Security News

Application service provider F5 is warning a critical vulnerability allows unauthenticated hackers with network access to execute arbitrary commands on its BIG-IP systems. Threat actors can send undisclosed requests and leverage the flaw to bypass the iControl REST authentication and access the F5 BIG-IP systems, an attacker can execute arbitrary commands, create or delete files or disable servers.

Cloud security and application delivery network provider F5 on Wednesday released patches to contain 43 bugs spanning its products. "This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services," F5 said in an advisory.

Japanese cybersecurity software firm Trend Micro has patched a high severity security flaw in the Apex Central product management console that can let attackers execute arbitrary code remotely. Apex Central is a web-based management console that helps system admins manage Trend Micro products and services throughout the network.

VMWare Spring is a open-source Java toolkit for building powerful Java apps, including cloud-based apps, without needing to write, manage, worry about, or even understand the "Server" part of the process yourself. You don't need to worry about, or even care, what sort of server your code is running on: it could be a server of your own, set up and managed by your colleagues in IT; or a cloud instance hosted and executing on a popular cloud service provider.

A new zero-day vulnerability in the Spring Core Java framework called 'Spring4Shell' has been publicly disclosed, allowing unauthenticated remote code execution on applications. Spring is a very popular application framework that allows software developers to quickly and easily develop Java applications with enterprise-level features.

Sophos has fixed a critical vulnerability in its Sophos Firewall product that allows remote code execution. Tracked as CVE-2022-1040, the authentication bypass vulnerability exists in the User Portal and Webadmin areas of Sophos Firewall.

HP has published security advisories for three critical-severity vulnerabilities affecting hundreds of its LaserJet Pro, Pagewide Pro, OfficeJet, Enterprise, Large Format, and DeskJet printer models.The first security bulletin warns about about a buffer overflow flaw that could lead to remote code execution on the affected machine.

Six months after LibreOffice 7.2, version 7.3 is out with faster and more accurate file importing and rendering for improved compatibility with Microsoft Office. The new release is the latest "Fresh" version.

A critical vulnerability in Samba, a widely used open source implementation of the Server Message Block networking protocol, could allow attackers to execute arbitrary code as root on affected Samba installations. Several updated versions of Samba have been released on Monday, fixing CVE-2021-44142 and two other flaws, but since the software is included in most Linux and Unix-like operating systems, users of those are advised to keep an eye out for specific updates by those developer teams.

Two security vulnerabilities that impact the Control Web Panel software can be chained by unauthenticated attackers to gain remote code execution as root on vulnerable Linux servers. CWP, previously known as CentOS Web Panel, is a free Linux control panel for managing dedicated web hosting servers and virtual private servers.