es
Feedback
SysAdmin 24x7

SysAdmin 24x7

Ir al canal en Telegram

Noticias y alertas de seguridad informática. Chat y contacto: t.me/sysadmin24x7chat

Mostrar más
4 387
Suscriptores
-224 horas
-17 días
-230 días
Archivo de publicaciones
Jira Security Advisory 2022-04-20 Summary CVE-2022-0540 - Authentication bypass in Seraph Severity: critical Fixed Jira Versions 8.13.x >= 8.13.18 8.20.x >= 8.20.6 All versions >= 8.22.0 https://confluence.atlassian.com/jira/jira-security-advisory-2022-04-20-1115127899.html

Múltiples vulnerabilidades en el core de Drupal 9 Fecha de publicación: 21/04/2022 Importancia: 3 - Media Recursos afectados: Drupal, versiones anteriores a la 9.3.12 y 9.2.18. Las versiones de Drupal 8 y de Drupal 9, anteriores a la 9.2.x, se encuentran al final de su vida útil y ya no reciben cobertura de seguridad. Descripción: Se han publicado dos vulnerabilidades de severidad media, que podrían afectar al core de Drupal. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-el-core-drupal-9

Oracle Releases April 2022 Critical Patch Update Original release date: April 19, 2022 Oracle has released its Critical Patch Update for April 2022 to address 520 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Oracle April 2022 Critical Patch Update and apply the necessary updates. https://www.cisa.gov/uscert/ncas/current-activity/2022/04/19/oracle-releases-april-2022-critical-patch-update

When “secure” isn’t secure at all: High‑impact UEFI vulnerabilities discovered in Lenovo consumer laptops ESET researchers discover multiple vulnerabilities in various Lenovo laptop models that allow an attacker with admin privileges to expose the user to firmware-level malware https://www.welivesecurity.com/2022/04/19/when-secure-isnt-secure-uefi-vulnerabilities-lenovo-consumer-laptops/

Workaround for security issue in 7-Zip until it is fixed. Recent versions of the open source archiver 7-Zip have a vulnerability that has not been fixed yet. Successful exploitation of the vulnerability allows privilege escalation and the execution of commands; it appears that the issue can be exploited locally only. ttps://www.ghacks.net/2022/04/18/workaround-for-security-issue-in-7-zip-until-it-is-fixed/

Auth bypass flaw in Cisco Wireless LAN Controller Software allows device takeover Cisco fixed a critical flaw in Cisco Wireless LAN Controller (WLC) that could allow an unauthenticated, remote attacker to take control affected devices. Cisco has released security patches to fix a critical vulnerability (CVSS score 10), tracked as CVE-2022-20695, in Cisco Wireless LAN Controller (WLC). A remote, unauthenticated attacker could exploit the flaw to bypass authentication and log in to the device through the management interface. https://securityaffairs.co/wordpress/130217/security/auth-bypass-cisco-wireless-lan-controller.html

Cisco Releases Security Updates for Multiple Products Original release date: April 14, 2022 Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates. https://www.cisa.gov/uscert/ncas/current-activity/2022/04/14/cisco-releases-security-updates-multiple-products

Juniper Networks Releases Security Updates for Multiple Products Original release date: April 14, 2022 Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates. https://www.cisa.gov/uscert/ncas/current-activity/2022/04/14/juniper-networks-releases-security-updates-multiple-products

VMSA-2022-0010.5 CVSSv3 Range: 9.8 Issue Date: 2022-04-02 Updated On: 2022-04-14 CVE(s): CVE-2022-22965 Synopsis: VMware Response to Spring Framework Remote Code Execution Vulnerability (CVE-2022-22965) Impacted Products VMware Tanzu Application Service for VMs (TAS) VMware Tanzu Operations Manager (Ops Manager) VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) https://www.vmware.com/security/advisories/VMSA-2022-0010.html

VMSA-2022-0013 CVSSv3 Range: 9.1 Issue Date: 2022-04-14 CVE(s): CVE-2022-22966 Synopsis: VMware Cloud Director update addresses remote code execution vulnerability (CVE-2022-22966) Impacted Products VMware Cloud Director https://www.vmware.com/security/advisories/VMSA-2022-0013.html

Vulnerabilidad RCE en Apache Struts Fecha de publicación: 13/04/2022 Importancia: 4 - Alta Recursos afectados: Struts, versiones desde la 2.0.0 hasta la 2.5.29. Descripción: El investigador Chris McCown ha reportado una vulnerabilidad de ejecución remota de código (RCE) con severidad alta, cuya explotación podría permitir a un atacante tomar el control del sistema afectado. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-rce-apache-struts

Microsoft Patch Tuesday includes most vulnerabilities since Sept. 2020 Microsoft released its latest security update Tuesday, disclosing more than 140 vulnerabilities across its array of products. This is a departure from past Patch Tuesdays this year, which have only featured a few dozen vulnerabilities, and is the largest amount of issues in a single Patch Tuesday since September 2020. [...] Windows Hyper-V contains three of the critical vulnerabilities patched this month [...] [...] There are also two critical remote code execution vulnerabilities in the Windows Network File System[...] [...] CVE-2022-24500 is another critical remote code execution vulnerability that exists in Windows SMB.[...] https://blog.talosintelligence.com/2022/04/microsoft-patch-tuesday-includes-most.html

USN-5371-1: nginx vulnerabilities 12 APRIL 2022 Several security issues were fixed in nginx. Releases Ubuntu 21.10  Ubuntu 20.04 LTS  Ubuntu 18.04 LTS  Ubuntu 16.04 ESM Packages nginx - small, powerful, scalable web/proxy server https://ubuntu.com/security/notices/USN-5371-1

Windows Network File System Remote Code Execution Vulnerability CVE-2022-24497 Released: Apr 5, 2022 Assigning CNA:Microsoft MITRE CVE-2022-24497 CVSS:3.1 9.8 / 8.5 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24497

Windows Network File System Remote Code Execution Vulnerability CVE-2022-24491 Released: Apr 12, 2022 Assigning CNA:Microsoft MITRE CVE-2022-24491 CVSS:3.1 9.8 / 8.5 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24491

Apache Releases Security Advisory for Struts 2 Original release date: April 12, 2022 The Apache Software Foundation has released a security advisory to address a vulnerability in Struts in the version range 2.0.0 to 2.5.29. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Apache’s security advisory S2-062 and upgrade to the latest released version. https://www.cisa.gov/uscert/ncas/current-activity/2022/04/12/apache-releases-security-advisory-struts-2 https://cwiki.apache.org/confluence/plugins/servlet/mobile?contentId=210079428#content/view/210079428

Citrix Releases Security Updates for Multiple Products Original release date: April 12, 2022 Citrix has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Citrix security bulletins and apply the necessary updates. CTX370550 CTX377814 CTX370551 CTX341455 https://www.cisa.gov/uscert/ncas/current-activity/2022/04/12/citrix-releases-security-updates-multiple-products

Latest Servicing Stack Updates ADV990001 Security Advisory Released: Nov 13, 2018 Last updated: Apr 12, 2022 https://msrc.microsoft.com/update-guide/vulnerability/ADV990001