Voici la liste des derniers avis du CERT-Renater en 2014 :


26 Dec 2014STAT52
19 Dec 2014STAT51
12 Dec 2014STAT50
12 Dec 2014VULN304TYPO3 : Link spoofing and cache poisoning vulnerabilities in TYPO3 CMSSystems running TYPO3 CMS versions 4, 6, 7 prior
11 Dec 2014VULN303 (FreeBSD : Multiple vulnerabilities in file(1) and libmagic(3))FreeBSD running file, libmagic.
11 Dec 2014VULN302Microsoft : Important Vulnerability in Microsoft Office Could Allow Remote Code ExecutionSystems running Microsoft Office versions 2013,
11 Dec 2014VULN301FreeBSD : Buffer overflow in stdioFreeBSD core versions 10.1.
11 Dec 2014VULN300Asterisk : Remote Crash Vulnerability in WebSocket ServerSystems running Asterisk Open Source versions
11 Dec 2014VULN299Xen : CVE-2014-9065,CVE-2014-9066 p2m lock starvationSystems running Xen versions 4.2 and later.
11 Dec 2014VULN298VMware : VMware AirWatch product update addresses information disclosure vulnerabilitiesSystems running VMware AirWatch.
10 Dec 2014VULN297Microsoft : Important Vulnerability in Microsoft Graphics Component Could Allow Information DisclosureWindows version 7, Server 2003, Server 2008,
10 Dec 2014VULN296Microsoft : Important Vulnerabilities in Microsoft Excel Could Allow Remote Code ExecutionSystems running Microsoft Excel versions
10 Dec 2014VULN295Microsoft : Critical Vulnerability in VBScript Scripting Engine Could Allow Remote Code ExecutionWindows version 7, Server 2003, Server 2008
10 Dec 2014VULN294Microsoft : Important Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of PrivilegeSystems running Microsoft Exchange Server versions
10 Dec 2014VULN293Microsoft : Critical Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow Remote Code ExecutionSystems running Microsoft Office versions 2013,
10 Dec 2014VULN292Microsoft : Critical Security Updates for Internet ExplorerSystems running Internet Explorer versions 11, 10,
10 Dec 2014VULN291Red Hat : Important rpm security updateRed Hat running rpm.
10 Dec 2014VULN290Adobe : Security Update: Hotfixes available for ColdFusionSystems running ColdFusion versions 11, 10 prior
10 Dec 2014VULN289Adobe : Security Updates available for Adobe Reader and AcrobatSystems running Adobe Reader, Adobe Acrobat
10 Dec 2014VULN288VMware : VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerabilitySystems running VMware vCloud Automation Center
10 Dec 2014VULN287APPLE : APPLE-SA-2014-12-9-1 iOS 8.1.2iOS versions prior to 8.1.2.
10 Dec 2014VULN286Adobe : Security updates available for Adobe Flash PlayerSystems running Adobe Flash Player versions prior
9 Dec 2014VULN285PowerDNS: PowerDNS Security Advisory 2014-02DSystems running PowerDNS version 3.6.x prior to
9 Dec 2014VULN284Unbound: Unbound CVE-2014-8602 vulnerabilitySystems running Unbound version 1.5.x prior to
9 Dec 2014VULN283BIND : CVE-2014-8500: A Defect in Delegation Handling Can Be Exploited to Crash BINDSystems running BIND version 9.0.x prior to
5 Dec 2014STAT49
4 Dec 2014VULN282phpMyAdmin : DoS and XSS vulnerabilities fixed in phpMyAdminSystems running phpMyAdmin versions 4.2.x, 4.1.x,
4 Dec 2014VULN281APPLE : APPLE-SA-2014-12-3-1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1Systems running Safari versions prior to
2 Dec 2014VULN280OpenVPN : critical denial of service security vulnerability fixed in OpenVPNSystems running OpenVP versions 2.x prior to
2 Dec 2014VULN279OpenVAS : Sql injection security vulnerabilities fixed in OpenVASSystems running OpenVAS versions prior to 4.0.6,
1 Dec 2014VULN278Xen : DoS Security vulnerabilities fixed in XenSystems running Xen versions 3.2.x up to and
28 Nov 2014STAT48
27 Nov 2014VULN277Google Chrome : Google Chrome 39.0.2171.71 includes Adobe Flash player fixesSystems running Google Chrome version prior to
27 Nov 2014VULN276Adobe : Security updates available for Adobe Flash Player-
25 Nov 2014STAT47
24 Nov 2014VULN275IP.Board : SQL injection vulnerability fixed in IP.BoardSystems running IP.Board versions 3.3.x, 3.4.x.
24 Nov 2014VULN274WordPress : WordPress 4.0.1 Security ReleaseSystems running WordPress versions prior to 4.0.1,
24 Nov 2014VULN273Drupal Core : Moderately Critical - Multiple Vulnerabilities - SA-CORE-2014-006Systems running Drupal Core versions 6.x, 7.x
24 Nov 2014VULN272PhpMyAdmin : Multiple vulnerabilities fixedSystems running PhpMyAdmin versions 4.0.x, 4.1.x,
19 Nov 2014VULN271Microsoft : Critical Vulnerability in Kerberos Could Allow Elevation of PrivilegeWindows running Microsoft Windows Kerberos KDC.
19 Nov 2014VULN270APPLE : APPLE-SA-2014-11-17-3 Apple TV 7.0.2Apple TV versions prior to 7.0.2.
19 Nov 2014VULN269APPLE : APPLE-SA-2014-11-17-2 OS X Yosemite 10.10.1Mac OS X versions prior to 10.10.1.
19 Nov 2014VULN268APPLE : APPLE-SA-2014-11-17-1 iOS 8.1.1iOS versions prior to 8.1.1.
14 Nov 2014STAT46
13 Nov 2014VULN267Juniper : Juniper Secure Analytics and Security Threat Response Manager Multiple vulnerabilitiesJSA software versions 2013.2, 2014.1, 2014.2,
13 Nov 2014VULN266Wireshark : wnpa-sec-2014-23 · TN5250 infinite loopsSystems running Wireshark versions 1.12.x, 1.10.x
12 Nov 2014VULN265Google Chrome : Google Chrome 38.0.2125.122 includes Adobe Flash player fixesSystems running Google Chrome version prior to
12 Nov 2014VULN264Microsoft : Moderate Vulnerability in Kernel-Mode Driver Could Allow Denial of ServiceWindows version Server 2003, Vista, Server 2008,
12 Nov 2014VULN263Microsoft : Moderate Vulnerability in IME (Japanese) Could Allow Elevation of PrivilegeWindows version Server 2003, Vista, Server 2008, 7,
12 Nov 2014VULN262Microsoft : Important Vulnerability in Active Directory Federation Services could allow Information DisclosureWindows version Server 2008, Server 2012, Server
12 Nov 2014VULN261Microsoft : Important Vulnerability in Internet Information Services (IIS) Could Allow Security Feature BypassWindows version Server 2012, 8, 8.1,
12 Nov 2014VULN260Microsoft : Important Vulnerability in Remote Desktop Protocol could allow Security Feature BypassWindows version Vista, Server 2008, Server 2012,
12 Nov 2014VULN259Microsoft : Vulnerability in Microsoft SharePoint Foundation Could Allow Elevation of PrivilegeSystems running Microsoft SharePoint Server
12 Nov 2014VULN258Microsoft : Vulnerability in .NET Framework Could Allow Elevation of PrivilegeSystems running Microsoft .NET Framework version
12 Nov 2014VULN257Microsoft : Windows Audio Vulnerability in Windows Audio Service Could Allow Elevation of PrivilegeWindows version Vista, Server 2008, Server 2008,
12 Nov 2014VULN256Microsoft : Important Vulnerability in TCP/IP Could Allow Elevation of Privilege-
12 Nov 2014VULN255Microsoft : Important Vulnerabilities in Microsoft Office Could Allow Remote Code ExecutionSystems running Microsoft Office version 2007,
12 Nov 2014VULN254Microsoft : Critical Vulnerability in XML Core Services Could Allow Remote Code ExecutionWindows version Server 2003, Vista, Server 2008,
12 Nov 2014VULN253Microsoft : Critical Vulnerability in Schannel Could Allow Remote Code ExecutionWindows version Server 2003, Vista, Server 2008,
12 Nov 2014VULN252Microsoft : Critical Cumulative Security Update for Internet ExplorerSystems running Internet Explorer versions 6, 7,
12 Nov 2014VULN251Microsoft : Critical Vulnerabilities in Windows OLE Could Allow Remote Code ExecutionWindows version Server 2003, Vista, Server 2008,
12 Nov 2014VULN250Adobe : Security updates available for Adobe Flash PlayerSystems running Adobe Flash Player versions prior
10 Nov 2014VULN249Cisco : Cisco IOS XE Software Challenge/Response Bypass VulnerabilityCisco IOS XE Software.
10 Nov 2014VULN248Drupal Core : Highly Critical - Public Service announcement - PSA-2014-003Systems running Drupal core versions 7.x prior to
7 Nov 2014STAT45
4 Nov 2014VULN247TWiki : TWiki-6.0.1 fixes Remote Perl code execution and Apache configuration file upload vulnerabilitiesSystems running TWiki versions prior to 6.0.1.
4 Nov 2014VULN246Shibboleth IdP : Shibboleth Identity Provider Security AdvisorySystems running Shibboleth IdP using the Xerces-J
31 Oct 2014VULN245Aruba : Aruba ClearPass Multiple vulnerabilitiesSystems running Aruba ClearPass versions prior to
31 Oct 2014VULN244US-CERT : Linksys SMART WiFi firmware contains multiple vulnerabilitiesLinksys SMART WiFi firmware.
31 Oct 2014VULN243US-CERT : GNU Wget creates arbitrary symbolic links during recursive FTP downloadSystems running GNU wget.
31 Oct 2014VULN242PHP : PHP 5.5.18 fixes security vulnerabilitiesSystems running PHP versions prior to 5.5.18.
28 Oct 2014INFO001Campagne d'attaque Shellshock ciblant des serveurs SMTP
27 Oct 2014STAT43
24 Oct 2014VULN241TYPO3 : Multiple Vulnerabilities in TYPO3 CMSSystems running TYPO3 versions prior to 4.5.37,
23 Oct 2014VULN240VMware : VMware vSphere Data Protection product update addresses a critical information disclosure vulnerabilitySystems running VMware vSphere Data Protection
23 Oct 2014VULN239Citrix : Citrix XenServer Shellshock Security UpdateSystems running Citrix XenServer versions all
23 Oct 2014VULN238Citrix : Citrix Security Advisory for CVE-2014-3566 - SSLv3 Protocol FlawCitrix products.
23 Oct 2014VULN237phpMyAdmin : XSS vulnerabilities in SQL debug output and server monitor pageSystems running phpMyAdmin versions 4.0.x prior to
23 Oct 2014VULN236APPLE : APPLE-SA-2014-10-22-1 QuickTime 7.7.6Windows running QuickTime versions prior to 7.7.6.
22 Oct 2014VULN235Microsoft : Vulnerability in Microsoft OLE Could Allow Remote Code ExecutionWindows versions all except Windows Server 2003.
22 Oct 2014VULN234 (Nessus : SSLv3 Protocol Vulnerability Affects Tenable Products (POODLE))Systems running Nessus versions prior to 6.0.1,
21 Oct 2014VULN233Joomla! : Core - Denial of ServiceSystems running Joomla! versions 2.5.x prior to
21 Oct 2014VULN232Asterisk : Asterisk Susceptibility to POODLE VulnerabilitySystems running Asterisk versions 1.8.x, 11.x,
21 Oct 2014VULN231APPLE : APPLE-SA-2014-10-20-2 Apple TV 7.0.1Systems running Apple TV software versions prior
21 Oct 2014VULN230APPLE : APPLE-SA-2014-10-20-1 iOS 8.1Systems running iOS versions prior to 8.1.
17 Oct 2014STAT42
16 Oct 2014VULN229Drupal : Drupal core - SQL injectionSystems running Drupal core versions 7.x prior to
16 Oct 2014VULN228OpenSSL : OpenSSL Security Advisory [15 Oct 2014]Systems running OpenSSL versions prior to 1.0.1j,
15 Oct 2014VULN227Oracle : October 2014 Critical Patch Update ReleasedSystems running Oracle Database,
15 Oct 2014VULN226Mozilla : Multiple vulnerabilities fixed in Firefox, ThunderbirdSystems running Firefox versions prior to 33,
15 Oct 2014VULN225Adobe : Hotfixes available for ColdFusionSystems running ColdFusion version 11, 10, 9.0.2,
15 Oct 2014VULN224Adobe : Adobe Security Bulletin Security updates available for Adobe Flash PlayerSystems running Adobe Flash Player version prior
15 Oct 2014VULN223Microsoft : Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of PrivilegeWindows version Server 2003, Vista, Server 2008,
15 Oct 2014VULN222Microsoft : Vulnerability in Message Queuing Service Could Allow Elevation of PrivilegeWindows version Server 2003 running Message
15 Oct 2014VULN221Microsoft : Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code ExecutionSystems running Microsoft Office version 2007,
15 Oct 2014VULN220Microsoft : Vulnerability in Windows OLE Could Allow Remote Code ExecutionWindows version Vista, Server 2008, 7, 8, 8.1,
15 Oct 2014VULN219Microsoft : Vulnerability in ASP.NET MVC Could Allow Security Feature BypassSystems running ASP.NET MVC version 2, 3, 4, 5,
15 Oct 2014VULN218Microsoft : Vulnerabilities in Kernel-Mode Driver Could Allow Remote Code ExecutionWindows Vista, version Server 2003, Server 2008,
15 Oct 2014VULN217Microsoft : Critical Vulnerabilities in .NET Framework Could Allow Remote Code ExecutionWindows Vista, version Server 2003, Server 2008,
15 Oct 2014VULN216 (Microsoft : Cumulative Security Update for Internet Explorer (2987107))Systems running Internet Explorer Versions 6, 7, 8,
10 Oct 2014STAT41
9 Oct 2014VULN215Google Chrome : Chrome 38.0.2125.101includes 159 security fixesSystems running Google Chrome Versions prior to
9 Oct 2014VULN214 (IBM : Potential Security exposures with WebSphere Application Server (CVE-2014-4770 and CVE-2014-4816))Systems running IBM WebSphere Application Server,
7 Oct 2014VULN213Bugzilla : 4.0.14, 4.2.10, 4.4.5, and 4.5.5 Security AdvisorySystems running Bugzilla Versions prior to 4.0.14,
7 Oct 2014VULN212Splunk : Splunk Enterprise 6.1.4 and 5.0.10 address four vulnerabilitiesSystems running Splunk Enterprise Versions prior
3 Oct 2014STAT40
2 Oct 2014VULN211Xen : Multiple vulnerabilities fixed in XenSystems running Xen Versions 3.x, 4.x.
2 Oct 2014VULN210phpMyAdmin : XSS vulnerabilities in table search and table structure pagesSystems running phpMyAdmin Versions 4.0.x prior to
30 Sep 2014VULN209APPLE : APPLE-SA-2014-09-29-1 OS X bash Update 1.0Mac OS X.
29 Sep 2014VULN208SUSE : new openSUSE and SUSE bash Security Updates CVE-2014-6271 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187openSUSE version 13.2, 12.3, 13.1,
29 Sep 2014VULN207Joomla! : Joomla! XSS and Unauthorised Logins vulnerabilities fixedJoomla! versions prior to 2.5.25, 3.2.5, or 3.3.4.
29 Sep 2014VULN206Red Hat : Important bash security update CVE-2014-7169 CVE-2014-7186 CVE-2014-7187Red Hat Enterprise Linux versions 4, 5.6, 5.9,
29 Sep 2014VULN205Ubuntu : USN-2364-1 Bash vulnerabilities, CVE-2014-7186, CVE-2014-7187Ubuntu versions 14.04 LTS, 12.04 LTS, 10.04 LTS.
29 Sep 2014STAT39
25 Sep 2014VULN204Red Hat : Moderate kernel security and bug fix updateRed Hat Enterprise Linux version 7.
25 Sep 2014ALER001.1Faille de sécurité critique dans GNU Bash
23 Sep 2014VULN203Shibboleth IdP : Shibboleth Identity Provider and OpenSAML-J HTTPS and LDAPS Connections Do Not Perform ProperSystems running Shibboleth IdP versions prior to
19 Sep 2014STAT38
19 Sep 2014VULN202IP.Board : IP.Board 3.x Security UpdateSystems running IP.Board 3.4.x, 3.3.x.
19 Sep 2014VULN201ZDI : SAP Crystal Reports vulnerabilities could allow Remote Code ExecutionSystems running SAP Crystal Reports.
19 Sep 2014VULN200Asterisk : Remote crash when handling out of call message in certain dialplan configurationsSystems running Asterisk Open Source versions
18 Sep 2014VULN199Adobe : Adobe Security Bulletin Security Updates available for Adobe Reader and AcrobatSystems running Adobe Reader versions XI, X prior
18 Sep 2014VULN198EMC : EMC Documentum Content Server Multiple Privilege Escalation VulnerabilitiesSystems running EMC Documentum Content Server
18 Sep 2014VULN197Kerberos : Buffer overrun in kadmind with LDAP backendSystems running MIT krb5 versions 1.6 to 1.12.2.
18 Sep 2014VULN196APPLE : APPLE-SA-2014-09-17-4 Safari 6.2 and Safari 7.1Mac OS X running Safari versions prior to 6.2, 7.1.
18 Sep 2014VULN195APPLE : APPLE-SA-2014-09-17-5 OS X Server 3.2.1Mac OS X Mavericks version 10.9.5 or later
18 Sep 2014VULN194APPLE : APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update,2014-004Mac OS X Mavericks versions 10.9 up to 10.9.4.
18 Sep 2014VULN193APPLE : APPLE-SA-2014-09-17-1 iOS 8 and APPLE-SA-2014-09-17-2 Apple TV 7iOS for Apple TV, iOS versions prior to 8.
15 Sep 2014VULN192Moodle : MSA-14-0033 URL parameter injection in CAS authenticationSystems running Moodle versions prior to 2.7.2,
15 Sep 2014VULN191phpMyAdmin : XSRF/CSRF due to DOM based XSS in the micro history featureSystems running phpMyAdmin versions 4.0.x prior
15 Sep 2014VULN190VMware : VMware NSX and vCNS product updates address a critical information disclosure vulnerabilitySystems running VMware NSX versions 6.0 prior to
12 Sep 2014STAT37
11 Sep 2014VULN189Red Hat : Important kernel security and bug fix updateRed Hat Enterprise Linux version 6.
11 Sep 2014VULN188Procmail : procmail security updateSystems running Procmail versions 3.22 and
11 Sep 2014VULN187VMware : VMware vSphere product updates to third party librariesSystems running VMware vCenter Server version 5.5
11 Sep 2014VULN186Tomcat : CVE-2013-4444 Remote Code ExecutionSystems running Apache Tomcat versions 7.0.0 to
10 Sep 2014VULN185XEN: Mishandling of uninitialised FIFO-based event channel control blocksXen
10 Sep 2014VULN184Hewlett-Packard : HP Network Node Manager: Execute arbitrary code/commands - Remote/unauthenticatedSystem running HP Network Node Manager
10 Sep 2014VULN183Windows: Microsoft Lync Server: Multiple vulnerabilitiesWindows
10 Sep 2014VULN182Windows: Microsoft Windows Task Scheduler: Increased privileges - Existing accountWindows
10 Sep 2014VULN181Windows: Microsoft .NET Framework: Denial of service - Remote/unauthenticatedWindows with .NET Framewok
10 Sep 2014VULN180Windows: Microsoft Internet Explorer: Multiple vulnerabilitiesWindows
10 Sep 2014VULN179Adobe : Security updates available for Adobe Flash PlayerSystems running Adobe Flash Player version
9 Sep 2014VULN178CAS : CAS Client Security Vulnerability CVE-2014-4172Systems running Jasig Java CAS Client version
9 Sep 2014VULN177IBM : Unspecified weaknesses in the QRadar appliance 7.1 MR2 and 7.2 MR2 could allow an external attacker toLinux running IBM Security QRadar SIEM version
8 Sep 2014VULN176TYPO3 : TYPO3-EXT-SA-2014-010 Several vulnerabilities in third party extensionsSystems running cwt_feedit, eu_ldap, flatmgr,
5 Sep 2014STAT36
5 Sep 2014VULN175Mozilla : Multiple vulnerabilities fixed in Firefox, ThunderbirdSystems running Firefox versions prior to 32,
4 Sep 2014VULN174Apache : Apache HTTP Server 2.2.29 ReleasedSystems running Apache HTTP Server versions 2
29 Aug 2014STAT35
29 Aug 2014VULN173SQUID : Denial of service in request processingSystems running SQUID versions 3.x prior to
27 Aug 2014VULN172IBM DB2 : IBM DB2 Accessories Suite for Linux, UNIX and Windows denial of service vulneribilityAIX, HP-UX, Linux, Solaris, Windows running IBM
22 Aug 2014VULN171RSA : RSA Archer GRC Platform Multiple VulnerabilitiesSystems running RSA Archer GRC Platform version
22 Aug 2014STAT34
20 Aug 2014VULN170phpMyAdmin : Multiple XSS vulnerabilities fixed in phpMyAdminSystems running phpMyAdmin versions 4.0.x,
18 Aug 2014VULN169Blackberry : BSRT-2014-006 Vulnerability in file sharing service affects BlackBerry Z10, BlackBerry Z30, BlackBerryBlackBerry 10 OS version prior to 10.2.1.1925.
18 Aug 2014STAT33
14 Aug 2014VULN168Citrix : Vulnerabilities in Citrix Access Gateway Enterprise Edition Plug-in for Windows could result in arbitraryWindows running Citrix Access Gateway Enterprise
14 Aug 2014VULN167APPLE : APPLE-SA-2014-08-13-1 Safari 6.1.6 and Safari 7.0.6Systems running Safari versions prior to 6.1.6,
14 Aug 2014VULN166Adobe : Security updates available for Adobe Flash PlayerSystems running Adobe Flash Player versions prior
14 Aug 2014VULN165Adobe : Security Updates available for Adobe Reader and AcrobatSystems running Adobe Reader, Adobe Acrobat
13 Aug 2014VULN164Microsoft : Important Vulnerability in LRPC Could Allow Security Feature BypassWindows version 7, Server 2008 R2, 8, 8.1,
13 Aug 2014VULN163Microsoft : Important Vulnerability in .NET Framework Could Allow Security Feature BypassWindows version Server 2003, Vista, Server 2008,
13 Aug 2014VULN162Microsoft : Important Vulnerability in Microsoft SharePoint Server Could Allow Elevation of PrivilegeSystems running Microsoft SharePoint Server
13 Aug 2014VULN161Microsoft : Important Vulnerability in Windows Installer Service Could Allow Elevation of PrivilegeWindows version Server 2003, Vista, Server 2008,
13 Aug 2014VULN160Microsoft : Important Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of PrivilegeWindows running Kernel-Mode Drivers.
13 Aug 2014VULN159Microsoft : Important Vulnerabilities in SQL Server Could Allow Elevation of PrivilegeSystems running Microsoft SQL Server version
13 Aug 2014VULN158Microsoft : Important Vulnerability in OneNote Could Allow Remote Code ExecutionWindows running Microsoft OneNote version 2007.
13 Aug 2014VULN157Microsoft : Critical Vulnerability in Windows Media Center Could Allow Remote Code ExecutionWindows version 7, 8, 8.1 running Windows Media
13 Aug 2014VULN156Microsoft : Critical Cumulative Security Update for Internet ExplorerSystems running Internet Explorer.
8 Aug 2014STAT32
7 Aug 2014VULN155Cisco : Cisco IOS Software and Cisco IOS XE Software EnergyWise Crafted Packet Denial of Service VulnerabilityCisco IOS, Cisco IOS XE configured for EnergyWise.
7 Aug 2014VULN154 (DRUPAL : Date - Cross Site Scripting (XSS))Systems running Date for DRUPAL versions prior to
7 Aug 2014VULN153WordPress : WordPress 3.9.2 Security ReleaseSystems running WordPress versions prior to 3.9.2,
7 Aug 2014VULN152OpenSSL : Remote code execution in nmbdSystems running OpenSSL versions prior to 0.9.8zb,
5 Aug 2014VULN151Samba : Remote code execution in nmbdSystems running Samba versions prior to 4.1.11,
1 Aug 2014STAT31
1 Aug 2014VULN150MediaWiki : MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2Systems running MediaWiki versions prior to
30 Jul 2014VULN149Moodle : Multiple vulnerabilities fixed in MoodleSystems running Moodle versions prior to 2.7.1,
25 Jul 2014STAT30
18 Jul 2014STAT29
18 Jul 2014VULN148Oracle : July 2014 Critical Patch Update ReleasedSystems running
11 Jul 2014STAT28
10 Jul 2014VULN147Cisco : Apache Struts 2 Command Execution Vulnerability in Multiple Cisco ProductsCisco software running Apache Struts 2.
9 Jul 2014VULN146Adobe : Security updates available for Adobe Flash PlayerWindows, Mac OS X running Adobe Flash Player
9 Jul 2014VULN145Microsoft : Moderate Vulnerability in Microsoft Service Bus Could Allow Denial of ServiceWindows version Vista, 7, Server 2008, 8,
9 Jul 2014VULN144Microsoft : Important Vulnerability in DirectShow Could Allow Elevation of PrivilegeWindows version Vista, 7, Server 2008, 8,
9 Jul 2014VULN143Microsoft : Important Vulnerability in Ancillary Function Driver (AFD) Could Allow Elevation of PrivilegeWindows version Server 2003 version Vista, 7,
9 Jul 2014VULN142Microsoft : Important Vulnerability in On-Screen Keyboard Could Allow Elevation of PrivilegeWindows version Vista, 7, Server 2008, 8, 8.1,
9 Jul 2014VULN141Microsoft : Critical Vulnerability in Windows Journal Could Allow Remote Code ExecutionWindows version Vista, 7, Server 2008, 8,
9 Jul 2014VULN140Microsoft : Critical Cumulative Security Update for Internet ExplorerSystems running Internet Explorer versions 6, 7,
7 Jul 2014VULN139Rails : New versions of Rails fix vulnerabilities in related vulnerabilities in PostgreSQL adapter for Active RecordSystems running Rails versions prior to 4.0.8,
4 Jul 2014VULN138Timthumb : Timthumb WebShot feature remote code executionSystems running Timthumb for WordPress.
4 Jul 2014STAT27
3 Jul 2014VULN137Cisco : Multiple Vulnerabilities in Cisco Unified Communications Domain ManagerCisco Unified CDM Application Software versions
3 Jul 2014VULN136Foxit : Security issue caused by Stored XSS vulnerability fixedSystems running Foxit versions prior to 6.2.1,
1 Jul 2014VULN135APPLE : APPLE-SA-2014-06-30-4 Apple TV 6.1.2Apple TV versions prior to 6.1.2.
1 Jul 2014VULN134APPLE : APPLE-SA-2014-06-30-3 iOS 7.1.2iOS versions prior to 7.1.2.
1 Jul 2014VULN133APPLE : APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update,2014-003OS X Mavericks versions prior to 10.9.4.
1 Jul 2014VULN132APPLE : APPLE-SA-2014-06-30-1 Safari 6.1.5 and Safari 7.0.5Systems running Safari versions prior to 6.1.5,
27 Jun 2014STAT26
20 Jun 2014STAT25
13 Jun 2014STAT24
11 Jun 2014VULN131Microsoft : Important Vulnerability in Remote Desktop Could Allow TamperingWindows version 7, 8, 8.1, Server 2012.
11 Jun 2014VULN130Microsoft : Important Vulnerability in TCP Protocol Could Allow Denial of ServiceWindows version Vista, Server 2008, 7, 8, 8.1,
11 Jun 2014VULN129Microsoft : Important Vulnerability in Microsoft Lync Server Could Allow Information DisclosureSystems running Microsoft Lync Server version
11 Jun 2014VULN128Microsoft : Important Vulnerability in Microsoft XML Core Services Could Allow Information DisclosureWindows version Server 2003, Vista, Server 2008,
11 Jun 2014VULN127Microsoft : Important Vulnerability in Microsoft Word Could Allow Remote Code ExecutionSystems running Microsoft Word version 2007,
11 Jun 2014VULN126Microsoft : Critical Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Executionall supported versions of Windows,
11 Jun 2014VULN125Adobe : Security updates available for Adobe Flash PlayerSystems running Adobe Reader versions prior to
6 Jun 2014STAT23
30 May 2014STAT22
23 May 2014STAT21
16 May 2014STAT20
14 May 2014VULN124Adobe : Security Updates available for Adobe Reader and AcrobatSystems running Adobe Reader versions prior to
14 May 2014VULN123Adobe : Security updates available for Adobe Flash PlayerSystems running Adobe Flash Player version prior
14 May 2014VULN122Microsoft : Important Vulnerability in .NET Framework Could Allow Elevation of PrivilegeWindows version Server 2003, Vista, Server 2008,
14 May 2014VULN121Microsoft : Important Vulnerabilities in Microsoft Office Could Allow Remote Code ExecutionSystems running Microsoft Office version 2007,
14 May 2014VULN120Microsoft : Important Vulnerability in iSCSI Could Allow Denial of ServiceWindows version Server 2008, Server 2012.
14 May 2014VULN119Microsoft : Important Vulnerability in Windows Shell Handler Could Allow Elevation of PrivilegeWindows version Server 2003, Vista,
14 May 2014VULN118Microsoft : Important Vulnerability in Group Policy Preferences Could Allow Elevation of PrivilegeWindows version Vista, Server 2008, 7, 8, 8.1,
9 May 2014STAT19
5 May 2014STAT18
5 May 2014VULN117Fortiguard : FortiWeb Multiple Vulnerabilities-
2 May 2014VULN116Cisco : Multiple Vulnerabilities in Cisco TelePresence SystemsCisco TelePresence System MXP Series Software,
2 May 2014VULN115Citrix : Cross-Site Scripting Vulnerability in Citrix NetScaler Gateway, formerly Citrix Access Gateway Enterprise EditionSystems running Citrix NetScaler Gateway
28 Apr 2014VULN114Microsoft : Vulnerability in Internet Explorer Could Allow Remote Code ExecutionSystems running Microsoft Internet Explorer
25 Apr 2014STAT17
25 Apr 2014VULN113MediaWiki : MediaWiki Security and Maintenance Releases: 1.22.6 and 1.21.9Systems running MediaWiki version prior to 1.22.6,
25 Apr 2014VULN112 (Apache : Struts 2 up to 2.3.16.1: Zero-Day Exploit Mitigation (security | critical))Systems running Apache Struts version 2 up to
25 Apr 2014VULN111APPLE : APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3AirPort Base Station Firmware versions prior to
23 Apr 2014VULN110Apple: Apple TV 6.1.1 is now availableApple TV
23 Apr 2014VULN109Apple: iOS 7.1.1 is now availableiOS
23 Apr 2014VULN108Apple: Security Update 2014-002 forOS X Mavericks systems includes,the security content of Safari 7.0.3:OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.
18 Apr 2014STAT16
16 Apr 2014VULN107Oracle : April 2014 Critical Patch Update ReleasedSystems running Oracle Database,
11 Apr 2014STAT15
11 Apr 2014VULN106VMware : VMware vSphere Client updates address security-
10 Apr 2014VULN105Shibboleth : Shibboleth Security Advisory [9 April 2014]Systems running Shibboleth products.
10 Apr 2014VULN104Fortiguard : Information Disclosure Vulnerability in OpenSSLFortinet products.
10 Apr 2014VULN103Cisco : Multiple Vulnerabilities in Cisco ASA SoftwareCisco ASA software versions 8, 9.
9 Apr 2014VULN102F5 : SOL15159 OpenSSL vulnerability CVE-2014-0160F5 Products software.
9 Apr 2014VULN101WordPress : WordPress 3.8.2, 3.7.2, 3.9 fix security vulnerabilitiesSystems running WordPress version prior to 3.8.2,
9 Apr 2014VULN100Adobe : Security updates available for Adobe Flash PlayerSystems running Adobe Flash Player versions prior
9 Apr 2014VULN99Cisco : OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco ProductsCisco software running OpenSSL.
9 Apr 2014VULN98Microsoft : Important Vulnerability in Microsoft Publisher Could Allow Remote Code ExecutionSystems running Microsoft Office version 2003,
9 Apr 2014VULN97Microsoft : Important Vulnerability in Windows File Handling Component Could Allow Remote Code ExecutionWindows version XP, Server 2003, Vista,
9 Apr 2014VULN96Microsoft : Critical Cumulative Security Update for Internet ExplorerSystems running Internet Explorer version 6, 7, 8,
9 Apr 2014VULN95Microsoft : Critical Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code ExecutionSystems running Microsoft Office version 2003,
8 Apr 2014VULN94US-CERT : Websense Triton Unified Security Center 7.7.3 information disclosure vulnerabilitySystems running Websense Triton Unified Security
8 Apr 2014VULN93 (OpenSSL : TLS heartbeat read overrun fixed (CVE-2014-0160))Systems running OpenSSL version 1.0.1x, 1.0.2-beta.
7 Apr 2014VULN92DRUPAL : SA-CONTRIB-2014-035 - CAS Server - Access BypassSystems running CAS Server for DRUPAL version 6.x,
7 Apr 2014VULN91EMC : ESA-2014-015: RSA Authentication Manager Cross Frame Scripting VulnerabilitySystems running RSA Authentication Manager version
7 Apr 2014VULN90Fortiguard : FortiADC Cross-Site Scripting VulnerabilityFortiADC firmware version 3.2.1
7 Apr 2014VULN89Fortiguard : FortiBalancer Remote SSH VulnerabilityFortiBalancer software.
4 Apr 2014STAT14
4 Apr 2014VULN88PHP : PHP 5.4.27and 5.5.11 fix denial of service vulnerabilitySystems running PHP versions prior to 5.4.27,
03 Apr 2014VULN87SPIP : SPIP 2.0.25, 2.1.26 et 3.0.16 corrigent des failles de sécuritéSystems running SPIP versions prior to 2.0.25,
2 Apr 2014VULN86RSA : RSA Adaptive Authentication (On-Premise) Multiple VulnerabilitiesSystems running RSA Adaptive Authentication
2 Apr 2014VULN85OTRS : XSS and Clickjacking issue fixedSystems running OTRS versions 3.1.x, 3.2.x, 3.3.x
2 Apr 2014VULN84cPanel : cPanel TSR 2014-0003 Full DisclosureSystems running cpanel versions prior to
2 Apr 2014VULN83APPLE : APPLE-SA-2014-04-01-1 Safari 6.1.3 and Safari 7.0.3Mac OS X running Safari versions prior to 6.1.3,
31 Mar 2014VULN82Symantec : Symantec LiveUpdate Administrator Unauthenticated/Unauthorized Account Access Modification and SQL injectionsSystems running Symantec LiveUpdate Administrator
28 Mar 2014STAT13
27 Mar 2014VULN81Apache : Apache HTTP Server 2.2.27, 2.4.9 fixes vulnerabilitiesSystems running Apache HTTP Server versions prior
27 Mar 2014VULN80Xen : HVMOP_set_mem_access and Linux netback crash vulnerabilities fixedXen versions from 4.1.x,
27 Mar 2014VULN079Cisco : Cisco IOS Software multiple VulnerabilitiesCisco IOS Software, Cisco IOS XE Software.
27 Mar 2014VULN078EMC : RSA Authentication Manager Cross Frame Scripting VulnerabilitySystems running RSA Authentication Manager
26 Mar 2014VULN077libcurl : libcurl version 7.36.0 fixes several vulnerabilitiesSystems running libcurl versions 7.1 up to and
26 Mar 2014VULN076Splunk : Splunk 5.0.8 addresses one vulnerability - March 24, 2014Systems running Splunk versions prior to 5.0.8.
26 Mar 2014VULN075US-CERT : Webmin contains a cross-site scripting vulnerabilitySystems running Webmin versions prior to 1.680.
25 Mar 2014VULN074Microsoft : Vulnerability in Microsoft Word Could Allow Remote Code ExecutionSystems running Microsoft Word versions 2003,
21 Mar 2014STAT12
20 Mar 2014VULN073Apache : Apache HTTP Server 2.4.9 fixes security vulnerabilitiesSystems running Apache versions prior to 2.4.9.
20 Mar 2014VULN072OpenSSH : OpenSSH 6.6 fixes security vulnerabilitySystems running OpenSSH versions prior to 6.6.
20 Mar 2014VULN071Cisco : Cisco AsyncOS Software Code Execution VulnerabilityCisco AsyncOS Software.
14 Mar 2014STAT11
14 Mar 2014VULN070Adobe : Security update available for Adobe Shockwave PlayerSystems running Adobe Shockwave Player versions
14 Mar 2014VULN069Samba : smbcacls will remove the ACL on a file or directory when changing owner or group ownerSystems running Samba versions since 4.0.0.
12 Mar 2014VULN068Microsoft : Important Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security FeatureWindows version XP, Server 2003, Vista,
12 Mar 2014VULN067Microsoft : Important Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of PrivilegeWindows version XP, Server 2003, Vista,
12 Mar 2014VULN066Microsoft : Important Vulnerability in Silverlight Could Allow Security Feature BypassSystems runnning Microsoft Silverlight versions 5.
12 Mar 2014VULN065Microsoft : Critical Vulnerability in Microsoft DirectShow Could Allow Remote Code ExecutionWindows versions XP, Server 2003, Vista,
12 Mar 2014VULN064Microsoft : Critical Cumulative Security Update for Internet ExplorerSystems runnning Internet Explorer versions 6, 7,
12 Mar 2014VULN063Asterisk : New versions of Asterisk fixes security vulnerabilitiesSystems runnning Asterisk Open Source versions
12 Mar 2014VULN062VMware : VMware vSphere updates to third party librariesSystems runnning vCenter Server Appliance,
10 Mar 2014VULN061Joomla! : Joomla! 3.2.3 fixes security vulnerabilities-
7 Mar 2014STAT10
6 Mar 2014VULN060Cisco : Cisco Small Business Router Password Disclosure VulnerabilityCisco Small Business Router firmware.
6 Mar 2014VULN059Cisco : Multiple Vulnerabilities in Cisco Wireless LAN ControllersCisco Wireless LAN Controller firmware.
6 Mar 2014VULN058Puppet : Puppet Enterprise 3.2.0 fixes several vulnerabilitiesSystems running Puppet Enterprise versions prior
6 Mar 2014VULN057NetBSD : posix_spawn unbounded kernel memory allocationNetBSD version current, 5, 6 running
4 Mar 2014VULN056libpng : libpng denial-of-service vulnerabilitySystems running libpng versions 1.6.0 up to and
4 Mar 2014VULN055CMS Made Simple : CMSMS 1.11.10 Pinzon fixes security vulnerabilitiesSystems running CMS Made Simple versions prior to
4 Mar 2014VULN054Apache Camel : Apache Camel critical disclosure vulnerabilitySystems running Apache Camel versions prior to
28 Feb 2014STAT09
28 Feb 2014VULN053US-CERT : Synology DiskStation Manager VPN module hard-coded password vulnerabilitySystems running Synology DiskStation Manager .
26 Feb 2014VULN052APPLE : APPLE-SA-2014-02-25-3 QuickTime 7.7.5Systems running QuickTime versions prior to
26 Feb 2014VULN051APPLE : APPLE-SA-2014-02-25-2 Safari 6.1.2 and Safari 7.0.2Mac OS OS X running Safari versions prior to
26 Feb 2014VULN050APPLE : APPLE-SA-2014-02-25-1 OS X Mavericks 10.9.2 and Security Update,2014-001Mac OS OS X versions prior to 10.9.2.
21 Feb 2014STAT08
21 Feb 2014VULN049Adobe : Security updates available for Adobe Flash PlayerSystems running Adobe Flash Player.
14 Feb 2014STAT07
13 Feb 2014ALER001Attaques de Déni de service par amplification NTP
12 Feb 2014VULN048Microsoft : Important Vulnerability in IPv6 Could Allow Denial of ServiceWindows version 8, Server 2012, RT running IPv6.
12 Feb 2014VULN047Microsoft : Critical Vulnerability in Microsoft Forefront Protection for Exchange Could Allow Remote Code ExecutionSystems running Microsoft Forefront Protection for
12 Feb 2014VULN046Microsoft : Important Vulnerability in Microsoft XML Core Services Could Allow Information DisclosureWindows version XP, Server 2003, Vista,
12 Feb 2014VULN045Microsoft : Important Vulnerabilities in .NET Framework Could Allow Elevation of PrivilegeWindows version XP, Server 2003, Vista,
12 Feb 2014VULN044Microsoft : Critical Vulnerability in Direct2D Could Allow Remote Code ExecutionWindows version 7, 8, 8.1, server 2012, RT, RT 8.1
12 Feb 2014VULN043Microsoft : Cumulative Security Update for Internet ExplorerSystems running Internet Explorer version 6, 7, 8,
12 Feb 2014VULN042Adobe : Security update available for Adobe Shockwave PlayerSystems running Adobe Shockwave Player.
7 Feb 2014STAT06
6 Feb 2014VULN041APPLE : Flash Player plug-in blockedMac OS X running Flash Player versions prior to
5 Feb 2014VULN040Zabbix : vulnerabilities fixed in ZabbixSystems running Zabbix versions prior to 1.8.20rc1,
5 Feb 2014VULN039Mozilla : Multiple vulnerabilities fixed in Firefox, Thunderbird, SeamonkeySystems running Firefox versions prior to 27,
5 Feb 2014VULN038Adobe : Security updates available for Adobe Flash PlayerSystems running Adobe Flash Player versions
4 Feb 2014VULN037Apache Tomcat : Apache Tomcat 6.0.39 fixes security vulnerabilitiesSystems running Apache Tomcat versions
4 Feb 2014VULN036US-CERT : Fortinet FortiOS 5.0.5 contains a reflected cross-site scripting (XSS) vulnerabilitySystems running Fortinet FortiOS 5.0.5 versions
4 Feb 2014VULN035US-CERT : Fortinet Fortiweb 5.0.3 contains a reflected cross-site scripting vulnerabilitySystems running Fortinet Fortiweb versions prior
31 Jan 2014STAT05
30 Jan 2014VULN034 (IBM : IBM Lotus Quickr for Domino ActiveX control buffer overflow vulnerability (CVE-2013-6748/6749))Systems running Lotus Quickr for Domino
30 Jan 2014VULN033MediaWiki : MediaWiki Security Releases 1.22.2, 1.21.5 and 1.19.11Systems running MediaWiki versions prior
30 Jan 2014VULN032US-CERT : Mozilla Thunderbird does not adequately restrict HTML elements in email message contentSystems running Mozilla Thunderbird versions prior
30 Jan 2014VULN031US-CERT : Fail2ban postfix and cyrus-imap filters contain denial-of-service vulnerabilitiesSystems running Fail2ban versions prior to 0.8.11.
30 Jan 2014VULN030Cisco : Cisco WebEx Meetings Server Unauthorized Meeting Actions VulnerabilitySystems running Cisco WebEx Meetings Server.
30 Jan 2014VULN029OTRS : CSRF and SQL injection issues fixedSystems running OTRS versions 3.3.x, 3.2.x, 3.1.x
27 Jan 2014VULN028APPLE : APPLE-SA-2014-01-23-1 Pages 5.1 and Pages 2.1Systems running Pages versions prior to 5.1, 2.1.
24 Jan 2014VULN027SPIP : SPIP 2.0.24, SPIP 2.1.25 et SPIP 3.0.14 corrigent des failles de sécuritéSystems running SPIP versions prior to 2.0.24,
24 Jan 2014STAT04
23 Jan 2014VULN026APPLE : APPLE-SA-2014-01-22-1 iTunes 11.1.4Systems running iTunes versions prior to 11.1.4.
23 Jan 2014VULN025Citrix : Citrix XenServer Multiple Security UpdatesSystems running Citrix XenServer version 5.6, 6.x.
23 Jan 2014VULN024IBM : GSKit SSL negotiation vulnerability in Tivoli Directory ServerSystems running IBM Security Directory Server
23 Jan 2014VULN023Adobe : Security update available for Adobe Digital EditionsWindows, Mac OS X running Adobe Digital Editions
23 Jan 2014VULN022Cisco : Cisco TelePresence System Software Command Execution VulnerabilityCisco TelePresence System Software.
23 Jan 2014VULN021Cisco : Cisco TelePresence Video Communication Server SIP Denial of Service VulnerabilityCisco TelePresence VCS Software version prior to
23 Jan 2014VULN020Cisco : Cisco TelePresence ISDN Gateway D-Channel Denial of Service VulnerabilityCisco TelePresence ISDN Gateway Software version
21 Jan 2014VULN019Moodle : Vulnerabilities fixed in MoodleSystems running versions prior to 2.6.1, 2.5.4,
17 Jan 2014STAT03
17 Jan 2014VULN018VMware : VMware Workstation, Player, Fusion, ESXi, ESX and vCloud , Director address several security issuesSystems running VMware Workstation version 9.x,
16 Jan 2014VULN017MediaWiki : MediaWiki Security Releases 1.22.1, 1.21.4 and 1.19.10Systems running MediaWiki versions prior to
16 Jan 2014VULN016DRUPAL : DRUPAL-SA-CORE-2014-001 Multiple vulnerabilitiesSystems running Drupal core versions 6.x, 7.x.
16 Jan 2014VULN015CISCO : Multiple Vulnerabilities in Cisco Secure Access Control SystemCisco Secure ACS software prior to release 5.5.
15 Jan 2014VULN014BIND : CVE-2014-0591 A Crafted Query Against an NSEC3-signed Zone Can Crash BINDSystems running BIND version 9.6.0.x prior to
15 Jan 2014VULN013Adobe : Security Updates available for Adobe Reader and AcrobatSystems running Adobe Reader versions prior to
15 Jan 2014VULN012Adobe : Security updates available for Adobe Flash PlayerSystems running Adobe Flash Player version prior
15 Jan 2014VULN011Oracle : January 2014 Critical Patch Update ReleasedSystems running Oracle Database,
15 Jan 2014VULN010Microsoft : Important Vulnerability in,Microsoft Dynamics AX Could Allow Denial of ServiceSystems running Microsoft Dynamics AX version
15 Jan 2014VULN009Microsoft : Important Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of PrivilegeWindows version 7, Server 2008.
15 Jan 2014VULN008Microsoft : Important Vulnerability in Windows Kernel Could Allow Elevation of PrivilegeWindows version XP, Server 2003.
15 Jan 2014VULN007Microsoft : Important Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code ,ExecutionSystems running Microsoft Office versions 2003,
13 Jan 2014VULN005Cisco : Undocumented Test Interface in Cisco Small Business DevicesCisco WAP4410N Wireless-N Access Point software, ...
10 Jan 2014STAT02
10 Jan 2014VULN004X.Org : Stack buffer overflow in parsing of BDF font files in libXfontSystems running X11 versions up to and including 1.4.6, ...
3 Jan 2014STAT01
3 Jan 2014VULN003Realvnc : 5.0.7 fixes arbitrary code execution vulnerabilitySystems running realvnc versions 5.0.6.
3 Jan 2014VULN002EMC : EMC Replication Manager Unquoted File Path Enumeration VulnerabilitySystems running EMC Replication Manager versions
3 Jan 2014VULN001HP : HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary CodeHP-UX version 11i, Solaris, Linux,