security-advisories

Advisory No: TZCERT/SA/2018/12/05 Date of First Release: 6 December 2018 Source: Microsoft Software Affected: Team Foundation Server 2018 Update 1.1 Team Foundation Server 2018 Update 3 Team Foundation Server 2018 Update 3.1 Team Foundation Server 2017 Update 3.1 Overview: Multiple vulnerabilities have been identified in Microsoft Team Foundation Server that …

Advisory No: TZCERT/SA/2018/12/05 Date of First Release: 6th December, 2018 Source: PHP, CISCO Software Affected: PHP versions 5.x through 7.1.24 Overview: Potential vulnerability has been discovered in Hypertext Pre-processor (PHP) which can allow a remote attacker to cause denial of service condition on the affected system. Description: It has been …

Advisory No: TZCERT/SA/2018/08/13 Date of First Release: 14th August 2018 Source: Multi-State Information Sharing and Analysis Center (MS-ISAC) and Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC). Product Affected: The vulnerable Linux Kernel version is 4.9+. However, several Linux distributions have backported some of the networking code from version 4.9 …

Advisory No: TZCERT/SA/2018/07/03 Date of First Release: 3rd July 2018 . Source: Linux Kernel Organization, Cisco, Bugzilla et.c Product Affected: Linux kernel prior to 4.16.6 Overview: A vulnerability has been reported in Linux kernel which could allow a local attacker to read out kernel memory leading to information disclosure of …

Advisory No: TZCERT/SA/2018/07/02 Date of First Release: 3rd July 2018 . Source: CERT Coordination Center (Cert/CC), Electronic Frontier Foundation. Product Affected: Mozilla Thunderbird, Microsoft, MailMate, Kmail, GnuPG, Apple, Airmail, eM Client, Evolution, Google, IBM Corporation, 9Folders Inc, Flipdog Solutions, Postbox Inc etc. Overview: Mail clients configured to use OpenPGP (Pretty …

Advisory No:  TZCERT/SA/2018/07/01 Date of First Release: 3rd July 2018 . Source: Cisco Talos Product Affected: Linksys, MikroTik, NETGEAR,  ASUS, D-Link, Huawei, Ubiquiti, UPVEL, ZTE and TP-Link networking equipment as well as QNAP network-attached storage (NAS) devices. Overview: VPNFilter is malware infecting routers produced by several vendors and other networked-attached …

Date of First Release: 2018-01-03. Source: Google, National Cybersecurity and Communications Integration Center (NCCIC). Product affected:  Modern microprocessors (CPUs) which use speculative execution techniques to optimize performance including AMD, Apple, Arm, Google, Intel, Linux Kernel, Microsoft, Mozilla and other more. Overview:  CPU hardware implementations are vulnerable to side-channel attacks. These vulnerabilities are …

Date of First Release: 10-01-2018 Source: VMware Product affected: vSphere Data Protection (VDP) running on the virtual machines Version 6.1.x, 6.0.x and 5.x  Overview: VSphere Data Protection (VDP) contains multiple authentication bypass, arbitrary file upload and path traversal vulnerabilities. Description: VMware has release security advisory to address three critical vulnerabilities …

TZCERT-2014-12: VULNERABILITY ALERT  SSL 3.0 Protocol Vulnerability and POODLE Attack Date of First Release: 11-12-2014 Source: US-CERT, Symantec, IETF System Affected: All systems and applications utilizing the Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers may be vulnerable. However, the POODLE (Padding Oracle On Downgraded Legacy Encryption) …

TZCERT-2014-03: Vulnerability Alert OpenSSL Vulnerability by Man in The Middle (MITM) attack Date of First Release: 09-06-2014 Source: US-CERT, OpenSSL OS Affected: Fedora Project, FreeBSD Project, Debian GNU/Linux, OpenSSL, Red Hat, Inc., Ubuntu. Overview: A carefully crafted handshake can be used by an attackers to force the use of weak …