Af Eskil Sørensen, 19/07/21
CVE-2021-3438: Skjult i 16 år – millioner af printere verden over er sårbare.
As part of our commitment to secure the internet for all users, our researchers have engaged in an open-ended process of vulnerability discovery for targets that impact wide swaths of end users. Our research has been consistently fruitful, particularly in the area of OEM drivers.
<https://labs.sentinelone.com/cve-2021-3438-16-years-in-hiding-millions-of-printers-worldwide-vulnerable/>
<https://therecord.media/hundreds-of-millions-of-hp-xerox-and-samsung-printers-vulnerable-to-new-bug/>
<https://thehackernews.com/2021/07/16-year-old-security-bug-affects.html>
<https://www.zdnet.com/article/hp-patches-vulnerable-printer-driver-impacting-millions-of-devices/>
<https://securityaffairs.co/wordpress/120358/security/cve-2021-3438-printer-driver-flaw.html>
Igen: flere producenter udsender opdateringer til kritiske sårbarheder
Atlassian beder kunder om at patche en kritisk sårbarhed i Jira
Atlassian is prompting its enterprise customers to patch a critical vulnerability in many versions of its Jira Data Center and Jira Service Management Data Center products. The vulnerability tracked as CVE-2020-36239 can give remote attackers arbitrary code execution abilities, due to a missing authentication flaw in Jira's implementation of Ehcache, an open-source component.
<https://www.bleepingcomputer.com/news/security/atlassian-asks-customers-to-patch-critical-jira-vulnerability/>
<https://www.securityweek.com/atlassian-patches-critical-vulnerability-jira-data-center-products>
Cisco udsender sikkerhedsopdateringer
Cisco has released security updates to address multiple vulnerabilities in Intersight Virtual Appliance. An attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
<https://us-cert.cisa.gov/ncas/current-activity/2021/07/22/cisco-releases-security-updates>
Drupal udsender sikkerhedsopdateringer
Drupal has released security updates to address a critical third-party-library vulnerability that could affect Drupal 7, 8.9, 9.1, and 9.2. An attacker could exploit this vulnerability to take control of an affected system.
<https://us-cert.cisa.gov/ncas/current-activity/2021/07/22/drupal-releases-security-updates>
<https://www.drupal.org/sa-core-2021-004>
Dell patcher kritiske sårbarheder i OpenManage Enterprise
Patches released this week by Dell for its OpenManage Enterprise product address multiple critical-severity vulnerabilities.
<https://www.securityweek.com/dell-patches-critical-vulnerabilities-openmanage-enterprise>
Fem softwarehuse udsender vigtige sikkerhedsopdateringer.
Adobe udsender sikkerhedsopdateringer til en række produkter.
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
<https://us-cert.cisa.gov/ncas/current-activity/2021/07/21/adobe-releases-security-updates-multiple-products>
<https://www.securityweek.com/adobe-patches-21-vulnerabilities-across-seven-products>
Google frigiver sikkerhedsopdateringer til Chrome.
Google has released Chrome version 92.0.4515.107 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
<https://us-cert.cisa.gov/ncas/current-activity/2021/07/21/google-releases-security-updates-chrome>
<https://www.securityweek.com/chrome-92-brings-several-privacy-security-improvements>
Apple udsender sikkerhedsopdateringer.
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device.
<https://us-cert.cisa.gov/ncas/current-activity/2021/07/21/apple-releases-security-updates>
Oracle frigiver kritisk patchopdatering for juli 2021.
Oracle has released its Critical Patch Update for July 2021 to address 327 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
<https://us-cert.cisa.gov/ncas/current-activity/2021/07/20/oracle-releases-july-2021-critical-patch-update>
<https://www.securityweek.com/oracle-releases-july-2021-cpu-342-security-patches>
Citrix udsender sikkerhedsopdateringer.
Citrix has released security updates to address multiple vulnerabilities in Application Delivery Controller, Gateway, and SD-WAN WANOP Edition. An attacker could exploit some of these vulnerabilities to take control of an affected system.
<https://us-cert.cisa.gov/ncas/current-activity/2021/07/20/citrix-releases-security-updates>
Juniper patcher kritiske fejl i tredjeparts software på tværs af sine produkter.
Juniper Networks has shipped security patches to cover numerous vulnerabilities across its product portfolio, including a series of critical bugs in third-party software used in Juniper's product portfolio.
<https://www.securityweek.com/juniper-patches-critical-third-party-flaws-across-product-portfolio>
Ny Windows Print Spooler 0-dags sårbarhed kan udnyttes via remote printservere.
Another zero day vulnerability in Windows Print Spooler can give a threat actor administrative privileges on a Windows machine through a remote server under the attacker's control and the 'Queue-Specific Files' feature.