NetGear has released security updates to address a vulnerability in the Data Protection Advisor and PowerProtect DP Series Appliance (IDPA). Exploitation of this vulnerability may allow an attacker to take control of an affected system.
Users and Administrators are encouraged to review Dell Security Advisory and apply necessary updates.
Advisory No: TZCERT/SA/2024/05/24-2
Date of First Release: 24th May 2024
Source: Wordfence
Software Affected: pie-register-social-site, email-log and ht-mega-for-elementor,
Overview:
WordPress is vulnerable to three critical vulnerabilities. The attackers can leverage the vulnerabilities to take control of the affected system.
Description:
Three WordPress plugins namely pie-register-social-site, email-log and ht-mega-for-elementor as affected by the vulnerabilities tracked as CVE-2024-4544, CVE-2024-0867, and CVE-2024-1974 respectively. Reasons for the flaws include insufficient verification on the user being supplied during a social login through the plugin, and the absence of a capability check among others. The attackers can exploit the vulnerabilities to gain access to the vulnerable system and access to sensitive information.
Impact:
Successful exploitation of these vulnerabilities may allow an attacker to gain access to the vulnerable system
Solution:
WordPress has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.
References:
Advisory No: TZCERT/SA/2024/05/24-1
Date of First Release: 24th May 2024
Source: IBM
Software Affected: IBM Cloud Object System, IBM QRadar SIEM, IBM Security Guardium, IBM Storage Copy, IBM Storage Protect, IBM Storage Scale System, IBM Cloud Pak for Data Scheduling, IBM Spectrum Protect Plus, IBM AIX IBM i, IBM QRadar, IBM VIOS
Overview:
Multiple IBM products are vulnerable to critical vulnerabilities. The attackers can leverage the vulnerability to execute arbitrary code on the affected system.
Description:
Rated at 9.8 and tracked as CVE-2023-45871, CVE-2023-39320, CVE-2023-51385, the vulnerabilities affect Linux kernel, golang, and OpenSSH respectively. The flaws exist as a result of improper bounds checking by the IGB driver in drivers/net/ethernet/intel/igb/igb_main.c in Linux kernel, go.mod toolchain directive in golang and improper validation of shell metacharacters in OpenSSH. The attackers can send specially crafted messages to execute arbitrary code on the vulnerable system.
Impact:
Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected system.
Solution:
IBM has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.
References:
Foxit has released security updates to address vulnerabilities in Foxit PDF Reader and Foxit PDF Editor. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.
Users and administrators are encouraged to review Foxit Security Advisories dated 24th May 2024 and apply necessary updates.
SUSE has released security updates to address vulnerabilities in ucode-intel, Mozilla Firefox, postgresql14 and python-sqlparse. Exploitation of these vulnerabilities may allow an attacker to gain escalated privilege.
Users and administrators are encouraged to review SUSE Security Advisories suse-su-20241771-1, suse-su-20241770-1, suse-su-20241768-1 and suse-su-20241767-1 and apply necessary updates.
Tanzania Computer Emergency Response Team