βΌ CVE-2023-29328 βΌ
π Read
via "National Vulnerability Database".
Microsoft Teams Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-35388 βΌ
π Read
via "National Vulnerability Database".
Microsoft Exchange Server Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-35371 βΌ
π Read
via "National Vulnerability Database".
Microsoft Office Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-36532 βΌ
π Read
via "National Vulnerability Database".
Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38176 βΌ
π Read
via "National Vulnerability Database".
Azure Arc-Enabled Servers Elevation of Privilege Vulnerabilityπ Read
via "National Vulnerability Database".
π¦Ώ Microsoft Azure AI Adds GPT-4 and New Virtual Machines π¦Ώ
π Read
via "Tech Republic".
Microsoft is working on creating guidelines for red teams making sure generative AI is secure and responsible.π Read
via "Tech Republic".
TechRepublic
Microsoft Azure AI Adds GPT-4 and New Virtual Machines
Microsoft is also working on creating guidelines for red teams working on making sure generative AI is both secure and responsible.
βΌ CVE-2023-26961 βΌ
π Read
via "National Vulnerability Database".
Alteryx Server 2022.1.1.42590 does not employ file type verification for uploaded files. This vulnerability allows attackers to upload arbitrary files by changing the extension of the uploaded file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39086 βΌ
π Read
via "National Vulnerability Database".
ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitive information in cleartext.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36344 βΌ
π Read
via "National Vulnerability Database".
An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36482 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN82AB, and S3NRN82. A buffer copy without checking its input size can cause an NFC service restart.π Read
via "National Vulnerability Database".
βοΈ Microsoft Patch Tuesday, August 2023 Edition βοΈ
π Read
via "Krebs on Security".
Microsoft Corp. today issued software updates to plug more than 70 security holes in its Windows operating systems and related products, including a patch that addresses multiple zero-day vulnerabilities currently being exploited in the wild.π Read
via "Krebs on Security".
Krebs on Security
Microsoft Patch Tuesday, August 2023 Edition
Microsoft Corp. today issued software updates to plug more than 70 security holes in its Windows operating systems and related products, including a patch that addresses multiple zero-day vulnerabilities currently being exploited in the wild.
βΌ CVE-2023-3632 βΌ
π Read
via "National Vulnerability Database".
Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass.This issue affects Kunduz - Homework Helper App: before 6.2.3.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37855 βΌ
π Read
via "National Vulnerability Database".
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24477 βΌ
π Read
via "National Vulnerability Database".
In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout. Thus an authenticated local attacker may gain acces to the original user's session.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22378 βΌ
π Read
via "National Vulnerability Database".
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.Authenticated users can extract arbitrary information from the DBMS in an uncontrolled way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37856 βΌ
π Read
via "National Vulnerability Database".
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser .π Read
via "National Vulnerability Database".
βΌ CVE-2023-22843 βΌ
π Read
via "National Vulnerability Database".
An authenticated attacker with administrative access to the appliance can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will later be executed by another legitimate user viewing the details of such a rule.An attacker may be able to perform unauthorized actions on behalf of legitimate users. JavaScript injection was possible in the content for Yara rules, while limited HTML injection has been proven for packet and STYX rules.The injected code will be executed in the context of the authenticated victim's session.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2905 βΌ
π Read
via "National Vulnerability Database".
Due to a failure in validating the length of a provided MQTT_CMD_PUBLISHΓ parsed message with a variable length header, Cesanta Mongoose, anΓ embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not appear to be vulnerable. This issue is resolved in version 7.11.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23574 βΌ
π Read
via "National Vulnerability Database".
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.Authenticated users can extract arbitrary information from the DBMS in an uncontrolled way.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47185 βΌ
π Read
via "National Vulnerability Database".
Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37857 βΌ
π Read
via "National Vulnerability Database".
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. This issue cannot be exploited to bypass the web service authentication of the affected device(s).π Read
via "National Vulnerability Database".