Security News
Multiple security vulnerabilities have been disclosed in the Exim mail transfer agent that, if successfully exploited, could result in information disclosure and remote code execution. The list of...
On Thursday, researchers from security firm Rezillion published evidence that they said made it "Highly likely" both indeed stemmed from the same bug, specifically in libwebp, the code library that apps, operating systems, and other code libraries incorporate to process WebP images. Rather than Apple, Google, and Citizen Lab coordinating and accurately reporting the common origin of the vulnerability, they chose to use a separate CVE designation, the researchers said.
Google has assigned a new CVE identifier for a critical security flaw in the libwebp image library for rendering images in the WebP format that has come under active exploitation in the wild....
Software development firm JetBrains has fixed a critical vulnerability in its TeamCity continuous integration and continuous delivery solution, which may allow authenticated attackers to achieve remote code execution and gain control of the server. "As of September 25, 2023, Rapid7 is not aware of in-the-wild exploitation of CVE-2023-42793, and no public exploit code is available," shared Caitlin Condon, head of vulnerability research at Rapid7.
A critical security vulnerability in the JetBrains TeamCity continuous integration and continuous deployment (CI/CD) software could be exploited by unauthenticated attackers to achieve remote code...
GitLab has fixed a critical vulnerability in the Enterprise Edition and Community Edition of its widely used DevOps platform. "Scan execution policy allows configuring built-in scanners for GitLab projects, such as static analysis and vulnerability scanning. These scanners are running in dedicated pipelines with a predefined set of permissions," Alex Ilgayev, head of security research at Cycode told Help Net Security.
Trend Micro has fixed a critical zero-day vulnerability in several of its endpoint security products for enterprises that has been spotted being exploited in the wild."Trend Micro has observed at least one active attempt of potential exploitation of in the wild," the company shared.
Multiple security flaws have been disclosed in the Nagios XI network monitoring software that could result in privilege escalation and information disclosure. The four security vulnerabilities,...
GitLab has shipped security patches to resolve a critical flaw that allows an attacker to run pipelines as another user. The issue, tracked as CVE-2023-5009 (CVSS score: 9.6), impacts all versions...
Cybersecurity company Trend Micro has released patches and hotfixes to address a critical security flaw in Apex One and Worry-Free Business Security solutions for Windows that has been actively...