by CIRT Team
A Vulnerability in F5Networks BIG-IP Could Allow for Denial of Service
DESCRIPTION:A vulnerability has been discovered in F5Networks BIG-IP, which couldresult in a denial-of-service (DoS). BIG-IP is a family of productscovering software and hardware designed around application availability,access control, and security solutions. Successful exploitation of thisvulnerability could allow an attacker to cause a denial of service toall servers sitting behind the BIG-IP system. IMPACT:A vulnerability has been discovered in F5Networks BIG-IP, which couldresult in a denial-of-service...
Read More
by CIRT Team
CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability
CVE SummaryCVE Base Score: 9.8 CRITICAL (CVSS:3.1)CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and MetricsBase Score: 9.8 CRITICALVector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HImpact Score: 5.9Exploitability Score: 3.9Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope(S): UnchangedConfidentiality(C): HighIntegrity (I): HighAvailability (A): High CVE Released: Jan 11, 2022, Last updated: Jan 12, 2022 Description:This vulnerability concerns the HTTP stack (http.sys) used in listening to process HTTP requests on...
Read More
by CIRT Team
A Vulnerability in Citrix Workspace App for Linux Could Allow for Local Privilege Escalation
DESCRIPTION:A vulnerability has been discovered in Citrix Workspace App for Linux, avirtual desktop application. Successful exploitation of thisvulnerability could allow for local privilege escalation. A privilegeescalation enables the attacker to obtain root privileges within thesystem which will enable them to install programs; view, change, ordelete data; or create new accounts with full user rights. IMPACT:A vulnerability has been discovered in Citrix Workspace App for Linux,...
Read More
by CIRT Team
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
DESCRIPTION:Multiple vulnerabilities have been discovered in Adobe products, themost severe of which could allow for Arbitrary Code Execution. * Acrobat and Reader is a family of application software and Webservices mainly used to create, view, and edit PDF documents.* Illustrator is a vector graphics editor and design program.* Bridge is a digital asset management application.* Adobe InCopy is a professional word processor.* InDesign is an...
Read More
by CIRT Team
Critical Patches Issued for Microsoft Products, January 11, 2022
DESCRIPTION:Multiple vulnerabilities have been discovered in Microsoft products, themost severe of which could allow for remote code execution in thecontext of the logged on user. Depending on the privileges associatedwith the user, an attacker could then install programs; view, change, ordelete data; or create new accounts with full user rights. Users whoseaccounts are configured to have fewer user rights on the system could beless impacted...
Read More
by CIRT Team
Multiple Vulnerabilities in Distributed Data Systems WebHMI Could Allow for Arbitrary Code Execution
DESCRIPTION:Multiple vulnerabilities have been discovered in Distributed DataSystems WebHMI, the most severe of which could allow for arbitrary codeexecution. Distributed Data Systems WebHMI is a SCADA system with abuilt-in web server that allows you to monitor and control anyautomation system on the local network and via the Internet from yourcomputer and mobile devices. Successful exploitation of the most severeof these vulnerabilities could allow an administrator...
Read More
by CIRT Team
A Vulnerability in HP Printer Products Could Allow for Arbitrary Code Execution
DESCRIPTION:A vulnerability has been discovered in HP FutureSmart that could allowfor arbitrary code execution. HP FutureSmart is a piece of systemfirmware that is used on all HP Enterprise devices. Successfulexploitation of this vulnerability could allow for arbitrary codeexecution within the context of the affected application. Depending onthe privileges associated with this application, an attacker could theninstall programs; view, change, or delete data; or create new...
Read More
by CIRT Team
A Vulnerability in Multiple NETGEAR Products Could Allow for Arbitrary Code Execution
DESCRIPTION:A vulnerability has been discovered in multiple NETGEAR products, whichcould allow for arbitrary code execution. Successful exploitation ofthis vulnerability could allow for arbitrary code execution in thecontext of the root user. An attacker could then install programs; view,change, or delete data; or create new accounts with full user rights. IMPACT: RIMM researchers are reported to have an exploit capable ofcompromising fully patched devices that are running...
Read More
by CIRT Team
Multiple Vulnerabilities in Mozilla Firefox and Thunderbird Could Allow for Arbitrary Code Execution
DESCRIPTION:Multiple vulnerabilities have been discovered in Mozilla Firefox, Firefox Extended Support Release (ESR), and Thunderbird, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in largeorganizations. Mozilla Thunderbird is an email client. Successful exploitation of the most severe...
Read More
by CIRT Team
Google Android OS Could Allow for Remote Code Execution
DESCRIPTION:Multiple vulnerabilities have been discovered in the Google Androidoperating system (OS), the most severe of which could allow for remotecode execution. Android is an operating system developed by Google formobile devices, including, but not limited to, smartphones, tablets, andwatches. Successful exploitation of the most severe of thesevulnerabilities could allow for remote code execution within the contextof a privileged process. Depending on the privileges associated withthis...
Read More