security-advisories

Advisory No: TZCERT/SA/2024/01/15 Date of First Release: 15th January 2024 Source: Ivanti Software Affected: Version 9.x and 22.x Overview: Ivanti has issued an advisory on two critical zero-day vulnerabilities discovered in Ivanti Connect Secure VPN and Ivanti Policy Secure appliances. The vulnerability could lead to unauthenticated remote code execution. Description: …

Advisory No: TZCERT/SA/2024/01/15 Date of First Release: 15th January 2024 Source: Juniper Software Affected: All versions of Junos OS on SRX Series and EX Series. Overview: Juniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. Successfully …

Advisory No: TZCERT/SA/2023/01/08 Date of First Release: 8th January 2024 Source: SMTP servers Software Affected: POSTFIX in SMTP Overview: The vulnerability exists because a flaw was found in some SMTP server configurations in Postfix. This issue may allow a remote attacker to break out of the email message data to …

Advisory No: TZCERT/SA/2023/11/08 Date of First Release: 8th November 2023 Source: NIST, CSA Software Affected:  Linux kernel-based systems running v.2.34 of the GNU C Library. Overview: A high-severity buffer overflow vulnerability which is also known as Looney Tunables affecting Linux kernel-based systems has been discovered. The vulnerability affected GNU C …

Advisory No: TZCERT/SA/2023/10/27 Date of First Release: 27th October 2023 Source: VMware Software Affected:  VMware vCenter Server and VMware Cloud Foundation Overview: Two vulnerabilities affecting VMware vCenter Server and VMware Cloud Foundation have been disclosed. These vulnerabilities may lead to out-of-bounds write potentially leading to remote code execution. Description: VMware …

Advisory No: TZCERT/SA/2023/10/20 Date of First Release: 20th October 2023 Source: CISCO Software Affected: Cisco IOS XE Software Overview: Cisco has issued an advisory detailing a Zero-Day vulnerability which has resulted to active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when …

Advisory No: TZCERT/SA/2023/10/5 Date of First Release: 5th October 2023 Source: CISCO Software Affected:  Cisco Emergency Responder Overview: A vulnerability affecting Cisco Emergency Responder has been disclosed. This vulnerability may lead to arbitrary code execution in the context of privileged user. Description: Cisco Emergency Responder has the static user credentials …

Advisory No: TZCERT/SA/2023/09/28 Date of First Release: 28th September 2023 Source: CISCO Software Affected:  Cisco Catalyst SD-WAN Manager Overview: Multiple independent vulnerabilities have been identified to affect multiple components in a Cisco device. These independent vulnerabilities which do not require exploitation of another vulnerability to be exploited may allow an …

Advisory No: TZCERT/SA/2023/09/08 Date of First Release: 8th September 2023 Source: CISCO Software Affected:  Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform Overview: A vulnerability classified as critical has been identified to affect an unknown functionality of the component Single Sign-On (SSO). The vulnerability may allow an …

Advisory No: TZCERT/SA/2023/08/31 Date of First Release: 31st August 2023 Source: VMWARE Software Affected:  VMware Aria Operations for Networks Overview: VMware has released patches to address critical security vulnerabilities affecting Aria Operations for Networks. These vulnerabilities could allow an attacker to take control of the affected system. Description: The authentication bypass and …