Description: All versions of Samba prior to 4.13.17 are vulnerable to an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit. The specific flaw exists within the parsing of EA metadata when opening files in smbd. Access as a user that has write access to a file’s extended attributes...
Read More
DESCRIPTION:Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution. * iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.* iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.* macOS Monterey is the 18th and current major release of macOS.* macOS Big Sur...
Read More
DESCRIPTION:A vulnerability in Polkit’s pkexec component could allow for localprivilege escalation. Polkit (formerly PolicyKit) is a component forcontrolling system-wide privileges in Unix-like operating systems. Itprovides an organized way for non-privileged processes to communicatewith privileged ones. Polkit is installed by default on all major Linuxdistributions. Successful exploitation of this vulnerability couldresult in privilege escalation to root privileges. IMPACT:A vulnerability in Polkit ‘s pkexec component could allow...
Read More
CVE SummaryCVE Base Score: 9.8 CRITICAL (CVSS:3.1)CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and MetricsBase Score: 9.8 CRITICALVector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HImpact Score: 5.9Exploitability Score: 3.9Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope(S): UnchangedConfidentiality(C): HighIntegrity (I): HighAvailability (A): High CVE Released: Jan 11, 2022, Last updated: Jan 12, 2022 Description:This vulnerability concerns the HTTP stack (http.sys) used in listening to process HTTP requests on...
Read More
DESCRIPTION:A vulnerability has been discovered in Citrix Workspace App for Linux, avirtual desktop application. Successful exploitation of thisvulnerability could allow for local privilege escalation. A privilegeescalation enables the attacker to obtain root privileges within thesystem which will enable them to install programs; view, change, ordelete data; or create new accounts with full user rights. IMPACT:A vulnerability has been discovered in Citrix Workspace App for Linux,...
Read More
DESCRIPTION:Multiple vulnerabilities have been discovered in Microsoft products, themost severe of which could allow for remote code execution in thecontext of the logged on user. Depending on the privileges associatedwith the user, an attacker could then install programs; view, change, ordelete data; or create new accounts with full user rights. Users whoseaccounts are configured to have fewer user rights on the system could beless impacted...
Read More
DESCRIPTION:A vulnerability has been discovered in HP FutureSmart that could allowfor arbitrary code execution. HP FutureSmart is a piece of systemfirmware that is used on all HP Enterprise devices. Successfulexploitation of this vulnerability could allow for arbitrary codeexecution within the context of the affected application. Depending onthe privileges associated with this application, an attacker could theninstall programs; view, change, or delete data; or create new...
Read More
DESCRIPTION:A vulnerability has been discovered in multiple NETGEAR products, whichcould allow for arbitrary code execution. Successful exploitation ofthis vulnerability could allow for arbitrary code execution in thecontext of the root user. An attacker could then install programs; view,change, or delete data; or create new accounts with full user rights. IMPACT: RIMM researchers are reported to have an exploit capable ofcompromising fully patched devices that are running...
Read More
DESCRIPTION:Multiple vulnerabilities have been discovered in the Google Androidoperating system (OS), the most severe of which could allow for remotecode execution. Android is an operating system developed by Google formobile devices, including, but not limited to, smartphones, tablets, andwatches. Successful exploitation of the most severe of thesevulnerabilities could allow for remote code execution within the contextof a privileged process. Depending on the privileges associated withthis...
Read More
DESCRIPTION:Multiple vulnerabilities in SonicWall SMA 100 Series could allow forarbitrary code execution. Successful exploitation of thesevulnerabilities could allow for arbitrary code execution. The SonicWallSMA 100 Series is a unified secure access gateway that enablesorganizations to provide access to any application, anytime, fromanywhere and any devices, including managed and unmanaged. Depending onthe privileges associated with the application, an attacker could theninstall programs; view, change, or delete...
Read More
