Researchers Discovered High-Severity Remote Code Execution Bug in F5 Products

Experts from Rapid7 observed a customized CentOS installation operating on F5 BIG-IP and BIG-IQ devices found to have various vulnerabilities.  While the other flaws are security bypass methods that F5 does not consider vulnerabilities, two of the vulnerabilities have been categorized as high-severity remote code execution vulnerabilities and given CVE IDs. Vulnerabilities Discovered The first […]

Continue Reading

Samsung Galaxy Store Flaw Allows Remote Attacker to Run Code on Affected Phones

A security flaw in the Galaxy Store allows attackers to trigger remote code execution on affected smartphones.  The now patched vulnerability, which affects Galaxy Store version 4.5.32.4, relates to a cross-site scripting (XSS) bug that occurs when handling certain deep links. An independent security researcher has been credited with reporting the issue. Vulnerability Details The […]

Continue Reading

Hackers Actively Exploiting Cisco AnyConnect Secure Flaw to Perform DLL Hijacking

Cisco issued a warning of active exploitation attempts targeting two security vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows.  The security flaws are tracked as CVE-2020-3153 (CVSS score: 6.5) and CVE-2020-3433 (CVSS score: 7.8), which allows the attacker to copy malicious files to arbitrary locations with system-level privileges. Both the vulnerabilities are dated […]

Continue Reading

22-Yrs-Old SQLite Bug Let Hackers Perform Code Execution & DOS Attack On Control Programs

Trail of Bits researcher Andreas Kellas recently disclosed a 22-Years-Old SQLite bug which has been tracked as “CVE-2022-35737.” The SQLite database library has been found to contain this vulnerability that has a high severity level. In October 2000 several code changes were made which led to the occurrence of this high-severity vulnerability. Threat actors could […]

Continue Reading