by CIRT Team
Google Android OS Could Allow for Remote Code Execution
DESCRIPTION:Multiple vulnerabilities have been discovered in the Google Androidoperating system (OS), the most severe of which could allow for remotecode execution. Android is an operating system developed by Google formobile devices, including, but not limited to, smartphones, tablets, andwatches. Successful exploitation of the most severe of thesevulnerabilities could allow for remote code execution within the contextof a privileged process. Depending on the privileges associated withthis...
Read More
by CIRT Team
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
DESCRIPTION:Multiple vulnerabilities have been discovered in Apple Products, themost severe of which could allow for arbitrary code execution. * iOS is a mobile operating system for mobile devices, including theiPhone, iPad, and iPod touch.* iPadOS is the successor to iOS 12 and is a mobile operating system foriPads.* macOS Monterey is the 18th and current major release of macOS.* macOS Big Sur is the 17th...
Read More
by CIRT Team
Multiple Vulnerabilities in SonicWall SMA 100 Series Could Allow for Arbitrary Code Execution
DESCRIPTION:Multiple vulnerabilities in SonicWall SMA 100 Series could allow forarbitrary code execution. Successful exploitation of thesevulnerabilities could allow for arbitrary code execution. The SonicWallSMA 100 Series is a unified secure access gateway that enablesorganizations to provide access to any application, anytime, fromanywhere and any devices, including managed and unmanaged. Depending onthe privileges associated with the application, an attacker could theninstall programs; view, change, or delete...
Read More
by CIRT Team
Apache Log4j2 is vulnerable to RCE via JDBC Appender when an attacker controls configuration
CVE-2021-44832 (CVSS score: 6.6 MEDIUM) – Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE)attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URIwhich can execute remote code. This issue is fixed by limiting...
Read More
by CIRT Team
Multiple Vulnerabilities in SiemensSolid Edge Could Allow for Arbitrary Code Execution
DESCRIPTION:Multiple vulnerabilities have been discovered in SiemensSolid Edge, themost severe of which could allow an attacker to cause an arbitrary codeexecution. Siemens Edge is a portfolio of software tools that addressesvarious product development processes: 3D design, simulation,manufacturing and design management. Successful exploitation of the mostsevere of these vulnerabilities could allow for arbitrary codeexecution. Depending on the privileges associated with the user, anattacker could then view...
Read More
by CIRT Team
Critical Patches Issued for Microsoft Products, December 14, 2021
DESCRIPTION:Multiple vulnerabilities have been discovered in Microsoft products, themost severe of which could allow for remote code execution in thecontext of the logged on user. Depending on the privileges associatedwith the user, an attacker could then install programs; view, change, ordelete data; or create new accounts with full user rights. Users whoseaccounts are configured to have fewer user rights on the system could beless impacted...
Read More
by CIRT Team
Multiple Vulnerabilities in iCloud for Windows Could Allow for Arbitrary Code Execution
DESCRIPTION:Multiple vulnerabilities have been discovered in iCloud for WindowsCould Allow for Arbitrary Code Execution. iCloud for Windows is a cloudstorage and cloud computing service. Successful exploitation of thesevulnerabilities could result in arbitrary code execution within thecontext of the application, an attacker gaining the same privileges asthe logged-on user, or the bypassing of security restrictions. Dependingon the permission associated with the application running the exploit,an attacker...
Read More
by CIRT Team
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
DESCRIPTION:Multiple vulnerabilities have been discovered in Apple Products, themost severe of which could allow for arbitrary code execution. * iOS is a mobile operating system for mobile devices, including theiPhone, iPad, and iPod touch.* iPadOS is the successor to iOS 12 and is a mobile operating system foriPads.* macOS Monterey is the 18th and current major release of macOS.* macOS Big Sur is the 17th...
Read More
by CIRT Team
Apache Releases Security Update for HTTP Server
DESCRIPTION:The Apache Software Foundation has released Apache HTTP Server 2.4.52.Reference:https://downloads.apache.org/httpd/Announcement2.4.html CVE-2021-44790 (CVSS score: 9.8- CRITICAL) -A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts).The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. CVE-2021-44224...
Read More
by CIRT Team
A Vulnerability in Fortinet FortiWeb Could Allow for Arbitrary Code Execution
DESCRIPTION:A vulnerability has been discovered in Fortinet FortiWeb that couldallow for arbitrary code execution. Fortinet FortiWeb is a firewall forweb applications, which provides threat protection for medium and largeenterprises. Successful exploitation of this vulnerability could allowfor arbitrary code execution within the context of the affectedapplication. Depending on the privileges associated with thisapplication, an attacker could then install programs; view, change, ordelete data; or create new...
Read More
