Netgear has released security updates to address vulnerabilities in R7000, XR1000 and Range Extender AC. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Netgear Security Advisories PSV-2023-0154, PSV-2023-0152 and PSV-2023-0151 and apply necessary updates.

Google has released security updates to address vulnerabilities in ChromeOS, Chrome for Android and Chrome for desktop. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Chrome Security Advisories chromeOS-update, chrome-for-android and chrome-for-desktop and apply necessary updates.

cPanel has released security update to address vulnerabilities in NodeJS 18 and 20. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review cPanel Security Advisory and apply necessary updates.

Advisory No: TZCERT/SA/2024/02/22

Date of First Release: 22^nd February 2024

Source: WordPress plugin Bricks Builder

Software Affected: Bricks Builder versions 1.9.6 and earlier

Overview:

WordPress has released security updates to address a critical vulnerability (CVE-2024-25600) impacting their Bricks Builder Plug-in. Successful exploitation of the vulnerability may allow an attacker to perform remote code execution and gain control of the server.

Description:

CVE-2024-25600 (CVSS score of 9.8) is due to an eval function call in the ‘prepare_query_vars_from_settings’ function, which could allow an unauthenticated user to exploit it to execute arbitrary PHP code.

Impact:

Successful exploitation of this vulnerability may allow a remote attacker to take control of the affected system.

Solution:

Users and administrators of affected product versions are advised to update to the latest version immediately.

References:

1. https://www.csa.gov.sg/alerts-advisories/alerts/2024/al-2024-021
2. https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-rce-flaw-in-bricks-wordpress-site-builder/

Oracle has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review Oracle Security Advisories dated Oracle Linux Security Advisories dated 19^th February 2024 and apply necessary updates.