A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site

Alerts

A critical vulnerability in Drupal’s RESTful Web Services

17th May 2024

Advisory No: TZCERT/SA/2024/05/17-4

Date of First Release: 17th May 2024

Source: Drupal

Software Affected: RESTful Web Services

Overview:

Drupal plugin is vulnerable to a critical vulnerability. The attackers can leverage the vulnerability to bypass access controls.

Description:

RESTful Web Services in Drupal CMS is affected by a critical vulnerability as a result of insufficient access restriction for user resources. The attackers can exploit the vulnerability to gain escalated privilege.

Impact:

Successful exploitation of this vulnerability may allow an attacker to gain escalated privilege.

Solution:

Drupal has released a security patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://www.drupal.org/sa-contrib-2024-019

Aruba Access Points Multiple Critical Vulnerabilities (CVE-2024-31466, CVE-2024-31467, CVE-2024-31468, CVE-2024-31469, CVE-2024-31470, CVE-2024-31471, CVE-2024-31472, CVE-2024-31473)

17th May 2024

Advisory No: TZCERT/SA/2024/05/17-3

Date of First Release: 17th May 2024

Source: Hewlett-Packard

Software Affected: Aruba Access Points running InstantOS and ArubaOS 10

Overview:

Aruba Access Points are vulnerable to multiple critical vulnerabilities. The attackers can leverage the vulnerabilities to execute arbitrary code on the affected Access Point.

Description:

Aruba Access Points are affected by multiple vulnerabilities among them are six (6) critical vulnerabilities with a rating score of 9.8. These flaws include buffer overflow and command injection vulnerabilities. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Impact:

Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected system.

Solution:

Hewlett-Packard has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt

Multiple Critical Vulnerabilities in Magento

17th May 2024

Advisory No: TZCERT/SA/2024/05/17-2

Date of First Release: 17th May 2024

Source: GitHub

Software Affected: Magento Commerce, Magento Open Source

Overview:

Magento applications are vulnerable to multiple critical vulnerabilities. The attacker can leverage the vulnerabilities to execute remote code commands.

Description:

Magento Commerce and Magento Open Source are affected by critical vulnerabilities. Among the systems affected by these vulnerabilities are those using sendmail as the mail transport agent and those with specific, non-default configuration settings. The remote attackers can exploit the vulnerabilities to execute remote code in the Magento admin panel.

Impact:

Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected system.

Solution:

Magento has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://github.com/advisories/GHSA-prpf-cj87-hwvr
  2. https://github.com/advisories/GHSA-5gmh-85×8-5cx7
  3. https://github.com/advisories/GHSA-cv25-3pxr-4q7x
  4. https://github.com/advisories/GHSA-26hq-7286-mg8f

Multiple Critical Vulnerabilities Affecting Adobe Products

17th May 2024

Advisory No: TZCERT/SA/2024/05/17-1

Date of First Release: 17th May 2024

Source: Adobe

Software Affected: Adobe Acrobat and Reader, Adobe Illustrator, Adobe Substance 3D Painter, Adobe Aero, Adobe Animate, Adobe FrameMaker, and Adobe Dreamweaver

Overview:

Multiple Adobe products are vulnerable to critical vulnerabilities. The attackers can leverage the vulnerabilities to execute arbitrary code on affected system.

Description:

Adobe Acrobat and Reader, Adobe Illustrator, Adobe Substance 3D Painter, Adobe Aero, Adobe Animate, Adobe FrameMaker, and Adobe Dreamweaver are affected by numerous vulnerabilities. These include Use After Free, Out-of-bounds Write, Improper Input Validation, Improper Access Control, Stack-based Buffer Overflow, Heap-based Buffer Overflow, NULL Pointer Dereference, and OS Command Injection. Successful exploitation of these vulnerabilities may allow attackers to execute arbitrary code on the vulnerable systems.

Impact:

Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected system.

Solution:

Adobe has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
  2. https://helpx.adobe.com/security/products/illustrator/apsb24-30.html
  3. https://helpx.adobe.com/security/products/substance3d_painter/apsb24-31.html
  4. https://helpx.adobe.com/security/products/aero/apsb24-33.html
  5. https://helpx.adobe.com/security/products/animate/apsb24-36.html
  6. https://helpx.adobe.com/security/products/framemaker/apsb24-37.html
  7. https://helpx.adobe.com/security/products/dreamweaver/apsb24-39.html

TZCERT-SU-24-0521 (Intel Security Update)

17th May 2024

Intel has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to gain escalated privilege.

Users and administrators are encouraged to review Intel Security Advisories dated 14th May 2024 and apply necessary updates.

DISCLAIMER |FAQ |CONTACT US
Tanzania Computer Emergency Response Team © Copyright 2024, All Rights Reserved.