SUSE has released security updates to address vulnerabilities in multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review SUSE Security Advisories suse-su-20241923-1, suse-su-20241922-1, suse-su-20241911-1, suse-su-20241908-1 and suse-su-20241901-1 and apply necessary updates.

Dell has released security updates to address vulnerabilities in Dell PowerScale OneFS and Dell PowerEdge Server. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Dell Security Advisories dsa-2024-210 and dsa-2024-001 and apply necessary updates.

Google has released security update to address vulnerabilities in ChromeOS. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Chrome Security Advisory and apply necessary updates.

Advisory No: TZCERT/SA/2024/05/31-2

Date of First Release: 31^st May 2024

Source: Hewlett-Packard (HP)

Software Affected:  Servers

Overview:

HPE ProLiant and HPE Edgeline Servers are vulnerable to multiple high severity vulnerabilities. The attackers can leverage the vulnerabilities to take control of the affected system.

Description:

The five high-severity vulnerabilities among other vulnerabilities affecting the HPE ProLiant and Edgeline servers are tracked as CVE-2023-45229, CVE-2023-45230, CVE-2023-45234, CVE-2023-45235 and CVE-2021-38575. These vulnerabilities could be remotely exploited to allow remote code execution, denial of service, information disclosure and local unauthorized access.

Impact:

Successful exploitation of these vulnerabilities may allow an attacker to take control of the vulnerable system

Solution:

HP has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References:

1. https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04593en_us&docLocale=en_US

Advisory No: TZCERT/SA/2024/05/31-1

Date of First Release: 31^st May 2024

Source: Wordfence

Software Affected:  html5-video-player,  login-with-phone-number,  wp-staging

Overview:

WordPress is vulnerable to three critical vulnerabilities. The attackers can leverage the vulnerabilities to take control of the affected system.

Description:

Three WordPress plugins namely html5-video-player,  login-with-phone-number,  wp-staging are affected by the vulnerabilities tracked as CVE-2024-5522, CVE-2024-5150 and CVE-2024-3412 respectively. Reasons for the flaws include insufficient escaping and validation of user-supplied data. The attackers can exploit the vulnerabilities to gain access to the vulnerable system and access to sensitive information.

Impact:

Successful exploitation of these vulnerabilities may allow an attacker to take control of the vulnerable system

Solution:

WordPress has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References:

1. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/html5-video-player/html5-video-player-2526-unauthenticated-sql-injection
2. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/login-with-phone-number/login-with-phone-number-1726-authentication-bypass-due-to-missing-empty-value-check
3. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-staging/wp-staging-wordpress-backup-plugin-migration-backup-restore-343-authenticated-admin-arbitrary-file-upload