Advisory No: TZCERT/SA/2024/07/26-6 Date of First Release: 26th July 2024 Source: Spring Software Affected: Spring Cloud Data Flow Overview: Spring is vulnerable to a remote code vulnerability. The attackers can leverage the vulnerability to compromise the server. Description: Spring Cloud Data Flow, a microservices-based streaming in Cloud Foundry and Kubernetes …

Advisory No: TZCERT/SA/2024/07/26-5 Date of First Release: 26th July 2024 Source: Dell Software Affected: Dell EMC, Dell Protection Advisor, Dell VxRail, Dell RecoverPoint Overview: Dell products are vulnerable to multiple critical vulnerabilities. Exploitation of these vulnerabilities may allow attackers to execute arbitrary code on affected devices. Description: Multiple third-party components …

Advisory No: TZCERT/SA/2024/07/26-4 Date of First Release: 26th July 2024 Source: D-Link Software Affected: DIR-823X – Firmware v240126 Overview: The firmware version in the D-Link device is vulnerable to a remote command execution vulnerability. The attackers can leverage the vulnerability to take control of the affected device. Description: DIR-823X Hardware …

Advisory No: TZCERT/SA/2024/07/26-3 Date of First Release: 26th July 2024 Source: Wordfence Software Affected: woo-social-login Overview: WordPress is vulnerable to a critical vulnerability. Exploitation of this vulnerability makes it possible for unauthenticated privilege escalation. Description: WordPress plugin woo-social-login is affected by the vulnerability tracked as CVE-2024-6636 with CVSS score of …

Advisory No: TZCERT/SA/2024/07/26-2 Date of First Release: 26th July 2024 Source: IBM Software Affected:  Apache Velocity, protobuf.js, Containerd Overview: Multiple IBM products depending on Apache Velocity, protobuf.js, Containerd are vulnerable to critical vulnerabilities. Attackers can exploit the vulnerabilities to execute arbitrary code on the affected system. Description: Multiple IBM products …

Advisory No: TZCERT/SA/2024/07/26-1 Date of First Release: 26th July 2024 Source: Hewlett-Packard (HP) Software Affected:  HPE ProLiant DL/ML/SY/XL, Alletra Servers, HPE Synergy, HPE Edgeline, HPE Compute Edge Server Overview: HPE ProLiant DL/ML/SY/XL, Alletra Servers, HPE Synergy, HPE Edgeline, and HPE Compute Edge Server are vulnerable to critical severity vulnerability. The …

Ubuntu has released security updates to address vulnerabilities in python-zipp, poppler, OCS Inventory, phpCAS and provd. Exploitation of these vulnerabilities may allow an attacker to cause denial of service condition. Users and administrators are encouraged to review Ubuntu Security Advisories USN-6906-1, USN-6915-1, USN-6914-1, USN-6913-1, and USN-6912-1 and apply necessary updates.

Broadcom has released security updates to address vulnerabilities in VMware ESXi, vCenter Server, and VMware Tanzu. Exploitation of these vulnerabilities may allow an attacker to cause a denial of service condition. Users and administrators are encouraged to review Broadcom Security Advisories SecurityAdvisories-24505 and security-advisory-tanzu and apply necessary updates.

Oracle has released security updates to address vulnerabilities in multiple Oracle Products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are encouraged to review Oracle Security Advisories cpujul2024, ELSA-2024-4761 and ELSA-2024-4749 and apply necessary updates.

Google has released security updates to address vulnerabilities in Chrome for iOS and Chrome for Android. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are encouraged to review Chrome Security Advisories chrome-for-ios and chrome-for-android and apply necessary updates.