Tanzania Computer Emergency Response Team

TZCERT-SU-24-0458 (Jenkins Security Update)

6th May 2024

Jenkins has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and Administrators are encouraged to review Jenkins Security Advisories dated 2nd May 2024 and apply necessary updates.

TZCERT-SU-24-0457 (Cisco Security Update)

6th May 2024

Cisco has released security updates to address a vulnerability in Cisco IP Phone 6800, 7800, and 8800 Series. Exploitation of this vulnerability may allow an attacker to cause denial of service condition to an affected system. Users and Administrators are encouraged to review Cisco Security Advisories dated 2nd May 2024 …

TZCERT-SU-24-0456 (Dell Security Update)

6th May 2024

Dell has released security updates to address vulnerabilities inDell Enterprise SONiC Distribution. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and Administrators are encouraged to review Dell Security Bulletin and apply necessary updates.

Remote code vulnerabilities in Xiaomi Pro 13 smartphone (CVE-2024-4406, CVE-2024-4405, CVE-2023-26322)

3rd May 2024

Advisory No: TZCERT/SA/2024/05/02-3 Date of First Release: 2nd May 2024 Source: Zero-Day Initiative Software Affected: Xiaomi Pro 13 Overview: Xiaomi Pro is vulnerable to three (3) critical vulnerabilities. The attackers can leverage the vulnerabilities to gain access to the affected smartphone. Description: The three vulnerabilities rated at 8.8 and tracked …

All-in-One Video Gallery Plugin Authenticated Arbitrary File Upload vulnerability (CVE-2024-4033)

3rd May 2024

Advisory No: TZCERT/SA/2024/05/02-2 Date of First Release: 2nd May 2024 Source: Wordfence Software Affected: All-in-One Video Gallery plugin for WordPress Overview: The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 3.6.4. Description: The …

Tanzania Computer Emergency Response Team

CAPACITY BUILDING: THREAT DETECTION AND INCIDENT HANDLING AND RESPONSE TRAINING

CAPACITY BUILDING: THREAT DETECTION TRAINING

Cybersecurity is a key for Development – Tanzania Ranks 2nd in Africa

Download: Advice to Parent/Guardians in Protecting Children Online

Current Activities

TZCERT-SU-24-0458 (Jenkins Security Update)

TZCERT-SU-24-0457 (Cisco Security Update)

TZCERT-SU-24-0456 (Dell Security Update)

Remote code vulnerabilities in Xiaomi Pro 13 smartphone (CVE-2024-4406, CVE-2024-4405, CVE-2023-26322)

All-in-One Video Gallery Plugin Authenticated Arbitrary File Upload vulnerability (CVE-2024-4033)

Subscribe to Receive Regular Updates

Multiple critical vulnerabilities affecting WordPress (CVE-2024-3604, CVE-2024-6314, CVE-2024-6313, CVE-2024-6365)

Critical Vulnerabilities in multiple IBM vulnerabilities (CVE-2024-1597, CVE-2022-46337)

Arbitrary code execution vulnerability on IBM Instana Observability (CVE-2023-39410)

High severity vulnerabilities affecting WordPress (CVE-2024-5943, CVE-2024-2385, CVE-2024-6319, CVE-2024-6318)

High severity vulnerabilities in HPE ProLiant and HPE Edgeline Servers Using BIOS (PixieFail) (CVE-2023-45229, CVE-2023-45230, CVE-2023-45234, CVE-2023-45235, CVE-2021-38575)