security-advisories

Advisory No: TZCERT/SA/2024/07/26-6 Date of First Release: 26th July 2024 Source: Spring Software Affected: Spring Cloud Data Flow Overview: Spring is vulnerable to a remote code vulnerability. The attackers can leverage the vulnerability to compromise the server. Description: Spring Cloud Data Flow, a microservices-based streaming in Cloud Foundry and Kubernetes …

Advisory No: TZCERT/SA/2024/07/26-5 Date of First Release: 26th July 2024 Source: Dell Software Affected: Dell EMC, Dell Protection Advisor, Dell VxRail, Dell RecoverPoint Overview: Dell products are vulnerable to multiple critical vulnerabilities. Exploitation of these vulnerabilities may allow attackers to execute arbitrary code on affected devices. Description: Multiple third-party components …

Advisory No: TZCERT/SA/2024/07/26-4 Date of First Release: 26th July 2024 Source: D-Link Software Affected: DIR-823X – Firmware v240126 Overview: The firmware version in the D-Link device is vulnerable to a remote command execution vulnerability. The attackers can leverage the vulnerability to take control of the affected device. Description: DIR-823X Hardware …

Advisory No: TZCERT/SA/2024/07/26-3 Date of First Release: 26th July 2024 Source: Wordfence Software Affected: woo-social-login Overview: WordPress is vulnerable to a critical vulnerability. Exploitation of this vulnerability makes it possible for unauthenticated privilege escalation. Description: WordPress plugin woo-social-login is affected by the vulnerability tracked as CVE-2024-6636 with CVSS score of …

Advisory No: TZCERT/SA/2024/07/26-2 Date of First Release: 26th July 2024 Source: IBM Software Affected:  Apache Velocity, protobuf.js, Containerd Overview: Multiple IBM products depending on Apache Velocity, protobuf.js, Containerd are vulnerable to critical vulnerabilities. Attackers can exploit the vulnerabilities to execute arbitrary code on the affected system. Description: Multiple IBM products …

Advisory No: TZCERT/SA/2024/07/26-1 Date of First Release: 26th July 2024 Source: Hewlett-Packard (HP) Software Affected:  HPE ProLiant DL/ML/SY/XL, Alletra Servers, HPE Synergy, HPE Edgeline, HPE Compute Edge Server Overview: HPE ProLiant DL/ML/SY/XL, Alletra Servers, HPE Synergy, HPE Edgeline, and HPE Compute Edge Server are vulnerable to critical severity vulnerability. The …

Advisory No: TZCERT/SA/2024/07/19-3 Date of First Release: 19th July 2024 Source: SolarWinds Software Affected: SolarWinds Access Rights Manager (ARM) Overview: Critical vulnerabilities affect SolarWinds ARM. An attacker can leverage the vulnerabilities to execute remote arbitrary code on the affected device. Description: SolarWinds Access Rights Manager (ARM) is vulnerable to three …

Advisory No: TZCERT/SA/2024/07/19-2 Date of First Release: 19th July 2024 Source: Cisco Software Affected: Cisco Secure Email Gateway, Cisco Smart Software Manager On-Prem Overview: Two Cisco products are affected by critical vulnerabilities. The vulnerabilities could allow an attacker to execute arbitrary code, or cause a permanent denial of service (DoS) …

Advisory No: TZCERT/SA/2024/07/19-1 Date of First Release: 19th July 2024 Source: Wordfence Software Affected: Keydatas, woocommerce-products-filter Overview: WordPress is vulnerable to two (2) critical vulnerabilities. Exploitation of these vulnerabilities makes remote code execution possible. Description: Two (2) WordPress plugins namely Keydatas, woocommerce-products-filter are affected by the vulnerabilities tracked as CVE-2024-6220 …

Advisory No: TZCERT/SA/2024/07/19 Date of First Release: 19th July 2024 Source: CrowdStrike Software Affected: Windows systems Overview: CrowdStrike experienced a significant issue due to a faulty update of its Falcon sensor software, which caused numerous Windows systems worldwide to crash and display the Blue Screen of Death (BSOD). Description: A …