by CIRT Team
বাংলাদেশ ন্যাশনাল ডিজিটাল আর্কিটেকচার (বিএনডিএ) বাস্তবায়ন বিষয়ক কর্মশালা
প্রধান অতিথি: জনাব মো: ছাইফুল ইসলাম,যুগ্মসচিব (ই-গভর্নেন্স অধিশাখা), মন্ত্রিপরিষদ বিভাগসঞ্চালক : জনাব মোঃ আবদুস সাত্তার সরকার, যুগ্মসচিব (ডিজিটাল গভর্নেন্স ও সিকিউরিটি অনুবিভাগ),তথ্য ও যোগাযোগ প্রযুক্তি বিভাগ এবং সদস্য সচিব, বিএনডিএ বাস্তবায়ন কমিটিসময় ও তারিখ : বিকাল ৩:০০ ঘটিকা, ০২-০২-২০২২স্থান : ‘বৈঠক’ অনলাইন প্লাটফর্ম
by CIRT Team
CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution
Description: All versions of Samba prior to 4.13.17 are vulnerable to an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit. The specific flaw exists within the parsing of EA metadata when opening files in smbd. Access as a user that has write access to a file’s extended attributes...
Read More
by CIRT Team
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
DESCRIPTION:Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution. * iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.* iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.* macOS Monterey is the 18th and current major release of macOS.* macOS Big Sur...
Read More
by CIRT Team
Multiple Vulnerabilities in SonicWall SMA 100 Series Could Allow for Arbitrary Code Execution
DESCRIPTION:Multiple vulnerabilities in SonicWall SMA 100 Series could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could allow for arbitrary code execution. The SonicWall SMA 100 Series is a unified secure access gateway that enables organizations to provide access to any application, anytime, from anywhere, and any devices, including managed and unmanaged. Depending on the privileges associated with the application, an attacker could...
Read More
by CIRT Team
A Vulnerability in Polkit’s pkexec Component Could Allow For Local Privilege Escalation
DESCRIPTION:A vulnerability in Polkit’s pkexec component could allow for localprivilege escalation. Polkit (formerly PolicyKit) is a component forcontrolling system-wide privileges in Unix-like operating systems. Itprovides an organized way for non-privileged processes to communicatewith privileged ones. Polkit is installed by default on all major Linuxdistributions. Successful exploitation of this vulnerability couldresult in privilege escalation to root privileges. IMPACT:A vulnerability in Polkit ‘s pkexec component could allow...
Read More
by CIRT Team
A Vulnerability in F5Networks BIG-IP Could Allow for Denial of Service
DESCRIPTION:A vulnerability has been discovered in F5Networks BIG-IP, which couldresult in a denial-of-service (DoS). BIG-IP is a family of productscovering software and hardware designed around application availability,access control, and security solutions. Successful exploitation of thisvulnerability could allow an attacker to cause a denial of service toall servers sitting behind the BIG-IP system. IMPACT:A vulnerability has been discovered in F5Networks BIG-IP, which couldresult in a denial-of-service...
Read More
by CIRT Team
CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability
CVE SummaryCVE Base Score: 9.8 CRITICAL (CVSS:3.1)CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and MetricsBase Score: 9.8 CRITICALVector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HImpact Score: 5.9Exploitability Score: 3.9Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope(S): UnchangedConfidentiality(C): HighIntegrity (I): HighAvailability (A): High CVE Released: Jan 11, 2022, Last updated: Jan 12, 2022 Description:This vulnerability concerns the HTTP stack (http.sys) used in listening to process HTTP requests on...
Read More
by CIRT Team
A Vulnerability in Citrix Workspace App for Linux Could Allow for Local Privilege Escalation
DESCRIPTION:A vulnerability has been discovered in Citrix Workspace App for Linux, avirtual desktop application. Successful exploitation of thisvulnerability could allow for local privilege escalation. A privilegeescalation enables the attacker to obtain root privileges within thesystem which will enable them to install programs; view, change, ordelete data; or create new accounts with full user rights. IMPACT:A vulnerability has been discovered in Citrix Workspace App for Linux,...
Read More
by CIRT Team
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
DESCRIPTION:Multiple vulnerabilities have been discovered in Adobe products, themost severe of which could allow for Arbitrary Code Execution. * Acrobat and Reader is a family of application software and Webservices mainly used to create, view, and edit PDF documents.* Illustrator is a vector graphics editor and design program.* Bridge is a digital asset management application.* Adobe InCopy is a professional word processor.* InDesign is an...
Read More
