A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories

security-advisories

VMware Critical Zero Day Command Injection Vulnerability CVE-2020-4006

Advisory No: TZCERT/SA/2020/11/26 Date of First Release: 26th November 2020 Source: VMware Software Affected:  VMware Workspace One Access    20.10 (Linux)VMware Workspace One Access    20.01 (Linux)VMware Identity Manager    3.3.3 (Linux)VMware Identity Manager    3.3.2 (Linux)VMware Identity Manager    3.3.1 (Linux)VMware Identity Manager Connector 3.3.2, 3.3.1 (Linux)VMware Identity Manager Connector 3.3.3, 3.3.2, 3.3.1 (Windows) Overview: The vulnerability …

Read More »

Cisco Security Manager Path Traversal Vulnerability

Advisory No: TZCERT/SA/2020/11/18 Date of First Release: 18th November 2020 Source: CISCO Software Affected: Cisco Security Manager releases 4.21 and earlier. Overview: The vulnerability exists in the Cisco Security Manager device and can allow an unauthenticated, remote attacker to gain access to sensitive information. Description: The vulnerability is caused by improper validation of directory …

Read More »

Microsoft Windows Kernel Zero-Day Vulnerability (CVE-2020-17087)

Advisory No: TZCERT/SA/2020/11/11 Date of First Release: 11th November 2020 Source: MICROSOFT Software Affected: Windows Operating System Overview: Google has disclosed zero-day vulnerability in Microsoft Windows Kernel that is being exploited alongside with Google Chrome flaw (CVE-2020-15999). Description: This vulnerability is caused by the buffer overflow in the Windows Kernel Cryptography Driver (cng.sys) whereby …

Read More »

Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability (CVE-2020-3556)

Advisory No: TZCERT/SA/2020/11/11 Date of First Release: 11th November 2020 Source: CISCO Software Affected: AnyConnect Secure Mobility Client for Linux, Windows and macOS Overview: This vulnerability exists in the interprocess communication (IPC) channel of the Cisco AnyConnect Secure Mobility Client Software that could allow an authenticated user to execute code through AnyConnect user. Description: …

Read More »

Privilege Escalation vulnerability in Microsoft Windows Netlogon Remote Protocol

Advisory No: TZCERT/SA/2020/09/23 Date of First Release: 23rd September 2020 Source: Microsoft Software Affected:  Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server, version 1903 (Server Core …

Read More »

Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities

Advisory No: TZCERT/SA/2020/09/02 Date of First Release: 2nd September, 2020 Source: CISCO Software Affected: Any Cisco device with an active interface configured with multicast routing and running Cisco IOS XR software. Overview: Cisco has issued a security advisory on multiple vulnerabilities on any CISCO device running IOS XR Software. These vulnerabilities tracked as CVE-2020-3566 …

Read More »

Microsoft Access Remote Code Execution Vulnerability

Advisory No: TZCERT/SA/2020/08/27 Date of First Release: 27th August 2020 Source: MICROSOFT Software Affected: Microsoft Access Products Overview: Current Microsoft Access Products are missing security updates that can cause a remote code execution vulnerability (RCE). The vulnerability may allow an unauthenticated user to run arbitrary code in the context of current user. Description: This …

Read More »

Microsoft Team Foundation Server Remote Code Execution Vulnerability

Advisory No: TZCERT/SA/2018/12/05 Date of First Release: 6 December 2018 Source: Microsoft Software Affected: Team Foundation Server 2018 Update 1.1 Team Foundation Server 2018 Update 3 Team Foundation Server 2018 Update 3.1 Team Foundation Server 2017 Update 3.1 Overview: Multiple vulnerabilities have been identified in Microsoft Team Foundation Server that …

Read More »

PHP Denial of Service Vulnerability

Advisory No: TZCERT/SA/2018/12/05 Date of First Release: 6th December, 2018 Source: PHP, CISCO Software Affected: PHP versions 5.x through 7.1.24 Overview: Potential vulnerability has been discovered in Hypertext Pre-processor (PHP) which can allow a remote attacker to cause denial of service condition on the affected system. Description: It has been …

Read More »

Vulnerability in Linux Kernel

Advisory No: TZCERT/SA/2018/08/13 Date of First Release: 14th August 2018 Source: Multi-State Information Sharing and Analysis Center (MS-ISAC) and Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC). Product Affected: The vulnerable Linux Kernel version is 4.9+. However, several Linux distributions have backported some of the networking code from version 4.9 …

Read More »