EUVD-2023-46962

Malicious code in bioql PyPI...

EUVD-2023-46968

Malicious code in bioql PyPI...

Grok chats show up in Google searches

I’m starting to feel like a broken record, but I feel you should know that yet another AI has been found sharing private conversations so that Google was able to index them, and now they can be found in search results. It’s déjà vu in the world of AI: another day, another exposé about chatbot...

CVE-2023-42535

Out-of-bounds Write in readblock of vold prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code...

CVE-2023-47246

In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023...

CVE-2024-29916

The dormakaba Saflok system before the November 2023 software update allows an attacker to unlock arbitrary doors at a property via forged keycards, if the attacker has obtained one active or expired keycard for the specific property, aka the "Unsaflok" issue. This occurs, in part, because the ke...

CVE-2024-29916

The CVE describes a vulnerability in dormakaba Saflok systems (pre‑November‑2023 software update) where an attacker who has a valid active or expired keycard for a property can unlock arbitrary doors via forged keycards. The root cause is a UID‑only based key derivation function, affecting Saflok...

PT-2024-23138 · Dormakaba · Dormakaba Saflok System +5

Name of the Vulnerable Software and Affected Versions: dormakaba Saflok system versions prior to November 2023 software update Saflok MT versions prior to November 2023 software update Confidant series versions prior to November 2023 software update Quantum series versions prior to November 2023...

November 14, 2023—KB5032192 (OS Build 22000.2600)

November 14, 2023—KB5032192 OS Build 22000.2600 9/26/23 IMPORTANT As of September 26, 2023, there are no more optional, non-security preview releases for Windows 11, version 21H2. Only cumulative monthly security updates will continue for the supported versions of Windows 11, version 21H2...

EDK2 Buffer Error Vulnerability

EDK2 is a set of cross-platform firmware development environments from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2 202311 and earlier versions, which stems from a buffer overflow vulnerability in the Tcg2MeasureImage function...

Fedora 38 : dotnet6.0 (2023-9c901b8c2d)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-9c901b8c2d advisory. This is the November 2023 update for .NET 6. It includes fixes for multiple CVEs. Release Notes:...

Fedora 38 : dotnet7.0 (2023-484d7950a9)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-484d7950a9 advisory. This is the November 2023 monthly update for .NET 7. It includes several security fixes. Release Notes:...

CLSA-2023-1702324842 Fix CVE(s): CVE-2023-23583

SECURITY UPDATE: New microcode data file 2023-11-14 - Updated microcodes: sig 0x000606a6, pfmask 0x87, 2023-09-01, rev 0xd0003b9, size 299008 sig 0x000606c1, pfmask 0x10, 2023-09-08, rev 0x1000268, size 290816 sig 0x000706e5, pfmask 0x80, 2023-09-03, rev 0x00c2, size 113664 sig 0x000806c1, pfmask...

Summary of Vulnerabilities, Actors & Attacks: November 2023

...

CISA Known Exploited Vulnerability Catalog November 2023

For a detailed CISAs KEV Catalog, download the pdf file here Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. It is recommended that all organizations review and monitor the KEV catalog,...

Android Automotive OS Update Bulletin—December 2023Stay organized with collectionsSave and categorize content based on your preferences.

The Android Automotive OS AAOS Update Bulletin contains details of security vulnerabilities affecting the Android Automotive OS platform. The full AAOS update comprises the security patch level of 2023-12-05 or later from the November 2023 Android Security Bulletin in addition to all issues in th...

escondidolodge.com Improper Access Control vulnerability OBB-3798930

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

gbs.realwap.net Cross Site Scripting vulnerability OBB-3798717

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

cancerline.co.kr Cross Site Scripting vulnerability OBB-3798676

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

elprofesorencasa.com Improper Access Control vulnerability OBB-3798196

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...