Tarlogic's Blog - Cybersecurity
Cybersecurity articles with security analysis and ethical hacking technics information
CVE-2024-3094: Backdoor in XZ Utils library
CVE-2024-3094 present in the XZ Utils library may allow an attacker to use malicious code to compromise the integrity of affected systems On March 29, a developer identified CVE-20[...]
Read moreWhat can be the consequences of a security breach in a web application?
Web applications are a double-edged sword: they are the perfect showcase for potential customers, but they also act as a large window to sneak in and plunder the business. A securi[...]
Read moreBlueSpy – Spying on Bluetooth conversations
BlueSpy is a proof of concept for exploiting vulnerabilities in Bluetooth headsets and eavesdropping on private conversations The first results following the publication of BSAM, a[...]
Read moreCVE-2023-49785: Vulnerability in NextChat
CVE-2023-49785 is a critical vulnerability affecting NextChat, an application that provides users with a web interface based on ChatGPT Information has been disclosed about a new c[...]
Read moreCVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Vulnerabilities
Vulnerabilities CVE-2024-27198 and CVE-2024-27199 affect TeamCity, a CI/CD management server software owned by JetBrains Two new vulnerabilities have been disclosed recently, which[...]
Read moreCVE-2024-22024: XXE vulnerability disclosed in Ivanti products
CVE-2024-22024 is an XML External Entity (XXE) vulnerability that allows a remote attacker to access internal files CVE-2024-22024, a new high rated vulnerability affecting Ivanti [...]
Read moreCVE-2023-7028: A critical vulnerability affecting GitLab
Critical vulnerability CVE-2023-7028 in the open source platform GitLab allows taking control of other users’ accounts A critical vulnerability has been discovered in GitLab,[...]
Read moreCritical vulnerabilities of the ownCloud platform are being exploited in the wild
On November 21, 2023, three critical vulnerabilities were made public (CVE-2023-49103, CVE-2023-49104, CVE-2023-49105), affecting several applications of the ownCloud online file s[...]
Read moreCVE-2023-4911: The vulnerability Looney Tunables in GlibC is being actively exploited
On October 3, 2023, Qualys published information about a high-severity local privilege escalation vulnerability in the GNU C Library (glibc), which is widely used on Linux systems.[...]
Read moreCVE-2023-38545: Heap overflow vulnerability in curl (SOCKS 5)
The vulnerability CVE-2023-38545 affects curl, a command line tool and software library used to transfer data to and from a server On October 11th, 2023 the curl development team h[...]
Read more