VMSA-2024-0016: VMware Cloud Director Availability addresses an HTML injection vulnerability (CVE-2024-22277)
Advisory ID: VMSA-2024-0016
Severity: Moderate
CVSSv3 Range: 6.4
Issue date: 2024-07-04
CVE(s) CVE-2024-22277
Synopsis:
VMware Cloud Director Availability addresses an HTML injection vulnerability (CVE-2024-22277)
Impacted Products
VMware Cloud Director Availability
Introduction
An HTML injection vulnerability in VMware Cloud Director Availability was responsibly reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24557
Advisory ID: VMSA-2024-0016
Severity: Moderate
CVSSv3 Range: 6.4
Issue date: 2024-07-04
CVE(s) CVE-2024-22277
Synopsis:
VMware Cloud Director Availability addresses an HTML injection vulnerability (CVE-2024-22277)
Impacted Products
VMware Cloud Director Availability
Introduction
An HTML injection vulnerability in VMware Cloud Director Availability was responsibly reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24557
Cloudflare blames recent outage on BGP hijacking incident
Internet giant Cloudflare reports that its DNS resolver service, 1.1.1.1, was recently unreachable or degraded for some of its customers because of a combination of Border Gateway Protocol (BGP) hijacking and a route leak.
https://www.bleepingcomputer.com/news/security/cloudflare-blames-recent-outage-on-bgp-hijacking-incident/
Internet giant Cloudflare reports that its DNS resolver service, 1.1.1.1, was recently unreachable or degraded for some of its customers because of a combination of Border Gateway Protocol (BGP) hijacking and a route leak.
https://www.bleepingcomputer.com/news/security/cloudflare-blames-recent-outage-on-bgp-hijacking-incident/
BleepingComputer
Cloudflare blames recent outage on BGP hijacking incident
Internet giant Cloudflare reports that its DNS resolver service, 1.1.1.1, was recently unreachable or degraded for some of its customers because of a combination of Border Gateway Protocol (BGP) hijacking and a route leak.
Microsoft Updates
July 2024 Security Updates
https://msrc.microsoft.com/update-guide/releaseNote/2024-Jul
July 2024 Security Updates
https://msrc.microsoft.com/update-guide/releaseNote/2024-Jul
Múltiples vulnerabilidades en productos de Citrix
Fecha 10/07/2024
Importancia 5 - Crítica
Recursos Afectados
La siguiente versión compatible de NetScaler Console (anteriormente NetScaler ADM) se ve afectada por CVE-2024-6235:
Consola NetScaler 14.1 anterior a 14.1-25.53.
Las siguientes versiones compatibles de NetScaler Console, NetScaler Agent y NetScaler SVM se ven afectadas por CVE-2024-6236:
Consola NetScaler 14.1 anterior a 14.1-25.53;
Consola NetScaler 13.1 anterior a 13.1-53.22;
Consola NetScaler 13.0 anterior a 13.0-92.31;
NetScaler SVM 14.1 anterior a 14.1-25.53;
NetScaler SVM 13.1 anterior a 13.1-53.17;
NetScaler SVM 13.0 anterior a 13.0-92.31;
Agente NetScaler 14.1 anterior a 14.1-25.53;
Agente NetScaler 13.1 anterior a 13.1-53.22;
Agente NetScaler 13.0 anterior a 13.0-92.31.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-productos-de-citrix
Fecha 10/07/2024
Importancia 5 - Crítica
Recursos Afectados
La siguiente versión compatible de NetScaler Console (anteriormente NetScaler ADM) se ve afectada por CVE-2024-6235:
Consola NetScaler 14.1 anterior a 14.1-25.53.
Las siguientes versiones compatibles de NetScaler Console, NetScaler Agent y NetScaler SVM se ven afectadas por CVE-2024-6236:
Consola NetScaler 14.1 anterior a 14.1-25.53;
Consola NetScaler 13.1 anterior a 13.1-53.22;
Consola NetScaler 13.0 anterior a 13.0-92.31;
NetScaler SVM 14.1 anterior a 14.1-25.53;
NetScaler SVM 13.1 anterior a 13.1-53.17;
NetScaler SVM 13.0 anterior a 13.0-92.31;
Agente NetScaler 14.1 anterior a 14.1-25.53;
Agente NetScaler 13.1 anterior a 13.1-53.22;
Agente NetScaler 13.0 anterior a 13.0-92.31.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-productos-de-citrix
www.incibe.es
Múltiples vulnerabilidades en productos de Citrix
Citrix ha publicado 2 vulnerabilidades de severidades crítica y alta, que podrían provocar una divulga
Blast-RADIUS: omisión de autenticación en protocolo RADIUS
Fecha 10/07/2024
Importancia 5 - Crítica
Recursos Afectados
Blast-RADIUS es una vulnerabilidad de protocolo que afecta a todas las implementaciones de RADIUS que utilicen métodos de autenticación no EAP sobre UDP.
CERT/CC ha publicado un aviso recogiendo información sobre esta vulnerabilidad, así como un listado con los fabricantes afectados, que puede consultarse en las referencias.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/blast-radius-omision-de-autenticacion-en-protocolo-radius
Fecha 10/07/2024
Importancia 5 - Crítica
Recursos Afectados
Blast-RADIUS es una vulnerabilidad de protocolo que afecta a todas las implementaciones de RADIUS que utilicen métodos de autenticación no EAP sobre UDP.
CERT/CC ha publicado un aviso recogiendo información sobre esta vulnerabilidad, así como un listado con los fabricantes afectados, que puede consultarse en las referencias.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/blast-radius-omision-de-autenticacion-en-protocolo-radius
www.incibe.es
Blast-RADIUS: omisión de autenticación en protocolo RADIUS
El ataque Blast-RADIUS, descubierto por varios
Actualización para solucionar una vulnerabilidad en impresoras y equipos multifunción Ricoh
Fecha 10/07/2024
Importancia 4 - Alta
Recursos Afectados
Versiones del firmware IM C3510/C3010 anteriores a System/Copy 2.00-00;
Versiones del firmware IM C6010/C5510/C4510 anteriores a System/Copy 2.00-00;
Versiones del firmware IM C2510/C2010 anteriores a System/Copy 2.00-00;
Versiones del firmware IM C7010 anteriores a System/Copy 1.05-00;
Versiones del firmware IM 460F/460FTL/370/370F anteriores a System/Copy 1.10-00;
Versiones del firmware IP C8500 anteriores al sistema 1.04-00.
Descripción
Se ha detectado una vulnerabilidad de escritura fuera de límites del búfer de memoria en las impresoras multifunción (MFP) e impresoras Ricoh.
https://www.incibe.es/empresas/avisos/actualizacion-para-solucionar-una-vulnerabilidad-en-impresoras-y-equipos
Fecha 10/07/2024
Importancia 4 - Alta
Recursos Afectados
Versiones del firmware IM C3510/C3010 anteriores a System/Copy 2.00-00;
Versiones del firmware IM C6010/C5510/C4510 anteriores a System/Copy 2.00-00;
Versiones del firmware IM C2510/C2010 anteriores a System/Copy 2.00-00;
Versiones del firmware IM C7010 anteriores a System/Copy 1.05-00;
Versiones del firmware IM 460F/460FTL/370/370F anteriores a System/Copy 1.10-00;
Versiones del firmware IP C8500 anteriores al sistema 1.04-00.
Descripción
Se ha detectado una vulnerabilidad de escritura fuera de límites del búfer de memoria en las impresoras multifunción (MFP) e impresoras Ricoh.
https://www.incibe.es/empresas/avisos/actualizacion-para-solucionar-una-vulnerabilidad-en-impresoras-y-equipos
www.incibe.es
Actualización para solucionar una vulnerabilidad en impresoras y equipos multifunción Ricoh
Se ha detectado una vulnerabilidad de escritura fuera de límites del búfer de memoria en las impresora
Múltiples vulnerabilidades 0day en WBR-6013 de LevelOne
Fecha 09/07/2024
Importancia 5 - Crítica
Recursos Afectados
LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623.
Descripción
Francesco Benvenuto de Cisco Talos, ha descubierto 2 vulnerabilidades: una de severidad crítica y otra alta, que podrían permitir a un atacante ejecutar comandos arbitrarios.
Solución
No existe solución hasta el momento.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-0day-en-wbr-6013-de-levelone
Fecha 09/07/2024
Importancia 5 - Crítica
Recursos Afectados
LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623.
Descripción
Francesco Benvenuto de Cisco Talos, ha descubierto 2 vulnerabilidades: una de severidad crítica y otra alta, que podrían permitir a un atacante ejecutar comandos arbitrarios.
Solución
No existe solución hasta el momento.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-0day-en-wbr-6013-de-levelone
www.incibe.es
Múltiples vulnerabilidades 0day en WBR-6013 de LevelOne
Francesco Benvenuto de Cisco Talos, ha descubierto 2 vulnerabilidades: una de severidad crítica y otra
Adobe Issues Critical Patches for Multiple Products, Warns of Code Execution Risks
Adobe documents at least seven code execution bugs affecting Adobe Premiere Pro, Adobe InDesign and Adobe Bridge on Windows and macOS.
Software maker Adobe on Tuesday released critical-severity patches for security defects in multiple enterprise-facing products and warned that both Windows and macOS are exposed to code execution attacks.
https://www.securityweek.com/adobe-issues-critical-patches-for-multiple-products-warns-of-code-execution-risks/
Adobe documents at least seven code execution bugs affecting Adobe Premiere Pro, Adobe InDesign and Adobe Bridge on Windows and macOS.
Software maker Adobe on Tuesday released critical-severity patches for security defects in multiple enterprise-facing products and warned that both Windows and macOS are exposed to code execution attacks.
https://www.securityweek.com/adobe-issues-critical-patches-for-multiple-products-warns-of-code-execution-risks/
SecurityWeek
Adobe Issues Critical Patches for Multiple Products, Warns of Code Execution Risks
Adobe documents at least seven code execution bugs affecting Adobe Premiere Pro, Adobe InDesign and Adobe Bridge on Windows and macOS.
CVE-2024-5910 Expedition: Missing Authentication Leads to Admin Account Takeover
Severity: CRITICAL
CVSSv4.0 Base Score: 9.3
Workarounds and Mitigations
Ensure networks access to Expedition is restricted to authorized users, hosts, or networks.
https://security.paloaltonetworks.com/CVE-2024-5910
Severity: CRITICAL
CVSSv4.0 Base Score: 9.3
Workarounds and Mitigations
Ensure networks access to Expedition is restricted to authorized users, hosts, or networks.
https://security.paloaltonetworks.com/CVE-2024-5910
Palo Alto Networks Product Security Assurance
CVE-2024-5910 Expedition: Missing Authentication Leads to Admin Account Takeover
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.
Note: Expedition is a...
Note: Expedition is a...
2024-07 Security Bulletin: Junos Space: Multiple vulnerabilities resolved in 24.1R1 release
Article IDJSA83026Created2024-07-10
Multiple vulnerabilities have been resolved in the Juniper Networks Junos Space 24.1R1 release by updating third party software included with Junos Space.
These issues affect Juniper Networks Junos Space versions prior to 24.1R1.
https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R1-release
Article IDJSA83026Created2024-07-10
Multiple vulnerabilities have been resolved in the Juniper Networks Junos Space 24.1R1 release by updating third party software included with Junos Space.
These issues affect Juniper Networks Junos Space versions prior to 24.1R1.
https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R1-release
Cisco SSM On-Prem bug lets hackers change any user's password
Cisco has fixed a maximum severity vulnerability that allows attackers to change any user's password on vulnerable Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers, including administrators.
The flaw also impacts SSM On-Prem installations earlier than Release 7.0, known as Cisco Smart Software Manager Satellite (SSM Satellite).
https://www.bleepingcomputer.com/news/security/cisco-ssm-on-prem-bug-lets-hackers-change-any-users-password/
Cisco has fixed a maximum severity vulnerability that allows attackers to change any user's password on vulnerable Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers, including administrators.
The flaw also impacts SSM On-Prem installations earlier than Release 7.0, known as Cisco Smart Software Manager Satellite (SSM Satellite).
https://www.bleepingcomputer.com/news/security/cisco-ssm-on-prem-bug-lets-hackers-change-any-users-password/
BleepingComputer
Cisco SSM On-Prem bug lets hackers change any user's password
Cisco has fixed a maximum severity vulnerability that allows attackers to change any user's password on vulnerable Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers, including administrators.
Cisco Secure Email Gateway Arbitrary File Write Vulnerability
Advisory ID: cisco-sa-esa-afw-bGG2UsjH
First Published: 2024 July 17 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCwj53998
CVE-2024-20401
CWE-36
CVSS Score: Base 9.8
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH
Advisory ID: cisco-sa-esa-afw-bGG2UsjH
First Published: 2024 July 17 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCwj53998
CVE-2024-20401
CWE-36
CVSS Score: Base 9.8
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH
Cisco
Cisco Security Advisory: Cisco Secure Email Gateway Arbitrary File Write Vulnerability
A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system.
This vulnerability is due to improper handling…
This vulnerability is due to improper handling…
Actualizaciones críticas en Oracle (julio 2024)
Fecha 17/07/2024
Importancia 5 - Crítica
Recursos Afectados
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/actualizaciones-criticas-en-oracle-julio-2024
Fecha 17/07/2024
Importancia 5 - Crítica
Recursos Afectados
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/actualizaciones-criticas-en-oracle-julio-2024
www.incibe.es
Actualizaciones críticas en Oracle (julio 2024)
Oracle ha publicado una actualización crítica con parches para corregir vulnerabilidades, que afectan
CCN-CERT AV 12/24 Indisponibilidad de equipos Windows por fallo en el agente Falcon de CrowdStrike
https://www.ccn-cert.cni.es/es/seguridad-al-dia/avisos-ccn-cert/12981-ccn-cert-av-12-24-indisponibilidad-de-equipos-windows-por-fallo-en-el-agente-falcon-de-crowdstrike.html
https://www.ccn-cert.cni.es/es/seguridad-al-dia/avisos-ccn-cert/12981-ccn-cert-av-12-24-indisponibilidad-de-equipos-windows-por-fallo-en-el-agente-falcon-de-crowdstrike.html
Forwarded from Una al día
Pantalla Azul de la Muerte, Empresas de Todo el Mundo Afectadas por Error de CrowdStrike
https://unaaldia.hispasec.com/2024/07/pantalla-azul-de-la-muerte-empresas-de-todo-el-mundo-afectadas-por-error-de-crowdstrike.html?utm_source=rss&utm_medium=rss&utm_campaign=pantalla-azul-de-la-muerte-empresas-de-todo-el-mundo-afectadas-por-error-de-crowdstrike
https://unaaldia.hispasec.com/2024/07/pantalla-azul-de-la-muerte-empresas-de-todo-el-mundo-afectadas-por-error-de-crowdstrike.html?utm_source=rss&utm_medium=rss&utm_campaign=pantalla-azul-de-la-muerte-empresas-de-todo-el-mundo-afectadas-por-error-de-crowdstrike
Una al Día
Pantalla Azul de la Muerte, Empresas de Todo el Mundo Afectadas por Error de CrowdStrike
Hoy, viernes 19 de julio, son numerosos los medios de comunicación que se están haciendo eco del fallo a escala mundial causado por la actualización de uno de los servicios del gigante tecnológico Crowdstrike, y a pesar de que ya se ha conocido una solución…
REMEDIATION AND GUIDANCE HUB:
FALCON CONTENT UPDATE
FOR WINDOWS HOSTS
Page last updated 2024-07-24 0335 UTC
https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
FALCON CONTENT UPDATE
FOR WINDOWS HOSTS
Page last updated 2024-07-24 0335 UTC
https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
crowdstrike.com
Falcon Content Update Remediation and Guidance Hub | CrowdStrike
Access consolidated remediation and guidance resources for the CrowdStrike Falcon content update affecting Windows hosts.
Múltiples vulnerabilidades en Endpoint Manager para Mobile de Ivanti
Fecha 23/07/2024
Importancia 5 - Crítica
Recursos Afectados
Endpoint Manager for Mobile: versiones anteriores a 11.12.0.3, 12.0.0.3 and 12.1.0.1.
Descripción
Ivanti ha publicado 4 vulnerabilidades: 1 de severidad crítica, 2 altas y una media. La explotación de estas vulnerabilidades podría permitir fuga de información, acceso a recursos y ejecución de código.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-endpoint-manager-para-mobile-de-ivanti
Fecha 23/07/2024
Importancia 5 - Crítica
Recursos Afectados
Endpoint Manager for Mobile: versiones anteriores a 11.12.0.3, 12.0.0.3 and 12.1.0.1.
Descripción
Ivanti ha publicado 4 vulnerabilidades: 1 de severidad crítica, 2 altas y una media. La explotación de estas vulnerabilidades podría permitir fuga de información, acceso a recursos y ejecución de código.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-endpoint-manager-para-mobile-de-ivanti
www.incibe.es
Múltiples vulnerabilidades en Endpoint Manager para Mobile de Ivanti
Ivanti ha publicado 4 vulnerabilidades: 1 de severidad crítica, 2 altas y una media.
Vulnerabilities in LangChain Gen AI
Researchers from Palo Alto Networks have identified two vulnerabilities in LangChain, a popular open source generative AI framework with over 81,000 stars on GitHub
https://unit42.paloaltonetworks.com/langchain-vulnerabilities/
Researchers from Palo Alto Networks have identified two vulnerabilities in LangChain, a popular open source generative AI framework with over 81,000 stars on GitHub
https://unit42.paloaltonetworks.com/langchain-vulnerabilities/
Unit 42
Vulnerabilities in LangChain Gen AI
This article is a detailed study of CVE-2023-46229 and CVE-2023-44467, two vulnerabilities discovered by our researchers affecting generative AI framework LangChain.
Docker fixes critical 5-year old authentication bypass flaw
Docker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances.
https://www.bleepingcomputer.com/news/security/docker-fixes-critical-5-year-old-authentication-bypass-flaw/
Docker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances.
https://www.bleepingcomputer.com/news/security/docker-fixes-critical-5-year-old-authentication-bypass-flaw/
BleepingComputer
Docker fixes critical 5-year old authentication bypass flaw
Docker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances.