Tanzania Computer Emergency Response Team

Advisory No: TZCERT/SA/2024/07/26-6 Date of First Release: 26th July 2024 Source: Spring Software Affected: Spring Cloud Data Flow Overview: Spring is vulnerable to a remote code vulnerability. The attackers can leverage the vulnerability to compromise the server. Description: Spring Cloud Data Flow, a microservices-based streaming in Cloud Foundry and Kubernetes …

Advisory No: TZCERT/SA/2024/07/26-5 Date of First Release: 26th July 2024 Source: Dell Software Affected: Dell EMC, Dell Protection Advisor, Dell VxRail, Dell RecoverPoint Overview: Dell products are vulnerable to multiple critical vulnerabilities. Exploitation of these vulnerabilities may allow attackers to execute arbitrary code on affected devices. Description: Multiple third-party components …

Advisory No: TZCERT/SA/2024/07/26-4 Date of First Release: 26th July 2024 Source: D-Link Software Affected: DIR-823X – Firmware v240126 Overview: The firmware version in the D-Link device is vulnerable to a remote command execution vulnerability. The attackers can leverage the vulnerability to take control of the affected device. Description: DIR-823X Hardware …

Advisory No: TZCERT/SA/2024/07/26-3 Date of First Release: 26th July 2024 Source: Wordfence Software Affected: woo-social-login Overview: WordPress is vulnerable to a critical vulnerability. Exploitation of this vulnerability makes it possible for unauthenticated privilege escalation. Description: WordPress plugin woo-social-login is affected by the vulnerability tracked as CVE-2024-6636 with CVSS score of …

Advisory No: TZCERT/SA/2024/07/26-2 Date of First Release: 26th July 2024 Source: IBM Software Affected:  Apache Velocity, protobuf.js, Containerd Overview: Multiple IBM products depending on Apache Velocity, protobuf.js, Containerd are vulnerable to critical vulnerabilities. Attackers can exploit the vulnerabilities to execute arbitrary code on the affected system. Description: Multiple IBM products …