed by h00die Path: admin/http/gitlab_password_reset_account_takeover AttackerKB reference: CVE-2023-7028 Description: This adds an exploit module that...

CVE-2024-21917

A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. If exploited, a...

Intel® Optane™ PMem Management Software Advisory

Summary: Potential security vulnerabilities in some Intel® Optane™ Persistent Memory (PMem) management software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-22311 Description: Improper...

Security Bulletin: There are multiple vulnerabilities in IBM Db2 bundled with IBM Operations Analytics Predictive Insights

Summary IBM Operations Analytics Predictive Insights is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details Refer to the.....

Intel® ThunderboltTM DCH Drivers for Windows Advisory

Summary: Potential security vulnerabilities in some Intel® Thunderbolt™ Declarative Componentized Hardware (DCH) drivers for Windows may allow escalation of privilege, denial of service, and/or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities.....

Intel®  Battery Life Diagnostic Tool Software Advisory

Summary: A potential security vulnerability in some Intel® Battery Life Diagnostic Tool software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-35060 Description: Uncontrolled search path in...

Intel® SDK for OpenCL™ Applications Software Advisory

Summary: A potential security vulnerability in some Intel® SDK for OpenCL™ Applications software may allow escalation of privilege. Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for Intel® SDK for OpenCL™ Applications...

Intel® Ethernet Tools and Driver Install Software Advisory

Summary: Potential security vulnerabilities in some Intel® Ethernet tools and driver install software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-39432 Description: Improper access...

Arm DS for Intel® SoC FPGA Software Advisory

Summary: Potential security vulnerabilities in some Arm Development Studio (DS) for Intel® System-on-a-Chip (SoC) FPGA software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID:...

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to denial of service due to the use of IBM® SDK Java™ Technology Edition, Version 8 (CVE-2023-22081, CVE-2023-5676)

Summary IBM Virtualization Engine TS7700 is susceptible to denial of service due to the use of IBM SDK Java Technology Edition, Version 8 (CVE-2023-22081, CVE-2023-5676). The Java SDK is used by the TS7700 to provide the Management Interface, to perform cache management, and to provide Transparent....

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-47158, CVE-2023-47145, CVE-2023-47747, CVE-2023-27859, CVE-2023-47746, CVE-2023-47152, CVE-2023-47141, CVE-2023-45193,...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (Oct 2023 CPU)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7.1.5.19 and earlier, 8.0.8.11 and earlier used by IBM® Db2®. These issues were disclosed as part of the IBM Java SDK updates in October 2023. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An...

Security Bulletin: IBM Cognos Transformer is affected by security vulnerabilities

Summary There are vulnerabilities in Apache Xalan, Apache Commons Codec, IBM® Java™ Version 8, and OpenSSL that are consumed by IBM Cognos Transformer. These have been addressed by upgrading or removing the vulnerable libraries. Please refer to the table in the Related Information section for...

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

Summary IBM Cognos Analytics is affected and considered vulnerable, based on current information, to vulnerabilities in Open-Source Software (OSS) components consumed by IBM Cognos Analytics. IBM Cognos Analytics has addressed the applicable CVEs by upgrading or removing the vulnerable libraries......

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVEs and we recommend updating to the latest version to...

Patch Tuesday - April 2024

Microsoft is addressing 149 vulnerabilities this April 2024 Patch Tuesday, which is significantly more than usual. For the second month in a row, Microsoft indicated that they weren't aware of prior public disclosure or exploitation in the wild for any of the vulnerabilities patched today....

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager (CVE-2023-22045, CVE-2023-22049)

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2023-22045 ...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM DB2 which is shipped with IBM Intelligent Operations Center.

Summary Multiple security vulnerabilities have been identified in IBM DB2 shipped with IBM Intelligent Operations Center. Information about security vulnerabilities affecting IBM DB2 has been published in a security bulletin (CVE-2023-47158, CVE-2023-47145, CVE-2023-47747, CVE-2023-27859,...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 22, 2024 to April 28, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 304 vulnerabilities disclosed in 232...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Content Manager Enterprise Edition 8.5.0 (CVE-2016-3449, CVE-2016-0264)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 that is used by Content Manager Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in April 2016. Vulnerability Details If you run your own Java code using the IBM Java Runtime...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Manager Enterprise Edition CVE-2015-7575

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.7 that is used by Content Manager Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as “SLOTH”. ...

NVIDIA® GPU Display Driver October 2023 Security Update

NVIDIA has informed HP of potential security vulnerabilities identified in the NVIDIA® GPU Display Driver for Windows which may allow escalation of privilege, code execution, denial of service, or information disclosure. NVIDIA has released updates to mitigate these vulnerabilities. NVIDIA has...

ACAT Software Advisory

Summary: A potential security vulnerability in some Assistive Context-Aware Toolkit (ACAT) software maintained by Intel® may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-41231 Description:...

Denial Of Service Attack

org.grails:grails-databinding is vulnerable to Denial Of Service Attack. The vulnerability is due to a lack of validation in processing of web requests. An attacker can send specially crafted requests to cause a JVM crash or Denial of...

TCG TPM2.0 implementations vulnerable to memory corruption

Overview Two buffer overflow vulnerabilities were discovered in the Trusted Platform Module (TPM) 2.0 reference library specification, currently at Level 00, Revision 01.59 November 2019. An attacker who has access to a TPM-command interface can send maliciously-crafted commands to the module and.....

Metasploit Weekly Wrap-Up 03/01/2024

Connect the dots from authentication bypass to remote code execution This week, our very own sfewer-r7 added a new exploit module that leverages an authentication bypass vulnerability in ConnectWise ScreenConnect to achieve remote code execution. This vulnerability, CVE-2024-1709, affects all...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Content Manager Enterprise Edition

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 & 8 used by Content Manager Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. Vulnerability Details If you run your own Java code using the IBM Java Runtime...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Content Manager Enterprise Edition (CVE-2014-3566, CVE-2014-6457, CVE-2014-6468)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 5 and 7 that is used by Content Manager Enterprise Edition. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Content Manager Enterprise Edition ((CVE-2015-0410, CVE-2014-6593, CVE-2015-0383, CVE-2015-0138))

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 5 and 7, that is used by Content Manager Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring....

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2023-22006, CVE-2023-22036 & CVE-2023-22049)

Summary There are multiple vulnerabilities in IBM® Semeru Runtime Version 11 used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-22049 DESCRIPTION: **An...

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. Vulnerability Details ** CVEID: CVE-2023-43646 DESCRIPTION: **Chai.js Assertion Library get-func-name is...

Security Bulletin: IBM® Db2® is vulnerable to a privilege escalation to SYSTEM user via MSI repair functionality on Windows (CVE-2023-47145)

Summary IBM® Db2® is vulnerable to a privilege escalation to SYSTEM user via MSI repair functionality on Windows. Vulnerability Details ** CVEID: CVE-2023-47145 DESCRIPTION: **IBM Db2 for Windows (includes Db2 Connect Server) could allow a local user to escalate their privileges to the SYSTEM...

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2023-22081, CVE-2023-22067, CVE-2023-4807 & CVE-2023-5676)

Summary There are multiple vulnerabilities in IBM® Semeru Runtime Version 11 used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Content Manager Enterprise Edition

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 & 8 used by Content Manager Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in Oct 2017. Vulnerability Details If you run your own Java code using the IBM Java Runtime...

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2023-47158)

Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query. Vulnerability Details ** CVEID: CVE-2023-47158 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user with CONNECT privileges to cause a denial of...

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2023-47141)

Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query Vulnerability Details ** CVEID: CVE-2023-47141 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user with CONNECT privileges to cause a denial of...

Design/Logic Flaw

A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a specially crafted cursor is used. (CVE-2023-45193)

Summary IBM® Db2® is vulnerable to a denial of service when a specially crafted cursor is used. Vulnerability Details ** CVEID: CVE-2023-45193 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) federated server is vulnerable to a denial of service when a specially...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when using a specially crafted query (CVE-2023-47747)

Summary IBM® Db2® is vulnerable to a denial of service when using a specially crafted query. Vulnerability Details ** CVEID: CVE-2023-47747 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user with CONNECT privileges to cause a denial...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a specially crafted query is used (CVE-2023-47746)

Summary IBM® Db2® is vulnerable to a denial of service when a specially crafted query is used Vulnerability Details ** CVEID: CVE-2023-47746 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user with CONNECT privileges to cause a denial.....

SVR Cyber Actors Adapt Tactics for Initial Cloud Access

How SVR-Attributed Actors are Adapting to the Move of Government and Corporations to Cloud Infrastructure OVERVIEW This advisory details recent tactics, techniques, and procedures (TTPs) of the group commonly known as APT29, also known as Midnight Blizzard, the Dukes, or Cozy Bear. The UK National....

Security Bulletin: IBM® Db2® is vulnerable to remote code execution caused by installing like-named jar files across multiple databases. (CVE-2023-27859)

Summary IBM® Db2® is vulnerable to remote code execution caused by installing like-named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like-named jar file in another database. Vulnerability Details ** CVEID:...

Security Bulletin: IBM® Db2® Federated is affected by a vulnerability in the consumed open source presto-jdbc library that may lead to information disclosure

Summary IBM® Db2® Federated is affected by a vulnerability in the consumed open source presto-jdbc library that may lead to information disclosure. Vulnerability Details ** IBM X-Force ID: 268195 DESCRIPTION: **Presto is vulnerable to server-side request forgery, caused by improper validating the.....

Security Bulletin: Multiple CVEs may affect IBM® SDK, Java™ Technology Edition shipped with IBM TXSeries for Multiplatforms

Summary CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938 and CVE-2023-2597 may affect IBM® SDK, Java™ Technology Edition shipped with IBM TXSeries for Multiplatforms. IBM TXSeries for Multiplatforms has addressed the applicable CVEs....

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a statement is run on columnar tables under specific conditions (CVE-2023-50308)

Summary IBM® Db2® under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. Vulnerability Details ** CVEID: CVE-2023-50308 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server)...

Security Bulletin: IBM Cognos Command Center has addressed vulnerabilities in IBM® Semeru Java™ Version 11 and Eclipse Jetty

Summary There are vulnerabilities in IBM® Semeru Java™ Version 11 and Eclipse Jetty used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.5 has addressed the applicable CVEs by upgrading to IBM® Semeru JRE 11.0.20.0 (CVE-2023-22049, CVE-2023-22036) and Eclipse Jetty 10.0.17...

Security Bulletin: CVE-2022-21426 may affect IBM® SDK, Java™ Technology Edition shipped with IBM TXSeries for Multiplatforms

Summary CVE-2022-21426 may affect IBM® SDK, Java™ Technology Edition shipped with IBM TXSeries for Multiplatforms. IBM TXSeries for Multiplatforms has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2022-21426 DESCRIPTION: **An unspecified vulnerability in Java SE related to the.....

Security Bulletin: CVE-2023-21830 and CVE-2023-21843 may affect IBM® SDK, Java™ Technology Edition shipped with IBM TXSeries for Multiplatforms

Summary CVE-2023-21830 and CVE-2023-21843 may affect IBM® SDK, Java™ Technology Edition shipped with IBM TXSeries for Multiplatforms. IBM TXSeries for Multiplatforms has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-21830 DESCRIPTION: **An unspecified vulnerability in...