Advisory No: TZCERT/SA/2024/02/02 Date of First Release: 2nd February 2024 Source: Cisco Software Affected: Unified CM, Unified CM SME, Unified CM IM&P and Unity Connection Overview: Unified CM and Unity Connection are affected by vulnerabilities tracked as CVE-2024-20253 which could allow an unauthenticated, remote attacker to execute arbitrary code on …

Mageia has released security updates to address vulnerabilities in zlib and python-pillow. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are encouraged to review Mageia Security Advisories MGASA-2024-0019 and MGASA-2024-0018 and apply necessary updates.

Drupal has released security update to address a vulnerability in entity delete log. Exploitation of this vulnerability may allow an attacker to gain access to sensitive information. Users and administrators are encouraged to review Drupal Security Advisory and apply necessary updates.

IBM has released security updates to address vulnerabilities in IBM Instana Observability. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are encouraged to review IBM Security Advisories and apply necessary updates.

Ubuntu has released security updates to address vulnerabilities in multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected systems. Users and administrators are encouraged to review Ubuntu Security Advisories USN-6619-1, USN-6591-2, USN-6609-2, USN-6618-1, USN-6587-3, USN-6617-1, USN-6615-1, USN-6616-1, USN-6614-1 and USN-6605-2 and apply necessary updates.

NodeJS has released security updates to address vulnerabilities in Node.js. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are encouraged to review NodeJS Security Advisory and apply necessary updates.

Wordfence has released security updates to address vulnerabilities in multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are encouraged to review Wordfence Security Advisories Admin_PHP, website-builder, contact-form-entries, instant-images, wp-gdpr-compliance, advanced-iframe and nex-forms and apply necessary updates.

Google has released security updates to address vulnerabilities in Chrome for Desktop, iOS android and ChromeOS. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are encouraged to review Chrome Security Advisories chrome-for-desktop, chrome-for-ios, chrome-for-android and update-for-chromeos and apply necessary updates.

Cisco has released security updates to address vulnerabilities in Cisco Unified CM and Cisco Unity Connection. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are encouraged to review Cisco Security Advisories cisco-sa-cucm-rce and cisco-sa-cuc-unauth and apply necessary updates.

Slackware has released security updates to address a vulnerability in sendmail package. Exploitation of this vulnerability may allow an attacker to bypass protection mechanism. Users and administrators are encouraged to review Slackware Security Advisory and apply necessary updates.