Últimas 20 Vulnerabilidades CVE

Análisis, notificación y seguimiento de aquellas vulnerabilidades más críticas, que impactan, especialmente, en las tecnologías empleadas en el sector público.
  • K28942395: OpenSSH vulnerability CVE-2018-15473

    OpenSSH vulnerability CVE-2018-15473 Security Advisory Security Advisory Description OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid ... More info: https://support.f5.com/csp/article/K28942395?utm_source=f5support&utm_medium=RSS

  • Threat Research: New Method of Volume Shadow Backup Deletion Seen in Recent Ransomware

    VMware Threat Analysis Unit (TAU) researchers have recently observed a new technique for the deletion of volume shadow copies. In a recent ransomware sample it was discovered that the technique, which could still be in development, uses Windows COM (Component Object Model) libraries like a legitimate backup solution to delete all volume shadow copies resulting … ContinuedThe post Threat Research: New Method of Volume Shadow Backup Deletion Seen in Recent Ransomware appeared first on More info: https://blogs.vmware.com/security/2022/09/threat-research-new-method-of-volume-shadow-backup-deletion-seen-in-recent-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=threat-research-new-method-of-volume-shadow-backup-deletion-seen-in-recent-ransomware

  • Threat Report: Illuminating Volume Shadow Deletion

    Executive Summary Ransomware is one of the greatest threats to all industries. Threat actors have the ability to severely hinder, or destroy, the operations of organizations that range from small non-profits to global corporations. While there are many research studies on ransomware, this paper will describe specifically its method of destroying a form of Windows … ContinuedThe post Threat Report: Illuminating Volume Shadow Deletion appeared first on VMware Security Blog. More info: https://blogs.vmware.com/security/2022/09/threat-report-illuminating-volume-shadow-deletion.html?utm_source=rss&utm_medium=rss&utm_campaign=threat-report-illuminating-volume-shadow-deletion

  • The Evolution of the Chromeloader Malware

    Executive Summary ChromeLoader proves to be an extremely prevalent and persistent malware. It initially drops as an .iso and can be used to leak users’ browser credentials, harvest recent online activity and hijack the browser searches to display ads. The VMware Carbon Black Managed Detection and Response (MDR) team observed the first Windows variants of … ContinuedThe post The Evolution of the Chromeloader Malware appeared first on VMware Security Blog. More info: https://blogs.vmware.com/security/2022/09/the-evolution-of-the-chromeloader-malware.html?utm_source=rss&utm_medium=rss&utm_campaign=the-evolution-of-the-chromeloader-malware

  • The Evolution of the Chromeloader Malware

    Executive Summary Chromeloader proves to be an extremely prevalent and persistent malware. It initially drops as an .iso and can be used to leak users’ browser credentials, harvest recent online activity and hijack the browser searches to display ads. The VMware Carbon Black Managed Detection and Response (MDR) team observed the first Windows variants of … ContinuedThe post The Evolution of the Chromeloader Malware appeared first on VMware Security Blog. More info: https://blogs.vmware.com/security/2022/09/the-evolution-of-the-chromeloader-malware.html?utm_source=rss&utm_medium=rss&utm_campaign=the-evolution-of-the-chromeloader-malware

  • MSA-22-0026: No groups filtering in H5P activity attempts report

    by Michael Hawkins. The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.Severity/Risk:MinorVersions affected:4.0 to 4.0.3, 3.11 to 3.11.9, 3.9 to 3.9.16 and earlier unsupported versionsVersions fixed:4.0.4, 3.11.10 and 3.9.17Reported by:Jari Vilkman and Bjørn TeistungWorkaround:Access to this feature can be revoked by removing the More info: https://moodle.org/mod/forum/discuss.php?d=438395&parent=1764796

  • MSA-22-0025: Minor SQL injection risk in admin user browsing

    by Michael Hawkins. A limited SQL injection risk was identified in the "browse list of users" site administration page.Severity/Risk:MinorVersions affected:4.0 to 4.0.3, 3.11 to 3.11.9, 3.9 to 3.9.16 and earlier unsupported versionsVersions fixed:4.0.4, 3.11.10 and 3.9.17Reported by:VincentCVE identifier:CVE-2022-40315Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75283Tracker issue:MDL-75283 Minor SQL injection risk in admin More info: https://moodle.org/mod/forum/discuss.php?d=438394&parent=1764795

  • MSA-22-0024: Remote code execution risk when restoring malformed backup file from Moodle 1.9

    by Michael Hawkins. A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified.Severity/Risk:SeriousVersions affected:4.0 to 4.0.3, 3.11 to 3.11.9, 3.9 to 3.9.16 and earlier unsupported versionsVersions fixed:4.0.4, 3.11.10 and 3.9.17Reported by:Paul HoldenCVE identifier:CVE-2022-40314Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75405Tracker issue:MDL-75405 Remote code execution risk when More info: https://moodle.org/mod/forum/discuss.php?d=438393&parent=1764794

  • MSA-22-0023: Stored XSS and page denial of service risks due to recursive rendering in Mustache template helpers

    by Michael Hawkins. Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.Severity/Risk:SeriousVersions affected:4.0 to 4.0.3, 3.11 to 3.11.9, 3.9 to 3.9.16 and earlier unsupported versionsVersions fixed:4.0.4, 3.11.10 and 3.9.17Reported by:Adam Roberts, NCC GroupCVE identifier:CVE-2022-40313Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-68066Tracker More info: https://moodle.org/mod/forum/discuss.php?d=438392&parent=1764793

  • K39178480: Perl vulnerability CVE-2018-18311

    Perl vulnerability CVE-2018-18311 Security Advisory Security Advisory Description Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers ... More info: https://support.f5.com/csp/article/K39178480?utm_source=f5support&utm_medium=RSS

Translate »