🦿 White House Executive Order on AI Provides Guidelines for AI Privacy and Safety 🦿
📖 Read
via "Tech Republic".
The Biden administration directed government organizations, including NIST, to encourage responsible and innovative use of generative AI.📖 Read
via "Tech Republic".
TechRepublic
AI Executive Order: White House Releases 90-Day Progress Report
The Biden administration directed government organizations, including NIST, to encourage responsible and innovative use of AI.
🕴 Boeing Breached by Ransomware, LockBit Gang Claims 🕴
📖 Read
via "Dark Reading".
LockBit gives Boeing a Nov. 2 deadline to pay the ransom, or have its sensitive documents leaked to the public, but it hasn't given evidence of the compromise. 📖 Read
via "Dark Reading".
Dark Reading
Boeing Breached by Ransomware, LockBit Gang Claims
LockBit gives Boeing a Nov. 2 deadline to pay the ransom or have its sensitive documents leaked to the public, but it hasn't given evidence of the compromise.
🕴 UAE Cyber Council Warns of Google Chrome Vulnerability 🕴
📖 Read
via "Dark Reading".
The country has issued a recommendation to update after a high-risk vulnerability was disclosed last week in the browser.📖 Read
via "Dark Reading".
Dark Reading
UAE Cyber Council Warns of Google Chrome Vulnerability
The country has issued a recommendation to update after a high-risk vulnerability was disclosed last week in the browser.
🕴 Budget Cuts at CISA Could Affect Enterprise Cybersecurity 🕴
📖 Read
via "Dark Reading".
Politicians are suggesting massive cuts to CISA's budget, threatening its missions to secure federal networks and help critical infrastructure operators fend off cyberattacks.📖 Read
via "Dark Reading".
Dark Reading
Budget Cuts at CISA Could Affect Enterprise Cybersecurity
Politicians are suggesting massive cuts to CISA's budget, threatening its missions to secure federal networks and help critical infrastructure operators fend off cyberattacks.
‼ CVE-2023-40101 ‼
📖 Read
via "National Vulnerability Database".
In collapse of canonicalize_md.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-47104 ‼
📖 Read
via "National Vulnerability Database".
tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. NOTE: this issue exists because of an incomplete fix for CVE-2020-36767, which only considered single and double quote characters.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21385 ‼
📖 Read
via "National Vulnerability Database".
In Whitechapel, there is a possible out of bounds read due to memory corruption. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21395 ‼
📖 Read
via "National Vulnerability Database".
In Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21384 ‼
📖 Read
via "National Vulnerability Database".
In Package Manager, there is a possible possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21381 ‼
📖 Read
via "National Vulnerability Database".
In Media Resource Manager, there is a possible local arbitrary code execution due to use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21387 ‼
📖 Read
via "National Vulnerability Database".
In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-42804 ‼
📖 Read
via "National Vulnerability Database".
BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.1 has a path traversal vulnerability that allows an attacker with a valid starting folder path, to traverse and read other files without authentication, assuming the files have certain extensions (txt, swf, svg, png). In version 2.6.0-beta.1, input validation was added on the parameters being passed and dangerous characters are stripped. There are no known workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21396 ‼
📖 Read
via "National Vulnerability Database".
In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21372 ‼
📖 Read
via "National Vulnerability Database".
In libdexfile, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21375 ‼
📖 Read
via "National Vulnerability Database".
In Sysproxy, there is a possible out of bounds write due to an integer underflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21393 ‼
📖 Read
via "National Vulnerability Database".
In Settings, there is a possible way for the user to change SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45780 ‼
📖 Read
via "National Vulnerability Database".
In Print Service, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21383 ‼
📖 Read
via "National Vulnerability Database".
In Settings, there is a possible way for the user to unintentionally send extra data due to an unclear prompt. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21389 ‼
📖 Read
via "National Vulnerability Database".
In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21377 ‼
📖 Read
via "National Vulnerability Database".
In SELinux Policy, there is a possible restriction bypass due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21382 ‼
📖 Read
via "National Vulnerability Database".
In Content Resolver, there is a possible method to access metadata about existing content providers on the device due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".