Meta Halts AI Use in Brazil Following Data Protection Authority's Ban

Meta has suspended the use of generative artificial intelligence GenAI in Brazil after the country's data protection authority issued a preliminary ban objecting to its new privacy policy. The development was first reported by news agency Reuters. The company said it has decided to suspend the...

Odoo Unprotected Database Manager

Odoo is a popular ERP and CRM open-source platform. Odoo includes a database manager which can help administrators performing management operations on their Odoo databases through a web interface. If no master password is set, this web interface allows any unauthenticated and remote attacker to...

The vulnerability of the VMware Cloud Director Object Storage Extension lies in the insufficient protection of operational data, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the VMware Cloud Director Object Storage Extension relates to insufficient protection of operational data. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Access Token Handler component of the JetBrains YouTrack software suite for managing projects and tasks allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Access Token Handler component of the JetBrains YouTrack software for managing projects and tasks is related to insufficient protection of registration data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to...

The vulnerability of the MarketplaceKit component in iPadOS and iOS operating systems allows a hacker to disclose protected information.

The vulnerability of the MarketplaceKit component for iPadOS and iOS lies in the lack of protection for sensitive data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information remotely...

The vulnerability of personal assistant Siri in operating systems iPadOS and iOS allows a hacker to disclose protected information.

The vulnerability of the personal assistant Siri in iPadOS and iOS operating systems is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to disclose protected information...

The vulnerability of the CI/CD system’s registration data protection mechanism in TeamCity allows unauthorized access to closed keys by attackers.

The vulnerability of the Continuous Integration and Deployment Application Delivery system CI/CD of TeamCity in JetBrains is related to insufficient protection for registration data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to th...

The vulnerability of the input/output device management component of the IOHIDFamily in operating systems such as iPadOS and iOS, as well as macOS, allows attackers to disclose protected information.

The vulnerability of the input/output device management component of the IOHIDFamily in iPadOS, iOS, and macOS is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow attackers to disclose protected information...

AI device Rabbit r1 logged user interactions without an option to erase them before selling

Rabbit, the manufacturer of the Artificial Intelligence AI assistant r1 has issued a security advisory telling users its found a potential security risk. If a user loses or sells their device, a person in possession of the r1 could potentially jailbreak the device and gain access to files that...

Securing APIs While Navigating Today’s Booming API Economy

...

The vulnerability of the BitLocker data protection function in Windows operating systems allows attackers to circumvent existing security restrictions and gain access to encrypted data.

The vulnerability of the BitLocker data protection function in Windows operating systems is related to a breach of the data protection mechanism. Exploiting this vulnerability can allow attackers to circumvent existing security restrictions and gain access to encrypted data...

The vulnerability of the Single Sign-On (SSO) authentication mechanism of the GitLab Duo Chat web interface, a software platform based on git for collaborative code development on GitLab, allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the Single Sign-On SSO authentication mechanism in the GitLab Duo Chat web interface of the git-based software platform for collaborative code development in GitLab is related to insufficient protection of sensitive data. Exploiting this vulnerability could allow an attacker,...

The vulnerability of the Updater service of the Parallels Desktop hypervisor allows a hacker to downgrade the software version.

The vulnerability of the Updater service in Parallels Desktop operating systems is related to a breach of data protection mechanisms. Exploiting this vulnerability could allow an attacker to downgrade the software version...

PT-2024-4860 · Microsoft · Windows Kernel +1

Name of the Vulnerable Software and Affected Versions: Windows Kernel affected versions not specified Description: A vulnerability in the Windows Kernel is related to insufficient protection of internal data. Exploitation of this issue may allow an attacker to gain unauthorized access to protecte...

PT-2024-4969 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: A spoofing vulnerability affects the system, potentially allowing attackers to perform spoofing attacks due to a lack of protection of service data within the Windows NTLM authentication...

PT-2024-4787 · Microsoft · Windows Lockdown Policy +1

Name of the Vulnerable Software and Affected Versions: Windows LockDown Policy WLDP affected versions not specified Description: The issue is related to a security-feature bypass vulnerability in the Windows LockDown Policy WLDP that affects the data protection mechanism. This vulnerability can b...

PT-2024-4987 · Microsoft · Azure Cyclecloud

Name of the Vulnerable Software and Affected Versions: Azure CycleCloud affected versions not specified Description: The issue is related to a data protection mechanism flaw in Azure CycleCloud, a tool for organizing and managing high-performance computing HPC environments. This flaw can be...

PT-2024-7488 · Yougile · Yougile

Name of the Vulnerable Software and Affected Versions: YouGile affected versions not specified Description: The issue is related to insufficient protection of service data in the project management service. It may allow a remote attacker to disclose protected information. Recommendations: At the...

The vulnerability of the Serial Peripheral Interface (SPI) protection function in AMD microprocessor software allows attackers to circumvent security restrictions, enhance their privileges, or execute arbitrary code.

The vulnerability of the Serial Peripheral Interface SPI protection function in AMD microprocessor-based software is related to insufficient protection of system data. Exploiting this vulnerability can allow attackers to circumvent security restrictions, gain additional privileges, or execute...

The vulnerability of ASUS RT-N12+ B1 router’s microprogramming software, related to the storage of passwords in an unencrypted form, allows a intruder to gain unauthorized access to protected information.

The vulnerability of ASUS RT-N12+ B1 router’s microprogramming software is related to deficiencies in the protection of registration data. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...