π¦Ώ Microsoft Azure AI Adds GPT-4 and New Virtual Machines π¦Ώ
π Read
via "Tech Republic".
Microsoft is working on creating guidelines for red teams making sure generative AI is secure and responsible.π Read
via "Tech Republic".
TechRepublic
Microsoft Azure AI Adds GPT-4 and New Virtual Machines
Microsoft is also working on creating guidelines for red teams working on making sure generative AI is both secure and responsible.
βΌ CVE-2023-26961 βΌ
π Read
via "National Vulnerability Database".
Alteryx Server 2022.1.1.42590 does not employ file type verification for uploaded files. This vulnerability allows attackers to upload arbitrary files by changing the extension of the uploaded file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39086 βΌ
π Read
via "National Vulnerability Database".
ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitive information in cleartext.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36344 βΌ
π Read
via "National Vulnerability Database".
An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36482 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN82AB, and S3NRN82. A buffer copy without checking its input size can cause an NFC service restart.π Read
via "National Vulnerability Database".
βοΈ Microsoft Patch Tuesday, August 2023 Edition βοΈ
π Read
via "Krebs on Security".
Microsoft Corp. today issued software updates to plug more than 70 security holes in its Windows operating systems and related products, including a patch that addresses multiple zero-day vulnerabilities currently being exploited in the wild.π Read
via "Krebs on Security".
Krebs on Security
Microsoft Patch Tuesday, August 2023 Edition
Microsoft Corp. today issued software updates to plug more than 70 security holes in its Windows operating systems and related products, including a patch that addresses multiple zero-day vulnerabilities currently being exploited in the wild.
βΌ CVE-2023-3632 βΌ
π Read
via "National Vulnerability Database".
Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass.This issue affects Kunduz - Homework Helper App: before 6.2.3.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37855 βΌ
π Read
via "National Vulnerability Database".
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24477 βΌ
π Read
via "National Vulnerability Database".
In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout. Thus an authenticated local attacker may gain acces to the original user's session.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22378 βΌ
π Read
via "National Vulnerability Database".
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.Authenticated users can extract arbitrary information from the DBMS in an uncontrolled way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37856 βΌ
π Read
via "National Vulnerability Database".
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser .π Read
via "National Vulnerability Database".
βΌ CVE-2023-22843 βΌ
π Read
via "National Vulnerability Database".
An authenticated attacker with administrative access to the appliance can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will later be executed by another legitimate user viewing the details of such a rule.An attacker may be able to perform unauthorized actions on behalf of legitimate users. JavaScript injection was possible in the content for Yara rules, while limited HTML injection has been proven for packet and STYX rules.The injected code will be executed in the context of the authenticated victim's session.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2905 βΌ
π Read
via "National Vulnerability Database".
Due to a failure in validating the length of a provided MQTT_CMD_PUBLISHΓ parsed message with a variable length header, Cesanta Mongoose, anΓ embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not appear to be vulnerable. This issue is resolved in version 7.11.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23574 βΌ
π Read
via "National Vulnerability Database".
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.Authenticated users can extract arbitrary information from the DBMS in an uncontrolled way.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47185 βΌ
π Read
via "National Vulnerability Database".
Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37857 βΌ
π Read
via "National Vulnerability Database".
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. This issue cannot be exploited to bypass the web service authentication of the affected device(s).π Read
via "National Vulnerability Database".
βΌ CVE-2023-37861 βΌ
π Read
via "National Vulnerability Database".
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated remote attacker can execute code with root permissions with a specially crafted HTTP POST when uploading a certificate to the device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26310 βΌ
π Read
via "National Vulnerability Database".
There is a command injection problem in the old version of the mobile phone backup app.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33934 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38208 βΌ
π Read
via "National Vulnerability Database".
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24471 βΌ
π Read
via "National Vulnerability Database".
An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality.An authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining data that would normally be not accessible in the Query and Assertions functions.π Read
via "National Vulnerability Database".
π1