Advisory No: TZCERT/SA/2023/04/28 Date of First Release: 28th April 2023 Source: VMware Software Affected: VMware Workstation17.x and VMware Fusion 13.x Overview: VMware has released patches to address a critical vulnerability affecting VMware Workstation and VMware Fusion. The vulnerability could allow an attacker to take control of affected system. Description: VMware …
Read More »Google Chrome Zero Day Vulnerability (CVE-2023-2136)
Advisory No: TZCERT/SA/2023/04/20 Date of First Release: 20th April 2023 Source: Google Software Affected: Google Chrome prior to 112.0.5615.137 (Mac), and Google Chrome prior to 112.0.5615.137/138 (Windows) Overview: Google has released security patches to address the Zero Day vulnerability affecting Google Chrome browser for both Mac and Windows operating systems. This vulnerability could …
Read More »Critical Vulnerability in Microsoft Outlook (CVE-2023-23397)
Advisory No: TZCERT/SA/2023/03/17 Date of First Release: 17th March 2023 Source: Microsoft Software Affected: Microsoft Outlook for Windows Overview: Microsoft has released security patches to address the elevation of privilege vulnerability affecting Outlook for Windows. Microsoft Outlook is a personal information manager software from Microsoft for email clients that has several features such as …
Read More »Critical Vulnerability in VMware Carbon Black App Control (CVE-2023-20858)
Advisory No: TZCERT/SA/2023/02/24 Date of First Release: 24th February 2023 Source: VMWARE Software Affected: App Control: 8.9.x, 8.8.x, 8.7.x ( Running on Windows) Overview: VMware has released patches to address a critical security vulnerability affecting Carbon Black App Control, an enterprise solution for preventing untrusted software from executing on critical systems and endpoints. …
Read More »ClamAV Open Source antivirus software RCE vulnerability (CVE-2023-20032)
Advisory No: TZCERT/SA/2023/02/17 Date of First Release: 17th February 2023 Source: CISCO Software Affected: ClamAV: 0.103.8,0.105.2 and 1.0.1 Overview: Cisco has rolled out security updates to address a critical flaw reported in the ClamAV open source antivirus engine that could lead to remote code execution on susceptible devices. This vulnerability could allow attackers to …
Read More »Authentication Bypass and Directory Traversal vulnerabilities for Zimbra email platform (CVE-2022-27925, CVE-2022-37042)
Advisory No: TZCERT/SA/2022/08/17 Date of First Release: 17th August 2022 Source: Zimbra Software Affected: Zimbra 8.8.15 and 9.0 Overview: Zimbra is affected by two high severity vulnerabilities ( CVSS score 7.2) due to weakness in Zimbra Collaboration, both of which could be chained to allow unauthenticated remote code execution on the affected email servers. …
Read More »Log4Shell: Apache Log4j Remote Code Execution (CVE-2021-44228)
Advisory No: TZCERT/SA/2021/12/14 Date of First Release: 14th December 2021 Source: Apache Software Affected: All versions of Log4j from 2.0-beta9 to 2.14.1 Overview Apache Log4j between versions log4j 2.0 to 2.14.1 are vulnerable to unauthenticated arbitrary code execution. A remote attacker can exploit the vulnerability to run malicious code on the affected machine. Description Log4j …
Read More »Printing Shells: Remote Code Execution vulnerability in HP multi-function printers (MFPs)
Advisory No: TZCERT/SA/2021/12/01 Date of First Release: 01st December 2021 Source: HP Software Affected: HP Color LaseJet Enterprise, HP OfficeJet Enterprise and HP ScanJet Enterprise 8500 FN1 firmware. Overview Two vulnerabilities, namely CVE-2021-39238 and CVE-2021-39237, exists in HP multi-function printers (MFPs) products. The exploitation of these vulnerabilities could allow an attacker to take control of …
Read More »Apache HTTP Server Path Traversal Zero-Day Vulnerability CVE-2021-41773
Advisory No: TZCERT/SA/2021/10/06 Date of First Release: 06th October 2021 Source: Apache Software Affected: Apache HTTP Server 2.4.49 Overview The vulnerability exists in the Apache web servers running version 2.4.49. The exploitation of this vulnerability could allow an attacker to use a path traversal attack to map URLs to files outside the expected document root. …
Read More »Azure Cosmos DB Jupyter Notebook Feature vulnerability
Advisory No: TZCERT/SA/2021/08/31 Date of First Release: 31st August 2021 Source: Microsoft Software Affected: Azure Cosmos DB Overview: The vulnerability exists in the Azure Cosmos DB Jupyter Notebook feature. The exploitation of this vulnerability could allow a user to gain access to another customer’s resources by using the account’s primary read-write key. Description: The vulnerability …
Read More »