Unsafe client-side session storage leading to authentication bypass / instance takeover via Zabbix Frontend with configured SAML (CVE-2022-23131)

https://support.zabbix.com/plugins/servlet/mobile#issue/ZBX-20350

Wireshark 3.6.2 and 3.4.12 Released

https://www.wireshark.org/news/20220210.html

Critical Flaw Uncovered in WordPress Backup Plugin Used by Over 3 Million Sites

https://thehackernews.com/2022/02/critical-flaw-uncovered-in-wordpress.html

VMSA-2022-0006

CVSSv3 Range: 6.6
Issue Date: 2022-02-23

VMware Workspace ONE Boxer update addresses a stored cross-site scripting (XSS) vulnerability (CVE-2022-22944)

Impacted Products
VMware Workspace ONE Boxer

https://www.vmware.com/security/advisories/VMSA-2022-0006.html

Cisco Nexus 9000 Series Switches Bidirectional Forwarding Detection Denial of Service Vulnerability

Advisory ID: cisco-sa-nxos-bfd-dos-wGQXrzxn
First Published: 2022 February 23 16:00 GMT
Workarounds: No workarounds available

CVSS Score: Base 8.6
CVE-2022-20623

Summary
A vulnerability in the rate limiter for Bidirectional Forwarding Detection (BFD) traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause BFD traffic to be dropped on an affected device.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bfd-dos-wGQXrzxn

Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability

Advisory ID: cisco-sa-cfsoip-dos-tpykyDr
First Published: 2022 February 23 16:00 GMT
Cisco Bug IDs: CSCvy95696 CSCvy95840
CVSS Score: 8.6

Vulnerable Products
This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco NX-OS Software and have the CFSoIP feature enabled:
Nexus 3000 Series Switches (CSCvy95696)
Nexus 9000 Series Switches in standalone NX-OS mode (CSCvy95696)
UCS 6400 Series Fabric Interconnects (CSCvy95840)

Note: For Nexus 3000 and Nexus 9000 Series Switches, CFSoIP is not enabled by default. For UCS 6400 Series Fabric Interconnects, CFSoIP is enabled by default.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cfsoip-dos-tpykyDr

Cisco NX-OS Software NX-API Command Injection Vulnerability


Advisory ID: cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2
First Published: 2022 February 23 16:00 GMT
Cisco Bug IDs: CSCvz80191 CSCvz81047
CVSS Score: Base 8.8


Summary

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges.

Note: The NX-API feature is disabled by default.

Vulnerable Products

This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco NX-OS Software and have the NX-API feature enabled:
Nexus 3000 Series Switches (CSCvz80191)
Nexus 5500 Platform Switches (CSCvz81047)
Nexus 5600 Platform Switches (CSCvz81047)
Nexus 6000 Series Switches (CSCvz81047)
Nexus 9000 Series Switches in standalone NX-OS mode (CSCvz80191)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2

GPU giant Nvidia is investigating a potential cyberattack.

US chipmaker giant Nvidia confirmed today it's currently investigating an "incident" that reportedly took down some of its systems for two days.

https://www.bleepingcomputer.com/news/security/gpu-giant-nvidia-is-investigating-a-potential-cyberattack/

Múltiples vulnerabilidades en productos de GitLab

Fecha de publicación: 28/02/2022
Importancia: 5 - Crítica

Recursos afectados:
GitLab CE/EE, todas las versiones;
GitLab Omnibus, versiones anteriores a 14.8.

Descripción:
GitLab ha publicado 7 vulnerabilidades: 1 de severidad crítica, 5 de severidad media y 1 de severidad baja, por las que un atacante podría acceder al token de registro, añadir usuarios a grupos a través de una API, acceder a variables de entorno, listar usuarios no autenticados, ejecutar comandos arbitrarios, filtrar credenciales o causar una denegación de servicio.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-gitlab

Múltiples vulnerabilidades en Lansweeper

Fecha de publicación: 01/03/2022
Importancia: 5 - Crítica

Recursos afectados:
Lansweeper 9.1.20. 2.

Descripción:
Marcin "Icewall" Noga, investigador de Cisco Talos, ha reportado 4 vulnerabilidades en la solución de gestión de activos informáticos Lansweeper, 3 de severidad crítica y 1 medio, cuya explotación podría permitir a un atacante realizar inyecciones SQL e inyección arbitraria de código Javascript.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-lansweeper

VMSA-2022-0007

CVSSv3 Range: 5.6
Issue Date: 2022-03-01
CVE(s): CVE-2022-22943

Synopsis:
VMware Tools for Windows update addresses an uncontrolled search path vulnerability (CVE-2022-22943)

Impacted Products
VMware Tools for Windows

https://www.vmware.com/security/advisories/VMSA-2022-0007.html

Omisión de autenticación administrativa en FortiMail de Fortinet

Fecha de publicación: 02/03/2022
Importancia: 5 - Crítica

Recursos afectados:
FortiMail, versiones:

7.0.0 y anteriores;
6.4.5 y anteriores;
6.2.7 y anteriores;
6.0.11 y anteriores;
5.4.12 y anteriores.

Descripción:
Giuseppe Cocomazzi, del equipo de seguridad de productos de Fortinet, ha reportado una vulnerabilidad de severidad crítica de omisión de autenticación en FortiMail.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/omision-autenticacion-administrativa-fortimail-fortinet

Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities

Advisory ID: cisco-sa-expressway-filewrite-87Q5YRk
First Published: 2022 March 2 16:00 GMT
Version 1.0: Final

Cisco Bug IDs:
CSCvz85393 CSCwa25107
CVE-2022-20754
CVE-2022-20755
CWE-23
CWE-78
CVSS Score: Base 9.0

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk

Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure Privilege Escalation Vulnerability

Advisory ID:cisco-sa-uccsmi-prvesc-BQHGe4cm
First Published: 2022 March 2 16:00 GMT

Cisco Bug IDs:
CSCvz40263
CVE-2022-20762
CWE-284
CVSS Score: Base 7.8

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccsmi-prvesc-BQHGe4cm

Cisco Identity Services Engine RADIUS Service Denial of Service Vulnerability

Advisory ID: cisco-sa-ise-dos-JLh9TxBp
First Published: 2022 March 2 16:00 GMT

Cisco Bug IDs:
CSCvz77905
CVE-2022-20756
CWE-399
CVSS Score: Base 8.6

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-dos-JLh9TxBp

Múltiples vulnerabilidades en librería PJSIP de Teluu

Fecha de publicación: 03/03/2022
Importancia: 4 - Alta

Recursos afectados:
Cualquier proyecto que utilice la librería PJSIP, con versiones anteriores a la 2.12, y pase argumentos controlados por el atacante a cualquiera de las siguientes API:

pjsua_player_create – filename,
pjsua_recorder_create – filename,
pjsua_playlist_create – file_names,
pjsua_call_dump – buffer.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-libreria-pjsip-teluu

Ukrainian WordPress sites under massive complex attacks.

Researchers observed a spike in the attacks against Ukrainian WordPress sites since the beginning of the military invasion of the country.

https://securityaffairs.co/wordpress/128613/cyber-warfare-2/ukrainian-wordpress-sites-attacks.html

Remote code execution vulnerability uncovered in Hashnode blogging platform.

A local file coding error could be exploited to trigger RCE

https://portswigger.net/daily-swig/remote-code-execution-vulnerability-uncovered-in-hashnode-blogging-platform

Firefox 97.0.2 and Firefox ESR 91.6.1 are out with critical security fixes.

https://www.ghacks.net/2022/03/05/firefox-97-0-2-and-firefox-esr-91-6-1-are-out-with-critical-security-fixes/

Hackers leak 190GB of alleged Samsung data, source code.

https://www.bleepingcomputer.com/news/security/hackers-leak-190gb-of-alleged-samsung-data-source-code/

Avast released a free decryptor for the HermeticRansom that hit Ukraine.

https://securityaffairs.co/wordpress/128652/breaking-news/free-decryptor-hermeticransom-ukraine.html