Tanzania Computer Emergency Response Team
Advisory No: TZCERT/SA/2021/05/27 Date of First Release: 27th May 2021 Source: VMware Software Affected: VMware vCenter Server (vCenter Server)VMware Cloud Foundation (Cloud Foundation) Overview: Multiple vulnerabilities exist in vSphere Client (HTML5) that could cause remote code execution (CVE-2021-21985) and perform actions allowed by Virtual SAN Health Check plug-in without authentication (CVE-2021-21986). Description: The vSphere Client …
Read More »A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Google Chrome Zero-Day remote code execution vulnerability (CVE-2021-21220)
Advisory No: TZCERT/SA/2021/04/15 Date of First Release: 15th April 2021 Source: Google Software Affected: Google Chrome (Desktop version) prior to 89.0.4389.128 Overview: The vulnerability is caused by insufficient validation of untrusted input in google chrome’s V8 javascript rendering engine. Description: A remote attacker could entice a user to open a web page with specially crafted …
Read More »Microsoft Exchange Server Zero-Day remote code execution vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)
Advisory No: TZCERT/SA/2021/03/04 Date of First Release: 04th March 2021 Source: Microsoft Software Affected: Microsoft Exchange Server 2013Microsoft Exchange Server 2016Microsoft Exchange Server 2019 Overview: The four Microsoft Exchange vulnerabilities are part of an attack chain that may cause an unauthenticated attacker to execute arbitrary code remotely. These vulnerabilities are Server-Side Request Forgery (SSRF) …
Read More »VMware Remote Code Execution Vulnerability – CVE-2021-21972, CVE-2021-21973 and CVE-2021-21974
Advisory No: TZCERT/SA/2021/02/25 Date of First Release: 25th February 2021 Source: VMware Software Affected: VMware vCenter Server version 6.5, 6.7 and 7.0VMware ESXi version 6.5, 6.7 and 7.0VMware Cloud Foundation (vCenter Server) version 3.x and 4.xVMware Cloud Foundation (ESXi) version 3.x and 4.x Overview: The vSphere Client (HTML5) contains a remote code execution vulnerability …
Read More »SonicWall Zero-day Security Restriction Bypass Vulnerability – CVE-2021-20016
Advisory No: TZCERT/SA/2021/02/04 Date of First Release: 04th February 2021 Source: Sonic Wall Software Affected: SMA 100 10.x devices (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v) Overview: This vulnerability is caused by improper SQL command neutralization in SonicWall SSLVPN SMA100 products that could allow unauthenticated, remote attacker exploit for credential …
Read More »Linux Sudo Package Elevation of Privilege Vulnerability- CVE-2021-3156
Linux Sudo Package Elevation of Privilege Vulnerability- CVE-2021-3156 Advisory No: TZCERT/SA/2021/02/03 Date of First Release: 03rd February 2021 Source: Sudo Software Affected: Sudo versions 1.8.2 through 1.8.31p2 & 1.9.0 through 1.9.5p1 Overview: A heap overflow vulnerability exists in sudo, a utility available in Unix operating systems. Successful exploitation of this vulnerability may allow an …
Read More »VMware Critical Zero Day Command Injection Vulnerability CVE-2020-4006
Advisory No: TZCERT/SA/2020/11/26 Date of First Release: 26th November 2020 Source: VMware Software Affected: VMware Workspace One Access 20.10 (Linux)VMware Workspace One Access 20.01 (Linux)VMware Identity Manager 3.3.3 (Linux)VMware Identity Manager 3.3.2 (Linux)VMware Identity Manager 3.3.1 (Linux)VMware Identity Manager Connector 3.3.2, 3.3.1 (Linux)VMware Identity Manager Connector 3.3.3, 3.3.2, 3.3.1 (Windows) Overview: The vulnerability …
Read More »Cisco Security Manager Path Traversal Vulnerability
Advisory No: TZCERT/SA/2020/11/18 Date of First Release: 18th November 2020 Source: CISCO Software Affected: Cisco Security Manager releases 4.21 and earlier. Overview: The vulnerability exists in the Cisco Security Manager device and can allow an unauthenticated, remote attacker to gain access to sensitive information. Description: The vulnerability is caused by improper validation of directory …
Read More »Microsoft Windows Kernel Zero-Day Vulnerability (CVE-2020-17087)
Advisory No: TZCERT/SA/2020/11/11 Date of First Release: 11th November 2020 Source: MICROSOFT Software Affected: Windows Operating System Overview: Google has disclosed zero-day vulnerability in Microsoft Windows Kernel that is being exploited alongside with Google Chrome flaw (CVE-2020-15999). Description: This vulnerability is caused by the buffer overflow in the Windows Kernel Cryptography Driver (cng.sys) whereby …
Read More »Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability (CVE-2020-3556)
Advisory No: TZCERT/SA/2020/11/11 Date of First Release: 11th November 2020 Source: CISCO Software Affected: AnyConnect Secure Mobility Client for Linux, Windows and macOS Overview: This vulnerability exists in the interprocess communication (IPC) channel of the Cisco AnyConnect Secure Mobility Client Software that could allow an authenticated user to execute code through AnyConnect user. Description: …
Read More »