A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories

security-advisories

Authentication Bypass and Directory Traversal vulnerabilities for Zimbra email platform (CVE-2022-27925, CVE-2022-37042)

Advisory No: TZCERT/SA/2022/08/17 Date of First Release: 17th August 2022 Source: Zimbra Software Affected:  Zimbra  8.8.15  and 9.0 Overview: Zimbra is affected by two high severity vulnerabilities ( CVSS score 7.2) due to weakness in Zimbra Collaboration, both of which could be chained to allow unauthenticated remote code execution on the affected email servers. …

Read More »

Log4Shell: Apache Log4j Remote Code Execution (CVE-2021-44228)

Advisory No: TZCERT/SA/2021/12/14 Date of First Release: 14th December 2021 Source: Apache Software Affected: All versions of Log4j from 2.0-beta9 to 2.14.1 Overview Apache Log4j between versions log4j 2.0 to 2.14.1 are vulnerable to unauthenticated arbitrary code execution. A remote attacker can exploit the vulnerability to run malicious code on the affected machine. Description Log4j …

Read More »

Printing Shells: Remote Code Execution vulnerability in HP multi-function printers (MFPs)

Advisory No: TZCERT/SA/2021/12/01 Date of First Release: 01st December 2021 Source: HP Software Affected: HP Color LaseJet Enterprise, HP OfficeJet Enterprise and HP ScanJet Enterprise 8500 FN1 firmware. Overview Two vulnerabilities, namely CVE-2021-39238 and CVE-2021-39237, exists in HP multi-function printers (MFPs)  products. The exploitation of these vulnerabilities could allow an attacker to take control of …

Read More »

Apache HTTP Server Path Traversal Zero-Day Vulnerability CVE-2021-41773

Advisory No: TZCERT/SA/2021/10/06 Date of First Release: 06th October 2021 Source: Apache Software Affected: Apache HTTP Server 2.4.49 Overview The vulnerability exists in the Apache web servers running version 2.4.49. The exploitation of this vulnerability could allow an attacker to use a path traversal attack to map URLs to files outside the expected document root. …

Read More »

Azure Cosmos DB Jupyter Notebook Feature vulnerability

Advisory No: TZCERT/SA/2021/08/31 Date of First Release: 31st August 2021 Source: Microsoft Software Affected:  Azure Cosmos DB  Overview: The vulnerability exists in the Azure Cosmos DB Jupyter Notebook feature. The exploitation of this vulnerability could allow a user to gain access to another customer’s resources by using the account’s primary read-write key. Description: The vulnerability …

Read More »

ProxyShell Attacks targeting Microsoft Exchange Servers – CVE-2021-31207, CVE-2021-34473, CVE-2021-34523

Advisory No: TZCERT/SA/2021/08/24 Date of First Release: 24th August 2021 Source: Microsoft Software Affected:  Microsoft Exchange Server 2019Microsoft Exchange Server 2016Microsoft Exchange Server 2013 Overview: Microsoft Exchange Server contains remote code execution vulnerabilities as a result of improper input validation. Exploitation attempts leverage the latest line of “ProxyShell” Microsoft Exchange vulnerabilities. Description: Vulnerabilities exist in a way Microsoft Exchange Servers …

Read More »

Microsoft Windows Print Spooler RCE vulnerability

Advisory No: TZCERT/SA/2021/07/01 Date of First Release: 01st July 2021 Source: Microsoft Software Affected:  Microsoft Windows Print Spooler Service Overview: Vulnerability exists in Microsoft Windows Print Spooler service due to failure in restricting access to the RpcAddPrinterDriverEx() function,  which could allow a remote attacker to execute arbitrary code with SYSTEM privileges on a …

Read More »

CYBER ATTACKS ON CRITICAL INFORMATION INFRASTRUCURE (CII)

Tanzania Computer Emergency Response Team (TZ-CERT), established under Tanzania Communications Regulatory Authority (TCRA), is aware of a cyber-attack targeting organizations with Critical Information Infrastructure (CII). The threat actors are reported to use a new variant of ransomware referred to as “DarkSide” to lock down computer systems and ask the victims …

Read More »

VULNERABILITIES IN MICROSOFT EXCHANGE SERVER

Tanzania Computer Emergency Response Team (TZ-CERT), established under Tanzania Communications Regulatory Authority (TCRA), is aware of the multiple vulnerabilities being capitalized by threat actors to attack Microsoft Exchange Servers. A successful exploitation of the vulnerabilities may allow an unauthenticated attacker to execute arbitrary code on vulnerable Exchange Servers, thereby gaining …

Read More »

VMware Remote Code Execution and Authentication Vulnerability (CVE-2021-21985, CVE-2021-21986)

Advisory No: TZCERT/SA/2021/05/27 Date of First Release: 27th May 2021 Source: VMware  Software Affected:  VMware vCenter Server (vCenter Server)VMware Cloud Foundation (Cloud Foundation) Overview: Multiple vulnerabilities exist in vSphere Client (HTML5) that could cause remote code execution (CVE-2021-21985) and perform actions allowed by Virtual SAN Health Check plug-in without authentication (CVE-2021-21986). Description: The vSphere Client …

Read More »