Tanzania Computer Emergency Response Team

Advisory No: TZCERT/SA/2024/01/15 Date of First Release: 15th January 2024 Source: Ivanti Software Affected: Version 9.x and 22.x Overview: Ivanti has issued an advisory on two critical zero-day vulnerabilities discovered in Ivanti Connect Secure VPN and Ivanti Policy Secure appliances. The vulnerability could lead to unauthenticated remote code execution. Description: …

Advisory No: TZCERT/SA/2024/01/15 Date of First Release: 15th January 2024 Source: Juniper Software Affected: All versions of Junos OS on SRX Series and EX Series. Overview: Juniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. Successfully …

GitHub has released security updates to address vulnerabilities in wazuh-logcollector and Django. Exploitation of these vulnerabilities may allow an attacker to gain escalated privilege. Users and administrators are encouraged to review GitHub Security Advisories GHSA-27p5-32pp-r58r and GHSA-4mq2-gc4j-cmw6 and apply necessary updates.

Cisco has released security updates to address vulnerabilities in Cisco TMS, Cisco Unity Connection, Cisco WAP371 and Cisco BADP. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are encouraged to review Cisco Security Advisories cisco-sa-tms-portal, cisco-sa-cuc, cisco-sa-sb and cisco-sa-broadworks and apply …

Wordfence has released security updates to address vulnerabilities in WP testimonials, Index now, PDF invoice and packaging slips, plugin for google reviews and wooCommerce. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are encouraged to review Wordfence Security Advisories testimonial-widgets, index-now, …