F5 has released security updates to address a vulnerability in libxml2. Exploitation of this vulnerability may allow an attacker to take control of affected system.

Users and administrators are encouraged to review F5 Security Advisory and apply necessary updates.

Red Hat has released security updates to address vulnerabilities in kernel, container, bind and httpd. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Red Hat Security Advisories RHSA-2024:5259, RHSA-2024:5258, RHSA-2024:5231 and RHSA-2024:5193 and apply necessary updates.

WordPress has released security updates to address vulnerabilities in Media Library Assistant, Element Pack Elementor, Essential Addons and JS Help Desk. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Wordfence Security Advisories media-library-assistant, bdthemes-element-pack, essential-addons-for-elementor and js-support-ticket and apply necessary updates.

Gentoo has released security updates to address vulnerabilities in multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Gentoo Security Advisories glsa-202408-20, glsa-202408-33, glsa-202408-32, glsa-202408-28, glsa-202408-27, glsa-202408-25, glsa-202408-24 and glsa-202408-23 and apply necessary updates.

Advisory No: TZCERT/SA/2024/08/09-2

Date of First Release: 09^th August 2024

Source: Drupal

Software Affected: Opigno LMS packages

Overview:

Opigno LMS packages in Drupal CMS are vulnerable to arbitrary code execution vulnerabilities. The attacker can leverage the vulnerabilities to take control of the affected system.

Description:

Opigno Learning path, Opigno_module, and Opigno group manager running in Drupal CMS are affected by arbitrary PHP code execution vulnerabilities resulting from the permissions misconfiguration in administration form allowing execution of arbitrary code.

The vulnerabilities allow the attacker to upload malicious files which may contain arbitrary code (RCE) or cross-site scripting (XSS).

Impact:

Successful exploitation of these vulnerabilities may allow the attacker to take control of the affected device.

Solution:

Drupal has released patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References:

1. https://www.drupal.org/sa-contrib-2024-029
2. https://www.drupal.org/sa-contrib-2024-028
3. https://www.drupal.org/sa-contrib-2024-027