security-advisories

Advisory No: TZCERT/SA/2024/03/13-01 Date of First Release: 14th July 2023 Previous Advisory Number: TZCERT/SA/2023/07/14-03 Source: Cisco Software Affected: Cisco SD-WAN vManage software Overview: Cisco has released security patches to address a critical vulnerability affecting Cisco SD-WAN vManage software. The vulnerability could allow an attacker to attain unauthenticated access to REST …

Advisory No: TZCERT/SA/2024/03/07 Date of First Release: 07th March 2024 Source: FortiGate Software Affected: VersionAffectedFortiOS 7.47.4.0 through 7.4.2FortiOS 7.27.2.0 through 7.2.6FortiOS 7.07.0.0 through 7.0.13FortiOS 6.46.4.0 through 6.4.14FortiOS 6.26.2.0 through 6.2.15FortiOS 6.06.0.0 through 6.0.17FortiProxy 7.47.4.0 through 7.4.2FortiProxy 7.27.2.0 through 7.2.8FortiProxy 7.07.0.0 through 7.0.14FortiProxy 2.02.0.0 through 2.0.13FortiProxy 1.21.2 all versionsFortiProxy 1.11.1 all …

Advisory No: TZCERT/SA/2024/03/06 Date of First Release: 6th March 2024 Source: JetBrains Software Affected: TeamCity On-Premises Overview: Vulnerabilities exists in JetBrains TeamCity On-Premises software which allows an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server. CVE-2024-27198 (CVSS …

Advisory No: TZCERT/SA/2024/02/29 Date of First Release: 28th February 2024 Source: securityaffairs Software Affected: LiteSpeed Cache plugin for WordPress Overview: LiteSpeed Cache plugin for WordPress is affected by a vulnerability tracked as CVE-2023-40000 which allows unauthenticated site-wide stored XSS. Remote attacker can exploit the vulnerability to steal sensitive information or …

Advisory No: TZCERT/SA/2024/02/22 Date of First Release: 22nd February 2024 Source: WordPress plugin Bricks Builder Software Affected: Bricks Builder versions 1.9.6 and earlier Overview: WordPress has released security updates to address a critical vulnerability (CVE-2024-25600) impacting their Bricks Builder Plug-in. Successful exploitation of the vulnerability may allow an attacker to …

Advisory No: TZCERT/SA/2024/02/15 Date of First Release: 15th February 2024 Source: WPScan Software Affected: Revolution Slider Plugin version <= 6.6.12 Overview: The vulnerability exists in the Revolution Slider plugin prior to version <= 6.6.12. Successfully exploitation of this vulnerability could allow a remote attacker to execute code on the affected …

Advisory No: TZCERT/SA/2024/02/15 Date of First Release: 15th February 2025 Source: Microsoft Software Affected: Microsoft Exchange Server Overview: Microsoft has disclosed a critical security flaw in Exchange Server that is being exploited by malicious actors. Successful exploitation of this flaw may allow an attacker to gain privileges as the victim …

Advisory No: TZCERT/SA/2024/02/08-2 Date of First Release: 8th February 2024 Source: IBM Software Affected: IBM Sterling Control Center Overview: IBM has disclosed the remote code vulnerabilities affecting IBM Sterling Control Center. The vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. Description: The vulnerabilities …

Advisory No: TZCERT/SA/2024/02/08-1 Date of First Release: 8th February 2024 Source: Cisco Software Affected: Cisco Expressway Series Overview: Cisco Expressway Series are affected by vulnerabilities tracked as CVE-2024-20252, CVE-2024-20254 and CVE-2024-20255 which could allow remote attacker to perform arbitrary actions via cross-site request forgery vulnerability affecting the system. Description: Following …

Advisory No: TZCERT/SA/2024/02/02 Date of First Release: 2nd February 2024 Source: Cisco Software Affected: Unified CM, Unified CM SME, Unified CM IM&P and Unity Connection Overview: Unified CM and Unity Connection are affected by vulnerabilities tracked as CVE-2024-20253 which could allow an unauthenticated, remote attacker to execute arbitrary code on …