Cisco has released patches for multiple vulnerabilities in Cisco Nexus Dashboard (CVE-2022-20857, CVE-2022-20858, and CVE-2022-20861). The vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. These vulnerabilities were discovered during internal security testing by Michael J Davenport of the … Continue reading “Cisco Nexus Dashboard Unauthorized Access Vulnerabilities (CVE-2022-20857, CVE-2022-20858, and CVE-2022-20861)”
Tag: Arbitrary Code Execution Vulnerability
Apple releases emergency update to address the arbitrary code execution zero-day vulnerability (CVE-2021-30883)
On Monday, Apple released an iPhone security update to fix a major vulnerability that is being exploited in the wild. With the latest patch, the corporation has now resolved a total of 17 zero-days in 2021 – a new high. The vulnerability CVE-2021-30883 involves a memory corruption flaw in the IOMobileFrameBuffer component. This flaw allows an application to run arbitrary … Continue reading “Apple releases emergency update to address the arbitrary code execution zero-day vulnerability (CVE-2021-30883)”
Pulse Connect Secure Authenticated Arbitrary Code Execution Vulnerability (CVE-2021-22908)
Pulse Connect Secure (PCS) gateway contains a buffer overflow vulnerability in Samba-related code that may allow authenticated remote attacker to execute arbitrary code. By performing certain SMB operations with a specially crafted server name, an authenticated attacker may be able to execute arbitrary code with root privileges on a vulnerable PCS server. PCS allows to … Continue reading “Pulse Connect Secure Authenticated Arbitrary Code Execution Vulnerability (CVE-2021-22908)”