Múltiples vulnerabilidades en el core de Drupal 9
Fecha de publicación: 21/04/2022
Importancia: 3 - Media
Recursos afectados:
Drupal, versiones anteriores a la 9.3.12 y 9.2.18.
Las versiones de Drupal 8 y de Drupal 9, anteriores a la 9.2.x, se encuentran al final de su vida útil y ya no reciben cobertura de seguridad.
Descripción:
Se han publicado dos vulnerabilidades de severidad media, que podrían afectar al core de Drupal.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-el-core-drupal-9
Fecha de publicación: 21/04/2022
Importancia: 3 - Media
Recursos afectados:
Drupal, versiones anteriores a la 9.3.12 y 9.2.18.
Las versiones de Drupal 8 y de Drupal 9, anteriores a la 9.2.x, se encuentran al final de su vida útil y ya no reciben cobertura de seguridad.
Descripción:
Se han publicado dos vulnerabilidades de severidad media, que podrían afectar al core de Drupal.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-el-core-drupal-9
INCIBE-CERT
Múltiples vulnerabilidades en el core de Drupal 9
Se han publicado dos vulnerabilidades de severidad media, que podrían afectar al core de Drupal.
Jira Security Advisory 2022-04-20
Summary
CVE-2022-0540 - Authentication bypass in Seraph
Severity: critical
Fixed Jira Versions
8.13.x >= 8.13.18
8.20.x >= 8.20.6
All versions >= 8.22.0
https://confluence.atlassian.com/jira/jira-security-advisory-2022-04-20-1115127899.html
Summary
CVE-2022-0540 - Authentication bypass in Seraph
Severity: critical
Fixed Jira Versions
8.13.x >= 8.13.18
8.20.x >= 8.20.6
All versions >= 8.22.0
https://confluence.atlassian.com/jira/jira-security-advisory-2022-04-20-1115127899.html
April 25, 2022—KB5011831 (OS Builds 19042.1682, 19043.1682, and 19044.1682) Preview
https://support.microsoft.com/en-us/topic/april-25-2022-kb5011831-os-builds-19042-1682-19043-1682-and-19044-1682-preview-fe4ff411-d25a-4185-aabb-8bc66e9dbb6c
Windows 10 KB5011831 update released with 26 bug fixes, improvements
https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5011831-update-released-with-26-bug-fixes-improvements/
https://support.microsoft.com/en-us/topic/april-25-2022-kb5011831-os-builds-19042-1682-19043-1682-and-19044-1682-preview-fe4ff411-d25a-4185-aabb-8bc66e9dbb6c
Windows 10 KB5011831 update released with 26 bug fixes, improvements
https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5011831-update-released-with-26-bug-fixes-improvements/
BleepingComputer
Windows 10 KB5011831 update released with 26 bug fixes, improvements
Microsoft has released the optional KB5011831 Preview cumulative update for Windows 10 20H2, Windows 10 21H1, and Windows 10 21H2 that fixes 26 bugs.
Múltiples vulnerabilidades en dispositivos NAS de QNAP
Fecha de publicación: 26/04/2022
Importancia: 4 - Alta
Recursos afectados:
Dispositivos NAS de QNAP con versiones:
QTS 5.0.x y posteriores
QTS 4.5.4 y posteriores
QTS 4.3.6 y posteriores
QTS 4.3.4 y posteriores
QTS 4.3.3 y posteriores
QTS 4.2.6 y posteriores
QuTS hero h5.0.x y posteriores
QuTS hero h4.5.4 y posteriores
QuTScloud c5.0.x
https://www.incibe.es/protege-tu-empresa/avisos-seguridad/multiples-vulnerabilidades-dispositivos-nas-qnap
Fecha de publicación: 26/04/2022
Importancia: 4 - Alta
Recursos afectados:
Dispositivos NAS de QNAP con versiones:
QTS 5.0.x y posteriores
QTS 4.5.4 y posteriores
QTS 4.3.6 y posteriores
QTS 4.3.4 y posteriores
QTS 4.3.3 y posteriores
QTS 4.2.6 y posteriores
QuTS hero h5.0.x y posteriores
QuTS hero h4.5.4 y posteriores
QuTScloud c5.0.x
https://www.incibe.es/protege-tu-empresa/avisos-seguridad/multiples-vulnerabilidades-dispositivos-nas-qnap
INCIBE
Múltiples vulnerabilidades en dispositivos NAS de QNAP
PowerShell Elevation of Privilege Vulnerability
CVE-2022-26788
Released: Apr 12, 2022
Last updated: Apr 27, 2022
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26788
PowerShell Elevation of Privilege Vulnerability.
CNA: Microsoft Corporation
Base Score: 7.8 HIGH
https://nvd.nist.gov/vuln/detail/CVE-2022-26788#vulnCurrentDescriptionTitle
CVE-2022-26788
Released: Apr 12, 2022
Last updated: Apr 27, 2022
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26788
PowerShell Elevation of Privilege Vulnerability.
CNA: Microsoft Corporation
Base Score: 7.8 HIGH
https://nvd.nist.gov/vuln/detail/CVE-2022-26788#vulnCurrentDescriptionTitle
1Password syncing went down for a few hours today during a database upgrade.
https://www.theverge.com/2022/4/27/23045469/1password-outage-password-manager-security-cloud-storage
https://www.theverge.com/2022/4/27/23045469/1password-outage-password-manager-security-cloud-storage
The Verge
1Password syncing went down for a few hours today during a database upgrade
The password manager still (mostly) worked while offline
QNAP warns users to disable AFP until it fixes critical bugs.
Taiwanese corporation QNAP has asked customers this week to disable the AFP file service protocol on their network-attached storage (NAS) appliances until it fixes multiple critical Netatalk vulnerabilities.
https://www.bleepingcomputer.com/news/security/qnap-warns-users-to-disable-afp-until-it-fixes-critical-bugs/
Taiwanese corporation QNAP has asked customers this week to disable the AFP file service protocol on their network-attached storage (NAS) appliances until it fixes multiple critical Netatalk vulnerabilities.
https://www.bleepingcomputer.com/news/security/qnap-warns-users-to-disable-afp-until-it-fixes-critical-bugs/
BleepingComputer
QNAP warns users to disable AFP until it fixes critical bugs
Taiwanese corporation QNAP has asked customers this week to disable the AFP file service protocol on their network-attached storage (NAS) appliances until it fixes multiple critical Netatalk vulnerabilities.
VirusTotal debunks claims of a serious vulnerability in Google-owned antivirus service.
https://portswigger.net/daily-swig/virustotal-debunks-claims-of-a-serious-vulnerability-in-google-owned-antivirus-service
https://portswigger.net/daily-swig/virustotal-debunks-claims-of-a-serious-vulnerability-in-google-owned-antivirus-service
The Daily Swig | Cybersecurity news and views
VirusTotal debunks claims of a serious vulnerability in Google-owned antivirus service
Claims that researchers were able to execute commands within the antivirus platform have been questioned
Forwarded from Una al día
Inyecciones de malware en el gestor de contraseñas KeePass
https://unaaldia.hispasec.com/2022/04/inyecciones-de-malware-en-el-gestor-de-contrasenas-keepass.html
https://unaaldia.hispasec.com/2022/04/inyecciones-de-malware-en-el-gestor-de-contrasenas-keepass.html
Una al Día
Inyecciones de malware en el gestor de contraseñas KeePass
Investigadores de ESET Research han localizado versiones troyanizadas del popular gestor de contraseñas KeePass.
Microsoft Patches Pair of Dangerous Vulnerabilities in Azure PostgreSQL.
Flaws gave attackers a way to access other cloud accounts and databases, security vendor says.
Microsoft has patched a dangerous pair of vulnerabilities in its Azure Database for PostgreSQL Flexible Server that gave attackers unauthorized cross-account access to databases in cloud hosted environments.
https://www.darkreading.com/cloud/microsoft-patches-pair-of-dangerous-vulnerabilities-in-azure-postgresql
Flaws gave attackers a way to access other cloud accounts and databases, security vendor says.
Microsoft has patched a dangerous pair of vulnerabilities in its Azure Database for PostgreSQL Flexible Server that gave attackers unauthorized cross-account access to databases in cloud hosted environments.
https://www.darkreading.com/cloud/microsoft-patches-pair-of-dangerous-vulnerabilities-in-azure-postgresql
Darkreading
Microsoft Patches Pair of Dangerous Vulnerabilities in Azure PostgreSQL
Flaws gave attackers a way to access other cloud accounts and databases, security vendor says.
CISCO corrige vulnerabilidades en dispositivos ASA, FTD y FMC
Fecha de publicación: 29/04/2022
Importancia: 4 - Alta
Descripción:
Cisco ha publicado varias vulnerabilidades de severidad alta de tipo denegación de servicio, desbordamiento de pila, divulgación de información, escalada de privilegios, y bypass de seguridad en la carga de archivos que afectan a dispositivos con el software ASA, FTD y FMC.
https://www.incibe.es/protege-tu-empresa/avisos-seguridad/cisco-corrige-vulnerabilidades-dispositivos-asa-ftd-y-fmc
Fecha de publicación: 29/04/2022
Importancia: 4 - Alta
Descripción:
Cisco ha publicado varias vulnerabilidades de severidad alta de tipo denegación de servicio, desbordamiento de pila, divulgación de información, escalada de privilegios, y bypass de seguridad en la carga de archivos que afectan a dispositivos con el software ASA, FTD y FMC.
https://www.incibe.es/protege-tu-empresa/avisos-seguridad/cisco-corrige-vulnerabilidades-dispositivos-asa-ftd-y-fmc
INCIBE
CISCO corrige vulnerabilidades en dispositivos ASA, FTD y FMC
Vulnerable plugins plague the CMS website security landscape.
https://www.zdnet.com/article/vulnerable-plugins-default-configurations-plague-the-website-security-landscape/
https://www.zdnet.com/article/vulnerable-plugins-default-configurations-plague-the-website-security-landscape/
ZDNET
Vulnerable plugins plague the CMS website security landscape
Backdoors, card skimming, and spam are also common factors in website compromise.
Atlassian: Two-week-long cloud outage impacted 775 customers.
Atlassian says that this month's two-week-long cloud outage has impacted almost double the number of customers it initially estimated after learning of the incident.
https://www.bleepingcomputer.com/news/technology/atlassian-two-week-long-cloud-outage-impacted-775-customers/
Atlassian says that this month's two-week-long cloud outage has impacted almost double the number of customers it initially estimated after learning of the incident.
https://www.bleepingcomputer.com/news/technology/atlassian-two-week-long-cloud-outage-impacted-775-customers/
BleepingComputer
Atlassian doubles the number of orgs affected by two week outage
Atlassian says that this month's two-week-long cloud outage has impacted almost double the number of customers it initially estimated after learning of the incident.
Vulnerabilidades críticas en DSM y SRM de Synology
Fecha de publicación: 03/05/2022
Importancia: 5 - Crítica
Recursos afectados:
Software para los NAS (DSM) y los rúteres (SRM):
DSM, versiones 7.1, 7.0 y 6.2;
Firmware, versión VS 2.3;
SRM, versión 1.2.
Descripción:
Synology ha publicado varias vulnerabilidades de severidad crítica que afectan al software DSM y SRM, las cuales podrían permitir a un atacante ejecutar código arbitrario u obtener información confidencial.
https://www.incibe.es/protege-tu-empresa/avisos-seguridad/vulnerabilidades-criticas-dsm-y-srm-synology
Fecha de publicación: 03/05/2022
Importancia: 5 - Crítica
Recursos afectados:
Software para los NAS (DSM) y los rúteres (SRM):
DSM, versiones 7.1, 7.0 y 6.2;
Firmware, versión VS 2.3;
SRM, versión 1.2.
Descripción:
Synology ha publicado varias vulnerabilidades de severidad crítica que afectan al software DSM y SRM, las cuales podrían permitir a un atacante ejecutar código arbitrario u obtener información confidencial.
https://www.incibe.es/protege-tu-empresa/avisos-seguridad/vulnerabilidades-criticas-dsm-y-srm-synology
Ejecución remota de código en switches de Aruba
Fecha de publicación: 04/05/2022
Importancia: 5 - Crítica
Descripción:
El equipo de investigación de Armis ha descubierto múltiples vulnerabilidades de desbordamiento de búfer basado en memoria dinámica (heap) en varios dispositivos de Aruba que podría permitir a un atacante remoto la ejecución de código arbitrario en el dispositivo afectado.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ejecucion-remota-codigo-switches-aruba
Fecha de publicación: 04/05/2022
Importancia: 5 - Crítica
Descripción:
El equipo de investigación de Armis ha descubierto múltiples vulnerabilidades de desbordamiento de búfer basado en memoria dinámica (heap) en varios dispositivos de Aruba que podría permitir a un atacante remoto la ejecución de código arbitrario en el dispositivo afectado.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ejecucion-remota-codigo-switches-aruba
INCIBE-CERT
Ejecución remota de código en switches de Aruba
El equipo de investigación de Armis ha descubierto múltiples vulnerabilidades de desbordamiento de búfer basado en memoria dinámica (heap) en varios dispositivos de Aruba que podría permitir a un
Security Advisory Description
Undisclosed requests may bypass iControl REST authentication. (CVE-2022-1388)
Impact
This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.
https://support.f5.com/csp/article/K23605346
Undisclosed requests may bypass iControl REST authentication. (CVE-2022-1388)
Impact
This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.
https://support.f5.com/csp/article/K23605346
Múltiples vulnerabilidades en NFVIS de Cisco
Fecha de publicación: 05/05/2022
Importancia: 5 - Crítica
Recursos afectados:
Cisco Enterprise NFV Infrastructure Software (NFVIS), con la configuración por defecto.
Descripción:
Se han publicado 2 vulnerabilidades, una crítica y otra alta, en Cisco Enterprise NFV Infrastructure (NFVIS), que podrían permitir a un atacante pasar de la máquina virtual (VM) invitada al host, inyectar comandos como root o filtrar datos del sistema, desde el anfitrión a la máquina virtual.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-nfvis-cisco
Fecha de publicación: 05/05/2022
Importancia: 5 - Crítica
Recursos afectados:
Cisco Enterprise NFV Infrastructure Software (NFVIS), con la configuración por defecto.
Descripción:
Se han publicado 2 vulnerabilidades, una crítica y otra alta, en Cisco Enterprise NFV Infrastructure (NFVIS), que podrían permitir a un atacante pasar de la máquina virtual (VM) invitada al host, inyectar comandos como root o filtrar datos del sistema, desde el anfitrión a la máquina virtual.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-nfvis-cisco
INCIBE-CERT
Múltiples vulnerabilidades en NFVIS de Cisco
Se han publicado 2 vulnerabilidades, una crítica y otra alta, en Cisco Enterprise NFV Infrastructure (NFVIS), que podrían permitir a un atacante pasar de la máquina virtual (VM) invitada al host,
Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver
CVE-2022-29972
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29972
CVE-2022-29972
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29972
May 2022 Microsoft Security Updates
RCE's en el reporte de mayo:
Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21972
Windows LDAP Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22012
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29128
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29129
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29130
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29131
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29139
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22015
Remote Desktop Client Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22017
Remote Procedure Call Runtime Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22019
Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23270
Windows Address Book Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26926
Windows Graphics Component Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26927
Windows Network File System Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26937
Microsoft SharePoint Server Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29108
Microsoft Excel Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29109
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29110
Windows Fax Service Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29115
Visual Studio Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29148
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30129
RCE's en el reporte de mayo:
Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21972
Windows LDAP Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22012
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29128
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29129
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29130
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29131
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29139
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22015
Remote Desktop Client Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22017
Remote Procedure Call Runtime Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22019
Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23270
Windows Address Book Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26926
Windows Graphics Component Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26927
Windows Network File System Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26937
Microsoft SharePoint Server Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29108
Microsoft Excel Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29109
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29110
Windows Fax Service Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29115
Visual Studio Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29148
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30129