#auth

**How would an attacker exploit this vulnerability?** This vulnerability would require an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to hardware resources on the VM which could result in remote code execution on the host server.

**According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H)? What does that mean for this vulnerability?** This vulnerability discloses a user's NTLMv2 hash to the attacker who could use this to authenticate as the user.

**According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability?** To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine.

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An attacker who successfully exploits this vulnerability could bypass Windows Defender Application Control (WDAC) enforcement. This could lead to the ability to run unauthorized applications on target systems.

**According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability?** To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine.

**According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability?** To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine.

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.

As the usage of artificial intelligence (AI) workloads in the industry is becoming ubiquitous, the risks of using AI models are also increasing, with new unauthorized personas potentially accessing those models. AI models are now the new key for organizations requiring large investments in training and inferencing, which largely rely on accelerated computing (GPUs).When we talk about protecting those models in Kubernetes environments, we look at protecting data in rest (storage), data in transit (networking), and data in use. Our focus here will be on data in use by leveraging confidential com

The "SANS 2024 State of ICS/OT Cybersecurity" report suggests organizations are going to shift spending from security technologies protecting industrial control systems and operational technology environments to nontechnical activities, such as training and incident response.

An XML External Entity (XXE) vulnerability in the component DocumentBuilderFactory of powertac-server v1.9.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities.