Tanzania Computer Emergency Response Team

TZCERT-SU-24-0119 (WordPress Security Update)

6th February 2024

Wordfence has released security updates to address vulnerabilities in Shield Security, WP 404 Auto Redirect and Elementor Addon. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are encouraged to review Wordfence Security Advisories wp-simple-firewall, wp-404-auto-redirect and elementor-addon and apply necessary updates.

Unified CM and Unity Connection remote code execution and file upload vulnerabilities (CVE-2024-20253 and CVE-2024-20272)

2nd February 2024

Advisory No: TZCERT/SA/2024/02/02 Date of First Release: 2nd February 2024 Source: Cisco Software Affected: Unified CM, Unified CM SME, Unified CM IM&P and Unity Connection Overview: Unified CM and Unity Connection are affected by vulnerabilities tracked as CVE-2024-20253 which could allow an unauthenticated, remote attacker to execute arbitrary code on …

TZCERT-SU-24-0118 (Mageia Security Update)

1st February 2024

Mageia has released security updates to address vulnerabilities in zlib and python-pillow. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are encouraged to review Mageia Security Advisories MGASA-2024-0019 and MGASA-2024-0018 and apply necessary updates.

TZCERT-SU-24-0117 (Drupal Security Update)

1st February 2024

Drupal has released security update to address a vulnerability in entity delete log. Exploitation of this vulnerability may allow an attacker to gain access to sensitive information. Users and administrators are encouraged to review Drupal Security Advisory and apply necessary updates.

TZCERT-SU-24-0116 (IBM Security Update)

1st February 2024

IBM has released security updates to address vulnerabilities in IBM Instana Observability. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are encouraged to review IBM Security Advisories and apply necessary updates.

Tanzania Computer Emergency Response Team

CAPACITY BUILDING: THREAT DETECTION AND INCIDENT HANDLING AND RESPONSE TRAINING

CAPACITY BUILDING: THREAT DETECTION TRAINING

Cybersecurity is a key for Development – Tanzania Ranks 2nd in Africa

Download: Advice to Parent/Guardians in Protecting Children Online

Current Activities

TZCERT-SU-24-0119 (WordPress Security Update)

Unified CM and Unity Connection remote code execution and file upload vulnerabilities (CVE-2024-20253 and CVE-2024-20272)

TZCERT-SU-24-0118 (Mageia Security Update)

TZCERT-SU-24-0117 (Drupal Security Update)

TZCERT-SU-24-0116 (IBM Security Update)

Subscribe to Receive Regular Updates

Multiple critical vulnerabilities affecting WordPress (CVE-2024-3604, CVE-2024-6314, CVE-2024-6313, CVE-2024-6365)

Critical Vulnerabilities in multiple IBM vulnerabilities (CVE-2024-1597, CVE-2022-46337)

Arbitrary code execution vulnerability on IBM Instana Observability (CVE-2023-39410)

High severity vulnerabilities affecting WordPress (CVE-2024-5943, CVE-2024-2385, CVE-2024-6319, CVE-2024-6318)

High severity vulnerabilities in HPE ProLiant and HPE Edgeline Servers Using BIOS (PixieFail) (CVE-2023-45229, CVE-2023-45230, CVE-2023-45234, CVE-2023-45235, CVE-2021-38575)