DESCRIPTION Multiple vulnerabilities have been discovered in iOS, iPadOS, macOS, tvOS, watchOS, and Safari. The most severe of these vulnerabilities could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on...
Read More
DESCRIPTION Multiple vulnerabilities have been discovered in SAP products, the most severe of which could allow for arbitrary code execution. SAP is a software company which creates software to manage business operations and customer relations. Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated, remote attacker to execute code on the affected systems. Depending on the privileges associated with the application,...
Read More
DESCRIPTION Multiple Vulnerabilities have been discovered in Apache Struts, the most severe of which could allow for remote code execution. Apache Struts is an open source framework used for building Java web applications. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the affected application. Depending on the privileges associated with the application, an attacker...
Read More
DESCRIPTION The Cybersecurity and Infrastructure Security Agency (CISA) has observed cyber actors using emails containing a Microsoft Word document with a malicious Visual Basic Application (VBA) macro code to deploy KONNI malware. KONNI is a remote administration tool (RAT) used by malicious cyber actors to steal files, capture keystrokes, take screenshots, and execute arbitrary code on infected hosts. RECOMMENDATIONS CISA recommends that users and administrators...
Read More
DESCRIPTION Multiple vulnerabilities have been discovered in Adobe Acrobat and Adobe Reader, the most severe of which could allow for arbitrary code execution. Adobe Acrobat is a family of software developed by Adobe Inc. to view, create, manipulate, print, and manage files in PDF format. Adobe Reader is the free version within the Adobe Acrobat family of software. Successful exploitation of the most severe of...
Read More
DESCRIPTION Multiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution within the context of a privileged...
Read More
DESCRIPTION Apache web server is a common application used as a web application server. Being a open source software, it is extremely common and used throughout almost all the organizations. A specially crafted packet can crash the service and user can gain access and perform Remote Code Execution (RCE) on the server. If the attacker can perform the attack successfully, depending on the access level...
Read More
DESCRIPTION Server Message Block (SMB) is a protocol which is commonly found in windows based systems. This is a common method for sharing folder and accessing them via network. This method is quite common which makes this vulnerability very dangerous as even large enterprises usually have common shared location where they can store and retrieve files. IMPACTThis vulnerability can lead towards development of many malware...
Read More
DESCRIPTION Almost all of the Netgear devices now contains web interface for easy management. It becomes easy for the home administrator to configure and manage the device efficiently. Moreover, WiFi routers from this company is widely used Bangladesh. To do this httpd service has been used and it fails to validate the he header size provided to the upgrade_check.cgi handler. Despite copying the header to...
Read More
