Tanzania Computer Emergency Response Team

TZCERT-SU-24-0210 (IBM Security Update)

29th February 2024

IBM has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are encouraged to review IBM Security Advisories dated 27th February 2024 and apply necessary updates.

XSS vulnerability in the LiteSpeed Cache plugin for WordPress (CVE-2023-40000)

29th February 2024

Advisory No: TZCERT/SA/2024/02/29 Date of First Release: 28th February 2024 Source: securityaffairs Software Affected: LiteSpeed Cache plugin for WordPress Overview: LiteSpeed Cache plugin for WordPress is affected by a vulnerability tracked as CVE-2023-40000 which allows unauthenticated site-wide stored XSS. Remote attacker can exploit the vulnerability to steal sensitive information or …

TZCERT-SU-24-0209 (Slackware Security Update)

22nd February 2024

Slackware has released security updates to address vulnerabilities in thunderbird, firefox and libuv. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are encouraged to review Slackware Security Advisories SSA:2024-052-01, SSA:2024-051-01 and SSA:2024-051-02 and apply necessary updates.

TZCERT-SU-24-0208 (Red Hat Security Update)

22nd February 2024

Red Hat has released security updates to address vulnerabilities in multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are encouraged to review Red Hat Security Advisories RHSA-2024:0937, RHSA-2024:0934, RHSA-2024:0833 and RHSA-2024:0930 and apply necessary updates.

TZCERT-SU-24-0207 (GitLab Security Update)

22nd February 2024

GitLab has released security updates to address vulnerabilities in GitLab Release 16.9.1, 16.8.3 and 16.7.6. Exploitation of these vulnerabilities may allow an attacker to gain escalated privilege. Users and administrators are encouraged to review GitLab Security Advisory and apply necessary updates.

Tanzania Computer Emergency Response Team

CAPACITY BUILDING: THREAT DETECTION AND INCIDENT HANDLING AND RESPONSE TRAINING

CAPACITY BUILDING: THREAT DETECTION TRAINING

Cybersecurity is a key for Development – Tanzania Ranks 2nd in Africa

Download: Advice to Parent/Guardians in Protecting Children Online

Current Activities

TZCERT-SU-24-0210 (IBM Security Update)

XSS vulnerability in the LiteSpeed Cache plugin for WordPress (CVE-2023-40000)

TZCERT-SU-24-0209 (Slackware Security Update)

TZCERT-SU-24-0208 (Red Hat Security Update)

TZCERT-SU-24-0207 (GitLab Security Update)

Subscribe to Receive Regular Updates

HPE Superdome Flex, Superdome Flex 280 and Compute Scale-up Server 3200 Servers Arbitrary Code Execution (CVE-2021-38578)

OS Command Injection Vulnerability in PAN-OS GlobalProtect (CVE-2024-3400)

Critical vulnerabilities affecting IBM Sterling B2B Integrator, IBM QRadar SIEM and IBM Disconnected Log Collector (CVE-2022-42920, CVE-2023-51385 and CVE-2023-39410)

AIKit 4.14.1 Authenticated SQL Injection (CVE-2024-31370)

Critical remote code execution vulnerability in XZ Library (CVE-2024-3094)