โผ CVE-2021-26339 โผ
๐ Read
via "National Vulnerability Database".
A bug in AMD CPUรขโฌโขs core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-39059 โผ
๐ Read
via "National Vulnerability Database".
IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214619.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-26364 โผ
๐ Read
via "National Vulnerability Database".
Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-26348 โผ
๐ Read
via "National Vulnerability Database".
Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-26350 โผ
๐ Read
via "National Vulnerability Database".
A TOCTOU race condition in SMU may allow for the caller to obtain and manipulate the address of a message port register which may result in a potential denial of service.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-26378 โผ
๐ Read
via "National Vulnerability Database".
Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-0027 โผ
๐ Read
via "National Vulnerability Database".
An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access. This issue impacts: All versions of Cortex XSOAR 6.1; All versions of Cortex XSOAR 6.2; All versions of Cortex XSOAR 6.5; Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build 6.6.0.2585049.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-0026 โผ
๐ Read
via "National Vulnerability Database".
A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This issue impacts all versions of Cortex XDR agent without content update 330 or a later content update version.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-29616 โผ
๐ Read
via "National Vulnerability Database".
SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-26342 โผ
๐ Read
via "National Vulnerability Database".
In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB). The failure to flush the TLB may cause the microcode to use stale TLB translations which may allow for disclosure of SEV guest memory contents. Users of SEV-ES/SEV-SNP guest VMs are not impacted by this vulnerability.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-26376 โผ
๐ Read
via "National Vulnerability Database".
Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-46744 โผ
๐ Read
via "National Vulnerability Database".
An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-26372 โผ
๐ Read
via "National Vulnerability Database".
Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-3611 โผ
๐ Read
via "National Vulnerability Database".
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-0024 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system processes and potentially execute arbitrary code with root privileges when the configuration is committed on both hardware and virtual firewalls. This issue does not impact Panorama appliances or Prisma Access customers. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.23; PAN-OS 9.0 versions earlier than PAN-OS 9.0.16; PAN-OS 9.1 versions earlier than PAN-OS 9.1.13; PAN-OS 10.0 versions earlier than PAN-OS 10.0.10; PAN-OS 10.1 versions earlier than PAN-OS 10.1.5.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-22975 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name (CN) of their user entry on the LDAP or AD server to include special characters, which could be used to perform LDAP query injection on the Supervisor's LDAP query which determines their Kubernetes group membership.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-22320 โผ
๐ Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 218367.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-26347 โผ
๐ Read
via "National Vulnerability Database".
TOCTOU (time-of-check to time-of-use) issue in the System Management Unit (SMU) may result in a DMA (Direct Memory Access) to invalid DRAM address that could result in denial of service.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-26400 โผ
๐ Read
via "National Vulnerability Database".
AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-43066 โผ
๐ Read
via "National Vulnerability Database".
A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to escalate privilege via the MSI installer.๐ Read
via "National Vulnerability Database".
๐ Top 6 Data Security Risks that Can Impact Your Bottom Line ๐
๐ Read
via "".
We look at six data security risks that can jeopardize your organization's continued growth.๐ Read
via "".
Digitalguardian
Top 6 Data Security Risks that Can Impact Your Bottom Line
We look at six data security risks that can jeopardize your organization's continued growth.