Voici la liste des derniers avis du CERT-Renater en 2018 :


28 Dec 2018STAT52
28 Dec 2018VULN424.1Qt : Qt 5.11.3 Released with Important Security UpdatesSystems running Qt versions prior to 5.11.3.
27 Dec 2018VULN424Drupal : E-Sign - Moderately critical - Cross site scripting - SA-CONTRIB-2018-080Systems running E-Sign for Drupal versions prior
27 Dec 2018VULN425Drupal : JSON:API - Moderately critical - Access bypass - SA-CONTRIB-2018-081Systems running JSON API for Drupal versions
27 Dec 2018VULN423 (Apache CouchDB : CVE-2018-17188 Remote Privilege Escalations (Affects all versions < 2.3.0))Systems running Apache CouchDB versions prior to
26 Dec 2018VULN421Apache Oozie : CVE-2018-11799 Apache Oozie security vulnerabilitySystems running Apache Oozie versions prior to
26 Dec 2018VULN422Apache Tika : [CVE-2018-17197] Apache Tika Denial of Service -- Infinite Loop in Tika's SQLite3ParserSystems running Apache Tika versions 1.8 up to
21 Dec 2018STAT51
21 Dec 2018VULN420Shibboleth IdP : Shibboleth Identity Provider Security Advisory [19 December 2018]Systems running Shibboleth Identity Provider
21 Dec 2018VULN419Shibboleth IdP : Shibboleth Service Provider Security Advisory [19 December 2018]Systems running Shibboleth Identity Provider
14 Dec 2018STAT50
14 Dec 2018VULN418WebKitGTK+ WPE WebKit: Multiple vulnerabilities fixed in WebKitGTK+, WPE WebKitSystems running WebKitGTK+ versions prior to
13 Dec 2018VULN417 (Adobe : Security updates available for Adobe Acrobat and Reader (APSB18-41))Systems running Adobe Acrobat, Adobe Reader
13 Dec 2018VULN416Google Chrome : Use after free vulnerability fixed in Google ChromeSystems running Google Chrome versions prior to
13 Dec 2018VULN415WordPress : WordPress 5.0.1 Security ReleaseSystems running WordPress versions prior to 5.0.1.
12 Dec 2018VULN414Mozilla : Multiple vulnerabilities fixed in Firefox 64, Firefox ESRSystems running Firefox versions prior to 64,
12 Dec 2018VULN413Phpmyadmin : Local file inclusion, XSRF/CSRF, XSS vulnerabilities fixedSystems running phpmyadmin versions prior to 4.8.4.
12 Dec 2018VULN412Microsoft : Microsoft Security Update Summary for December 11, 2018Systems running Internet Explorer, Microsoft Edge,
10 Dec 2018VULN411Jenkins : Jenkins Security Advisory 2018-12-05Systems running Jenkins (core) versions prior to
7 Dec 2018STAT49
5 Dec 2018VULN410Kubernetes : v1.10.11, v1.11.5, v1.12.3 released to address CVE-2018-1002105Systems running Kubernetes versions prior to
5 Dec 2018VULN409Google Chrome : Google Chrome 71.0.3578.80 contain multiple security fixesSystems running Google Chrome versions prior to
3 Dec 2018VULN408Ruby on Rails : Rails 4.2.11, 5.0.7.1, 5.1.6.1 and 5.2.1.1 contain important security fixesSystems running Rails versions prior to 4.2.11,
30 Nov 2018STAT48
30 Nov 2018VULN407DRUPAL : Access bypass and Cross site scripting in Drupal pluginsSystems running GatherContent for Drupal,
29 Nov 2018VULN404Node.js : Multiple vulnerabilities fixed in November 2018 Security ReleasesSystems running Node.js versions 6 and later.
29 Nov 2018VULN405Wireshark : Multiple dissector crash and infinite loop vulnerabilities fixedSystems running Wireshark versions prior to 2.6.5,
29 Nov 2018VULN406GitLab : GitLab Security Release: 11.5.1, 11.4.8, and 11.3.11Systems running GitLab versions prior to 11.5.1,
28 Nov 2018VULN403FreeBSD : Multiple vulnerabilities in NFS server codeFreeBSD running NFS.
28 Nov 2018VULN402Cisco : Cisco Prime License Manager SQL Injection VulnerabilitySystems running Cisco Prime License Manager.
27 Nov 2018VULN401Apache Hadoop : CVE-2018-11766 Apache Hadoop privilege escalation vulnerabilitySystems running Apache Hadoop versions 2.7.4 to
27 Nov 2018VULN400PowerDNS : Crafted query can cause a denial of serviceSystems running PowerDNS versions 4.1.0 up to and
27 Nov 2018VULN399Samba : Multiple vulnerabilities fixed in SambaSystems running Samba versions 4 prior to 4.7.12,
23 Nov 2018STAT47
23 Nov 2018VULN398VMware : VMware Workstation and Fusion updates address, an integer overflow issueSystems running VMware Workstation versions prior
22 Nov 2018VULN397Google Chrome : Vulnerabilities fixed in Google Chrome, Chrome OSSystems running Google Chrome, Chrome OS versions
22 Nov 2018VULN396Red Hat : Important: kernel security updateRed Hat Enterprise Linux version 6.4.
22 Nov 2018VULN395 (Adobe : Security updates available for Adobe Flash Player (APSB18-44))Systems running Adobe Flash Player versions prior
22 Nov 2018VULN394Citrix XenServer : CTX239432 Citrix XenServer Security UpdateSystems running Citrix XenServer versions 7.6, 7.5,
22 Nov 2018VULN393Xen : Multiple vulnerabilities fixed in XenSystems running Xen.
22 Nov 2018VULN392Apache Hadoop : Apache Hadoop distributed cache archive vulnerabilitySystems running Apache Hadoop versions prior to
22 Nov 2018VULN391WebKit : WebKitGTK+ and WPE WebKit Security AdvisorySystems running WebKitGTK+ versions prior to 2.22.4,
21 Nov 2018VULN389GitLab : GitLab Critical Security Release 11.5.0-rc12, 11.4.6, 11.3.10Systems running GitLab versions prior to
21 Nov 2018VULN390VMware : vSphere Data Protection (VDP) updates address multiple security issuesSystems running vSphere Data Protection
20 Nov 2018VULN388Moodle : Login CSRF vulnerability in login formSystems running Moodle versions prior to 3.6,
16 Nov 2018STAT46
16 Nov 2018VULN387Nagios : Nagios XI 5.5.7 fixes multiple Security vulnerabilitiesSystems running Nagios XI versions prior to 5.5.7.
14 Nov 2018VULN386Adobe : Security updates available for Adobe Acrobat and ReaderSystems running Adobe Acrobat and Reader versions
14 Nov 2018VULN385OTRS : Security Updates for OTRS FrameworkSystems running OTRS versions prior to 6.0.14,
14 Nov 2018VULN384Adobe : Security updates available for Adobe Photoshop CC APSB18-43windows, macOS running Adobe Photoshop CC
14 Nov 2018VULN383Adobe : Security updates available for Flash PlayerSystems running Adobe Flash Player versions prior
14 Nov 2018VULN381Microsoft : Microsoft Security Update Summary for November 13, 2018Systems running Internet Explorer, Microsoft Edge,
14 Nov 2018VULN382VMware : VMware vRealize Log Insight updates address an, authorization bypass vulnerabilitySystems running VMware vRealize Log Insight
13 Nov 2018VULN380Roundcube : XSS vulnerability fixed in Roundcube 1.3.8Systems running Roundcube versions prior to 1.3.8.
13 Nov 2018VULN379 (OpenSSL : Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407))Systems running OpenSSL versions prior to 1.1.0i.
13 Nov 2018VULN378Apache Qpid Proton : Apache Qpid Proton-J transport TLS wrapper hostname,verification mode not implementedSystems running Apache Qpid Proton-J versions prior
12 Nov 2018VULN377PostgreSQL : PostgreSQL 11.1, 10.6, 9.6.11, 9.5.15, 9.4.20, and 9.3.25 Released!Systems running PostgreSQL versions prior to 11.1,
12 Nov 2018VULN376VMware : VMware ESXi, Workstation, and Fusion updates address, uninitialized stack memory usageSystems running VMware ESXi, VMware Workstation,
9 Nov 2018STAT45
9 Nov 2018VULN375Cisco : Cisco Unity Express Arbitrary Command Execution VulnerabilitySystems running Cisco Unity Express software.
8 Nov 2018VULN372Cisco : Cisco Stealthwatch Management Console Authentication Bypass VulnerabilitySystems running Cisco Stealthwatch Enterprise
8 Nov 2018VULN370PowerDNS : Multiple vulnerabilities fixedSystems running PowerDNS versions prior to 4.1.5,
8 Nov 2018VULN373Cisco : Cisco Meeting Server Information Disclosure VulnerabilitySystems running Cisco Meeting Server.
8 Nov 2018VULN369Hive : Vulnerabilities fixed in Hive, HiveServer2Systems running Hive, HiveServer2 versions prior to
8 Nov 2018VULN371Apache Syncope : Stored XSS and XXE on BPMN definitionsSystems running Apache syncope versions prior to
8 Nov 2018VULN374Cisco : Cisco Small Business Switches Privileged Access VulnerabilityCisco Small Business Switches firmware.
7 Nov 2018VULN368Xen : guest use of HLE constructs may lock up hostSystems running Xen.
7 Nov 2018VULN367nginx : Vulnerabilities fixed in NginxSystems running nginx versions prior to 1.15.6,
5 Nov 2018VULN366Ruby : Vulnerabilities fixed in Array#pack, String#unpack and in the openssl extension librarySystems running Ruby versions 2.3, 2.4, 2.5, 2.6.
5 Nov 2018VULN364Citrix NetScaler : Cross-Site Scripting Vulnerability in Citrix NetScalerSystems running Citrix NetScaler versions prior to
5 Nov 2018VULN365Icecast : Icecast Security Release 2.4.4Systems running Icecast versions prior to 2.4.4.
5 Nov 2018VULN363GitLab : GitLab Critical Security Release: 11.4.4, 11.3.9, 11.2.8Systems running GitLab versions prior to 11.4.4,
5 Nov 2018VULN362Apache Struts : Immediately upgrade commons-fileupload to version 1.3.3 when running Struts 2.3.36 or priorSystems running Apache Struts versions up to and
2 Nov 2018STAT44
2 Nov 2018VULN361US-CERT : Texas Instrument Microcontrollers CC2640 and CC2650 are vulnerable to variable and heap overflowTexas Instrument Microcontrollers CC2640 and
2 Nov 2018VULN360Mozilla : Security vulnerabilities fixed in Thunderbird ESR 60.3Systems running Thunderbird versions prior to ESR
2 Nov 2018VULN357Cisco : Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service VulnerabilityWindows running Cisco Adaptive Security Appliance
2 Nov 2018VULN356Apache Tomcat : CVE-2018-11759 Apache Tomcat JK (mod_jk) Connector path traversalWindows running Apache Tomcat JK mod_jk Connector
2 Nov 2018VULN359Cisco : Texas Instruments Bluetooth Low Energy Denial ,of Service and Remote Code Execution VulnerabilityCisco Wireless LAN Controller Software.
2 Nov 2018VULN358Dell : Dell EMC Integrated Data Protection Appliance Undocumented Accounts VulnerabilityDell EMC Integrated Data Protection Appliance
31 Oct 2018VULN350APPLE : APPLE-SA-2018-10-30-2 macOS Mojave 10.14.1, Security Update 2018-001,High Sierra, Security Update 2018-005 SierramacOS versions prior to 10.14.1.
31 Oct 2018VULN354APPLE : APPLE-SA-2018-10-30-4 watchOS 5.1watchOS versions prior to 5.1.
31 Oct 2018VULN352APPLE : APPLE-SA-2018-10-30-3 Safari 12.0.1Systems running Safari versions prior to 12.0.1.
31 Oct 2018VULN355APPLE : APPLE-SA-2018-10-30-7 iCloud for Windows 7.8Windows running iCloud versions prior to 7.8.
31 Oct 2018VULN353APPLE : APPLE-SA-2018-10-30-5 tvOS 12.1tvOS versions prior to 12.1.
31 Oct 2018VULN351APPLE : APPLE-SA-2018-10-30-6 iTunes 12.9.1Systems running iTunes versions prior to 12.9.1.
31 Oct 2018VULN349APPLE : APPLE-SA-2018-10-30-1 iOS 12.1iOS versions prior to 12.1.
31 Oct 2018VULN348Project curl : Multiple vulnerabilities fixed in libcurlSystems running libcurl versions prior to 7.62.0.
30 Oct 2018VULN347 (OpenSSL : Timing vulnerability in ECDSA signature generation (CVE-2018-0735))Systems running OpenSSL versions prior to 1.1.1a,
29 Oct 2018VULN341Citrix XenServer : Denial of Service Vulnerability fixed in Citrix XenServerSystems running Citrix XenServer versions 7.6, 7.5,
29 Oct 2018VULN342Xen : x86 Nested VT-x usable even when disabledSystems running Xen versions 4.9 or later.
29 Oct 2018VULN344Jenkins : Sandbox Bypass in Script Security and Pipeline Groovy PluginsSystems running Pipeline: Groovy Plugin versions
29 Oct 2018VULN346Wallix : libssh Authentication Bypass Vulnerability Affecting WALLIX ProductsWALLIX Bastion software.
29 Oct 2018VULN345X.Org : Privilege escalation and file overwrite in X.Org X server 1.19 and laterSystems running X.Org X server versions 1.19 and
29 Oct 2018VULN343Squid : Cross-Site Scripting and Denial of Service issues fixed in SquidSystems running Squid versions 3, 4 prior to 4.4.
26 Oct 2018STAT43
26 Oct 2018VULN340Apache Impala : CVE-2018-11785 and CVE-2018-11792 fixed in Apache Impala 3.0.1 releaseSystems running Apache Impala versions prior to
26 Oct 2018VULN339Apache Spark : CVE-2018-11804 Apache Spark build/mvn runs zinc, and can expose information from build machinesSystems running Apache Spark versions 1.3.x release
24 Oct 2018VULN338Cisco : Cisco Webex Meetings Desktop App Update Service Command Injection VulnerabilityWindows running Cisco Webex Meetings Desktop App.
24 Oct 2018VULN337Mozilla : Security vulnerabilities fixed in Firefox 63 and 60.3.Systems running Firefox versions prior to 63,
19 Oct 2018STAT42
19 Oct 2018VULN336libssh : Authentication bypass in server codeSystems running libssh versions prior to 0.8.4,
18 Oct 2018VULN335Drupal Core : Drupal Core - Multiple Vulnerabilities - SA-CORE-2018-006Systems running Drupal Core versions 7.x, 8.x
17 Oct 2018VULN334Juniper : Multiple Security Vulnerabilities fixed in Junos OSJunos OS.
17 Oct 2018VULN333Oracle : October 2018 Critical Patch Update ReleasedSystems running Oracle Database Server,
17 Oct 2018VULN332VMware : VMware ESXi, Workstation, and Fusion updates address an out-of-bounds read vulnerabilitySystems running VMware ESXi, VMware Workstation,
12 Oct 2018STAT41
5 Oct 2018VULN321Apache Ranger : Apache Ranger Stack based buffer overflowsystems running Apache Ranger versions prior to
11 Oct 2018VULN331Jenkins : Jenkins Security Advisory 2018-10-10Systems running Jenkins weekly versions prior to
10 Oct 2018VULN329Microsoft : Microsoft Security Update Summary for October 9, 2018Systems running Internet Explorer, Microsoft Edge,
10 Oct 2018VULN330Adobe : Security Updates Available for Adobe Technical Communications SuiteWindows running Adobe Technical Communications
10 Oct 2018VULN326VMware : VMware ESXi, Workstation, and Fusion workarounds address a denial-of-service vulnerabilitySystems running VMware ESXi, VMware Workstation,
10 Oct 2018VULN327Joomla! : Multiple vulnerabilities fixed in Joomla!Systems running Joomla! versions prior to 3.8.13.
10 Oct 2018VULN328Apache Tika : Apache Tika Denial of Service via XML Entity Expansion,VulnerabilitySystems running Apache Tika versions prior to
9 Oct 2018VULN324APPLE : APPLE-SA-2018-10-08-1 iOS 12.0.1iOS versions prior to 12.0.1.
9 Oct 2018VULN325APPLE : APPLE-SA-2018-10-08-2 iCloud for Windows 7.7Windows running iCloud versions prior to 7.7.
8 Oct 2018VULN323Apache PDFBox parser : [CVE-2018-11797] DoS vulnerability in Apache PDFBox parsersystems running Apache PDFBox parser versions prior
8 Oct 2018VULN322Git : Git 2.14.5, 2.15.3, 2.16.5, 2.17.2, 2.18.1, and 2.19.1systems running Git versions prior to 2.14.5,
5 Oct 2018STAT40
5 Oct 2018VULN320VMware : VMware Workspace ONE Unified Endpoint Management Console (A/W Console) update resolves SAML authentication bypass vulnerabilitysystems running VMware Workspace ONE Unified
4 Oct 2018VULN319Apache Tomcat : CVE-2018-11784 Apache Tomcat - Open Redirectsystems running Apache Tomcat versions prior to
4 Oct 2018VULN318strongSwan : Denial-of-service vulnerability in the gmp pluginsystems running strongSwan versions prior to 5.7.1
3 Oct 2018VULN311Cisco : Cisco Digital Network Architecture Center Authentication Bypass VulnerabilitiesSystems running Cisco DNA Center Software.
3 Oct 2018VULN317Cisco : Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution VulnerabilitiesWindows running Cisco Webex Network Recording
3 Oct 2018VULN316Cisco : Cisco Firepower Threat Defense Software FTP Inspection Denial of Service VulnerabilitySystems running Cisco Firepower Threat Defense
3 Oct 2018VULN314Cisco : Cisco SD-WAN Solution Certificate Validation ,Bypass VulnerabilitySystems running Cisco SD-WAN Solution versions
3 Oct 2018VULN312Cisco : Cisco HyperFlex Software Static Signing Key VulnerabilitySystems running Cisco HyperFlex Software versions
3 Oct 2018VULN310Cisco : Cisco Prime Infrastructure Arbitrary File Upload and Command Execution VulnerabilitySystems running Cisco Prime Infrastructure versions
3 Oct 2018VULN315Cisco : Cisco Prime Collaboration Provisioning Intermittent Hard-Coded Password VulnerabilitySystems running Cisco Prime Collaboration
3 Oct 2018VULN313Cisco : Cisco Adaptive Security Appliance Direct Memory Access Denial of Service VulnerabilitySystems running Cisco Adaptive Security Appliance
3 Oct 2018VULN309Cisco : Cisco Firepower System Software Detection Engine Denial of Service VulnerabilityCisco Firepower System Software.
3 Oct 2018VULN308US-CERT: TP-Link EAP Controller lacks RMI authentication and is vulnerable to deserialization attacksSystems running TP-LINK EAP Controller versions
3 Oct 2018VULN307Foxit : Security updates available in Foxit Reader 9.3 and Foxit PhantomPDF 9.3Systems running Foxit Reader, Foxit PhantomPDF
3 Oct 2018VULN306GitLab : GitLab Security Release: 11.3.1, 11.2.4, and 11.1.7Systems running GitLab Community Edition (CE),
3 Oct 2018VULN305Mozilla : Security vulnerabilities fixed in Firefox 62.0.3 and Firefox ESR 60.2.2Systems running Firefox versions prior to 62.0.3,
28 Sep 2018STAT38.1
26 Sep 2018VULN302Citrix : Citrix ShareFile StorageZones Controller Multiple Security UpdatesSystems running Citrix ShareFile StorageZones
26 Sep 2018VULN301Apache httpd : DoS vulnerability fixed in Apache httpdSystems running Apache versions 2.4.18 up to
26 Sep 2018VULN300Jenkins : Jenkins Security Advisory 2018-09-25Systems running Jenkins plugins
25 Sep 2018VULN297APPLE : APPLE-SA-2018-9-24-2 iTunes 12.9 for WindowsWindows running iTunes versions prior to 12.9.
25 Sep 2018VULN298APPLE : APPLE-SA-2018-9-17-2 watchOS 5watchOS versions prior to 5.
25 Sep 2018VULN299Dell EMC : Dell EMC ESRS Policy Manager Remote Code Execution VulnerabilitySystems running Dell EMC ESRS Policy Manager.
25 Sep 2018VULN296APPLE : APPLE-SA-2018-9-24-1 macOS Mojave 10.14macOS versions prior to 10.14.
24 Sep 2018VULN295Mozilla : Security vulnerabilities fixed in Firefox 62.0.2 and ESR 60.2.1Systems running Firefox versions prior to 62.0.2,
24 Sep 2018VULN294Dell EMC : RSA® Authentication Manager Multiple VulnerabilitiesSystems running RSA® Authentication Manager
24 Sep 2018VULN293Cisco : Cisco Video Surveillance Manager Appliance Default Password VulnerabilitySystems running Cisco Video Surveillance Manager
21 Sep 2018STAT38
21 Sep 2018VULN292Asterisk : Remote crash vulnerability in HTTP websocket upgradeSystems running Asterisk versions prior to 1.31.1,
21 Sep 2018VULN291MediaWiki : Security release: 1.27.5 / 1.29.3 / 1.30.1 / 1.31.1Systems running MediaWiki versions prior to 1.31.1,
20 Sep 2018VULN290Apache Tika : Apache Tika Denial of Service and Zip Slip VulnerabilitiesSystems running Apache Tika versions prior to 1.19.
20 Sep 2018VULN289Moodle : Multiple vulnerabilities fixedSystems running Moodle versions prior to 3.5.2,
20 Sep 2018VULN288ISC BIND : CVE-2018-5741 Update policies krb5-subdomain and ms-subdomainSystems running ISC BIND prior to 9.11.5, 9.12.3.
20 Sep 2018VULN286Cisco : Cisco IOS XE Software Static Credential VulnerabilityCisco IOS XE versions 16.5 and later,
20 Sep 2018VULN287Cisco : Cisco Webex Network Recording Player Remote Code Execution VulnerabilitiesSystems running ARF recording players available
18 Sep 2018VULN285APPLE : APPLE-SA-2018-9-17-3 tvOS 12tvOS versions prior to 12.
18 Sep 2018VULN284APPLE : APPLE-SA-2018-9-17-4 Safari 12Systems running Safari versions prior to 12.
18 Sep 2018VULN283APPLE : APPLE-SA-2018-9-17-1 iOS 12iOS versions prior to 12.
17 Sep 2018VULN282Apache SpamAssassin : Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781Systems running Apache SpamAssassin versions prior
14 Sep 2018STAT37
14 Sep 2018VULN281Microsoft : Microsoft Security Update Summary for September 2018 and Security Advisory NotificationSystems running Internet Explorer, Microsoft Edge,
14 Sep 2018VULN280Apache Camel : A new security advisory has been released for Apache Camel, that is fixed in the recent 2.20.4, 2.21.2 and 2.22.1 releasesSystems running Apache Camel versions prior to
7 Sep 2018STAT36
7 Sep 2018VULN279Mozilla : Multiple security vulnerabilities fixed in Firefox 62 and 60.2Systems running Firefox versions prior to 62, 60.2.
7 Sep 2018VULN278Google Chrome : Google Chrome 69.0.3497.81 fixes multiple vulnerabilitiesSystems running libcurl version 7.15.4 up to and
7 Sep 2018VULN277X.Org : Security issues in libX11 and libXcursorSystems running libX11 versions prior to 1.1.6,
6 Sep 2018VULN276Google Chrome : Google Chrome 69.0.3497.81 fixes multiple vulnerabilitiesSystems running Google Chrome versions prior to
6 Sep 2018VULN274Cisco : Cisco Umbrella Enterprise Roaming Client and Enterprise Roaming Module Privilege Escalation VulnerabilitiesSystems running Cisco Umbrella ERC versions prior
6 Sep 2018VULN275Cisco : Cisco Data Center Network Manager Privilege Escalation to Underlying Operating System VulnerabilitySystems running Cisco Data Center Network Manager
6 Sep 2018VULN273Cisco : Cisco Webex Teams Information Disclosure and Modification VulnerabilitySystems running Cisco Webex Teams versions
6 Sep 2018VULN272Cisco : Cisco Umbrella API Unauthorized Access VulnerabilitySystems running Cisco Umbrella API.
6 Sep 2018VULN270Cisco : Cisco Integrated Management Controller Command Injection VulnerabilitySystems running Cisco Integrated Management
6 Sep 2018VULN271Cisco : Cisco SD-WAN Solution multiple vulnerabilitiesSystems running Cisco SD-WAN Solution.
6 Sep 2018VULN269Cisco : Cisco Prime Access Registrar Denial of Service VulnerabilitySystems running Cisco Prime Access Registrar,
6 Sep 2018VULN268Cisco : Cisco Webex Meetings Client for Windows Privilege Escalation VulnerabilityWindows running Cisco Webex Meetings Client for
6 Sep 2018VULN267Cisco : Cisco RV110W, RV130W, and RV215W Routers Management Interface multiple vulnerabilitiesCisco RV110W Wireless-N VPN Firewall firmware,
6 Sep 2018VULN266VMware : AirWatch Agent and VMware Content Locker updates resolve, data protection vulnerabilitiesSystems running AirWatch Agent,
31 Aug 2018VULN259Joomla! : Multiple vulnerabilities fixed in Joomla!Systems running Joomla! versions prior to 3.8.12.
31 Aug 2018VULN264Mozilla Thunderbird : Security vulnerabilities fixed in Thunderbird 60Systems running Mozilla Thunderbird versions prior
31 Aug 2018VULN265Microsoft : Microsoft Security Update Summary for AugustSystems running Internet Explorer, Microsoft Edge,
31 Aug 2018VULN262Citrix XenServer : XenServer Multiple Security UpdatesSystems running Citrix XenServer versions 7.5, 7.4,
31 Aug 2018VULN263Samba : Multiple vulnerabilities fixed in SambaSystems running Samba versions since 3.2.0 prior to
31 Aug 2018VULN261Xen : Multiple vulnerabilities fixed in XenSystems running Xen.
31 Aug 2018VULN260phpMyAdmin : PMASA-2018-5 XSS in the import dialogSystems running phpMyAdmin versions prior to 4.8.3.
31 Aug 2018VULN258Apache Struts : CVE-2018-11776 Possible Remote Code Execution fixedSystems running Struts versions 2.3, 2.5 prior to
31 Aug 2018VULN257US-CERT : Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the ALPC interfaceWindows.
31 Aug 2018VULN256Jenkins : Jenkins Security Advisory 2018-08-15Systems running Jenkins weekly versions prior to
31 Aug 2018STAT35
24 Aug 2018STAT34
17 Aug 2018STAT33
16 Aug 2018VULN255Jenkins : Jenkins Security Advisory 2018-08-15Systems running Jenkins weekly versions prior to
10 Aug 2018STAT31.1
3 Aug 2018STAT31
2 Aug 2018VULN253Drupal : Drupal Core - 3rd-party libraries -SA-CORE-2018-005Systems running Drupal core versions 8.x prior to
2 Aug 2018VULN252Django : CVE-2018-14574 Open redirect possibility in CommonMiddlewareSystems running Django versions prior to 2.0.8,
2 Aug 2018VULN251Cisco : Cisco Prime Collaboration Provisioning Unauthorized Password Change Denial of Service VulnerabilitySystems running Cisco Prime Collaboration
27 Jul 2018VULN249Apache OpenWhisk : PHP Runtime and Docker Skeleton Runtime for Apache OpenWhiskSystems running Apache OpenWhisk.
27 Jul 2018STAT30
26 Jul 2018VULN248Xen : Linux Uninitialized state in PV syscall return path64-bit x86 PV Linux systems.
25 Jul 2018VULN247Google Chrome : Chrome 68.0.3440.75 fixes security vulnerabilitiesSystems running Google Chrome versions prior to
24 Jul 2018VULN246Atlassian Sourcetree : Sourcetree - Remote Code Execution vulnerabilities - CVE-2018-11235Systems running Sourcetree versions prior to
24 Jul 2018VULN245Apache TomEE : CVE-2018-8031 Apache TomEE Webapp XSSSystems running Apache TomEE versions prior to
24 Jul 2018VULN244US-CERT : Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchangeSystems running Bluetooth implementations.
24 Jul 2018VULN243Apache Tomcat : Apache Tomcat multiple VulnerabilitiesSystems running Apache Tomcat versions prior to
20 Jul 2018STAT29
20 Jul 2018VULN242GitLab : Remote Code Execution Vulnerability in GitLab Projects ImportSystems running GitLab versions prior to 11.0.4,
20 Jul 2018VULN241Apache Ignite : Apache Ignite security issuesSystems running Apache Ignite versions prior to
20 Jul 2018VULN240VMware : VMware Horizon View Agent, VMware ESXi, Workstation, and Fusion updates resolve multiple security issuesSystems running VMware Horizon View Agent,
19 Jul 2018VULN239Apache Ambari : CVE-2018-8042 Passwords for Hadoop credential stores are visible in Ambari Agent standard outSystems running Apache Ambari versions 2.5.x, 2.6.x
19 Jul 2018VULN238Jenkins : Jenkins Security Advisory 2018-07-18Systems running Jenkins weekly versions prior to
19 Jul 2018VULN237Cisco : Cisco Webex Network Recording Players Remote Code Execution VulnerabilitiesSystems running Webex Network Recording Player,
19 Jul 2018VULN236Cisco : Cisco Policy Suite Policy multiple Unauthenticated Access and Default Password vulnerabilitiesSystems running Cisco Policy Suite Policy versions
19 Jul 2018VULN235Cisco : Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode DHCP Version 6 Denial of Service VulnerabilityNX-OS Software.
19 Jul 2018VULN234Cisco : Cisco SD-WAN multiple security vulnerabilitiesCisco SD-WAN software versions prior to 18.3.0.
18 Jul 2018VULN232Oracle : July 2018 Critical Patch Update ReleasedSystems running Oracle Database Server,
18 Jul 2018VULN233Apache HTTP : Apache HTTP Server 2.4.34 fix security vulnerabilitiesSystems running Apache HTTP versions prior to
18 Jul 2018VULN231WordPress : WordPress 4.9.7 Security and Maintenance ReleaseSystems running WordPress versions prior to 4.9.7.
13 Jul 2018STAT28
13 Jul 2018VULN230ISC : CVE-2018-5739 ISC Kea 1.4.0 failure to release memory may exhaust system resourcesSystems running ISC Kea versions prior to 1.4.0-P1.
13 Jul 2018VULN229Apache Spark : Apache Spark XSS and local privilege escalation VulnerabilitiesSystems running Apache Spark versions prior to
13 Jul 2018VULN228VMware : VMware Tools update addresses an out-of-bounds read vulnerabilitySystems running VMware Tools versions prior to
12 Jul 2018VULN227Cisco : Cisco StarOS IPv4 Fragmentation Denial of Service VulnerabilityCisco StarOS versions prior to N5.1.11 (21.6.5),
12 Jul 2018VULN226Cisco : Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Web UI Command Injection VulnerabilityCisco IP Phone 6800, 7800, 8800 Series firmware
11 Jul 2018VULN222Project curl : SMTP send heap buffer overflowSystems running curl versions 7.54.1 up to and
11 Jul 2018VULN225Apache Solr : CVE-2018-8026 XXE vulnerability due to Apache Solr configset uploadSystems running Apache Solr versions prior to
11 Jul 2018VULN223Apache CouchDB : CVE-2018-8007 Apache CouchDB administrative privilege escalationSystems running Apache CouchDB versions prior to
11 Jul 2018VULN224Adobe : Security updates available for Flash Player APSB18-24Systems running Flash Player versions prior to
11 Jul 2018VULN221Microsoft : Microsoft Security Update Summary for July 10, 2018Windows versions 7, 8.1, RT 8.1, 10,
10 Jul 2018VULN220APPLE : APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update,2018-004 Sierra, Security Update 2018-004 El CapitanmacOS versions prior to 10.13.6.
10 Jul 2018VULN219APPLE : APPLE-SA-2018-7-9-1 iOS 11.4.1iOS versions prior to 11.4.1.
10 Jul 2018VULN218APPLE : APPLE-SA-2018-7-9-5 Safari 11.1.2Systems running Safari versions prior to 11.1.2.
6 Jul 2018STAT27
29 Jun 2018STAT26
29 Jun 2018VULN215Citrix : CTX235748 Citrix XenServer Multiple Security UpdatesSystems running Citrix XenServer versions 7.5, 7.4,
29 Jun 2018VULN216Apache CXF : CVE-2018-8039: Apache CXF TLS hostname verification does not work correctly,with com.sun.net.ssl.*Systems running Apache CXF versions prior to 3.2.5,
29 Jun 2018VULN217VMware : VMware ESXi, Workstation, and Fusion updates address, multiple out-of-bounds read vulnerabilitiesSystems running VMware ESXi, VMware Workstation,
28 Jun 2018VULN214Xen : Multiple vulnerabilities fixed in XenSystems running Xen versions from 3.4 onwards.
26 Jun 2018VULN213Jenkins : Jenkins Security Advisory 2018-06-25Systems running AWS CodeBuild Plugin for Jenkins,
22 Jun 2018STAT25
21 Jun 2018VULN212WebKitGTK+ and WPE WebKit : WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005Systems running WebKitGTK+, WPE WebKit.
21 Jun 2018VULN211Cisco : Multiple vulnerabilities fixed in Cisco NX-OS, Cisco FXOSCisco NX-OS, Cisco FXOS.
15 Jun 2018STAT24
13 Jun 2018VULN207 ( OpenSSL : Client DoS due to large DH parameter (CVE-2018-0732))Systems running OpenSSL versions prior to 1.1.0i,
13 Jun 2018VULN208Apache Geode : CVE-2017-15695 Apache Geode remote code execution vulnerabilitySystems running Apache Geode versions prior to
13 Jun 2018VULN210Microsoft : Microsoft Security Update Summary for June 12, 2018, Security advisories and revisionsWindows versions 7, 8.1, RT 8.1, 10,
13 Jun 2018VULN209Bind : CVE-2018-5738: Some versions of BIND can improperly permit recursive query service to unauthorized clientsSystems running BIND versions prior to 9.9.13,
13 Jun 2018VULN206Asterisk : Vulnerabilities fixed in Asterisk  Systems running Asterisk Open Source
12 Jun 2018VULN205VMware : VMware AirWatch Agent updates resolve remote code execution vulnerability  Systems running VMware AirWatch Agent.
8 Jun 2018VULN200APPLE : APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El CapitanSystems running macOS versions prior to
8 Jun 2018VULN203APPLE : APPLE-SA-2018-06-01-3 iCloud for Windows 7.5Windows running iCloud versions prior to
8 Jun 2018VULN201APPLE : APPLE-SA-2018-06-01-4 iOS 11.4iOS versions prior to 11.4.
8 Jun 2018VULN204APPLE : APPLE-SA-2018-06-01-5 watchOS 4.3.1watchOS versions prior to 4.3.1.
8 Jun 2018VULN202APPLE-SA-2018-06-01-2 Safari 11.1.1Systems running Safari versions prior to 11.1.1.
8 Jun 2018STAT23
7 Jun 2018VULN193.1Cisco : Cisco Prime Collaboration Provisioning Multiple VulnerabilitiesSystems running Cisco Prime Collaboration
7 Jun 2018VULN192.2Cisco : Cisco IOS XE Software Authentication, Authorization, and Accounting Login Authentication Remote Code Execution Vulnerability  Cisco IOS XE Software .
7 Jun 2018VULN195.1Cisco : Cisco Adaptive Security Appliance Web Services Denial of Service VulnerabilitySystems running Cisco Adaptive Security
7 Jun 2018VULN199.1Cisco : Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Session Initiation Protocol Denial of Service VulnerabilityCisco IP Phone software with Multiplatform
7 Jun 2018VULN198.1Cisco : Multiple Cisco Products Disk Utilization Denial of Service VulnerabilityCisco .
7 Jun 2018VULN197.1Cisco : Cisco Web Security Appliance Layer 4 Traffic Monitor Security Bypass Vulnerability  Systems running Cisco Web Security
7 Jun 2018VULN196.1Cisco : Cisco Meeting Server Information Disclosure VulnerabilitySystems running Cisco Meeting Server.
7 Jun 2018VULN194.1Cisco : Cisco Network Services Orchestrator Arbitrary Command Execution VulnerabilitySystems running Cisco Network Services
1 Jun 2018STAT22
30 May 2018VULN198Git : Git fixes Remote Code Execution VulnerabilitySystems running Git versions prior to 2.17.1,
30 May 2018VULN199GitLab : GitLab Security Release 10.8.2, 10.7.5, and 10.6.6Systems running GitLab versions prior to 10.8.2,
30 May 2018VULN197VMware : VMware Horizon Client update addresses a privilege escalation vulnerabilitySystems running VMware Horizon Client versions
25 May 2018STAT21
23 May 2018VULN196VMware : VMware Workstation and Fusion updates address signature bypass and multiple denial-of-service vulnerabilitiesSystems running VMware Workstation versions
22 May 2018VULN195Shibboleth IdP : Shibboleth Identity Provider Security Advisory [16 May 2018]Systems running Shibboleth Identity Provider
22 May 2018VULN194Project curl : buffer overflow and buffer over-read vulnerabilities fixed in curl 7.60.0Systems running curl versions prior to 7.60.0.
22 May 2018VULN193Mozilla Thunderbird : Security vulnerabilities fixed in Thunderbird 52.8Systems running Thunderbird versions prior to 52.8.
22 May 2018VULN192.1Apache Solr : CVE-2018-8010 XXE vulnerability due to Apache Solr configset uploadSystems running Apache Solr versions 6, 7 prior to
22 May 2018VULN192Apache Solr : CVE-2018-8010 XXE vulnerability due to Apache Solr configset uploadSystems running Apache Solr versions 6, 7 prior to
22 May 2018VULN191ISC BIND : BIND 9.12 Vulnerabilities can cause assertion failures in rbtdb.cSystems running Bind versions 9.12.0,
22 May 2018VULN190Cisco : CPU Side-Channel Information Disclosure Vulnerabilities: May 2018Systems running Cisco Software.
18 May 2018STAT20
17 May 2018VULN189Cisco : Cisco Meeting Server Media Services Denial of Service VulnerabilitySystems running Cisco Meeting Server Software
17 May 2018VULN188Cisco : Cisco Enterprise NFV Infrastructure Software Linux Shell Access VulnerabilitySystems running Cisco Enterprise NFV Infrastructure
17 May 2018VULN187Cisco : Cisco IoT Field Network Director Cross-Site Request Forgery VulnerabilitySystems running Connected Grid Network Management
17 May 2018VULN186Cisco : Cisco Digital Network Architecture Center VulnerabilitiesSystems running Cisco Digital Network Architecture
17 May 2018VULN185Cisco : Cisco Identity Services Engine EAP TLS Certificate Denial of Service VulnerabilitySystems running Cisco Identity Services Engine
11 May 2018STAT19
9 May 2018VULN184Microsoft : Microsoft Security Update Summary for May 08, 2018Windows
4 May 2018STAT18
3 May 2018VULN181Cisco : Cisco Prime File Upload Servlet Path Traversal and Remote Code Execution VulnerabilitySystems running Cisco Prime Data Center Network
3 May 2018VULN182Cisco : Cisco Meeting Server Remote Code Execution VulnerabilitySystems running Cisco Meeting Server software
3 May 2018VULN183Cisco : Cisco WebEx Advanced Recording Format Remote Code Execution VulnerabilitySystems running Cisco WebEx Network Recording
3 May 2018VULN180Cisco : Cisco Secure Access Control System Remote Code Execution VulnerabilityCisco Secure ACS versions prior to 5.8 Patch 7.
3 May 2018VULN179Cisco : Cisco Wireless LAN Controller Denial of Service vulnerabilitiesCisco Wireless LAN Controller software.
3 May 2018VULN178Cisco : Cisco Aironet Series Access Points VulnerabilitiesCisco Aironet Series Access Point software.
2 May 2018VULN177Apache Hadoop : CVE-2016-6811 Apache Hadoop Privilege escalation vulnerabilitySystems running Apache Hadoop versions from 2.2.0
30 Apr 2018VULN176QNAP : Security Advisory for XSS Vulnerabiltiy in QTSSystems running QTS versions prior to 4.3.3 build
27 Apr 2018STAT17
27 Apr 2018VULN175Apache UIMA : Apache UIMA XML external entity expansion (XXE) attack exposureSystems running Apache UIMA.
26 Apr 2018VULN174Apache Tika : Multiple vulnerabilities fixed in Apache TikaSystems running Apache Tika versions prior to 1.18.
26 Apr 2018VULN173Drupal : Vulnerabilities fixed in Multiple modules for DrupalSystems running JSON API for Drupal versions prior
26 Apr 2018VULN172Drupal core : Highly critical - Remote Code Execution - SA-CORE-2018-004Systems running Drupal core versions prior to
25 Apr 2018VULN171Xen : Information leak and possible DoS vulnerabilities fixedSystems running Xen.
25 Apr 2018VULN170APPLE : APPLE-SA-2018-04-24-3 Safari 11.1Systems running Safari versions 11.1.
25 Apr 2018VULN169APPLE : APPLE-SA-2018-04-24-2 Security Update 2018-001macOS versions prior to 10.13.4.
25 Apr 2018VULN168APPLE : APPLE-SA-2018-04-24-1 iOS 11.3.1iOS versions prior to 11.3.1.
20 Apr 2018STAT16
20 Apr 2018VULN167Drupal : Moderately critical - Cross Site Scripting - SA-CORE-2018-003Systems running Drupal core versions prior to
20 Apr 2018VULN166VMware : Horizon DaaS update addresses a broken authentication, issueSystems running VMware Horizon DaaS versions from
20 Apr 2018VULN165phpmyadmin : CSRF vulnerability allowing arbitrary SQL executionSystems running phpmyadmin versions 4.8 prior to
19 Apr 2018VULN164Sympa : 2018-001 Security flaws in template editingSystems running Sympa versions prior to 6.2.32.
19 Apr 2018VULN163Cisco : Cisco Firepower 2100 Series Security Appliances IP Fragmentation Denial of Service VulnerabilityCisco Firepower Threat Defense (FTD) Software.
19 Apr 2018VULN162Google Chrome : April 2018 Critical Patch Update ReleasedSystems running Google Chrome versions prior to
19 Apr 2018VULN161Oracle : April 2018 Critical Patch Update ReleasedSystems running Oracle Database Server,
19 Apr 2018VULN160Squid : Denial of Service issue in ESI Response processingSystems running Squid versions 3, 4 prior to
19 Apr 2018VULN159Cisco : Cisco Adaptive Security Appliance Application Layer Protocol Inspection Denial of Service VulnerabilitiesCisco ASA Software, Cisco FTD Software.
19 Apr 2018VULN157Cisco : Cisco StarOS Interface Forwarding Denial of Service VulnerabilityCisco StarOS.
19 Apr 2018VULN152Cisco : Cisco Firepower Detection Engine Secure Sockets Layer Denial of Service VulnerabilitySystems running Cisco Firepower System Software.
19 Apr 2018VULN153Cisco : Cisco Adaptive Security Appliance Flow Creation Denial of Service VulnerabilityCisco Adaptive Security Appliance (ASA) Software,
19 Apr 2018VULN158Cisco : Cisco Adaptive Security Appliance TLS Denial of Service VulnerabilityCisco ASA Software, Cisco FTD Software.
19 Apr 2018VULN155Cisco : Cisco ASA Software, FTD Software, and AnyConnect Secure Mobility Client SAML Authentication Session Fixation VulnerabilitySystems running Cisco AnyConnect Secure Mobility
19 Apr 2018VULN156Cisco : Cisco UCS Director Virtual Machine Information Disclosure Vulnerability for End User PortalSystems running Cisco Unified Computing System
19 Apr 2018VULN154Cisco : Cisco Adaptive Security Appliance Virtual Private Network SSL Client Certificate Bypass VulnerabilityCisco Adaptive Security Appliance software,
19 Apr 2018VULN151Cisco : Cisco IOS XR Software UDP Broadcast Forwarding Denial of Service VulnerabilityCisco IOS XR.
19 Apr 2018VULN150Cisco : Cisco Wireless LAN Controller Default Simple Network Management Protocol Community StringsCisco Wireless LAN Controller Software.
19 Apr 2018VULN149Cisco : Cisco WebEx Clients Remote Code Execution VulnerabilitySystems running Cisco WebEx Clients.
17 Apr 2018VULN148 (OpenSSL : Cache timing vulnerability in RSA Key Generation (CVE-2018-0737))Systems running OpenSSL versions prior to 1.1.0i,
17 Apr 2018VULN147Jenkins : Jenkins Security Advisory 2018-04-16Systems running Email Extension Plugin for Jenkins,
13 Apr 2018VULN146VMware : VMSA-2018-0009 vRealize Automation updates address multiple security issuesSystems running vRealize Automation (vRA)
13 Apr 2018STAT15
12 Apr 2018VULN145Apache : CVE-2018-1308 XXE attack through Apache Solr's DIH's dataConfig request parameterSystems running Apache Solr versions prior to
12 Apr 2018VULN144 (Juniper : Junos OS: Kernel crash upon receipt of crafted CLNP packets (CVE-2018-0016))Junos OS versions 15.1, 15.1X49, 15.1X53.
11 Apr 2018VULN143Jenkins : Jenkins Security Advisory 2018-04-11Systems running Jenkins versions weekly 2.116, LTS
11 Apr 2018VULN142Adobe : Security updates available for Flash Player APSB18-08Systems running Adobe Experience Manager versions
11 Apr 2018VULN141Adobe : Security Updates Available for Adobe Digital Editions APSB18-13Systems running Adobe Digital Editions versions
11 Apr 2018VULN140Adobe : Security Update Available for InDesign APSB18-11Systems running Adobe InDesign versions prior to
11 Apr 2018VULN139Adobe : Security updates available for ColdFusion APSB18-14Systems running Adobe ColdFusion versions 11, 2016
11 Apr 2018VULN138Adobe : Security updates available for Flash Player APSB18-08Systems running Adobe Flash Player versions prior
11 Apr 2018VULN137Microsoft : Microsoft Security Update Summary for April 10, 2018Windows versions 7, 8.1, RT 8.1, 10,
10 Apr 2018VULN136Cisco : Action Required to Secure the Cisco IOS and IOS XE Smart Install FeatureCisco IOS, Cisco IOS XE running Smart Install
6 Apr 2018STAT14
5 Apr 2018VULN135WebKitGTK+ : WebKitGTK+ Security Advisory WSA-2018-0003Systems running WebKitGTK+ versions prior to
5 Apr 2018VULN134Microsoft : Microsoft Malware Protection Engine Remote Code Execution Vulnerability Security VulnerabilitySystems running Microsoft Malware Protection
4 Apr 2018VULN133Apache Ignite : CVE-2018-1295 Possible Execution of Arbitrary Code Within,Deserialization Endpoints of Apache IgniteSystems running Apache Ignite versions prior to
4 Apr 2018VULN131Wireshark : Multiple Security Vulnerabilities fixed in WiresharkSystems running wireshark versions 2.2, 2.4 prior
4 Apr 2018VULN132Cacti : Cacti 1.1.37 fixes Path-Based Cross-Site Scripting issuesSystems running Cacti versions prior to 1.1.37.
4 Apr 2018VULN130WordPress : WordPress 4.9.5 Security and Maintenance ReleaseSystems running WordPress versions prior to 4.9.5.
3 Apr 2018VULN129APPLE : APPLE-SA-2018-3-29-8 iCloud for Windows 7.4Windows running iCloud versions prior to 7.4.
3 Apr 2018VULN125Microsoft : Windows Kernel Elevation of Privilege Vulnerability Security VulnerabilityWindows versions 7, Server 2008.
3 Apr 2018VULN128APPLE : APPLE-SA-2018-3-29-7 iTunes 12.7.4 for WindowsWindows running iTunes versions prior to 12.7.4.
3 Apr 2018VULN127APPLE : APPLE-SA-2018-3-29-6 Safari 11.1Systems running Safari versions prior to 11.1.
3 Apr 2018VULN126APPLE : APPLE-SA-2018-3-29-5 macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El CapitanmacOS versions prior to High Sierra 10.13.4.
30 Mar 2018STAT13
30 Mar 2018VULN124APPLE : APPLE-SA-2018-3-29-4 Xcode 9.3Systems running Xcode versions prior to 9.3.
30 Mar 2018VULN123APPLE : APPLE-SA-2018-3-29-3 tvOS 11.3tvOS versions prior to 11.3.
30 Mar 2018VULN122APPLE : APPLE-SA-2018-3-29-2 watchOS 4.3watchOS versions prior to 4.3.
30 Mar 2018VULN121APPLE : APPLE-SA-2018-3-29-1 iOS 11.3iOS versions prior to 11.3.
29 Mar 2018VULN120Drupal : Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002Systems running Drupal versions 6, 7.x, 8.x prior
29 Mar 2018VULN119Cisco : Multiple Vulnerabilities fixed in Cisco IOS, Cisco IOS XECisco IOS, Cisco IOS XE.
28 Mar 2018VULN118Moodle : Vulnerabilities fixed in MoodleSystems running Moodle versions 3 prior to 3.4.2,
28 Mar 2018VULN114Mozilla Firefox : Use-after-free in compositorSystems running Firefox versions prior to 59.0.2,
28 Mar 2018VULN117OpenSSL : OpenSSL Security Advisory [27 Mar 2018]Systems running OpenSSL versions 1.1.0, 1.0.2
28 Mar 2018VULN116Apache Struts : A crafted XML request can be used to perform a DoS attack when using the Struts REST pluginSystems running Apache Struts versions 2.1.1 up to
28 Mar 2018VULN115Jenkins : Jenkins Security Advisory 2018-03-26Systems running Ansible Plugin for Jenkins,
28 Mar 2018VULN113Apache : Apache HTTP Server 2.4.33 security ReleaseSystems running Apache HTTP Server versions prior
14 Mar 2018VULN099Project curl : Out of bounds write, NULL pointer dereference and buffer over-read vulnerabilitiesSystems running curl versions 7.20.0 up to and
14 Mar 2018VULN098Adobe : Security updates available for Flash Player | APSB18-05Systems running Flash Player versions prior to
16 Mar 2018VULN104VMware : Workstation and Fusion updates address a denial-of-service vulnerabilitySystems running VMware Workstation versions 14.x,
23 Mar 2018STAT12
23 Mar 2018VULN112Atlassian : Bitbucket Server - Remote Code Execution via in Browser Editing - CVE-2018-5225Systems running Atlassian Bitbucket Server
22 Mar 2018VULN111Citrix : Citrix XenServer Multiple Security UpdatesSystems running Citrix XenServer versions 7.x
22 Mar 2018VULN110Drupal : Drupal 7 and 8 core highly critical release on March 28th, 2018 PSA-2018-001Systems running Drupal versions 7.x, 8.x.
20 Mar 2018VULN109Dell EMC : DSA-2018-037 Dell EMC NetWorker Buffer Overflow VulnerabilitySystems running Dell EMC NetWorker versions prior
20 Mar 2018VULN108Kamailio : Kamailio security announcement for the tmx and lcr modulesSystems running Kamailio versions prior to 4.4.7,
20 Mar 2018VULN106Apache : CVE-2018-1324 Apache Commons Compress denial of service vulnerabilitySystems running Apache Commons Compress versions
20 Mar 2018VULN105Mozilla : Out of bounds memory write while processing Vorbis audio dataSystems running Firefox versions prior to 59.0.1,
20 Mar 2018VULN107US-CERT : Bouncy Castle BKS-V1 keystore files vulnerable to trivial hash collisionsSystems running Legion of the Bouncy Castle.
16 Mar 2018STAT11
14 Mar 2018VULN103Mozilla : Critical security vulnerabilities fixed in Firefox 59 and ESR 52.7Systems running Firefox versions prior to 59,
14 Mar 2018VULN102Joomla! : Core - SQLi vulnerability User NotesSystems running Joomla! versions 3.5.0 up to and
14 Mar 2018VULN101Adobe : Security updates available for Adobe Connect | APSB18-06Systems running Adobe Connect versions prior to
14 Mar 2018VULN100Adobe : Security update available for Adobe Dreamweaver CC | APSB18-07Systems running Adobe Dreamweaver CC versions
14 Mar 2018VULN097Samba : DoS and Arbitrary password modification vulnerabilities fixedSystems running Samba versions 4 prior to 4.7.6,
14 Mar 2018VULN096Microsoft : Microsoft Security Update Summary for March 13, 2018Windows versions 7, 8.1, RT 8.1, 10,
13 Mar 2018VULN095Apache Tomcat : CVE-2018-1323 Apache Tomcat JK ISAPI Connector path traversalSystems running Apache Tomcat JK ISAPI Connector
9 Mar 2018STAT10
8 Mar 2018VULN094Cisco : Cisco Secure Access Control System Java Deserialization VulnerabilityCisco Secure ACS versions prior to 5.8 patch 9.
8 Mar 2018VULN093Cisco : Cisco Prime Collaboration Provisioning Hard-Coded Password VulnerabilitySystems running Cisco Prime Collaboration
8 Mar 2018VULN092Cisco : Cisco Web Security Appliance FTP Authentication Bypass VulnerabilityCisco AsyncOS for Cisco Web Security Appliance
7 Mar 2018VULN091Google Chrome : Chrome 65.0.3325.146 includes 45 security fixesSystems running Google Chrome versions prior to
7 Mar 2018VULN090Django : Django security releases issued 2.0.3, 1.11.11, and 1.8.19Systems running Django versions prior to 2.0.3,
7 Mar 2018VULN089PostgreSQL : PostgreSQL 10.3, 9.6.8, 9.5.12, 9.4.17, and 9.3.22 2018-03-01 Security Update ReleaseSystems running PostgreSQL versions up to and
2 Mar 2018STAT09
2 Mar 2018VULN088NTP : February 2018 ntp-4.2.8p11 NTP Security Vulnerability AnnouncementSystems running ntp versions prior to 4.2.8p11.
1 Mar 2018VULN087Apache Xerces-C XML Parser : Apache Xerces-C DTD vulnerability processing external pathsSystems running Apache Xerces-C XML Parser library
1 Mar 2018VULN086Citrix : Authentication Bypass Vulnerability in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler GatewaySystems running Citrix NetScaler Application
1 Mar 2018VULN085ISC BIND : A malformed request can trigger an assertion failure in badcache.cSystems running ISC BIND versions 9.10.5-S1 to
1 Mar 2018VULN084ISC DHCP : buffer overflow and reference counter overflow fixedSystems running ISC DHCP versions 4 prior to
28 Feb 2018VULN083US-CERT : Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversalSystems running SAML libraries.
28 Feb 2018VULN082Xen : Patches available for several DoS vulnerabilitiesSystems running Xen.
28 Feb 2018VULN081Shibboleth SP : Shibboleth Project's XMLTooling library critical security issueSystems running XMLTooling-C library versions
27 Feb 2018VULN080Wireshark : Multiple dissector and parser crashes fixed in WiresharkSystems running Wireshark versions 2 prior
27 Feb 2018VULN079Wicket jQuery UI : CVE-2017-15719 - Wicket jQuery UI: XSS in WYSIWYG editorSystems running Wicket jQuery UI versions prior to
27 Feb 2018VULN078Apache OpenMeetings : CVE-2018-1286 - Apache OpenMeetings - Insufficient Access ControlsSystems running Apache OpenMeetings versions prior
27 Feb 2018VULN077Apache Geode : CVE-2017-15692 Apache Geode unsafe deserialization of application objects and in TcpServerSystems running Apache Geode versions 1 prior to
27 Feb 2018VULN076Jenkins : Multiple vulnerabilities in various pluginsSystems running Azure Slave Plugin for Jenkins,
23 Feb 2018STAT08
23 Feb 2018VULN075Asterisk : Multiple Denial of Service vulnerabilities fixedSystems running Asterisk Asterisk Open Source
23 Feb 2018VULN074Drupal core : Critical - Multiple Vulnerabilities - SA-CORE-2018-001Systems running Drupal core versions 7, 8 prior to
23 Feb 2018VULN073Apache Geode : CVE-2017-15696 Apache Geode configuration request authorization vulnerabilitySystems running Apache Geode versions 1 prior to
23 Feb 2018VULN071Micro Focus : CVE-2018-6488 Micro Focus Universal CMDB Arbitrary Code Execution VulnerabillitySystems running Micro Focus Universal CMDB
23 Feb 2018VULN072McAfee : ePolicy Orchestrator update fixes multiple Java vulnerabilitiesSystems running McAfee ePolicy Orchestrator
23 Feb 2018VULN070Apache Tomcat : CVE-2018-1304 and CVE-2018-1305 vulnerabilities fixedSystems running Apache Tomcat versions prior to
22 Feb 2018VULN069LibreOffice : CVE-2018-6871 Remote arbitrary file disclosure vulnerability via WEBSERVICE formulaSystems running LibreOffice versions prior to
22 Feb 2018VULN068Cisco : Cisco Unified Customer Voice Portal Interactive Voice Response Connection Denial of Service VulnerabilitySystems running Cisco Unified Customer Voice
22 Feb 2018VULN067Cisco : Cisco Unified Communications Domain Manager Remote Code Execution VulnerabilitySystems running Cisco Unified Communications
22 Feb 2018VULN066Cisco : Cisco Elastic Services Controller Service Portal VulnerabilitiesSystems running Cisco Elastic Services Controller
22 Feb 2018VULN065phpMyAdmin : self-cross site scripting (XSS) vulnerability fixedSystems running phpMyAdmin version 4.7.x prior to
20 Feb 2018VULN064Ubuntu : USN-3574-1: Bind vulnerabilityUbuntu versions 12.04 LTS running Bind version 9.
20 Feb 2018VULN061Ruby : Multiple vulnerabilities in RubyGemsSystems running RubyGems versions prior to 2.7.6.
20 Feb 2018VULN063APPLE : APPLE-SA-2018-02-19-3 tvOS 11.2.6tvOS versions prior to 11.2.6.
20 Feb 2018VULN062Bugzilla : 4.4.12 and 5.0.3 Security AdvisorySystems running Bugzilla versions prior to
20 Feb 2018VULN060APPLE : APPLE-SA-2018-02-19-4 watchOS 4.2.3watchOS versions prior to 4.2.3.
20 Feb 2018VULN059APPLE : APPLE-SA-2018-02-19-1 iOS 11.2.6iOS versions prior to 11.2.6.
20 Feb 2018VULN058APPLE : APPLE-SA-2018-02-19-2 macOS High Sierra 10.13.3 Supplemental UpdatemacOS X versions up to and including 10.13.3.
19 Feb 2018VULN057Apache Oozie : [CVE-2017-15712] Apache Oozie Server vulnerabilitySystems running Apache Oozie versions prior to
19 Feb 2018VULN056Quagga : Quagga Security Note 2018-1114Systems running Quagga versions prior to 1.2.3.
16 Feb 2018STAT07
15 Feb 2018VULN055Jenkins : Jenkins Security Advisory 2018-02-14Systems running Jenkins versions prior to 2.107,
14 Feb 2018VULN054Adobe : Security updates available for Adobe Experience Manager APSB18-04Systems running Adobe Experience Manager versions
14 Feb 2018VULN053Adobe : Security updates available for Adobe Acrobat and Reader | APSB18-02Windows, Mac OS X running Adobe Acrobat versions
14 Feb 2018VULN052Microsoft : Microsoft Security Update Summary for February 13, 2018Windows versions 7, 8.1, RT 8.1, 10,
13 Feb 2018VULN051Atlassian : Sourcetree - Various vulnerabilities - CVE-2017-14592, CVE-2017-14593, CVE-2017-17458Systems running Atlassian Sourcetree for macOS
13 Feb 2018VULN050Rsync : rsync 3.1.3 fixes vulnerabilitySystems running rsync versions prior to 3.1.3.
13 Feb 2018VULN049Jenkins : Jenkins Security Advisory 2018-02-05Systems running Android Lint Plugin for Jenkins,
12 Feb 2018VULN048Django : Django security releases issued: 2.0.2 and 1.11.10Systems running Django versions prior to 2.0.2,
12 Feb 2018VULN047PostgreSQL : 2018-02-08 Security Update ReleaseSystems running PostgreSQL versions prior to 10.2,
12 Feb 2018VULN046Mailman : Mailman 2.1.26 Security release Feb 4, 2018Systems running Mailman versions prior to 2.1.26.
12 Feb 2018VULN045Exim : buffer overflow vulnerability fixed in eximSystems running exim versions prior to 4.90.1.
12 Feb 2018VULN044VMware : VMware Virtual Appliance updates address side-channel analysis due to speculative executionSystems running vCloud Usage Meter,
12 Feb 2018VULN043simplesamlphp : simplesamlphp vulnerabilities fixedSystems running simplesamlphp versions prior to
12 Feb 2018VULN042WordPress : WordPress 4.9.4 fixes severe bug in 4.9.3 security releaseSystems running WordPress versions prior to 4.9.4.
9 Feb 2018STAT06
2 Feb 2018STAT05
30 Jan 2018VULN041Mozilla : Arbitrary code execution through unsanitized browser UISystems running Firefox versions prior to 58.0.1.
30 Jan 2018VULN040Cisco : Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service VulnerabilityCisco Adaptive Security Appliance Software
26 Jan 2018STAT04
25 Jan 2018VULN038WebKitGTK+ : WebKitGTK+ Security Advisory WSA-2018-0002Systems running WebKitGTK+ versions prior to
25 Jan 2018VULN039Google Chrome : Google Chrome 64.0.3282.119 fixes multiple security vulnerabilitiesSystems running Google Chrome versions prior to
25 Jan 2018VULN037APPLE : APPLE-SA-2018-1-23-4 tvOS 11.2.5tvOS versions prior to 11.2.5.
25 Jan 2018VULN036APPLE : APPLE-SA-2018-1-23-3 watchOS 4.2.2watchOS versions prior to 4.2.2.
25 Jan 2018VULN035APPLE : APPLE-SA-2018-1-23-5 Safari 11.0.3Systems running Safari versions prior to 11.0.3.
25 Jan 2018VULN034APPLE : APPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El CapitanmacOS versions prior to 10.13.3.
25 Jan 2018VULN033APPLE : APPLE-SA-2018-1-23-1 iOS 11.2.5iOS versions prior to 11.2.5.
25 Jan 2018VULN032Jenkins : Jenkins Security Advisory 2018-01-22Systems running Ant for Jenkins,
24 Jan 2018VULN031curl : vulnerabilities fixed in libcurl version 7.58.0Systems running libcurl versions prior to 7.58.0.
24 Jan 2018VULN030Shibboleth : Implications of ROBOT TLS vulnerabilitySystems running Shibboleth IdP, Shibboleth SP.
22 Jan 2018VULN029SQUID : Denial of Service issues fixed in SQUIDSystems running Squid versions 3, 4 prior to
22 Jan 2018VULN028unbound : unbound versions 1.6.8 fixes security vulnerabilitySystems running unbound versions prior to 1.6.8.
22 Jan 2018VULN027Apache : CVE-2017-15713 Apache Hadoop MapReduce job history server vulnerabilitySystems running Apache Hadoop versions prior to
19 Jan 2018VULN026GitLab : GitLab Security Release: 10.3.4, 10.2.6, and 10.1.6Systems running GitLab versions prior to 10.3.4,
19 Jan 2018STAT03
18 Jan 2018VULN025Cisco : Cisco NX-OS Software Pong Packet Denial of Service VulnerabilityCisco NX-OS Software versions prior to 7.3(0)D1(1).
18 Jan 2018VULN024Cisco : Cisco Email Security and Content Security Management Appliance Privilege Escalation VulnerabilityCisco NX-OS Software versions prior to 9.8.0-015,
18 Jan 2018VULN023Cisco : Cisco Unified Customer Voice Portal Denial of Service VulnerabilityCisco AsyncOS ESA Software versions prior to
17 Jan 2018VULN022Wordpress : WordPress 4.9.2 Security and Maintenance ReleaseSystems running wordpress versions prior to 4.9.2.
17 Jan 2018VULN021ISC : CVE-2017-3144 Failure to properly clean up closed OMAPI connections can exhaust available socketsSystems running ISC DHCP server.
17 Jan 2018VULN020Oracle : January 2018 Critical Patch Update ReleasedSystems running Oracle Database Server,
17 Jan 2018VULN019ISC : CVE-2017-3145 Improper fetch cleanup sequencing in the resolver can cause named to crashSystems running BIND versions 9 prior to 9.9.11-P1,
15 Jan 2018VULN018Shibboleth : Shibboleth SP software vulnerable to forged user attribute dataSystems running XMLTooling-C library versions
12 Jan 2018STAT02
12 Jan 2018VULN017Wireshark : Multiple dissector and file parser DoS Security vulnerabilities fixedSystems running Wireshark versions prior to
11 Jan 2018VULN016Adobe : Security updates available for Flash Player APSB18-01Systems running Adobe Flash Player versions prior
11 Jan 2018VULN015AWStats : AWStats 7.7 includes Security fix for path traversal vulnerabilitySystems running AWStats versions prior to 7.7.
11 Jan 2018VULN012APPLE : APPLE-SA-2018-1-8-3 Safari 11.0.2Systems running Safari versions prior to 11.0.2.
11 Jan 2018VULN014WebKitGTK+ : Mitigations for Spectre vulnerabilities introduced in WebKitGTK+Systems running WebKitGTK+ versions prior to
11 Jan 2018VULN013APPLE : APPLE-SA-2018-1-8-2 macOS High Sierra 10.13.2 Supplemental UpdatemacOS High Sierra.
11 Jan 2018VULN011APPLE : APPLE-SA-2018-1-8-1 iOS 11.2.2iOS versions prior to 11.2.2.
11 Jan 2018VULN010Microsoft : Microsoft Security Update Summary for January 9, 2018Windows running Adobe Flash Player for Windows,
11 Jan 2018VULN009VMware : VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Remediation for speculative execution issueSystems running VMware vCenter Server,
11 Jan 2018VULN008VMware : VMware Workstation, and Fusion updates resolve use-after-free and integer-overflow vulnerabilitiesSystems running VMware Workstation versions 12.x,
8 Jan 2018VULN007Cisco : CPU Side-Channel Information Disclosure VulnerabilitiesCisco software.
5 Jan 2018STAT01
4 Jan 2018VULN006US-CERT : CPU hardware vulnerable to side-channel attacksSystems running on various CPU hardware
4 Jan 2018VULN005Microsoft : Microsoft Security Update Summary for January 3, 2018Windows versions 7, 8.1, 10, Server 2008,
4 Jan 2018VULN004Xen : Information leak and memory leak vulnerabilitiesSystems running Xen.
4 Jan 2018VULN003VMware : VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative executionSystems running VMware vSphere ESXi versions 6.5,
3 Jan 2018VULN002VMware : vSphere Data Protection (VDP) updates address multiple security issuesSystems running VMware vSphere Data Protection
3 Jan 2018VULN001phpMyAdmin : XSRF/CSRF vulnerability in phpMyAdminSystems running phpMyAdmin versions 4.7.x