Overview
WordPress Stacks Mobile App Builder Plugin, versions 5.2.3 or below, is vulnerable to Broken Authentication. The Patchstack website states, ‘[t]his vulnerability is highly dangerous and expected to become mass exploited’.
Ricoh has identified a buffer overflow vulnerability (CVE-2024-47939) when using the Web Image Monitor that could potentially allow a denial of service (DoS) or remote code execution attack. This could affect a variety of different types of products or devices, as listed on the Ricoh website (below).
IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static credentials (CVE-2024- 45656) which may allow network users to gain service privileges to the FSP.
Synology has released fixes for an unauthenticated, ‘zero-click’, remote code execution vulnerability (CVE-2024-10443) affecting DiskStation and BeeStation network attached storage (NAS) devices. This vulnerability could allow unauthenticated attackers to obtain root-level code execution.
Recommended Action
Organisations are encouraged to review the appropriate security advisory pages and apply the updates:
Wordpress (Patchstack) – Vulnerability Database
Ricoh – Vulnerabilities
IBM – Support Pages
Synology – Midnight Blue (Risk: Station)
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.