A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories

security-advisories

Microsoft Exchange Server Zero-Day remote code execution vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)

Advisory No: TZCERT/SA/2021/03/04 Date of First Release: 04th March 2021 Source: Microsoft Software Affected:  Microsoft Exchange Server 2013Microsoft Exchange Server 2016Microsoft Exchange Server 2019 Overview: The four Microsoft Exchange vulnerabilities are part of an attack chain that may cause an unauthenticated attacker to execute arbitrary code remotely. These vulnerabilities are Server-Side Request Forgery (SSRF) …

Read More »

VMware Remote Code Execution Vulnerability – CVE-2021-21972, CVE-2021-21973 and CVE-2021-21974

Advisory No: TZCERT/SA/2021/02/25 Date of First Release: 25th February 2021 Source: VMware Software Affected:  VMware vCenter Server version 6.5, 6.7 and 7.0VMware ESXi version 6.5, 6.7 and 7.0VMware Cloud Foundation (vCenter Server) version 3.x and 4.xVMware Cloud Foundation (ESXi) version 3.x and 4.x Overview: The vSphere Client (HTML5) contains a remote code execution vulnerability …

Read More »

SonicWall Zero-day Security Restriction Bypass Vulnerability – CVE-2021-20016

Advisory No: TZCERT/SA/2021/02/04 Date of First Release: 04th February 2021 Source: Sonic Wall Software Affected:  SMA 100 10.x devices (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v) Overview: This vulnerability is caused by improper SQL command neutralization in SonicWall SSLVPN SMA100 products that could allow unauthenticated, remote attacker exploit for credential …

Read More »

Linux Sudo Package Elevation of Privilege Vulnerability- CVE-2021-3156

Linux Sudo Package Elevation of Privilege Vulnerability- CVE-2021-3156 Advisory No: TZCERT/SA/2021/02/03 Date of First Release: 03rd February 2021 Source: Sudo Software Affected:  Sudo versions 1.8.2 through 1.8.31p2 & 1.9.0 through 1.9.5p1 Overview: A heap overflow vulnerability exists in sudo, a utility available in Unix operating systems. Successful exploitation of this vulnerability may allow an …

Read More »

VMware Critical Zero Day Command Injection Vulnerability CVE-2020-4006

Advisory No: TZCERT/SA/2020/11/26 Date of First Release: 26th November 2020 Source: VMware Software Affected:  VMware Workspace One Access    20.10 (Linux)VMware Workspace One Access    20.01 (Linux)VMware Identity Manager    3.3.3 (Linux)VMware Identity Manager    3.3.2 (Linux)VMware Identity Manager    3.3.1 (Linux)VMware Identity Manager Connector 3.3.2, 3.3.1 (Linux)VMware Identity Manager Connector 3.3.3, 3.3.2, 3.3.1 (Windows) Overview: The vulnerability …

Read More »

Cisco Security Manager Path Traversal Vulnerability

Advisory No: TZCERT/SA/2020/11/18 Date of First Release: 18th November 2020 Source: CISCO Software Affected: Cisco Security Manager releases 4.21 and earlier. Overview: The vulnerability exists in the Cisco Security Manager device and can allow an unauthenticated, remote attacker to gain access to sensitive information. Description: The vulnerability is caused by improper validation of directory …

Read More »

Microsoft Windows Kernel Zero-Day Vulnerability (CVE-2020-17087)

Advisory No: TZCERT/SA/2020/11/11 Date of First Release: 11th November 2020 Source: MICROSOFT Software Affected: Windows Operating System Overview: Google has disclosed zero-day vulnerability in Microsoft Windows Kernel that is being exploited alongside with Google Chrome flaw (CVE-2020-15999). Description: This vulnerability is caused by the buffer overflow in the Windows Kernel Cryptography Driver (cng.sys) whereby …

Read More »

Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability (CVE-2020-3556)

Advisory No: TZCERT/SA/2020/11/11 Date of First Release: 11th November 2020 Source: CISCO Software Affected: AnyConnect Secure Mobility Client for Linux, Windows and macOS Overview: This vulnerability exists in the interprocess communication (IPC) channel of the Cisco AnyConnect Secure Mobility Client Software that could allow an authenticated user to execute code through AnyConnect user. Description: …

Read More »

Privilege Escalation vulnerability in Microsoft Windows Netlogon Remote Protocol

Advisory No: TZCERT/SA/2020/09/23 Date of First Release: 23rd September 2020 Source: Microsoft Software Affected:  Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server, version 1903 (Server Core …

Read More »

Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities

Advisory No: TZCERT/SA/2020/09/02 Date of First Release: 2nd September, 2020 Source: CISCO Software Affected: Any Cisco device with an active interface configured with multicast routing and running Cisco IOS XR software. Overview: Cisco has issued a security advisory on multiple vulnerabilities on any CISCO device running IOS XR Software. These vulnerabilities tracked as CVE-2020-3566 …

Read More »