A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories

security-advisories

Microsoft Windows Print Spooler RCE vulnerability

Advisory No: TZCERT/SA/2021/07/01 Date of First Release: 01st July 2021 Source: Microsoft Software Affected:  Microsoft Windows Print Spooler Service Overview: Vulnerability exists in Microsoft Windows Print Spooler service due to failure in restricting access to the RpcAddPrinterDriverEx() function,  which could allow a remote attacker to execute arbitrary code with SYSTEM privileges on a …

Read More »

CYBER ATTACKS ON CRITICAL INFORMATION INFRASTRUCURE (CII)

Tanzania Computer Emergency Response Team (TZ-CERT), established under Tanzania Communications Regulatory Authority (TCRA), is aware of a cyber-attack targeting organizations with Critical Information Infrastructure (CII). The threat actors are reported to use a new variant of ransomware referred to as “DarkSide” to lock down computer systems and ask the victims …

Read More »

VULNERABILITIES IN MICROSOFT EXCHANGE SERVER

Tanzania Computer Emergency Response Team (TZ-CERT), established under Tanzania Communications Regulatory Authority (TCRA), is aware of the multiple vulnerabilities being capitalized by threat actors to attack Microsoft Exchange Servers. A successful exploitation of the vulnerabilities may allow an unauthenticated attacker to execute arbitrary code on vulnerable Exchange Servers, thereby gaining …

Read More »

VMware Remote Code Execution and Authentication Vulnerability (CVE-2021-21985, CVE-2021-21986)

Advisory No: TZCERT/SA/2021/05/27 Date of First Release: 27th May 2021 Source: VMware  Software Affected:  VMware vCenter Server (vCenter Server)VMware Cloud Foundation (Cloud Foundation) Overview: Multiple vulnerabilities exist in vSphere Client (HTML5) that could cause remote code execution (CVE-2021-21985) and perform actions allowed by Virtual SAN Health Check plug-in without authentication (CVE-2021-21986). Description: The vSphere Client …

Read More »

Google Chrome Zero-Day remote code execution vulnerability (CVE-2021-21220)

Advisory No: TZCERT/SA/2021/04/15 Date of First Release: 15th April 2021 Source: Google  Software Affected: Google Chrome (Desktop version) prior to 89.0.4389.128 Overview: The vulnerability is caused by insufficient validation of untrusted input in google chrome’s V8 javascript rendering engine. Description: A remote attacker could entice a user to open a web page with specially crafted …

Read More »

Microsoft Exchange Server Zero-Day remote code execution vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)

Advisory No: TZCERT/SA/2021/03/04 Date of First Release: 04th March 2021 Source: Microsoft Software Affected:  Microsoft Exchange Server 2013Microsoft Exchange Server 2016Microsoft Exchange Server 2019 Overview: The four Microsoft Exchange vulnerabilities are part of an attack chain that may cause an unauthenticated attacker to execute arbitrary code remotely. These vulnerabilities are Server-Side Request Forgery (SSRF) …

Read More »

VMware Remote Code Execution Vulnerability – CVE-2021-21972, CVE-2021-21973 and CVE-2021-21974

Advisory No: TZCERT/SA/2021/02/25 Date of First Release: 25th February 2021 Source: VMware Software Affected:  VMware vCenter Server version 6.5, 6.7 and 7.0VMware ESXi version 6.5, 6.7 and 7.0VMware Cloud Foundation (vCenter Server) version 3.x and 4.xVMware Cloud Foundation (ESXi) version 3.x and 4.x Overview: The vSphere Client (HTML5) contains a remote code execution vulnerability …

Read More »

SonicWall Zero-day Security Restriction Bypass Vulnerability – CVE-2021-20016

Advisory No: TZCERT/SA/2021/02/04 Date of First Release: 04th February 2021 Source: Sonic Wall Software Affected:  SMA 100 10.x devices (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v) Overview: This vulnerability is caused by improper SQL command neutralization in SonicWall SSLVPN SMA100 products that could allow unauthenticated, remote attacker exploit for credential …

Read More »

Linux Sudo Package Elevation of Privilege Vulnerability- CVE-2021-3156

Linux Sudo Package Elevation of Privilege Vulnerability- CVE-2021-3156 Advisory No: TZCERT/SA/2021/02/03 Date of First Release: 03rd February 2021 Source: Sudo Software Affected:  Sudo versions 1.8.2 through 1.8.31p2 & 1.9.0 through 1.9.5p1 Overview: A heap overflow vulnerability exists in sudo, a utility available in Unix operating systems. Successful exploitation of this vulnerability may allow an …

Read More »

VMware Critical Zero Day Command Injection Vulnerability CVE-2020-4006

Advisory No: TZCERT/SA/2020/11/26 Date of First Release: 26th November 2020 Source: VMware Software Affected:  VMware Workspace One Access    20.10 (Linux)VMware Workspace One Access    20.01 (Linux)VMware Identity Manager    3.3.3 (Linux)VMware Identity Manager    3.3.2 (Linux)VMware Identity Manager    3.3.1 (Linux)VMware Identity Manager Connector 3.3.2, 3.3.1 (Linux)VMware Identity Manager Connector 3.3.3, 3.3.2, 3.3.1 (Windows) Overview: The vulnerability …

Read More »