Advisory No: TZCERT/SA/2024/07/26-6 Date of First Release: 26th July 2024 Source: Spring Software Affected: Spring Cloud Data Flow Overview: Spring is vulnerable to a remote code vulnerability. The attackers can leverage the vulnerability to compromise the server. Description: Spring Cloud Data Flow, a microservices-based streaming in Cloud Foundry and Kubernetes …
Read More »Multiple critical vulnerabilities affecting Dell EMC Avamar, Dell Protection Advisor, Dell VxRail, and Dell RecoverPoint
Advisory No: TZCERT/SA/2024/07/26-5 Date of First Release: 26th July 2024 Source: Dell Software Affected: Dell EMC, Dell Protection Advisor, Dell VxRail, Dell RecoverPoint Overview: Dell products are vulnerable to multiple critical vulnerabilities. Exploitation of these vulnerabilities may allow attackers to execute arbitrary code on affected devices. Description: Multiple third-party components …
Read More »Authenticated Remote Command Execution in D-Link DIR-823X
Advisory No: TZCERT/SA/2024/07/26-4 Date of First Release: 26th July 2024 Source: D-Link Software Affected: DIR-823X – Firmware v240126 Overview: The firmware version in the D-Link device is vulnerable to a remote command execution vulnerability. The attackers can leverage the vulnerability to take control of the affected device. Description: DIR-823X Hardware …
Read More »A critical vulnerability in WordPress (CVE-2024-6636)
Advisory No: TZCERT/SA/2024/07/26-3 Date of First Release: 26th July 2024 Source: Wordfence Software Affected: woo-social-login Overview: WordPress is vulnerable to a critical vulnerability. Exploitation of this vulnerability makes it possible for unauthenticated privilege escalation. Description: WordPress plugin woo-social-login is affected by the vulnerability tracked as CVE-2024-6636 with CVSS score of …
Read More »Critical Vulnerabilities in multiple IBM vulnerabilities (CVE-2020-13936, CVE-2023-36665, CVE-2020-15257)
Advisory No: TZCERT/SA/2024/07/26-2 Date of First Release: 26th July 2024 Source: IBM Software Affected: Apache Velocity, protobuf.js, Containerd Overview: Multiple IBM products depending on Apache Velocity, protobuf.js, Containerd are vulnerable to critical vulnerabilities. Attackers can exploit the vulnerabilities to execute arbitrary code on the affected system. Description: Multiple IBM products …
Read More »Out-of-Bounds Write Vulnerability in HPE ProLiant DL/ML/SY/XL and Alletra Servers, (CVE-2021-38578)
Advisory No: TZCERT/SA/2024/07/26-1 Date of First Release: 26th July 2024 Source: Hewlett-Packard (HP) Software Affected: HPE ProLiant DL/ML/SY/XL, Alletra Servers, HPE Synergy, HPE Edgeline, HPE Compute Edge Server Overview: HPE ProLiant DL/ML/SY/XL, Alletra Servers, HPE Synergy, HPE Edgeline, and HPE Compute Edge Server are vulnerable to critical severity vulnerability. The …
Read More »Remote Code Execution Vulnerabilities in SolarWinds Access Rights Manager (ARM) (CVE-2024-23469, CVE-2024-23467, CVE-2024-23471)
Advisory No: TZCERT/SA/2024/07/19-3 Date of First Release: 19th July 2024 Source: SolarWinds Software Affected: SolarWinds Access Rights Manager (ARM) Overview: Critical vulnerabilities affect SolarWinds ARM. An attacker can leverage the vulnerabilities to execute remote arbitrary code on the affected device. Description: SolarWinds Access Rights Manager (ARM) is vulnerable to three …
Read More »Critical vulnerabilities in Cisco Secure Email Gateway and Cisco Smart Software Manager On-Prem (CVE-2024-20401, CVE-2024-20419)
Advisory No: TZCERT/SA/2024/07/19-2 Date of First Release: 19th July 2024 Source: Cisco Software Affected: Cisco Secure Email Gateway, Cisco Smart Software Manager On-Prem Overview: Two Cisco products are affected by critical vulnerabilities. The vulnerabilities could allow an attacker to execute arbitrary code, or cause a permanent denial of service (DoS) …
Read More »Two critical vulnerabilities affecting WordPress (CVE-2024-6220, CVE-2024-6457)
Advisory No: TZCERT/SA/2024/07/19-1 Date of First Release: 19th July 2024 Source: Wordfence Software Affected: Keydatas, woocommerce-products-filter Overview: WordPress is vulnerable to two (2) critical vulnerabilities. Exploitation of these vulnerabilities makes remote code execution possible. Description: Two (2) WordPress plugins namely Keydatas, woocommerce-products-filter are affected by the vulnerabilities tracked as CVE-2024-6220 …
Read More »Windows crashes due to CrowdStrike Falcon Sensor Update
Advisory No: TZCERT/SA/2024/07/19 Date of First Release: 19th July 2024 Source: CrowdStrike Software Affected: Windows systems Overview: CrowdStrike experienced a significant issue due to a faulty update of its Falcon sensor software, which caused numerous Windows systems worldwide to crash and display the Blue Screen of Death (BSOD). Description: A …
Read More »