Cisco Patches Multiple Buffer Overflow Vulnerabilities in its Small Business Series Switches

Cisco has released a patch to address nine vulnerabilities affecting the web-based user interface of certain Cisco Small Business Series Switches. On successful exploitation, the vulnerabilities could enable an attacker to cause a denial of service (DoS) condition or perform arbitrary code execution on an affected device. Vulnerabilities CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, and CVE-2023-20189 are rated … Continue reading “Cisco Patches Multiple Buffer Overflow Vulnerabilities in its Small Business Series Switches”

Apache Commons Arbitrary Code Execution Vulnerability (Text4Shell) (CVE-2022-42889)

A critical severity arbitrary code execution vulnerability, found in the Apache Commons Text library, has been discovered and reported by Alvaro Munoz. Tracked as CVE-2022-42889, this vulnerability has been assigned a CVSS base score of 9.8 and could result in remote code execution applied to untrusted input due to insecure interpolation defaults.   Apache Commons … Continue reading “Apache Commons Arbitrary Code Execution Vulnerability (Text4Shell) (CVE-2022-42889)”

Cisco Nexus Dashboard Unauthorized Access Vulnerabilities (CVE-2022-20857, CVE-2022-20858, and CVE-2022-20861)

Cisco has released patches for multiple vulnerabilities in Cisco Nexus Dashboard (CVE-2022-20857, CVE-2022-20858, and CVE-2022-20861). The vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack.   These vulnerabilities were discovered during internal security testing by Michael J Davenport of the … Continue reading “Cisco Nexus Dashboard Unauthorized Access Vulnerabilities (CVE-2022-20857, CVE-2022-20858, and CVE-2022-20861)”

Apple releases emergency update to address the arbitrary code execution zero-day vulnerability (CVE-2021-30883)

On Monday, Apple released an iPhone security update to fix a major vulnerability that is being exploited in the wild. With the latest patch, the corporation has now resolved a total of 17 zero-days in 2021 – a new high.    The vulnerability CVE-2021-30883 involves a memory corruption flaw in the IOMobileFrameBuffer component. This flaw allows an application to run arbitrary … Continue reading “Apple releases emergency update to address the arbitrary code execution zero-day vulnerability (CVE-2021-30883)”

Pulse Connect Secure Authenticated Arbitrary Code Execution Vulnerability (CVE-2021-22908)

Pulse Connect Secure (PCS) gateway contains a buffer overflow vulnerability in Samba-related code that may allow authenticated remote attacker to execute arbitrary code. By performing certain SMB operations with a specially crafted server name, an authenticated attacker may be able to execute arbitrary code with root privileges on a vulnerable PCS server. PCS allows to … Continue reading “Pulse Connect Secure Authenticated Arbitrary Code Execution Vulnerability (CVE-2021-22908)”