ch
Feedback
SysAdmin 24x7

SysAdmin 24x7

前往频道在 Telegram

Noticias y alertas de seguridad informática. Chat y contacto: t.me/sysadmin24x7chat

显示更多
西班牙12 274技术与应用20 594
4 389
订阅者
-424 小时
-17
+1630
帖子存档
SysAdmin 24x7
SysAdmin 24x7
4 389

SysAdmin 24x7
SysAdmin 24x7
4 389

SysAdmin 24x7
SysAdmin 24x7
4 389
Múltiples vulnerabilidades en Dell Embedded NAS Fecha de publicación: 28/07/2022 Identificador: INCIBE-2022-0852 Importancia: 5 - Crítica Recursos afectados: Dell PowerMax Embedded NAS, versiones anteriores a la 8.1.15.401. Solución:  Actualizar a Dell PowerMax Embedded NAS versión 8.1.15.401. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-dell-embedded-nas

SysAdmin 24x7
SysAdmin 24x7
4 389
Printing to USB-connected printers might fail OS Build 19044.1806 KB5014666 2022-06-28 https://docs.microsoft.com/en-us/windows/release-health/status-windows-10-21h2#printing-to-usb-connected-printers-might-fail

SysAdmin 24x7
SysAdmin 24x7
4 389

SysAdmin 24x7
SysAdmin 24x7
4 389
Zero Day attacks target online stores using PrestaShop Thera actors are exploiting a zero-day vulnerability to steal payment information from sites using the open source e-commerce platform PrestaShop. https://securityaffairs.co/wordpress/133669/hacking/prestashop-zero-day.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36408

SysAdmin 24x7
SysAdmin 24x7
4 389
UNAUTHENTICATED SQL INJECTION IN SONICWALL GMS AND ANALYTICS Advisory ID: SNWLID-2022-0007 First Published: 2022-07-21 Workaround: true Status: Applicable CVE: CVE-2022-22280 CVSS v3: 9.4 SUMMARY Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS and Analytics On-Prem. https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007

SysAdmin 24x7
SysAdmin 24x7
4 389
Zyxel firewall vulnerabilities left business networks open to abuse. Severity of code execution bug mitigated by ‘high uptake’ of previous patch Zyxel has released patches for several of its firewall products following the discovery of two security vulnerabilities that left business networks open to exploitation. CVE-2022-2030 CVE-2022-30526 https://portswigger.net/daily-swig/zyxel-firewall-vulnerabilities-left-business-networks-open-to-abuse

SysAdmin 24x7
SysAdmin 24x7
4 389
VMSA-2021-0025.3 CVSSv3 Range: 7.1 Issue Date: 2021-11-10 CVE(s): CVE-2021-22048 Synopsis: VMware vCenter Server updates address a privilege escalation vulnerability (CVE-2021-22048) Impacted Products VMware vCenter Server (vCenter Server) VMware Cloud Foundation (Cloud Foundation) Introduction A privilege escalation vulnerability in VMware Center Server was privately reported to VMware. Workarounds are available to remediate this vulnerability in the affected VMware products. https://www.vmware.com/security/advisories/VMSA-2021-0025.html

SysAdmin 24x7
SysAdmin 24x7
4 389
Cisco Nexus Dashboard Unauthorized Access Vulnerabilities Advisory ID: cisco-sa-ndb-mhcvuln-vpsBPJ9y First Published: 2022 July 20 16:00 GMT Cisco Bug IDs: CSCwa75451 CSCwa93560 CSCwb24518 CVE-2022-20857 CVE-2022-20858 CVE-2022-20861 CWE-306 CWE-352 CVSS Score: Base 9.8 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-mhcvuln-vpsBPJ9y

SysAdmin 24x7
SysAdmin 24x7
4 389
July 2022: Atlassian Security Advisories Overview Hardcoded password (CVE-2022-26138) Multiple Servlet Filter Vulnerabilities (CVE-2022-26136, CVE-2022-26137) https://confluence.atlassian.com/security/july-2022-atlassian-security-advisories-overview-1142446703.html

SysAdmin 24x7
SysAdmin 24x7
4 389
Oracle Critical Patch Update Advisory - July 2022. https://www.oracle.com/security-alerts/cpujul2022.html

SysAdmin 24x7
SysAdmin 24x7
4 389
‘Password extraction risk’ in identity provider Okta disputed. Researchers go public after vendor disputes impersonation threat https://portswigger.net/daily-swig/password-extraction-risk-in-identity-provider-okta-disputed

SysAdmin 24x7
SysAdmin 24x7
4 389
Múltiples vulnerabilidades en productos Dell Fecha de publicación: 19/07/2022 Identificador: INCIBE-2022-0839 Importancia: 5 - Crítica Recursos afectados: Dell Avamar Server Hardware Appliance, Gen4S y Gen4T, Dell Avamar Virtual Edition, Dell Avamar NDMP Accelerator, Dell Avamar VMware Image Proxy, Dell NetWorker Virtual Edition (NVE), Dell PowerProtect DP Series Appliance, Dell Integrated Data Protection Appliance (IDPA). Descripción: Se han publicado múltiples vulnerabilidades en productos Dell que podrían permitir a un atacante comprometer el sistema afectado. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-dell

SysAdmin 24x7
SysAdmin 24x7
4 389
Software Vendors Start Patching Retbleed CPU Vulnerabilities. Vendors have started rolling out software updates to address the recently disclosed Retbleed speculative execution attack targeting Intel and AMD processors. https://www.securityweek.com/software-vendors-start-patching-retbleed-cpu-vulnerabilities

SysAdmin 24x7
SysAdmin 24x7
4 389
Múltiples vulnerabilidades en Moodle Fecha de publicación: 18/07/2022 Identificador: INCIBE-2022-0837 Importancia: 5 - Crítica Recursos afectados: Versiones: de la 4.0 a la 4.0.1; de la 3.11 a la 3.11.7; de la 3.9 a la 3.9.14; versiones anteriores no soportadas. Descripción: Diversas investigaciones han reportado 6 vulnerabilidades en Moodle, 3 de severidad crítica y 3 bajas, por las que un atacante podría realizar ejecución remota de código, lectura arbitraria de archivos, XSS, SSRF y redirección abierta. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-moodle-20

SysAdmin 24x7
SysAdmin 24x7
4 389
Inyección XXE en OpenKM Fecha de publicación: 15/07/2022 Identificador: INCIBE-2022-0831 Importancia: 4 - Alta Recursos afectados: OpenKM Document Management Community, versión 6.3.10 y anteriores. Descripción: INCIBE ha coordinado la publicación de una vulnerabilidad en OpenKM, con el código interno INCIBE-2022-0831, que ha sido descubierta por Keval Shah. A esta vulnerabilidad se le ha asignado el código CVE-2022-2131. Se ha calculado una puntuación base CVSS v3.1 de 8,5, siendo el cálculo del CVSS el siguiente: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L. Solución: Esta vulnerabilidad ha sido resuelta por el equipo de OpenKM en la versión 6.3.11, publicada el 20/05/2021. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/inyeccion-xxe-openkm

SysAdmin 24x7
SysAdmin 24x7
4 389
Múltiples vulnerabilidades en productos Juniper Fecha de publicación: 14/07/2022 Identificador: INCIBE-2022-0835 Importancia: 5 - Crítica Recursos afectados: Juniper Networks NorthStar Controller: versiones anteriores a 5.1.0 Service Pack 6; versiones 6 anteriores a 6.2.2. Juniper Networks Junos Space Policy Enforcer, versiones anteriores a 22.1R1. Juniper Networks Contrail Networking, versiones anteriores a 21.4.0. Juniper Networks Junos Space, versiones anteriores a 22.1R1. Descripción: Juniper ha publicado 4 avisos de severidad crítica que recogen múltiples vulnerabilidades. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-juniper-12

SysAdmin 24x7
SysAdmin 24x7
4 389

SysAdmin 24x7
SysAdmin 24x7
4 389