security-advisories

Advisory No: TZCERT/SA/2020/11/11 Date of First Release: 11th November 2020 Source: CISCO Software Affected: AnyConnect Secure Mobility Client for Linux, Windows and macOS Overview: This vulnerability exists in the interprocess communication (IPC) channel of the Cisco AnyConnect Secure Mobility Client Software that could allow an authenticated user to execute code through AnyConnect user. Description: …

Advisory No: TZCERT/SA/2020/09/23 Date of First Release: 23rd September 2020 Source: Microsoft Software Affected:  Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server, version 1903 (Server Core …

Advisory No: TZCERT/SA/2020/09/02 Date of First Release: 2nd September, 2020 Source: CISCO Software Affected: Any Cisco device with an active interface configured with multicast routing and running Cisco IOS XR software. Overview: Cisco has issued a security advisory on multiple vulnerabilities on any CISCO device running IOS XR Software. These vulnerabilities tracked as CVE-2020-3566 …

Advisory No: TZCERT/SA/2020/08/27 Date of First Release: 27th August 2020 Source: MICROSOFT Software Affected: Microsoft Access Products Overview: Current Microsoft Access Products are missing security updates that can cause a remote code execution vulnerability (RCE). The vulnerability may allow an unauthenticated user to run arbitrary code in the context of current user. Description: This …

Advisory No: TZCERT/SA/2018/12/05 Date of First Release: 6 December 2018 Source: Microsoft Software Affected: Team Foundation Server 2018 Update 1.1 Team Foundation Server 2018 Update 3 Team Foundation Server 2018 Update 3.1 Team Foundation Server 2017 Update 3.1 Overview: Multiple vulnerabilities have been identified in Microsoft Team Foundation Server that …

Advisory No: TZCERT/SA/2018/12/05 Date of First Release: 6th December, 2018 Source: PHP, CISCO Software Affected: PHP versions 5.x through 7.1.24 Overview: Potential vulnerability has been discovered in Hypertext Pre-processor (PHP) which can allow a remote attacker to cause denial of service condition on the affected system. Description: It has been …

Advisory No: TZCERT/SA/2018/08/13 Date of First Release: 14th August 2018 Source: Multi-State Information Sharing and Analysis Center (MS-ISAC) and Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC). Product Affected: The vulnerable Linux Kernel version is 4.9+. However, several Linux distributions have backported some of the networking code from version 4.9 …

Advisory No: TZCERT/SA/2018/07/03 Date of First Release: 3rd July 2018 . Source: Linux Kernel Organization, Cisco, Bugzilla et.c Product Affected: Linux kernel prior to 4.16.6 Overview: A vulnerability has been reported in Linux kernel which could allow a local attacker to read out kernel memory leading to information disclosure of …

Advisory No: TZCERT/SA/2018/07/02 Date of First Release: 3rd July 2018 . Source: CERT Coordination Center (Cert/CC), Electronic Frontier Foundation. Product Affected: Mozilla Thunderbird, Microsoft, MailMate, Kmail, GnuPG, Apple, Airmail, eM Client, Evolution, Google, IBM Corporation, 9Folders Inc, Flipdog Solutions, Postbox Inc etc. Overview: Mail clients configured to use OpenPGP (Pretty …

Advisory No:  TZCERT/SA/2018/07/01 Date of First Release: 3rd July 2018 . Source: Cisco Talos Product Affected: Linksys, MikroTik, NETGEAR,  ASUS, D-Link, Huawei, Ubiquiti, UPVEL, ZTE and TP-Link networking equipment as well as QNAP network-attached storage (NAS) devices. Overview: VPNFilter is malware infecting routers produced by several vendors and other networked-attached …