Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Threat actors are actively exploiting flaws in Juniper ScreenOS, Samsung mobile devices, and more.
The United States Cybersecurity and Infrastructure Security Agency (CISA) has added another five vulnerabilities to its Known Exploited Vulnerabilities Catalog.
CVE-2014-6278 is an OC command injection vulnerability, where GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables. This could lead to remote code execution and follows from an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277. This is a high-severity issue, with a CVSS score of 8.8.
CVE-2015-7755 impacts Juniper ScreenOS and is an improper authentication vulnerability in versions 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21. This vulnerability could allow a remote attacker to gain administrative access by entering an unspecified password during either an SSH or TELNET session. This one rates a CVSS score of 9.8, making it a critical severity vulnerability.
CVE-2017-1000353 is a remote code execution vulnerability in Jenkins versions 2.56 and earlier, as well as 2.46.1 LTS and earlier. This is another critical severity vulnerability, with a CVSS score, again, of 9.8.
CVE-2025-4008 is a vulnerability in the web interface of Meteobridge personal weather stations. This interface features an endpoint that is vulnerable to command injection, which could lead to unauthenticated attackers gaining command execution with elevated privileges on impacted devices. This has a CVSS score of 8.7, making it a high-severity vulnerability.
Finally, CVE-2025-21043 is an out-of-bounds write vulnerability in Samsung mobile devices. According to CISA, “Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so which allows remote attackers to execute arbitrary code”. There’s already a firmware update available, thankfully.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
