All articles tagged with #responsible disclosure
The Zero Day Initiative (ZDI) has disclosed four zero-day vulnerabilities in Microsoft Exchange that can be exploited remotely by authenticated attackers to execute arbitrary code or disclose sensitive information. Despite being notified by ZDI, Microsoft has not yet fixed the vulnerabilities. The flaws include deserialization issues and server-side request forgery vulnerabilities.
A high-severity security flaw, tracked as CVE-2023-37476, has been discovered in the OpenRefine data cleanup tool, allowing attackers to execute arbitrary code on affected systems. By tricking users into importing a malicious project file, the attacker gains the ability to execute code on the victim's machine. The vulnerability has been patched in version 3.7.4. This disclosure follows the surfacing of exploit code for patched flaws in Microsoft SharePoint Server and a high-severity bug in Apache NiFi, highlighting the severe impact of these vulnerabilities on system security and data integrity.