Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in....
5.9CVSS
6.7AI Score
0.0004EPSS
Intel Optane™ SSD Firmware November 2023 Security Update
Intel has informed HP of potential security vulnerabilities in some Intel® Optane™ SSD and some Intel® Optane™ SSD DC products, which might allow escalation of privilege, information disclosure or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities. .....
7.8CVSS
7.4AI Score
0.001EPSS
Intel Rapid Storage Technology Software November 2023 Security Update
Intel has informed HP of a potential security vulnerability in some Intel® Rapid Storage Technology software, which might allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential...
7.8CVSS
7.1AI Score
0.0004EPSS
Security Bulletin: Multiple vulnerabilities affect IBM Db2® REST
Summary IBM has released the below fix for IBM Db2® REST in response to multiple vulnerabilities found in multiple components. The vulnerabilities have been addressed. Vulnerability Details ** CVEID: CVE-2023-39323 DESCRIPTION: **Golang Go could allow a remote attacker to execute arbitrary code...
8.1CVSS
7.9AI Score
0.002EPSS
Rockwell Automation FactoryTalk Service Platform
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: FactoryTalk Service Platform Vulnerability: Incorrect Execution-Assigned Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow malicious users with...
9CVSS
9.3AI Score
0.0004EPSS
Metasploit Weekly Wrap-Up 02/23/2024
LDAP Capture module Metasploit now has an LDAP capture module thanks to the work of JustAnda7. This work was completed as part of the Google Summer of Code program. When the module runs it will by default require privileges to listen on port 389. The module implements a default implementation for.....
9.8CVSS
9.8AI Score
0.969EPSS
Summary Vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVEs. Vulnerability Details ** CVEID: CVE-2023-22049 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component.....
5.9CVSS
5.5AI Score
0.001EPSS
Intel® Virtual RAID on CPU (VROC) August 2023 Security Updates
Intel has informed HP of a potential security vulnerability identified in the Intel® Virtual RAID on CPU (VROC) software, which might allow escalation of privilege. Intel is releasing software updates to mitigate the potential vulnerability. Intel has released updates to mitigate the potential...
7.8CVSS
7.2AI Score
0.0004EPSS
Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been...
7.5CVSS
9.2AI Score
0.732EPSS
A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26...
10CVSS
9.2AI Score
0.001EPSS
A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26...
9.8CVSS
9.4AI Score
0.001EPSS
Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms
It’s no secret that ransomware is top of mind for many chief information security officers (CISOs) as the number of attacks has increased exponentially. As seen in the latest Microsoft Digital Defense Report, our “telemetry indicates that organizations faced an increased rate of ransomware attacks....
7.2AI Score
Summary There are multiple vulnerabilities in IBM® SDK, Java™ Technology Edition, Versions 7 and 8, that are used by IBM Virtualization Engine TS7700. These issues were disclosed as part of the IBM Java SDK updates in October 2017, January 2018 and April 2018. Vulnerability Details CVEID:...
8.3CVSS
1.6AI Score
0.003EPSS
Intel BIOS Firmware CVE-2022-26006 (INTEL-SA-00688)
The version of the Intel BIOS on the remote device is affected by a vulnerability as identified in the INTEL-SA-00688 advisory. Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local...
8.2CVSS
7.4AI Score
0.0004EPSS
KLA60730 Multiple vulnerabilities in Microsoft Apps
Multiple vulnerabilities were found in Microsoft Apps. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service. Below is a complete list of vulnerabilities: A remote code execution vulnerability in Autodesk® FBX® SDK 2020...
7.8CVSS
8.9AI Score
0.001EPSS
Intel BIOS Firmware CVE-2022-21198 (INTEL-SA-00688)
The version of the Intel BIOS on the remote device is affected by a vulnerability as identified in the INTEL-SA-00688 advisory. Time-of-check time-of-use race condition in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege...
7.9CVSS
7.3AI Score
0.0004EPSS
Metasploit Weekly Wrap-Up 02/16/2024
New Fetch Payload It has been almost a year since Metasploit released the new fetch payloads and since then, 43 of the 79 exploit modules have had support for fetch payloads. The original payloads supported transferring the second stage over HTTP, HTTPS and FTP. This week, Metasploit has expanded.....
7.3AI Score
Intel Dynamic Tuning Technology Software August 2023 Security Update
Intel has informed HP of a potential security vulnerability in the Intel® Dynamic Tuning Technology (DTT) software which may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential...
7.8CVSS
7.1AI Score
0.0004EPSS
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...
9.8CVSS
7.8AI Score
0.001EPSS
Security Bulletin: Vulnerabilities in IBM Java Runtime affect z/Transaction Processing Facility
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-22049 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries...
5.9CVSS
9.4AI Score
0.001EPSS
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an...
7.5CVSS
9.6AI Score
0.001EPSS
5 Insights from the Latest Cybersecurity Trends Research
Rapid7 is committed to promoting research that identifies the latest cybersecurity trends so that organizations can leverage these insights and create programs that make sense for the modern SOC. To that end, we’ve singled out five quick insights security professionals and stakeholders should...
7.3AI Score
A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26...
10CVSS
9.4AI Score
0.001EPSS
Summary IBM SDK, Java Technology Edition is used by IBM Security Directory products as part of the IBM SDK, Java Technology Edition. See security bulletin for more details. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and...
5.3CVSS
5.7AI Score
0.001EPSS
Summary IBM® SDK, Java™ Technology Edition is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM SDK, Java Technology Edition has been published in multiple security bulletins. These products have addressed the applicable CVE(s). For a...
7AI Score
KLA60570 Multiple vulnerabilities in Microsoft Apps
Multiple vulnerabilities were found in Microsoft Apps. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities: A remote code execution vulnerability in 3D Builder can be exploited remotely to execute arbitrary code. A remote code...
7.8CVSS
8.7AI Score
0.001EPSS
Metasploit Weekly Wrap-Up 02/02/2024
Shared RubySMB Service Improvements This week’s updates include improvements to Metasploit Framework’s SMB server implementation: the SMB server can now be reused across various SMB modules, which are now able to register their own unique shares and files. SMB modules can also now be executed...
9.8CVSS
9.6AI Score
0.956EPSS
KLA50317 Multiple vulnerabilities in Microsoft Developer Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code, bypass security restrictions, obtain sensitive information, spoof user interface. Below is a complete list of...
7.8CVSS
9.8AI Score
0.01EPSS
Summary: Potential security vulnerabilities in some Intel® NUC BIOS firmware may allow escalation of privilege, information disclosure or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-42429 Description:...
7.7AI Score
0.0004EPSS
Riding the AI Waves: The Rise of Artificial Intelligence to Combat Cyber Threats
In nearly every segment of our lives, AI (artificial intelligence) now makes a significant impact: It can deliver better healthcare diagnoses and treatments; detect and reduce the risk of financial fraud; improve inventory management; and serve up the right recommendation for a streaming movie on.....
6.8AI Score
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION:.....
5.9CVSS
7AI Score
0.001EPSS
Summary: Potential security vulnerabilities in some Intel® NUC software installers may allow escalation of privilege or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-32272 Description: Uncontrolled search.....
7.6AI Score
0.0004EPSS
Intel® NUC BIOS Firmware Advisory
Summary: Potential security vulnerabilities in some Intel® NUC BIOS firmware may allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-28738 Description: Improper input validation for some Intel® NUC...
7.6AI Score
0.0004EPSS
Security Bulletin: Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated.
Summary Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated. These vulnerabilities were fixed in the images published on December 01, 2023 but the CVEs were not included in the bulletin. Vulnerability Details ** CVEID: CVE-2022-1471 DESCRIPTION: **SnakeYaml could allow a...
9.8CVSS
9.6AI Score
0.022EPSS
Security Bulletin: Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated.
Summary Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated. Vulnerability Details ** CVEID: CVE-2023-1370 DESCRIPTION: **netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By sending a specially crafted...
7.5CVSS
7.9AI Score
0.002EPSS
Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the consumed PCRE library.
Summary IBM® Db2® is affected by multiple vulnerabilities in the consumed PCRE library. Vulnerability Details ** CVEID: CVE-2015-8383 DESCRIPTION: **PCRE is vulnerable to a heap-based buffer overflow, caused by the improper handling of certain repeated conditional groups. By using a specially...
9.8CVSS
9.2AI Score
0.059EPSS
Summary IBM® Db2® is affected by multiple vulnerabilities in the open source zlib library. Vulnerability Details ** CVEID: CVE-2018-25032 DESCRIPTION: **Zlib is vulnerable to a denial of service, caused by a memory corruption in the deflate operation. By using many distant matches, a remote...
9.8CVSS
9.6AI Score
0.473EPSS
Security Bulletin: IBM® Db2® is vulnerable to privilege escalation with DATAACCESS. (CVE-2023-38003)
Summary IBM® Db2® could allow a user with DATAACCESS privileges to execute routines that they should not have access to. Vulnerability Details ** CVEID: CVE-2023-38003 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user with DATAACCESS privileges to.....
7.2CVSS
7.5AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to denial of service under extreme stress conditions. Vulnerability Details ** CVEID: CVE-2023-40692 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service under extreme stress conditions. CVSS Base...
7.5CVSS
7.8AI Score
0.001EPSS
Rockwell Automation FactoryTalk Service Platform
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Service Platform Vulnerability: Improper Verification of Cryptographic Signature 2. RISK EVALUATION Successful exploitation of this vulnerability...
9.8CVSS
5.5AI Score
0.001EPSS
Unified security operations with Microsoft Sentinel and Microsoft Defender XDR
Numerous cybersecurity tools exist to help organizations protect their data, people, and systems. There are different tools that check emails for phishing attempts, secure infrastructure and cloud, and provide generative AI to detect threats and uplevel response beyond human ability. While each of....
7.1AI Score
Summary IBM® Db2® is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB or larger table. Vulnerability Details ** CVEID: CVE-2023-40687 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a...
7.5CVSS
7.6AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query. Vulnerability Details ** CVEID: CVE-2023-43020 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query. CVSS Base score:...
8.6AI Score
EPSS
Summary IBM® Db2® is vulnerable to denial of service with a specially crafted SQL statement. Vulnerability Details ** CVEID: CVE-2023-38727 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted SQL statement....
7.5CVSS
7.7AI Score
0.001EPSS
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...
9.8CVSS
8.8AI Score
0.001EPSS
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...
9.8CVSS
0.001EPSS
Microsoft is addressing 73 vulnerabilities this February 2024 Patch Tuesday, including two (actually, three!) zero-day/exploited-in-the-wild vulnerabilities, both of which are already included on the CISA KEV list. Today also brings patches for two critical remote code execution (RCE)...
9.8CVSS
10AI Score
0.074EPSS
Summary There is a vulnerability in the Apache Santuario library used by IBM WebSphere Application Server Liberty when the wsSecurity-1.1, wsSecuritySaml-1.1 or samlWeb-2.0 feature is enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been...
6.5CVSS
6.4AI Score
0.001EPSS
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an...
7.5CVSS
0.001EPSS
Summary IBM® Db2® federated server is vulnerable to a denial of service when a specially crafted cursor is used. Vulnerability Details ** CVEID: CVE-2023-46167 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) federated server is vulnerable to a denial of service...
7.5CVSS
6.8AI Score
0.001EPSS