Hp has released security updates to address a vulnerability in HP Printer Firmware. Exploitation of this vulnerability may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review HP Security Bulletin and apply necessary updates.

Slackware has released security updates to address a vulnerability in emacs package. Exploitation of this vulnerability may allow an attacker to execute command to an affected system.

Users and Administrators are encouraged to review Slackware Security Advisory and apply necessary updates.

Advisory No: TZCERT/SA/2024/03/21-02

Date of First Release: 21^st March 2024

Source: Atlassian

Software Affected: Bamboo Data Center and Bamboo Server

Overview:

Atlassian has released security patches to address a critical vulnerability affecting Bamboo Data Center and Bamboo Server. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability.

Description:

Bamboo Data Center and Server are affected with a critical vulnerability tracked as CVE-2024-1597. This vulnerability is the result of a flaw in pgjdbc, the PostgreSQL JDBC Driver which could allow attacker to inject SQL if using PreferQueryMode=SIMPLE. By constructing a matching string payload, the attacker can inject SQL to alter the query, bypassing the protections that parameterized queries bring against SQL Injection attacks.

Impact:

Successful exploitation of this vulnerability may allow the attacker to take control of the affected system.

Solution:

Atlassian has released patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

1. https://jira.atlassian.com/browse/BAM-25716

Advisory No: TZCERT/SA/2024/03/21-01

Date of First Release: 21^st March 2024

Source: QNAP

Software Affected: QTS, QuTS hero, QuTScloud, myQNAPcloud

Overview:

QNAP has released security patches to address the critical vulnerabilities affecting QTS, QuTS hero, QuTScloud, and myQNAPcloud . These vulnerabilities could allow an attacker to inject malicious code and execute code via a network.

Description:

QTS, QuTS hero, QuTScloud, and myQNAPcloud are affected with the following vulnerabilities. CVE-2024-21899; an improper authentication mechanism that could allow attackers to compromise a system remotely. CVE-2024-21900 could allow unauthorized users to execute arbitrary commands on the system via a network. CVE-2024-21901 could allow attackers to inject malicious SQL code through the network.

Impact:

Successful exploitation of these vulnerabilities may allow the attacker to take control of the affected system.

Solution:

QNAP has released patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References:

1. https://www.qnap.com/en/security-advisory/qsa-24-09
2. https://www.cybersecurity-help.cz/vdb/SB2024031110

Wordfence has released security updates to address vulnerabilities in Appointment Booking Calendar, File Manager, Avada, WooCommerce Cloak, Management App for WooCommerce and UX Flat. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Wordfence Security Advisories simply-schedule-appointments, file-manager, Avada, woocommerce-cloak, wemanage-app-worker and ux-flat and apply necessary updates.