Vulnerability Summary for the Week of May 20, 2024

Multiple vulnerabilities have been identified in various software products, including ASUS routers, Adobe Acrobat Reader, and several others. The vulnerabilities range from code execution and SQL injection to cross-site scripting and privilege escalation. In the case of ASUS routers, a code execution vulnerability allows an authenticated and remote attacker to execute arbitrary operating system commands by uploading a crafted OVPN profile. Adobe Acrobat Reader is affected by out-of-bounds write and read vulnerabilities that could result in arbitrary code execution. Several other products are also affected, including gitoxide, Cisco Firepower Management Center, Dolibarr ERP - CRM, Flexense VX Search Enterprise, Fluent Bit, Genetech Solutions Pie Register, GitLab, IBM i, Justice AV Solutions Viewer, LCDS LAquis SCADA, ManageEngine ADAudit Plus, MemberPress, Microsoft Edge, OpenCTI-Platform, OpenText ArcSight Enterprise Security Manager, OpenText Dimensions RM, Oxygen Builder, and PHPGurukul Directory Management System. The vulnerabilities have been assigned various CVSS scores, ranging from 7.1 to 9.8, indicating a range of severity levels. The vulnerabilities were published between May 20 and May 25, 2024, and the affected vendors have been notified. Users are advised to apply patches and updates to mitigate the vulnerabilities.