CVE

CVE-2022-1388 : BIG-IP iControl REST vulnerability

CVE-2022-1388: On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Impact: This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands,...

Read More


CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution

Description: All versions of Samba prior to 4.13.17 are vulnerable to an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit. The specific flaw exists within the parsing of EA metadata when opening files in smbd. Access as a user that has write access to a file’s extended attributes...

Read More


Millions of Dell Devices at Risk for Remote BIOS Attacks – CVE-2021-21571, CVE-2021-21572, CVE-2021-21573, CVE-2021-21574

Description:Eclypsium researchers have identified multiple vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS.This chain of vulnerabilities has a cumulative CVSS score of 8.3 (High) because it allows a privileged network adversary to impersonate Dell.com andgain arbitrary code execution at the BIOS/UEFI level of the affected device. Such an attack would enable adversaries to control the device’s boot process andsubvert the operating system and higher-layer...

Read More


PrintNightmare(CVE-2021-34527): Microsoft Releases Out-of-Band Security Updates

Microsoft has released the KB5004945 emergency security update to fix the actively exploited PrintNightmare zero-day vulnerability in the Windows Print Spooler service impacting all Windows versions. However, the patch is incomplete and the vulnerability can still be locally exploited to gain SYSTEM privileges. The remote code execution bug (tracked as CVE-2021-34527) allows attackers to take over affected servers via remote code execution (RCE) with SYSTEM...

Read More


Page 3 of 512345