Tanzania Computer Emergency Response Team

Advisory No: TZCERT/SA/2024/04/15 Date of First Release: 15th April 2024 Source: Palo Alto Software Affected: PAN-OS versions 10.2, 11.0, and 11.1 Overview: Palo Alto’s PAN-OS is affected by the critical command injection vulnerability. The vulnerabilities may allow an attacker to execute arbitrary code with root privileges on the firewall. Description: …

Advisory No: TZCERT/SA/2024/04/12-2 Date of First Release: 12th April 2024 Source: IBM Software Affected: IBM Sterling B2B Integrator, IBM QRadar SIEM and IBM Disconnected Log Collector Overview: IBM products are affected by the critical arbitrary command execution. The vulnerabilities may allow an attacker to remote codes on the affected system. …

Advisory No: TZCERT/SA/2024/04/12-1 Date of First Release: 12th April 2024 Source: Wordfence, patchstack Software Affected: AIKit <= 4.14.1 Overview: CodeIsAwesome’s AIKit plugin is vulnerable to SQL Injection. The plugin’s vulnerability may allow an attacker to interact with the database and steal information. Description: AIKit is a WordPress AI Assistant that …

IBM has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are encouraged to review IBM Security Advisories dated 11th April 2024 and apply necessary updates.

Ubuntu has released security updates to address vulnerabilities in Apache, NSS, squid and util-linux. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are encouraged to review Ubuntu Security Advisories USN-6730-1, USN-6729-1, USN-6727-2, USN-6728-2 and USN-6719-2 and apply necessary updates.