Oct 02, 2023THNVulnerability / Cyber Attack A high-severity security flaw has been disclosed in the open-source OpenRefine data cleanup and transformation tool that could result in arbitrary code execution on affected systems. Tracked as CVE-2023-37476 (CVSS score: 7.8), the vulnerability is a Zip Slip vulnerability that could have adverse impacts when importing a specially crafted […]
Sep 29, 2023THNVulnerability / Network Security Cisco is warning of attempted exploitation of a security flaw in its IOS Software and IOS XE Software that could permit an authenticated remote attacker to achieve remote code execution on affected systems. The medium-severity vulnerability is tracked as CVE-2023-20109, and has a CVSS score of 6.6. It impacts […]
Sep 27, 2023THNVulnerability / Endpoint Security A novel side-channel attack called GPU.zip renders virtually all modern graphics processing units (GPU) vulnerable to information leakage. “This channel exploits an optimization that is data dependent, software transparent, and present in nearly all modern GPUs: graphical data compression,” a group of academics from the University of Texas at […]
Sep 26, 2023THNVulnerability / Source Code A critical security vulnerability in the JetBrains TeamCity continuous integration and continuous deployment (CI/CD) software could be exploited by unauthenticated attackers to achieve remote code execution on affected systems. The flaw, tracked as CVE-2023-42793, carries a CVSS score of 9.8 and has been addressed in TeamCity version 2023.05.4 following […]
Sep 21, 2023THNVulnerability / Exploit A malicious actor released a fake proof-of-concept (PoC) exploit for a recently disclosed WinRAR vulnerability on GitHub with an aim to infect users who downloaded the code with Venom RAT malware. “The fake PoC meant to exploit this WinRAR vulnerability was based on a publicly available PoC script that exploited […]
Sep 20, 2023THNVulnerability / Software Security GitLab has shipped security patches to resolve a critical flaw that allows an attacker to run pipelines as another user. The issue, tracked as CVE-2023-5009 (CVSS score: 9.6), impacts all versions of GitLab Enterprise Edition (EE) starting from 13.12 and prior to 16.2.7 as well as from 16.3 and […]
Sep 14, 2023THNVulnerability / Hacking A high-severity security flaw has been disclosed in N-Able’s Take Control Agent that could be exploited by a local unprivileged attacker to gain SYSTEM privileges. Tracked as CVE-2023-27470 (CVSS score: 8.8), the issue relates to a Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability, which, when successfully exploited, could be leveraged […]
Sep 13, 2023THNVulnerability / Data Security More details have emerged about a set of now-patched cross-site scripting (XSS) flaws in the Microsoft Azure HDInsight open-source analytics service that could be weaponized by a threat actor to carry out malicious activities. “The identified vulnerabilities consisted of six stored XSS and two reflected XSS vulnerabilities, each of […]
Sep 13, 2023THNVulnerability / Zero Day Adobe’s Patch Tuesday update for September 2023 comes with a patch for a critical actively exploited security flaw in Acrobat and Reader that could permit an attacker to execute malicious code on susceptible systems. The vulnerability, tracked as CVE-2023-26369, is rated 7.8 for severity on the CVSS scoring system […]
- 1
- 2