Security
Headlines
HeadlinesLatestCVEs

Tag

#ibm

CVE-2022-36777: Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.16.0could allow an authenticated user to obtain sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 233665.

CVE
Open in Source
#xss#vulnerability#web#mac#windows#dos#apache#nodejs#js#git#intel#buffer_overflow#auth#ssh#ibm
CVE-2023-25682: Security Bulletin: IBM Sterling B2B Integrator is vulnerable to information disclosure (CVE-2023-25682)

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 247034.

Ubuntu Security Notice USN-6496-1

Ubuntu Security Notice 6496-1 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6495-1

Ubuntu Security Notice 6495-1 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Manfred Rudigier discovered that the Intel PCI-Express Gigabit Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

AI Solutions Are the New Shadow IT

Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security RisksLike the SaaS shadow IT of the past, AI is placing CISOs and cybersecurity teams in a tough but familiar spot.  Employees are covertly using AI with little regard for established IT and cybersecurity review procedures. Considering ChatGPT’s meteoric rise to 100 million users within 60 days of launch, especially with little

CVE-2022-35638: Security Bulletin: IBM Sterling B2B Integrator dashboard is vulnerable to cross-site request forgery (CVE-2022-35638)

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230824.

CVE-2023-38361: Security Bulletin: "Weak or Unsupported ciphers" vulnerability may affect IBM CICS TX Advanced 10.1

IBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 260770.

CVE-2023-40363: Security Bulletin: InfoSphere Information Server is vulnerable due to improper access control (CVE-2023-40363)

IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permission settings. IBM X-Force ID: 263332.

Hackers Claim Major Data Breach at Smart WiFi Provider Plume

By Waqas Plume has not confirmed the data breach but has acknowledged that the company is aware of the claims made by hackers. This is a post from HackRead.com Read the original post: Hackers Claim Major Data Breach at Smart WiFi Provider Plume