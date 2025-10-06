Vulnerability Management, Patch/Configuration Management
Multiple flaws added to CISA vulnerabilities catalog
The Cybersecurity and Infrastructure Security Agency has updated its Known Exploited Vulnerabilities catalog to include almost half a dozen security issues impacting GNU Bash, Smartbedded Meteobridge, Juniper ScreenOS, Jenkins, and Samsung products, Security Affairs reports.Attacks exploiting the GNU Bash command injection flaw, tracked as CVE-2014-6278, can enable remote arbitrary code execution on affected Linux and Unix systems. This is a Shellshock-related defect that researcher Michal Zalewski highlighted in October 2024 as stemming from incomplete prior fixes.The Juniper ScreenOS improper authentication, CVE-2015-7755, allows attackers to gain admin access through TELNET or SSH using an unspecified password. Another is the Jenkins remote code execution bug, CVE-2017-1000353, which lets unauthenticated attackers send a crafted Java SignedObject through the CLI to bypass deserialization safeguards.The Smartbedded Meteobridge command injection issue, CVE-2025-4008, enables remote, unauthenticated users to run root-level commands through the device's web interface. Last is the Samsung mobile out-of-bounds write flaw, CVE-2025-21043, in libimagecodec.quram.so before the SMR Sep-2025 Release 1, which can be exploited remotely to execute arbitrary code on affected devices. Federal agencies have been advised to remediate the flaws by Oct. 23.
