Tanzania Computer Emergency Response Team

TZCERT-SU-24-0121 (DebianOS Security Update)

6th February 2024

Debian has released security updates to address vulnerabilities in ruby-sanitize, runc and zbar. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are encouraged to review Debian Security Advisories msg00023, msg00022 and msg00021 and apply necessary updates.

TZCERT-SU-24-0120 (MediaTek Security Update)

6th February 2024

MediaTek has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are encouraged to review MediaTek Security Advisory and apply necessary updates.

TZCERT-SU-24-0119 (WordPress Security Update)

6th February 2024

Wordfence has released security updates to address vulnerabilities in Shield Security, WP 404 Auto Redirect and Elementor Addon. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are encouraged to review Wordfence Security Advisories wp-simple-firewall, wp-404-auto-redirect and elementor-addon and apply necessary updates.

Unified CM and Unity Connection remote code execution and file upload vulnerabilities (CVE-2024-20253 and CVE-2024-20272)

2nd February 2024

Advisory No: TZCERT/SA/2024/02/02 Date of First Release: 2nd February 2024 Source: Cisco Software Affected: Unified CM, Unified CM SME, Unified CM IM&P and Unity Connection Overview: Unified CM and Unity Connection are affected by vulnerabilities tracked as CVE-2024-20253 which could allow an unauthenticated, remote attacker to execute arbitrary code on …

TZCERT-SU-24-0118 (Mageia Security Update)

1st February 2024

Mageia has released security updates to address vulnerabilities in zlib and python-pillow. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are encouraged to review Mageia Security Advisories MGASA-2024-0019 and MGASA-2024-0018 and apply necessary updates.

Tanzania Computer Emergency Response Team

CAPACITY BUILDING: THREAT DETECTION AND INCIDENT HANDLING AND RESPONSE TRAINING

CAPACITY BUILDING: THREAT DETECTION TRAINING

Cybersecurity is a key for Development – Tanzania Ranks 2nd in Africa

Download: Advice to Parent/Guardians in Protecting Children Online

Current Activities

TZCERT-SU-24-0121 (DebianOS Security Update)

TZCERT-SU-24-0120 (MediaTek Security Update)

TZCERT-SU-24-0119 (WordPress Security Update)

Unified CM and Unity Connection remote code execution and file upload vulnerabilities (CVE-2024-20253 and CVE-2024-20272)

TZCERT-SU-24-0118 (Mageia Security Update)

Subscribe to Receive Regular Updates

HPE Superdome Flex, Superdome Flex 280 and Compute Scale-up Server 3200 Servers Arbitrary Code Execution (CVE-2021-38578)

OS Command Injection Vulnerability in PAN-OS GlobalProtect (CVE-2024-3400)

Critical vulnerabilities affecting IBM Sterling B2B Integrator, IBM QRadar SIEM and IBM Disconnected Log Collector (CVE-2022-42920, CVE-2023-51385 and CVE-2023-39410)

AIKit 4.14.1 Authenticated SQL Injection (CVE-2024-31370)

Critical remote code execution vulnerability in XZ Library (CVE-2024-3094)