Voici la liste des derniers avis du CERT-Renater en 2020 :


4 Jan 2021STAT52
24 Dec 2020VULN707ICS Advisory : Treck TCP/IP StackSystems running Treck TCP/IP versions prior
24 Dec 2020VULN706Asterisk : Remote crashes in res_pjsip_diversionSystems running Asterisk Open Source versions prior
24 Dec 2020VULN705Ceph : v15.2.8 Octopus fixPrivilege escalation vulnerability via the ceph_volume_client Python interfaceSystems running ceph versions prior to 15.2.8.
23 Dec 2020VULN704Aruba : ArubaOS Multiple VulnerabilitiesArubaOS versions prior to 6.4.4.24, 6.5.4.18,
23 Dec 2020VULN703Trend Micro : December 2020 Security Bulletin for Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2Systems running Trend Micro InterScan Web Security
23 Dec 2020VULN702Tenable : Tenable.sc 5.17.0 Fixes Multiple VulnerabilitiesSystems running Tenable.sc versions prior to
22 Dec 2020VULN701Wireshark : wnpa-sec-2020-20 · QUIC dissector crashSystems running Wireshark versions prior to 3.4.2,
22 Dec 2020VULN700Apache : CVE-2020-17526 Apache Airflow Incorrect Session Validation in Airflow Webserver with default configSystems running Apache Airflow versions prior to
18 Dec 2020VULN699MediaWiki : Multiple security vulnerabilities fixed in MediaWikiSystems running MediaWiki versions prior to
18 Dec 2020STAT51
18 Dec 2020VULN698 (VMware : VMware ESXi, Workstation, Fusion and Cloud Foundation updates address a denial of service vulnerability (CVE-2020-3999))Systems running VMware ESXi versions prior to
17 Dec 2020VULN697Citrix : CTX286756 Citrix Hypervisor Security UpdateSystems running Citrix Hypervisor versions up to
17 Dec 2020VULN696Zimbra : NEW Zimbra Patches: 9.0.0 Patch 10 + 8.8.15 Patch 17Systems running Zimbra versions prior to
17 Dec 2020VULN695 (Apache : [CVE-2020-17520] Pulsar Manager security bug(bypass admin interceptor))Systems running Apache Pulsar Manager versions
17 Dec 2020VULN694Apache : CVE-2020-8554: CVE-2020-13931 Apache TomEE - Incorrect config on JMS Resource Adapter can lead to JMX being enabledSystems running Apache TomEE versions prior to
16 Dec 2020VULN693Kubernetes : CVE-2020-8554: Man in the middle using LoadBalancer or ExternalIPsSystems running Kubernetes.
16 Dec 2020VULN692Mozilla : Security Vulnerabilities fixed in Firefox ESR 78.6 and 84Systems running Firefox versions prior to 78.6, 84.
16 Dec 2020VULN691Mozilla : Security Vulnerabilities fixed in Thunderbird 78.6Systems running Thunderbird versions prior to 78.6.
16 Dec 2020VULN690 (VMware : VMware Carbon Black Cloud macOS Sensor installer updates address file overwrite issue (CVE-2020-4008))macOS running VMware Carbon Black Cloud macOS
15 Dec 2020VULN689APPLE : APPLE-SA-2020-12-14-7 tvOS 14.3tvOS versions prior to 14.3.
15 Dec 2020VULN688APPLE : watchOS 7.2 and watchOS 6.3watchOS versions prior to 7.2, 6.3.
15 Dec 2020VULN687APPLE : APPLE-SA-2020-12-14-9 macOS Server 5.11macOS Server versions prior to 5.11.
15 Dec 2020VULN686APPLE : iOS 14.3 and iPadOS 14.3 and iOS 12.5iOS versions prior to 14.3, 12.5,
15 Dec 2020VULN685APPLE : APPLE-SA-2020-12-14-8 Safari 14.0.2Systems running Safari versions prior to 14.0.2.
15 Dec 2020VULN684APPLE : APPLE-SA-2020-12-14-3 macOS Big Sur 11.1 Security Update 2020-001 Catalina, Security Update 2020-007 MojavemacOS versions prior to 11.1.
15 Dec 2020VULN683Xen : Multiple security vulnerabilities fixed in XenSystems running Xen.
14 Dec 2020VULN682SolarWinds : Apache Airflow Security Vulnerabilities fixed in version 1.10.14Systemss running SolarWinds® Orion® Platform
11 Dec 2020VULN681Apache : Apache Airflow Security Vulnerabilities fixed in version 1.10.14Systemss running Apache Airflow versions prior to
11 Dec 2020STAT50
10 Dec 2020VULN680Cisco : Cisco Jabber Desktop and Mobile Client Software Vulnerabilities CriticalWindows running Cisco Jabber versions prior to
10 Dec 2020VULN679Citrix : Citrix Secure Mail for Android Security UpdateAndroid running Citrix Secure Mail versions prior
10 Dec 2020VULN678Foxit : Security updates available in Foxit Reader 10.1.1 and Foxit PhantomPDF 10.1.1Systems running Foxit Reader, Foxit PhantomPDF
10 Dec 2020VULN677nlnetlabs : Unbound and NSD Local symlink attackSystems running Unbound versions prior to 1.13.0,
10 Dec 2020VULN676Apache : Apache NuttX TCP stack Out of Bound Write VulnerabilitiesSystems running Apache NuttX versions
9 Dec 2020VULN675Adobe : Security update available for Adobe Acrobat and Reader APSB20-75Windows, macOS running Adobe Acrobat, Adobe Reader
9 Dec 2020VULN674Broadcom : Symantec Messaging Gateway Privilege Escalation and Information Disclosure VulnerabilitiesWindows running Symantec Messaging Gateway versions
9 Dec 2020VULN673Adobe : Security Updates Available for Adobe Lightroom APSB20-74Windows running Adobe Lightroom versions
9 Dec 2020VULN672US-CERT : Embedded TCP/IP stacks have memory corruption vulnerabilities,Vulnerability Note VU#815128Systems running open-source embedded TCP/IP stacks.
9 Dec 2020VULN671Adobe : Security Updates Available for Adobe Prelude | APSB20-70Windows running Adobe Prelude versions prior
9 Dec 2020VULN670Microsoft: Microsoft Security Update Summary for December 8, 2020Systems running Microsoft Windows,
9 Dec 2020VULN669Project curl : FTP and Inferior OCSP verification VulnerabilitiesSystems running curl versions prior to 7.74.0.
8 Dec 2020VULN668Cisco : Cisco Security Manager Java Deserialization VulnerabilitiesSystems running Cisco Security Manager versions
8 Dec 2020VULN667SAP : SAP Security Patch Day – December 2020-
8 Dec 2020VULN666IBM : IBM® Db2® is vulnerable to buffer overflow and denial of service attackSystems running IBM® Db2 versions 9.7, 10.1, 10.5,
8 Dec 2020VULN665Tenable : [R1] Nessus 8.13.0 Fixes One Third-party VulnerabilitySystems running Nessus versions prior to 8.13.0.
8 Dec 2020VULN664Apache : Apache Traffic Server cache poisoning attack and memory disclosure vulnerabilitySystems running Apache Traffic Server versions
8 Dec 2020VULN663GitLab : GitLab Security Release 13.6.2, 13.5.5, and 13.4.7Systems running GitLab versions prior to 13.6.2,
8 Dec 2020VULN662Apache Struts : [SECURITY] Potential RCE when using forced evaluation - CVE-2020-17530Systems running Apache Struts versions prior to
8 Dec 2020VULN661 (OpenSSL : EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971))Systems running OpenSSL versions prior to 1.1.1i.
7 Dec 2020VULN660QNAP : Multiple vulnerabilities fixed in QNAP NASSystems running QTS, QuTS hero,
7 Dec 2020VULN659Apache : CVE-2020-13945 Apache APISIX's Admin API default access token vulnerabilitySystems running Apache APISIX versions prior to
7 Dec 2020VULN658Cisco : Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution VulnerabilitySystems running Cisco AnyConnect Secure Mobility
7 Dec 2020VULN657Google Chrome : Google Chrome versions 87.0.4280.88 fix multiple security issuesSystems running Google Chrome versions prior to
7 Dec 2020VULN656Apache : CVE-2020-17521 Apache Groovy Information DisclosureSystems running Apache Groovy versions prior to
7 Dec 2020VULN655Containerd : containerd-shim API exposed to host network containersSystems running containerd versions prior to
4 Dec 2020STAT49
4 Dec 2020VULN654APPLE : Apple Security Updates for iCloud for WindowsWindows running APPLE iCloud versions prior to
4 Dec 2020VULN653Jenkins : Jenkins Security Advisory 2020-12-03Systems running Chaos Monkey Plugin for Jenkins
4 Dec 2020VULN652Apache : CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-upSystems running Apache Tomcat versions prior to
3 Dec 2020VULN651Mozilla : CVE-2020-26970 Stack overflow due to incorrect parsing of SMTP server response codesSystems running Thunderbird versions prior to
3 Dec 2020VULN650Fortinet : XSS vulnerability observed in Log and Report section of FortiGateSystems running FortiGate versions prior to 6.4.2,
3 Dec 2020VULN649Fortinet : AV Engine evasion via malformed RAR fileSystems running FortiOS, FortiClient versions 6.4,
2 Dec 2020VULN648X.Org : Multiple input validation failures in X server XKB extensionSystems running X.Org server versions prior to
1 Dec 2020VULN647OTRS : User account validation bypass vulnerabilitySystems running OTRS versions prior to 8.0.10.
1 Dec 2020VULN646WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2020-0009Systems running WebKitGTK, WPE WebKit versions
27 Nov 2020STAT48
27 Nov 2020VULN645Mut : Mutt 2.0.2 fixes Cleartext transmission of sensitive informationSystems running Mutt versions prior to 2.0.2.
26 Nov 2020VULN644Drupal : Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013Systems running Drupal core versions prior to
25 Nov 2020VULN643Citrix : CTX286511 Citrix Hypervisor Security UpdateSystems running Citrix Hypervisor,
25 Nov 2020VULN642Apache : NEW Zimbra Patches 9.0.0 Patch 9 + 8.8.15 Patch 16Systems running Zimbra versions prior to 9.0.0
25 Nov 2020VULN641Joomla : Joomla 3.9.23 security and bugfix releaseSystems running Joomla versions prior to 3.9.23.
24 Nov 2020VULN640Apache : CVE-2020-13942 Remote Code Execution in Apache UnomiSystems running Apache Unomi versions prior to
24 Nov 2020VULN639IBM : IBM® Db2® could allow a local authenticated attacker to execute arbitrary code on the systemSystems running IBM DB2.
24 Nov 2020VULN638VMware : VMware SD-WAN Orchestrator updates address multiple security vulnerabilitiesSystems running SD-WAN Orchestrator versions prior
24 Nov 2020VULN637VMware : VMware ESXi, Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilitiesSystems running VMware ESXi, VMware Workstation,
24 Nov 2020VULN636Xen : stack corruption from XSA-346 changeSystems running Xen.
24 Nov 2020VULN635VMware : VMware Workspace One Access, Access Connector, Identity Manager and Identity Manager Connector address command injection vulnerabilitySystems running VMware Workspace One Access,
24 Nov 2020VULN634WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2020-0008Systems running WebKitGTK, WPE WebKit versions
20 Nov 2020VULN633PostgreSQL : PostgreSQL 13.1, 12.5, 11.10, 10.15, 9.6.20, and 9.5.24 Released!Systems running PostgreSQL versions prior to 13.1,
20 Nov 2020VULN632Citrix : Citrix Hypervisor Security UpdateSystems running Citrix Hypervisor versions prior to
20 Nov 2020STAT47
20 Nov 2020VULN631Drupal : Critical vulnerabilities fixed in extensions for DrupalSystems running SAML Service Provider for Drupal,
20 Nov 2020VULN630Drupal : Drupal core - Critical - Remote code execution - SA-CORE-2020-012Systems running Drupal core versions prior to
20 Nov 2020VULN629Moodle : Multiple vulnerabilities fixed in MoodleSystems running Moodle versions prior to 3.10,
20 Nov 2020VULN628TYPO3 : Security vulnerabilities fixed in Install Tool and File Upload HandlingSystems running Install Tool component for TYPO3,
20 Nov 2020VULN627TYPO3 : Multiple security vulnerabilities fixed in TYPO3Systems running TYPO3 CMS versions prior to
13 Nov 2020STAT46
13 Nov 2020VULN626Nagios XI : Nagios XI version 5.7.5 fixes multiple security vulnerabilitiesSystems running Nagios XI versions prior to 5.7.5.
13 Nov 2020VULN625Palo Alto : Multiple security vulnerabilities fixed in PAN-OSPAN-OS versions prior to 10.0.1, 9.1.5, 9.0.11,
13 Nov 2020VULN624Apache : CVE-2020-13954 Apache CXF Reflected XSS in the services listing page via the styleSheetPathSystems running Apache CXF versions prior to
13 Nov 2020VULN623Mozilla : Security Vulnerabilities fixed in Firefox 82.0.3, Firefox ESR 78.4.1, and Thunderbird 78.4.2Systems running Firefox versions prior to 82.0.3,
12 Nov 2020VULN622Intel : Security Advisories for November 2020Systems running Intel® Board ID Tool,
12 Nov 2020VULN621Apache : CVE-2020-13958 Unrestricted actions leads to arbitrary code execution in crafted documentsSystems running Apache OpenOffice versions prior to
12 Nov 2020VULN620Xen : Information leak via power sidechannelSystems running Xen.
12 Nov 2020VULN619Cisco : Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers Slow Path Forwarding Denial of Service VulnerabilityCisco IOS XR Software versions prior to 6.7.2,
12 Nov 2020VULN618Microsoft : Microsoft Security Update Summary for November 10, 2020Systems running Microsoft Windows,
12 Nov 2020VULN617Fortinet : Information disclosure vulnerabilities fixed in FortiMail and FortiADCSystems running FortiMail, FortiADC versions prior
12 Nov 2020VULN616Google Chrome : Chrome 86.0.4240.198 fixes Critical security vulnerabilitiesSystems running Google Chrome versions prior to
9 Nov 2020VULN615SaltStack : Active SaltStack CVEs AnnouncedSystems running SaltStack.
9 Nov 2020VULN614Wireshark : FBZERO and GQUIC dissector crashesSystems running Wireshark versions prior to 3.4.0,
6 Nov 2020STAT45
6 Nov 2020VULN613APPLE : APPLE-SA-2020-11-05-7 tvOS 14.2tvOS versions prior to 14.2.
6 Nov 2020VULN612APPLE : APPLE-SA-2020-11-05 watchOS 7.1, 6.2.9, 5.3.9watchOS versions prior to 7.1, 6.2.9, 5.3.9.
6 Nov 2020VULN611APPLE : APPLE-SA-2020-11-05-6 macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 UpdatemacOS Catalina versions up to and including
6 Nov 2020VULN610APPLE : iOS 14.2, iPadOS 14.2 and iOS 12.4.9Systems running iOS versions prior to 14.2, 12.4.9,
6 Nov 2020VULN609Apache : [CVE-2020-17510] Apache Shiro Authentication Bypass VulnerabilitySystems running Apache Shiro versions prior to
6 Nov 2020VULN608Asterisk : Remote crash in res_pjsip_sessionSystems running Asterisk Open Source versions prior
6 Nov 2020VULN607WordPress : WordPress 5.5.2 Security and Maintenance ReleaseSystems running WordPress versions prior to 5.5.2.
6 Nov 2020VULN606Jenkins : Jenkins Security Advisory 2020-11-04Systems running Active Directory Plugin for Jenkins,
6 Nov 2020VULN605Cisco : Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution VulnerabilitySystems running Cisco AnyConnect Secure Mobility
4 Nov 2020VULN604Oracle : Oracle Security Alert Advisory - CVE-2020-14750Systems running Oracle WebLogic Server versions
4 Nov 2020VULN603GitLab : GitLab Security Release: 13.5.2, 13.4.5, and 13.3.9Systems running GitLab versions prior to 13.5.2,
4 Nov 2020VULN602Chrome : Google Chrome versions 86.0.4240.183 fix multiple security issuesSystems running Google Chrome versions prior to
4 Nov 2020VULN601Cisco : Cisco Security Advisories Published on November 04, 2020Systems running Cisco SD-WAN vManage Software,
30 Oct 2020STAT44
27 Oct 2020VULN600SPIP : Mise à jour CRITIQUE de sécurité SPIP 3.2.8 et SPIP 3.1.13 SPIP 3.1.14Systems running SPIP versions prior to 3.2.8,
23 Oct 2020STAT43
23 Oct 2020VULN599 (VMware : VMware Horizon Server and VMware Horizon Client updates address multiple security vulnerabilities (CVE-2020-3997, CVE-2020-3998))Windows running VMware Horizon Server versions
23 Oct 2020VULN598Cisco : Multiple Cisco Adaptive Security Appliance Software Security Advisories Published on October 23, 2020Cisco ASA Software versions prior to 9.14.1.30,
22 Oct 2020VULN597Cisco : Cisco Security Advisories Published on October 21, 2020Cisco FMC Software, Cisco FXOS Software,
22 Oct 2020VULN596Mozilla : Security Vulnerabilities fixed in Thunderbird 78.4Windows running Mozilla Thunderbird versions
21 Oct 2020VULN595Adobe : Security Updates Available for Adobe After Effects APSB20-62Windows running Adobe After Effects versions
21 Oct 2020VULN594Adobe : Security Updates Available for Adobe Premiere Pro APSB20-64Windows running Adobe Premiere Pro versions
21 Oct 2020VULN593Adobe : Security updates available for Adobe Animate APSB20-61Windows, macOS running Adobe Animate versions prior
21 Oct 2020VULN592Adobe : Security Updates Available for Adobe Media Encoder APSB20-65Windows, macOS running Adobe Media Encoder versions
21 Oct 2020VULN591Adobe : Security updates available for Adobe Photoshop APSB20-63Windows, macOS running Adobe Photoshop versions
21 Oct 2020VULN590Adobe : Security Updates Available for Adobe Illustrator APSB20-53Windows running Adobe Illustrator versions prior to
21 Oct 2020VULN589Adobe : Security update available for Adobe Dreamweaver APSB20-55Windows, macOS running Adobe Dreamweaver versions
21 Oct 2020VULN588Adobe : Security Update Available for Adobe InDesign APSB20-66Windows, macOS running Adobe InDesign versions
21 Oct 2020VULN587Google Chrome : Multiple security vulnerabilities fixed in Chrome 86.0.4240.111Systems running Google Chrome versions prior to
21 Oct 2020VULN586Oracle : October 2020 Critical Patch Update ReleasedSystems running Oracle Database Server,
21 Oct 2020VULN585MariaDB : Security issue fixed in MariaDB 10.5.6, 10.4.15, 10.3.25, 10.2.34 and 10.1.47Systems running MariaDB versions prior to 10.5.6,
21 Oct 2020VULN584Atlassian : Security Vulnerabilities fixed in Atlassian Jira ServerSystems running Atlassian Jira Server versions
20 Oct 2020VULN583FreeType : FreeType 2.10.4 fixes heap buffer overflow vulnerabilitySystems running FreeType versions prior to 2.10.4.
20 Oct 2020VULN582Mozilla : Security Vulnerabilities fixed in Firefox ESR 78.4 and 82Systems running Firefox versions prior to ESR 78.4,
20 Oct 2020VULN581Xen : Multiple security vulnerabilities fixed in XenSystems running Xen versions up to and including
20 Oct 2020VULN580VMware : VMware ESXi, Workstation, Fusion and NSX-T updates address multiple ,security vulnerabilitiesSystems running VMware ESXi, VMware Workstation,
19 Oct 2020VULN579Citrix : Citrix Gateway Plug-in for Windows Security UpdateSystems running Citrix ADC, Citrix Gateway versions
19 Oct 2020VULN578SAP : SAP Security Patch Day – October 2020Systems running SAP Solution Manager and SAP
16 Oct 2020STAT42
16 Oct 2020VULN577Adobe : Security Updates Available for Magento APSB20-59Systems running Magento Open Source, Magento
16 Oct 2020VULN576Containerd : containerd v1.2.x can be coerced into leaking credentials during image pullSystems running containerd versions prior to
16 Oct 2020VULN575Kubernetes : [Security Advisory] Multiple secret leaks when verbose logging is enabledSystems running Kubernetes versions prior to
16 Oct 2020VULN574Nagios : Nagios XI version 5.7.4 fix multiple security vulnerabilitiesSystems running Nagios XI versions prior to 5.7.4.
16 Oct 2020VULN573Drupal : Drupal OAuth Server ( OAuth Provider) - Single Sign On ( SSO ) - Moderately critical - SQL Injection - SA-CONTRIB-2020-034Systems running Drupal OAuth Server versions 8.x
16 Oct 2020VULN572 (VMware : VMware Horizon Client update addresses a denial-of-service vulnerability (CVE-2020-3991))Systems running VMware Horizon Client versions
14 Oct 2020VULN571Microsoft : Microsoft Security Update Summary for October 13, 2020Systems running Microsoft Windows,
13 Oct 2020VULN570PowerDNS : PowerDNS Security Advisory 2020-07 Cache pollutionSystems running PowerDNS Recursor versions prior to
13 Oct 2020VULN569KDE : KDE Connect packet manipulation can be exploited in a Denial of Service attackSystems running KDE Connect versions prior to
13 Oct 2020VULN568Apache : [CVE-2020-13957] The checks added to unauthenticated configset uploads in Apache Solr can be circumventedSystems running Apache Solr versions prior to
12 Oct 2020VULN567Apache : CVE-2020-13943 Apache Tomcat HTTP/2 Request mix-upSystems running Apache Tomcat versions prior to
12 Oct 2020VULN566phpMyAdmin : SQL injection and XSS vulnerabilitiesSystems running phpMyAdmin versions prior to
12 Oct 2020VULN565Apache : [CVE-2020-13955] Apache Calcite Disabled HTTPS Hostname VerificationSystems running Active Apache Calcite versions
12 Oct 2020VULN564Apache : CVE-2020-13956 Apache HttpClient incorrect handling of malformed,authority component in request URIsSystems running Apache HttpClient versions prior to
9 Oct 2020VULN563Jenkins : Jenkins Security Advisory 2020-10-08Systems running Active Choices Plugin for Jenkins,
9 Oct 2020STAT41
8 Oct 2020VULN562Cisco : Cisco Small Business RV340 Series Routers Command Injection and Remote Code Execution VulnerabilitiesCisco Small Business Routers Firmware versions
8 Oct 2020VULN561Mozilla : Security Vulnerabilities fixed in Thunderbird 78.3Systems running Mozilla Thunderbird versions prior
8 Oct 2020VULN560Cisco : Cisco Identity Services Engine Authorization Bypass VulnerabilitySystems running Cisco Identity Services Engine
8 Oct 2020VULN559Cisco : Cisco Webex Teams Client for Windows DLL Hijacking VulnerabilityWindows running Cisco Webex Teams for Windows
8 Oct 2020VULN558Cisco : Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service VulnerabilityCisco Video Surveillance 8000 Series IP Cameras
8 Oct 2020VULN557Apache : Apache NiFi CVE-2020-9486, CVE-2020-9487, CVE-2020-9491, CVE-2020-13940Systems running Apache NiFi versions prior to
7 Oct 2020VULN556PHP : PHP 7.4.11, 7.3.23, 7.2.34 fix security vulnerabilitiesSystems running PHP versions prior to 7.4.11,
7 Oct 2020VULN555Ruby : CVE-2020-25613 Potential HTTP Request Smuggling Vulnerability in WEBrickSystems running webrick gem versions prior to
7 Oct 2020VULN554Go : [security] Go 1.15.1 and Go 1.14.8 are releasedSystems running Go versions prior to 1.15.1,
7 Oct 2020VULN553GLPI : GLPI 9.5.2 fixes multiple security vulnerabilitiesSystems running GLPI versions prior to 9.5.2.
7 Oct 2020VULN552Fortinet : FortiOS HTTPD is vulnerable to a Stack-based Buffer Overflow vulnerabilityFortiOS, FortiGate versions prior to 6.0.11,
7 Oct 2020VULN551Google : Chrome 86 fix multiple security vulnerabilitiesSystems running Google Chrome versions prior to 86.
7 Oct 2020VULN550 bisGitLab : GitLab Security Release 13.4.2, 13.3.7 and 13.2.10Systems running GitLab versions prior to 13.4.2,
2 Oct 2020STAT40
2 Oct 2020VULN550Django : Django security releases issued: 3.1.1, 3.0.10 and 2.2.16Systems running Django versions prior to 3.1.1,
28 Sep 2020VULN549Citrix : CTX282314 Citrix Hypervisor Security Update fix DoS vulnerabilitiesSystems running Citrix Hypervisor, XenServer.
28 Sep 2020VULN548OpenSSH : OpenSSH 8.4 fix security vulnerabilitiesSystems running OpenSSH versions prior to 8.4.
28 Sep 2020VULN547Xen : Multiple security vulnerabilities fixed in XenSystems running Xen.
28 Sep 2020VULN546Apache: CVE-2020-13951 - Apache Openmeetings DoS via public web serviceSystems running Apache Openmeetings versions prior
28 Sep 2020VULN545Podman : Podman CVE-2020-14370 Security IssueSystems running Podman versions prior to 2.0.5.
28 Sep 2020VULN544Yaws : Yaws 2.0.8 fix several security vulnerabilitiesSystems running Yaws versions prior to 2.0.8.
28 Sep 2020VULN543Apache : [CVE-2020-13953] Apache Tapestry WEB-INF file download vulnerabilitySystems running Apache Tapestry versions prior to
28 Sep 2020VULN542Apache : CVE-2018-11765 Potential information disclosure in Hadoop Web interfacesSystems running Apache Hadoop versions prior to
25 Sep 2020VULN541MediaWiki : New MediaWiki versions fix multiple Security VulnerabilitiesSystems running MediaWiki versions prior to 1.35.0,
25 Sep 2020STAT39
25 Sep 2020VULN540Mozilla : Security Vulnerabilities fixed in Firefox ESR 78.3 and 81Systems running Firefox versions prior to ESR 78.3,
25 Sep 2020VULN539Cisco : Cisco Security Advisories Published on September 24, 2020Cisco IOS XE, Cisco IOS,
25 Sep 2020VULN538Mozilla : Security Vulnerabilities fixed in Thunderbird 78.3Systems running Thunderbird versions prior to 78.3.
25 Sep 2020VULN537APPLE : APPLE-SA-2020-09-24-1 macOS Catalina 10.15.6 Supplemental Update,,Security Update 2020-005 High Sierra, Security Update 2020-005 MojavemacOS versions up to and including 10.15.6.
24 Sep 2020VULN536Fortinet : XSS vulnerability in the UserID of Admin Users in FortiNACSystems running FortiNAC versions prior to 8.7.3.
24 Sep 2020VULN535Fortinet : FortiGate fails to log traffic for Fortinet owned IP address rangeSystems running FortiGate versions prior to 6.4.1.
24 Sep 2020VULN534PowerDNS : Information leak, DoS, and Possible code execution vulnerabilities fixedSystems running PowerDNS versions prior to 4.4.0,
24 Sep 2020VULN533Jenkins : Jenkins Security Advisory 2020-09-23Systems running Implied Labels Plugin for Jenkins,
22 Sep 2020VULN532 (Vmware : Horizon DaaS update addresses a broken authentication vulnerability ,(CVE-2020-3977))Systems running VMware Horizon DaaS (Horizon DaaS)
22 Sep 2020VULN531Fortinet : Information disclosure through diagnose debug commands in FortiWebSystems running FortiWeb versions prior to 6.3.0,
22 Sep 2020VULN530Atlassian Jira : User Enumeration via /ViewUserHover.jspa - CVE-2020-14181Systems running Atlassian Jira Server and Data
22 Sep 2020VULN529Google : Multiple vulnerabilities fixed in Google Chrome 85.0.4183.121Systems running Google Chrome versions prior to
22 Sep 2020VULN528Fortinet : HTML Injection Vulnerability observed in FortiAnalyzer and FortiTesterrSystems running FortiManager versions prior to
21 Sep 2020VULN527Fortinet : XSS vulnerability in FortiManager and FortiAnalyzerSystems running FortiManager, FortiAnalyzer
21 Sep 2020VULN526Moodle : Multiple security vulnerabilities fixed in MoodleSystems running Moodle versions prior to 3.9.2,
18 Sep 2020STAT38
17 Sep 2020VULN525Fortinet : XSS vulnerability in FortiOS SSLVPN PortalFortiOS versions prior to 6.2.2, 6.0.9, 5.6.13.
17 Sep 2020VULN524Drupal: Multiple vulnerabilities fixed in Drupal coreSystems running Drupal core versions prior to 7.73,
17 Sep 2020VULN523APPLE : APPLE-SA-2020-09-16-5 Xcode 12.0Systems running Xcode versions prior to 12.0.
17 Sep 2020VULN522APPLE : APPLE-SA-2020-09-16-4 watchOS 7.0watchOS versions prior to 7.0.
17 Sep 2020VULN521APPLE : APPLE-SA-2020-09-16-2 tvOS 14.0tvOS versions prior to 14.0.
17 Sep 2020VULN520APPLE : APPLE-SA-2020-09-16-3 Safari 14.0Systems running Safari versions prior to 14.0.
17 Sep 2020VULN519APPLE : APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0iOS versions prior to 14.0,
16 Sep 2020VULN518Adobe : Security Updates Available for Adobe Media Encoder APSB20-57Systems running Adobe Media Encoder versions prior
16 Sep 2020VULN517Apache : [CVE-2020-13948] Apache Superset Remote Code Execution VulnerabilitySystems running Apache Superset versions prior to
16 Sep 2020VULN516Jenkins : Jenkins Security Advisory 2020-09-16Systems running Android Lint Plugin for Jenkins,
15 Sep 2020VULN515Apache : [CVE-2020-11986] Opening a Gradle project with Apache NetBeans executes foreign script immediatelySystems running Apache NetBeans versions prior to
15 Sep 2020VULN514Apache : [CVE-2020-13928 ] Apache Atlas Multiple XSS VulnerabilitySystems running Apache Atlas versions prior to
15 Sep 2020VULN513Apache : [CVE-2020-11977] Apache Syncope: Remote Code Execution via Flowable workflow definitionSystems running Apache Syncope versions 2.1.X prior
15 Sep 2020VULN512VMware : VMware Workstation, Fusion and Horizon Client updates address multiple security vulnerabilitiesSystems running Vmware Workstation, Vmware Fusion,
11 Sep 2020STAT37
11 Sep 2020VULN511US-CERT : Devices supporting Bluetooth BR/EDR and LE using CTKD are vulnerable to key overwriteSoftware supporting Bluetooth BR/EDR and LE using
11 Sep 2020VULN510Apache : Apache DolphinScheduler (incubating) Remote Code execution and Permission vulnerabilitiesSystems running Apache DolphinScheduler versions
11 Sep 2020VULN509Apache : [CVE-2020-11991] Apache Cocoon security vulnerabilitySystems running Apache Cocoon versions prior to
11 Sep 2020VULN508Apache : Apache ActiveMQ JMX remote client arbitrary code execution and MITM attackSystems running Apache ActiveMQ versions prior to
11 Sep 2020VULN507Palo Alto : multiple security vulnerabilities fixed in PAN-OS 8.1.16, 9.0.10, 9.1.4Systems running PAN-OS versions prior to 8.1.16,
9 Sep 2020VULN506Google Chrome : Google Chrome 85.0.4183.102 fixes multiple security vulnerabilitiesSystems running Google Chrome versions prior to
9 Sep 2020VULN505Adobe : Security updates available for Adobe Experience Manager APSB20-56Systems running Adobe Experience Manager (AEM)
9 Sep 2020VULN504Adobe : Security Updates Available for Adobe Framemaker APSB20-54Systems running Adobe Framemaker versions prior to
9 Sep 2020VULN503Adobe : Security Update Available for Adobe InDesign APSB20-52Systems running Adobe InDesign versions prior to
9 Sep 2020VULN502Citrix : Citrix StoreFront Security UpdateSystems running Citrix StoreFront versions prior to
9 Sep 2020VULN501Microsoft : Microsoft Security Update Summary for September 8, 2020Systems running Microsoft Windows,
8 Sep 2020VULN500SAP : SAP Security Patch Day September 2020Systems running SAP Solution Manager,
8 Sep 2020VULN499osTicket : osTicket 1.14.3 fixes several security vulnerabilitiesSystems running osTicket versions prior to 1.14.3.
8 Sep 2020VULN498gnutls : gnutls 3.6.15 fixes NULL pointer dereference vulnerabilitySystems running gnutls versions prior to 3.6.15.
8 Sep 2020VULN497lemonldap-ng : LemonLDAP::NG 2.0.9 fixes two security vulnerabilitiesSystems running lemonldap-ng versions prior to
4 Sep 2020STAT36
4 Sep 2020VULN496Nagios : Multiple Security vulnerabilities fixed in Nagios XI 5.7.3Systems running Nagios XI versions prior to 5.7.3.
4 Sep 2020VULN495GnuPG : GnuPG 2.2.23 fix buffer overflow when importing a key with AEAD preferencesSystems running GnuPG versions 2.2.21, 2.2.22,
3 Sep 2020VULN494GitLab : GitLab Security Release: 13.3.4, 13.2.8, and 13.1.10Systems running GitLab versions prior to 13.3.4,
3 Sep 2020VULN493Atlassian : Sourcetree - Malicious URLs may cause Git to present stored credentials to the wrong serverWindows running Atlassian Sourcetree versions prior
3 Sep 2020VULN492TYPO3 : Vulnerabilities fixed in extensions 'Localization Manager' and 'Event management and registration'Systems running Localization Manager for TYPO3
3 Sep 2020VULN491Cisco : Cisco Enterprise NFV Infrastructure Software File Overwrite VulnerabilityCisco Enterprise NFVIS versions prior to 4.2.1.
3 Sep 2020VULN490Cisco : Cisco IOS XR Authenticated User Privilege Escalation VulnerabilitiesCisco IOS XR versions prior to 6.6.3, 7.0.2, 7.1.1,
3 Sep 2020VULN489Cisco : Cisco Jabber for Windows Arbitrary Code Execution and Command Injection VulnerabilitiesWindows running Cisco Jabber versions prior to
2 Sep 2020VULN488Django : Django security releases issued 3.1.1, 3.0.10 and 2.2.16Systems running Django versions prior to 3.1.1,
2 Sep 2020VULN487Jenkins : Jenkins Security Advisory 2020-09-01Systems running database Plugin for Jenkins,
1 Sep 2020VULN486Shibboleth : Shibboleth Service Provider Security Advisory [31 August 2020]Systems running Shibboleth Service Provider
1 Sep 2020VULN485Apache : CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMXSystems running Apache Cassandra versions prior to
1 Sep 2020VULN484Cisco : Cisco IOS XR Software DVMRP Memory Exhaustion VulnerabilitiesCisco IOS XR Software.
31 Aug 2020VULN483KDE : Ark maliciously crafted TAR archive with symlinks can install files outside the extraction directorySystems running KDE Ark versions prior to 20.08.1.
31 Aug 2020VULN482Mozilla : Security Vulnerabilities fixed in Thunderbird 78.2, 68.12Systems running Mozilla Thunderbird versions prior
31 Aug 2020VULN481Joomla : Joomla 3.9.21 fixes multiple security vulnerabilitiesSystems running Joomla versions prior to 3.9.21.
31 Aug 2020VULN480Npcap : integer underflow fixed in Npcap fixedSystems running Npcap versions prior to 0.9997.
31 Aug 2020VULN479Gentoo : Kleopatra: Remote code execution — GLSA 202008-21Systems running Kleopatra versions prior to
31 Aug 2020VULN478Trend Micro : Trend Micro Deep Security Manager and Vulnerability Protection Multiple VulnerabilitiesSystems running Trend Micro Deep Security Manager
31 Aug 2020VULN477Cisco : Cisco IOS XR Software DVMRP Memory Exhaustion VulnerabilityCisco IOS XR Software.
28 Aug 2020STAT35
27 Aug 2020VULN476Cisco : Cisco Security Advisories Published on August 26, 2020Cisco NX-OS, Cisco FXOS, Cisco UCS Software.
26 Aug 2020VULN475X.Org : X.Org server security advisory: August 25, 2020Systems running xorg-server versions prior to
26 Aug 2020VULN474X.Org : X.Org libX11 security advisory August 25, 2020Systems running X.Org libX11 versions prior to
26 Aug 2020VULN473Google Chrome : Google Chrome 85 fixes multiple Security VulnerabilitiesSystems running Google Chrome versions prior to 85.
25 Aug 2020VULN472Mozilla : Security Vulnerabilities fixed in Firefox 80, ESR 68.12 and ESR 78.2Systems running Firefox versions prior to 80,
25 Aug 2020VULN471Citrix : Citrix Hypervisor Security UpdateSystems running Citrix Hypervisor Citrix XenServer
24 Aug 2020VULN470 (VMware : VMware App Volumes patches address Stored Cross-Site Scripting (XSS) vulnerability (CVE-2020-3975))Systems running VMware App Volumes versions prior
24 Aug 2020VULN469 (VMware : VMware ESXi, vCenter Server, and Cloud Foundation updates address a partial denial of service vulnerability (CVE-2020-3976))Systems running VMware ESXi versions prior to
24 Aug 2020VULN468Xen : QEMU: usb out-of-bounds r/w access issueSystems running Xen.
24 Aug 2020VULN467Foxit : Security update available in Foxit Studio Photo 3.6.6.928Systems running Foxit Studio Photo versions prior
24 Aug 2020VULN466Squid : Multiple Squid Proxy Cache Vulnerabilities fixedSystems running Squid Proxy Cache versions prior to
21 Aug 2020VULN465Bind : New BIND releases 9.11.22, 9.16.6, and 9.17.4 fixes multiple VulnerabilitiesSystems running BIND versions prior to 9.11.22,
21 Aug 2020STAT34
20 Aug 2020VULN464Cisco : Cisco Smart Software Manager On-Prem Privilege Escalation VulnerabilitySystems running Cisco SSM On-Prem versions prior to
20 Aug 2020VULN463Cisco : Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service VulnerabilitiesCisco Video Surveillance 8000 Series IP Camera
20 Aug 2020VULN462Cisco : Cisco vWAAS for Cisco ENCS 5400-W Series and CSP 5000-W Series Default Credentials VulnerabilityCisco Systems running Cisco vWAAS with
19 Aug 2020VULN461GitLab : GitLab Critical Security Release: 13.2.6, 13.1.8, 13.0.14Systems running GitLab versions prior to 13.2.6,
19 Aug 2020VULN460Google Chrome : Chrome 84.0.4147.135 fixes Heap buffer overflow vulnerabilitySystems running Google Chrome versions prior to
19 Aug 2020VULN459Apache : [CVE-2020-13941] Apache Solr information disclosure vulnerabilitySystems running Apache Solr versions prior to
19 Aug 2020VULN458libcurl : libcurl wrong connect-only connectionSystems running libcurl versions prior to 7.72.0.
19 Aug 2020VULN457TinyMCE : Cross-site scripting vulnerability in TinyMCESystems running TinyMCE versions prior to 4.9.11,
18 Aug 2020VULN456GitLab : GitLab Security Release 13.2.5, 13.1.7, 13.0.13Systems running GitLab versions prior to 13.2.5,
18 Aug 2020VULN455Wireshark : Kafka dissector crashSystems running Wireshark versions prior to 3.2.6.
18 Aug 2020VULN454PostgreSQL : PostgreSQL 12.4, 11.9, 10.14, 9.6.19, 9.5.23, and 13 Beta 3 Released!Systems running PostgreSQL versions prior to 12.4,
18 Aug 2020VULN453Jenkins : Jenkins Security Advisory 2020-08-17Systems running Jenkins versions prior to
18 Aug 2020VULN452phpBB : phpBB 3.2.10 Release - Please UpdateSystems running phpBB versions prior to 3.2.10.
14 Aug 2020STAT33
14 Aug 2020VULN451vBulletin : vBulletin 5.6.0, 5.6.1, 5.6.2 Security PatchSystems running vBulletin.
14 Aug 2020VULN450Citrix : Citrix Endpoint Management (CEM) Security UpdateSystems running Citrix Endpoint Management,
14 Aug 2020VULN449Adobe : Security Updates Available for Adobe Lightroom APSB20-51Systems running Adobe Lightroom versions prior
14 Aug 2020VULN448Adobe : Security Updates Available for Adobe Acrobat and Reader | APSB20-48Systems running Adobe Acrobat, Adobe Reader
14 Aug 2020VULN447Apache : Announcing CVE-2019-0230 (Possible RCE) and CVE-2019-0233 (DoS) security issuesSystems running Apache Struts versions prior
14 Aug 2020VULN446Jenkins :Jenkins Security Advisory 2020-08-12Systems running Jenkins (core) versions prior to
12 Aug 2020VULN445Dovecot :Dovecot IMAP server Multiple Denial Of Service vulnerabilitiesSystems running Dovecot IMAP server versions prior
12 Aug 2020VULN444Apache : [CVE-2020-13921] Apache SkyWalking SQL injection vulnerability after H2/MySQL/TiDB storage option activatedSystems running Apache SkyWalking versions 6.5.0,
12 Aug 2020VULN443Apache : Multiple vulnerabilities fixed in Apache HTTP ServerSystems running versions prior to 2.4.46.
12 Aug 2020VULN442Apache : [CVE-2020-11976] Apache Wicket information disclosure vulnerabilitySystems running Apache Wicket versions prior to
12 Aug 2020VULN441Apache : [CVE-2020-9479] Directory traversal vulnerability in Apache AsterixDBSystems running Apache AsterixDB versions prior to
12 Aug 2020VULN440X.Org : X.Org security advisory July 31, 2020 libX11 and XserverSystems running libX11 versions prior to 1.6.10,
12 Aug 2020VULN439WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2020-0007Systems running WebKitGTK, WPE WebKit versions
12 Aug 2020VULN438Roundcube : Roundcube Webmail Security updates 1.4.8, 1.3.15 and 1.2.12 releasedSystems running Roundcube Webmail versions prior to
12 Aug 2020VULN437Microsoft : Microsoft Security Update Summary for August 11, 2020Systems running Microsoft Windows,
7 Aug 2020STAT32
31 Jul 2020STAT31
31 Jul 2020VULN436Cisco: Cisco SD-WAN vManage Software Authorization Bypass Vulnerability/
31 Jul 2020VULN435Cisco: Cisco Data Center Network Manager Authentication Bypass Vulnerability/
31 Jul 2020VULN434Cisco: Cisco SD-WAN Solution Software Buffer Overflow Vulnerability
30 Jul 2020VULN433Debian: [DSA 4735-1] grub2 security updateSystems running Debian
30 Jul 2020VULN432Microsoft: ADV200011 | Microsoft Guidance for Addressing Security Feature Bypass in GRUBSystems running Microsoft Windows
24 Jul 2020STAT30
24 Jul 2020VULN431 (IBM : IBM QRadar Advisor with Watson App for IBM QRadar SIEM does not adequately mask all passwords during input (CVE-2020-4408))Systems running IBM QRadar Advisor versions prior
24 Jul 2020VULN430Spring : CVE-2020-5413 Kryo Configuration Allows Code Execution with Unknown “Serialization Gadgetsâ€Systems running Spring Integration framework
24 Jul 2020VULN429ClamAV : ClamAV 0.102.4 security patch releasedSystems running ClamAV versions prior to 0.102.4.
24 Jul 2020VULN428Drupal : Modal Form, Apigee Edge and Easy Breadcrumb Access bypass and XSS fixedSystems running Modal Form for Drupal versions
23 Jul 2020VULN427Adobe : Security update available for Adobe Reader Mobile | APSB20-50Systems running Adobe Reader Mobile versions prior
22 Jul 2020VULN426Cisco : Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal VulnerabilityCisco ASA Software versions prior to 9.6.4.42,
22 Jul 2020VULN425 (Juniper : Junos OS: Kernel crash (vmcore) or FPC crash due to mbuf leak (CVE-2020-1653))Junos OS versions 17.4, 18.1, 18.2, 18.2X75, 18.3,
22 Jul 2020VULN424Citrix : Citrix Workspace app for Windows Security UpdateSystems running Citrix Workspace App versions prior
22 Jul 2020VULN423Adobe : Security updates available for Adobe Photoshop | APSB20-45Systems running Adobe Photoshop versions prior to
22 Jul 2020VULN422Adobe : Security Updates Available for Adobe Bridge | APSB20-44Systems running Adobe Bridge versions prior to
22 Jul 2020VULN421Adobe : Security Updates Available for Adobe Prelude | APSB20-46Systems running Adobe Prelude versions prior to
22 Jul 2020VULN420GLPI : GLPI 9.5.1 fix SQL injection vulnerabilitySystems running GLPI versions prior to 9.5.1.
21 Jul 2020VULN419Python : Python 3.8.4 fix invalid search path vulnerabilitySystems running Python versions prior to 3.8.4.
21 Jul 2020VULN418Foxit : Security update available in Foxit Studio Photo 3.6.6.925Systems running Foxit Studio Photo versions prior
21 Jul 2020VULN417Apache : Apache ActiveMQ Artemis - Remote XSS in Web console Diagram PluginSystems running Apache ActiveMQ Artemis versions
21 Jul 2020VULN416Apache : Apache Airflow security vulnerabilities fixed in v1.10.11 CVE-2020-9485, CVE-2020-11978, CVE-2020-11981, CVE-2020-11982, CVE-2020-11983, CVE-2020-13927Systems running Apache Airflow versions prior to
20 Jul 2020VULN415Moodle : Moodle Multiple vulnerabilitiesSystems running Moodle versions prior to 3.9.1,
17 Jul 2020STAT29
17 Jul 2020VULN414Apache : Apache Kylin command and SQL injection vulnerabilitiesSystems running Apache Kylin versions prior to
17 Jul 2020VULN413Synology : Synology-SA-20:18 DSM Potential man-in-the-middle attacksSystems running Synology DiskStation Manager
17 Jul 2020VULN412Nagios : Nagios XI 5.7.2 fix multiple security vulnerabilitiesSystems running Nagios XI versions prior to 5.7.2.
17 Jul 2020VULN411Joomla! : Multiple Security vulnerabilities fixed in Joomla! 3.9.20Systems running Joomla! Core versions prior to
17 Jul 2020VULN410 (IBM : WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464))Systems running WebSphere Application Server
17 Jul 2020VULN409Adobe : Security update available for Adobe Creative Cloud Desktop Application | APSB20-33Systems running Adobe Creative Cloud Desktop
17 Jul 2020VULN408Adobe : Security Updates Available for Adobe Genuine Service APSB20-42Systems running Adobe Genuine Service versions
17 Jul 2020VULN407APPLE : APPLE-SA-2020-07-15-3 tvOS 13.4.8tvOS versions prior to 13.4.8.
17 Jul 2020VULN406APPLE : APPLE-SA-2020-07-15-4 watchOS 6.2.8watchOS versions prior to 6.2.8.
17 Jul 2020VULN405Mozilla : Security Vulnerabilities fixed in Thunderbird 78Systems running Thunderbird versions prior to 78.
16 Jul 2020VULN404APPLE : APPLE-SA-2020-07-15-1 iOS 13.6 and iPadOS 13.6iOS, iPadOS versions prior to 13.6.
16 Jul 2020VULN403APPLE : APPLE-SA-2020-07-15-5 Safari 13.1.2Systems running Safari versions prior to 13.1.2.
16 Jul 2020VULN402APPLE : APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High SierramacOS versions prior to 10.15.6.
16 Jul 2020VULN401Adobe : Security Updates Available for Adobe Media Encoder APSB20-36Windows, macOS running Adobe Media Encoder versions
16 Jul 2020VULN400Xen : Linux ioperm bitmap context switching issuesLinux versions prior to 5.5.
16 Jul 2020VULN399Fortinet : FortiOS SSL VPN 2FA bypass by changing username caseFortiOS versions prior to 6.4.1, 6.2.4, 6.0.10.
16 Jul 2020VULN398Google Chrome : Chrome 84 fix multiple security vulnerabilitiesSystems running Chrome versions prior to 84.
16 Jul 2020VULN397Jenkins : Jenkins Security Advisory 2020-07-15Systems running Jenkins (core) versions prior to
16 Jul 2020VULN396Kubernetes : CVE-2020-8558 Kubernetes: Node setting allows for neighboring hosts to bypass localhost boundarySystems running kube-apiserver versions prior to
16 Jul 2020VULN395Kubernetes : [Security Advisory] CVE-2020-8557 Node disk DOS by writing to container /etc/hostsSystems running kubelet versions prior to 1.19.0,
16 Jul 2020VULN394Apache : Apache OFBiz [CVE-2020-9496] and [CVE-2020-13923] vulnerabilitiesSystems running Apache OFBiz versions prior to
16 Jul 2020VULN393Apache : Apache Tomcat WebSocket and HTTP/2 DoSSystems running Apache Tomcat versions prior to
16 Jul 2020VULN392Cisco : Multiple Critical, High and medium vulnerabilities fixed in Cisco productsCisco Small Business RV110W Wireless-N VPN Firewall
15 Jul 2020VULN391Microsoft : Microsoft Security Update Summary for July 14, 2020Systems running Internet Explorer,
15 Jul 2020VULN390Adobe : Security Updates Available for Adobe Download Manager APSB20-49Systems running Adobe Download Manager versions
15 Jul 2020VULN389Adobe : Security updates available for Adobe ColdFusion APSB20-43Systems running ColdFusion versions prior to
15 Jul 2020VULN388Oracle : July 2020 Critical Patch Update ReleasedSystems runningOracle Database Server,
13 Jul 2020VULN387WebKitGTK and WPE WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2020-0006Systems running WebKitGTK, WPE WebKit versions
10 Jul 2020STAT28
10 Jul 2020VULN386Citrix : Citrix Hypervisor Security UpdateSystems running Citrix Hypervisor, XenServer.
10 Jul 2020VULN385 (VMware : VMware Fusion, VMware Remote Console and Horizon Client updates address a privilege escalation vulnerability (CVE-2020-3974))Systems running VMware Fusion,
9 Jul 2020VULN384Mozilla : Security Vulnerabilities fixed in Firefox 78.0.2, ESR 68.10 and Firefox for Android 68.10.1Systems running Firefox versions prior to 78.0.2,
9 Jul 2020VULN383Samba : Multiple vulnerabilities fixed in SambaSystems running Samba versions prior to 4.10.17,
9 Jul 2020VULN382GitLab : GitLab Security Release: 13.1.3, 13.0.9 and 12.10.14Systems running GitLab versions prior to 13.1.3,
9 Jul 2020VULN381Juniper : Multiple Vulnerabilities fixed in Junos OSJunos OS, Junos Space, Junos OS Evolved,
9 Jul 2020VULN380PuTTY : PuTTY version 0.74 fixes security issuesSystems running PuTTY versions prior to 0.74.
9 Jul 2020VULN379TYPO3 : Vulnerabilities in multiple third party TYPO3 CMS extensionsSystems running Faceted Search for TYPO3,
9 Jul 2020VULN378Palo Alto : Multiple vulnerabilities fixed in PAN-OS 9.1.3, 8.1.15, 9.0.9PAN-OS versions prior to 9.1.3, 8.1.15, 9.0.9.
9 Jul 2020VULN377US-CERT : Netgear httpd upgrade_check.cgi stack buffer overflow VulnerabilityNetgear devices software running embedded web
9 Jul 2020VULN376Roundcube : Roundcube Webmail Security updates 1.4.7, 1.3.14 and 1.2.11 releasedSystems running Roundcube Webmail versions prior to
9 Jul 2020VULN375Kubernetes : CVE-2020-8558 Kubernetes: Node setting allows for neighboring hosts to bypass localhost boundarySystems running kube-proxy versions prior to
8 Jul 2020VULN374PowerDNS : PowerDNS Security Advisory 2020-04 Access restriction bypassSystems running PowerDNS versions prior to 4.3.2,
8 Jul 2020VULN373Citrix : Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security UpdateSystems running Citrix ADC, Citrix Gateway,
7 Jul 2020VULN372 (Vmware : VMware SD-WAN by VeloCloud updates address SQL-injection vulnerability (CVE-2020-3973))Systems running VeloCloud Orchestrator versions
7 Jul 2020VULN371Apache : Apache Guacamole Arbitrary code execution and Information Disclosure vulnerabilitiesSystems running Apache Guacamole versions prior to
7 Jul 2020VULN370Xen : Multiple vulnerabilities fixed in XenSystems running Xen.
3 Jul 2020STAT27
3 Jul 2020VULN369Jenkins : Jenkins Security Advisory 2020-07-02Systems running Link Column Plugin for Jenkins,
29 Jun 2020VULN368FreeRDP : Version 2.1.2 fixes multiple security vulnerabilitiesSystems running FreeRDP versions prior to 2.1.2.
26 Jun 2020STAT26
26 Jun 2020VULN367Apache : CVE-2020-11996 Apache Tomcat HTTP/2 Denial of ServiceSystems running Apache Tomcat versions prior to
25 Jun 2020VULN366Fortinet : XSS vulnerability in the ESS Profile and Radius Profile of FortiWLCSystems running FortiWLC versions prior to 8.5.2.
25 Jun 2020VULN365Fortinet : Session ID does not expire after logout in FortiDeceptorSystems running FortiDeceptor versions prior to
25 Jun 2020VULN364Squid : Denial of Service when using SMP cache and in TLS HandshakeSystems running Squid versions prior to 5.0.3,
25 Jun 2020VULN363VMware : VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilitiesSystems running VMware ESXi, VMware Workstation,
25 Jun 2020VULN362Cisco : Telnet Vulnerability Affecting Cisco Products June 2020Cisco IOS XE Software when persistent Telnet is
24 Jun 2020VULN361Google Chrome : Chrome 83.0.4103.116 fix Use after free vulnerabilitySystems running Google Chrome versions prior to
24 Jun 2020VULN360Fortinet : CVE-2015-0279 Expression Language Injection in FortiSIEMSystems running FortiSIEM versions prior to 5.3.0.
24 Jun 2020VULN359Fortinet : FortiAnalyzer could potentially be used in NTP amplification attacksSystems running FortiAnalyzer versions prior to
24 Jun 2020VULN358Apache : CVE-2020-9495 Apache Archiva login service is vulnerable to LDAP injectionSystems running Apache Archiva versions prior to
24 Jun 2020VULN357curl : Partial password leak and local file overwriting vulnerabilitySystems running curl versions 7.20.0 up to and
24 Jun 2020VULN356Apache : CVE-2020-9480 Apache Spark RCE vulnerability in auth-enabled standalone masterSystems running Apache Spark versions prior to
19 Jun 2020STAT25
18 Jun 2020VULN355Apache XML Graphics Batik : [CVE-2019-17566] Apache XML Graphics Batik SSRF vulnerabilitySystems running Batik versions prior to 1.12.
18 Jun 2020VULN354Cisco : Cisco Security Advisories Published on June 17, 2020Systems running Cisco TelePresence IX5000 Series,
18 Jun 2020VULN353Adobe : Security Updates Available for Adobe Audition APSB20-40Systems running Adobe Audition versions prior to
18 Jun 2020VULN352Drupal : Drupal core - Critical CSRF, Arbitrary PHP code execution and Access bypass vulnerabilitiesSystems running Drupal core versions prior to 7.72,
18 Jun 2020VULN351ISC Bind : Denial of service vulnerabilities fixed in BindSystems running ISC Bind versions prior to 9.11.20,
17 Jun 2020VULN350Google Chrome : Multiple vulnerabilities fixed in Chrome 83.0.4103.106Systems running Google Chrome versions prior to
17 Jun 2020VULN349Treck Inc : Treck TCP/IP Stack vulnerabilitiesSystems running Treck Inc TCP/IP stack.
17 Jun 2020VULN348Adobe : Security Updates Available for Adobe Premiere Pro and Adobe Premiere Rush APSB20-38 APSB20-39Systems running Adobe Premiere versions prior to
17 Jun 2020VULN347Adobe : Security Updates Available for Adobe After Effects APSB20-35Windows running Adobe After Effects versions prior
17 Jun 2020VULN346Adobe : Security Updates Available for Adobe Illustrator APSB20-37Systems running Adobe Illustrator versions prior to
17 Jun 2020VULN345Apache: CVE-2020-11969 Apache TomEE - useJMX attribute on ActiveMQ resource,adapter URI causes authenticated JMX port to be openSystems running Apache TomEE versions prior to
12 Jun 2020VULN344Fortinet : XSS vulnerability in the Description Area of the Admin ProfileSystems running FortiAnalyzer versions prior to
12 Jun 2020VULN343Fortinet : Unquoted Service Path Exploit observed in FortiSIEMWindowsAgentWindows running FortiSIEMWindowsAgent versions
12 Jun 2020VULN342Palo Alto : local privilege escalation and Missing certificate validation vulnerabilitiesSystems running GlobalProtect App versions prior to
12 Jun 2020VULN341Palo Alto : Multiple vulnerabilities fixed in PAN-OSPAN-OS versions prior to 9.1.0, 9.0.7, 8.1.13,
12 Jun 2020VULN340Apache Karaf : CVE-2020-11980 A remote client could create MBeans from arbitrary URLsSystems running Apache Karaf versions prior to
12 Jun 2020STAT24
11 Jun 2020VULN339LibreOffice : CVE-2020-12802 remote graphics contained in docx format retrieved in 'stealth mode'Systems running LibreOffice versions prior to
11 Jun 2020VULN338Citrix : CTX275460 in Citrix Workspace app and Receiver for Windows,Security BulletinWindows running Citrix Workspace app and Receiver
11 Jun 2020VULN337Citrix : CTX275165 Citrix Hypervisor Security UpdatesSystems running Citrix Hypervisor versions 8.1, 8.0,
11 Jun 2020VULN336Adobe : Security Bulletin for Adobe Flash Player APSB20-30Systems running Adobe Flash Player prior to
11 Jun 2020VULN335WordPress : WordPress 5.4.2 fixes multiple security vulnerabilitiesSystems running WordPress versions prior to 5.4.2.
11 Jun 2020VULN334Microsoft : Microsoft Security Update Summary for June 9, 2020Systems running Internet Explorer,
11 Jun 2020VULN333 (VMware : VMware Horizon Client for Windows update addresses privilege,escalation vulnerability (CVE-2020-3961))Windows running VMware Horizon Client versions
11 Jun 2020VULN332Xen : Special Register Buffer speculative side channelSystems running Xen.
11 Jun 2020VULN331GitLab : GitLab Critical Security Release: 13.0.6, 12.10.11, 12.9.10Systems running GitLab versions prior to 13.0.6,
11 Jun 2020VULN330Roundcube : Security updates 1.4.5 and 1.3.12 fix XSS vulnerabilitiesSystems running Roundcube versions prior to 1.4.5,
10 Jun 2020VULN329Node.js : Node.js June 2020 Security ReleasesSystems running Node.js versions 10.x, 12.x, 14.x
9 Jun 2020VULN328Mozilla : Security Vulnerabilities fixed in Firefox 77 and ESR 68.9Systems running Firefox versions prior to 77, 68.9.
9 Jun 2020VULN327Mozilla : Security Vulnerabilities fixed in Thunderbird 68.9.0Systems running Thunderbird versions prior to
9 Jun 2020VULN326 (VMware : VMware ESXi, Workstation and Fusion updates address out-of-bounds read vulnerability (CVE-2020-3960))Systems running VMware ESXi versions prior to
9 Jun 2020VULN325Zimbra : NEW Zimbra Patches fix Unrestricted Upload of File with Dangerous TypeSystems running Zimbra versions prior to
9 Jun 2020VULN324Joomla! : Multiple vulnerabilities fixed in Joomla! 3.9.19Systems running Joomla! versions prior to 3.9.19.
9 Jun 2020VULN323GitLab : GitLab Critical Security Release 13.0.4, 12.10.9, 12.9.9Systems running GitLab versions prior to 13.0.4,
9 Jun 2020VULN322Docker : Disable IPv6 Router Advertisements to prevent address spoofing CVE-2020-13401Systems running Docker versions prior to 19.03.11.
9 Jun 2020VULN321QNAP NAS : eCh0raix RansomwareSystems running QTS versions prior to 4.4.1 build
9 Jun 2020VULN320QNAP NAS : Multiple Vulnerabilities in File StationSystems running QTS versions prior to
9 Jun 2020VULN319Jenkins : Jenkins Security Advisory 2020-06-03Systems running Compact Columns Plugin for Jenkins,
8 Jun 2020VULN318US-CERT : Universal Plug and Play (UPnP) SUBSCRIBE can be abused to send traffic to arbitrary destinationsSystems implementing Universal Plug and Play (UPnP)
8 Jun 2020VULN317US-CERT : IP-in-IP protocol routes arbitrary traffic by defaultSystems implementing IP-in-IP encapsulation.
8 Jun 2020VULN316Kubernetes : CVE-2020-8555: Half-Blind SSRF in kube-controller-managerSystems running kube-controller-manager versions
8 Jun 2020VULN315Apache Unomi : Fix for CVE-2020-11975 in Apache Unomi 1.5.1Systems running Apache Unomi versions prior to
8 Jun 2020VULN314Grafana : Grafana 6.7.4 and 7.0.2 released with important security fixSystems running Grafana versions prior to 6.7.4,
8 Jun 2020VULN313Apache : [CVE-2020-1963] Apache Ignite access to file system disclosure vulnerabilitySystems running Apache Ignite versions prior to
8 Jun 2020VULN312Django : Django security releases issued 3.0.7, and 2.2.13 for CVE-2020-13254 & CVE-2020-13596Systems running Django versions prior to 3.0.7,
5 Jun 2020STAT23
29 May 2020STAT22
29 May 2020VULN311Cmsmadesimple : Stored XSS vulnerability in File Picker at CMSMS 2.2.14 and belowSystems running Cmsmadesimple versions up to and
29 May 2020VULN310VMware : VMware ESXi, Workstation, Fusion, VMware Remote Console and Horizon Client updates address multiple security vulnerabilitiesSystems running VMware ESXi,
28 May 2020VULN309Google Chrome OS : Chrome OS versions 83.0.4103.77 fixes unspecified security vulnerabilitiesChrome OS versions prior to 83.0.4103.77.
28 May 2020VULN308Gitlab : GitLab Security Release 13.0.1, 12.10.7, 12.9.8Systems running GitLab versions prior to 13.0.1,
28 May 2020VULN307OpenSSH : OpenSSH 8.3 releasedSystems running OpenSSH versions prior to 8.3.
28 May 2020VULN306Cisco : SaltStack FrameWork Vulnerabilities Affecting Cisco ProductsCisco CML versions prior to 2.2.0.0, 1.6.65,
27 May 2020VULN305 (APPLE : APPLE-SA-2020-05-26-11 Windows Migration Assistant 2.2.0.0 (v. 1A11))Systems running Windows Migration Assistant
27 May 2020VULN304APPLE : APPLE-SA-2020-05-26-5 watchOS 6.2.5 and 5.3.7watchOS running versions prior to 6.2.5.
27 May 2020VULN303APPLE : APPLE-SA-2020-05-26-9 iCloud for Windows 11.2 and 7.19Windows running iCloud versions prior to 11.2,
27 May 2020VULN302APPLE : APPLE-SA-2020-05-26-8 iTunes 12.10.7 for WindowsSystems running iTunes versions prior to 12.10.7.
27 May 2020VULN301APPLE : APPLE-SA-2020-05-26-7 Safari 13.1.1Systems running Safari versions prior to 13.1.1.
27 May 2020VULN300APPLE : macOS Catalina 10.15.5, Security Update,2020-003 Mojave, Security Update 2020-003 High SierramacOS versions prior to 10.15.5.
27 May 2020VULN299APPLE : Multiple vulnerabilities fixed in iOS 13.5 and 12.4.7, iPadOS 13.5iOS versions 13.5, 12.4.7, iPadOS 13.5.
22 May 2020VULN298Microsoft : CVE-2020-1195 Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilitySystems running Microsoft Edge (Chromium-based)
22 May 2020VULN297Fortinet : CVE-2004-0230 Blind Reset Attack Using the RST/SYN BitSystems running FortiAnalyzer, FortiManager
22 May 2020VULN296Google Chrome : Multiple vulnerabilities fixed in Chrome 83Systems running Google Chrome versions prior to 83.
22 May 2020STAT21
22 May 2020VULN295Apache : CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistenceSystems running Apache Tomcat versions prior
22 May 2020VULN294Unbound : Denial od Service Vulnerabilities fixed in UnboundSystems running Unbound versions prior to 1.10.1.
22 May 2020VULN293Drupal : Cross Site Scripting and Open Redirect fixed in Drupal coreSystems running Drupal core versions prior
20 May 2020VULN292Adobe : Security Updates Available for Adobe Premiere Rush APSB20-29Systems running Adobe Premiere Rush versions prior
20 May 2020VULN291APPLE : APPLE-SA-2020-05-20-1 Xcode 11.5Systems running APPLE Xcode versions prior to 11.5.
20 May 2020VULN290Ruby on Rails : Multiple vulnerabilities fixed in Rails 5.2.4.3 and 6.0.3.1Systems running Rails versions prior to 5.2.4.3,
20 May 2020VULN289Wireshark : wnpa-sec-2020-08 · NFS dissector crashSystems running Wireshark versions prior to 3.2.4,
20 May 2020VULN288Cisco : Cisco Prime Network Registrar DHCP Denial of Service VulnerabilitySystems running Cisco Prime Network Registrar
20 May 2020VULN287Cisco : Cisco Unified Contact Center Express Remote Code Execution Vulnerability CriticalSystems running Cisco Unified Contact Center
20 May 2020VULN286Apache : [CVE-2020-1956] Apache Kylin command injection vulnerabilitySystems running Apache Kylin versions prior to
19 May 2020VULN285PowerDNS : Multiple vulnerabilities fixed in PowerDNSSystems running PowerDNS versions 4 prior to 4.3.1,
19 May 2020VULN284 (Bind : Two vulnerabilities disclosed in BIND (CVE-2020-8616 and CVE-2020-8617))Systems running BIND versions 9 prior to 9.11.19,
19 May 2020VULN283Apache : [CVE-2020-1955] Apache CouchDB Remote Privilege EscalationSystems running Apache CouchDB versions prior to
19 May 2020VULN282 (VMware : VMware Cloud Director updates address Code Injection Vulnerability (CVE-2020-3956))Systems running VMware Cloud Director versions
19 May 2020VULN281US-CERT : Bluetooth devices supporting BR/EDR are vulnerable to impersonation attacksSystems running Bluetooth BR/EDR implementations.
18 May 2020VULN280LibreOffice : CVE-2020-12801Systems running LibreOffice versions prior to
18 May 2020VULN279Moodle : XSS and Remote code execution Vulnerabilities fixed in MoodleSystems running Moodle versions prior to 3.8.3,
18 May 2020VULN278US-CERT : Samsung Qmage codec for Android Skia library does not properly validate image filesAndroid running Samsung Qmage codec for Android
18 May 2020VULN277Dovecot : Multiple vulnerabilities in DovecotSystems running Dovecot versions 2.3 prior to
15 May 2020STAT20
15 May 2020VULN276Apache : CVE-2019-17562 buffer overflow in baremetal pluginSystems running Apache CloudStack versions prior to
15 May 2020VULN275Apache : [CVE-2020-1941] XSS in Apache ActiveMQ WebConsoleSystems running Apache ActiveMQ versions prior to
15 May 2020VULN274Apache : [SECURITY][CVE-2019-17572] Apache RocketMQ directory traversal vulnerabilitySystems running Apache RocketMQ versions prior to
15 May 2020VULN273Apache : New security advisories CVE-2020-11971, CVE-2020-11972, CVE-2020-11973 released for Apache CamelSystems running Apache Camel versions prior to
15 May 2020VULN272TYPO3 : TYPO3-EXT-SA-2020 Vulnerabilities in multiple TYPO3 extensionsSystems running "phpMyAdmin" for TYPO3 versions
14 May 2020VULN271TYPO3-CORE : Multiple vulnerabilities fixed in TYPO3-CORESystems running TYPO3-CORE versions prior to
14 May 2020VULN270Apache : CVE-2020-1960 Apache Flink JMX information disclosure vulnerabilitySystems running Apache Flink versions prior
14 May 2020VULN269Apache : CVE-2020-1945 Apache Ant insecure temporary file vulnerabilitySystems running Apache Ant versions 1.1 up to and
14 May 2020VULN268Drupal : reCAPTCHA v3 - Critical - Access bypass - SA-CONTRIB-2020-019Systems running reCAPTCHA v3 for Drupal versions
14 May 2020VULN267PHP : Vulnerabilities fixed in PHPSystems running PHP versions prior to 7.2.31,
13 May 2020VULN266 (Vmware : VMware vRealize Operations Manager addresses Authentication,Bypass and Directory Traversal vulnerabilities (CVE-2020-11651,CVE-2020-11652))Systems running VMware vRealize Operations Manager
13 May 2020VULN265Adobe : Security update available for Adobe DNG Software Development Kit (SDK) APSB20-26Systems running Adobe DNG Software Development Kit
13 May 2020VULN264Adobe : Security Update available for Adobe Acrobat and Reader APSB20-24Systems running Adobe Acrobat, Adobe Reader
13 May 2020VULN263Apache : CVE-2020-1939 Apache NuttX optional/example ftpd program NULL pointer bugSystems running Apache NuttX versions prior to
13 May 2020VULN262Microsoft : Microsoft Security Update Summary for May 12, 2020Systems running Internet Explorer,
11 May 2020STAT19
7 May 2020VULN261JetBrains : JetBrains Security Bulletin Q1 2020Systems running JetBrains software products.
7 May 2020VULN260Jenkins : Jenkins Security Advisory 2020-05-06Systems running Amazon EC2 Plugin for Jenkins
7 May 2020VULN259Drupal : Multiple vulnerabilities patched in WebformSystems running Webform versions prior to 8.x-5.11.
7 May 2020VULN258Openstack : Multiple vulnerabilities patched in KeystoneSystems running Keystone versions 15.0.1 uo to and
7 May 2020VULN257Foxit : Mises à jours de sécurité disponible sur Foxit PhantomPDF Mac et Foxit Reader for Mac 4.0macOS running Foxit PhantomPDF Mac, Foxit Reader
7 May 2020VULN256Videolan : Multiple vulnerabilities fixed in VLC media playerSystems running VLC media player versions 3 prior
7 May 2020VULN255Ruby on Rails : actionpack_page-caching and Active Resource gems VulnerabilitiesSystems running actionpack_page-caching versions
7 May 2020VULN254Cisco : Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software multiple VulnerabilitiesCisco ASA Software versions prior to 9.8.4.20,
7 May 2020VULN253NGINX : NGINX Controller version 3.4.0 fixes multiple security vulnerabilitiesSystems running NGINX Controller versions prior to
6 May 2020VULN252Zoho ManageEngine : CVE-2020-10859 Arbitrary File Upload Vulnerability Prevention for Desktop CentralSystems running Zoho ManageEngine Desktop Central
6 May 2020VULN251Google Chrome : Google Chrome version 81.0.4044.138 fixes Stack buffer overflow and Type Confusion vulnerabilitiesSystems running Google Chrome versions prior to
6 May 2020VULN250GLPI : GLPI version 9.4.6 fixes multiple security vulnerabilitiesSystems running GLPI versions prior to 9.4.6.
6 May 2020VULN249Google Android : Android Security Bulletin—May 2020Android versions prior to 8.0, 8.1, 9, 10.
6 May 2020VULN248Mozilla : Multiple Security Vulnerabilities fixed in Firefox 76 and 68.8Systems running Thunderbird versions prior to 76,
6 May 2020VULN247Zimbra : NEW Zimbra 9.0.0 “Kepler†Patch 2 fix XSS vulnerabilitiesSystems running Zimbra versions prior to 9.0.0 P2.
6 May 2020VULN246Citrix : Citrix ShareFile storage zones Controller multiple security updatesSystems running Citrix ShareFile storage versions
6 May 2020VULN245Mozilla : Security Vulnerabilities fixed in Thunderbird 68.8.0Systems running Thunderbird versions prior to
5 May 2020ALER01Exploitation de vulnérabilités dans SaltStack
5 May 2020VULN244Apache : Apache Syncope Multiple vulnerabilitiesSystems running Apache Syncope versions 2.X prior
5 May 2020VULN243Roundcube : Security updates 1.4.4, 1.3.11 and 1.2.10 releasedSystems running Roundcube Webmail versions prior to
4 May 2020STAT18
4 May 2020VULN242SaltStack : Salt vulnerabilities allow arbitrary directory access and running arbitrary commands on salt minionsSystems running Salt versions prior to 2019.2.4,
4 May 2020VULN241Citrix : Citrix Hypervisor Security UpdateSystems running Citrix Hypervisor, XenServer.
4 May 2020VULN240GitLab : GitLab Security Release 12.10.2, 12.9.5, 12.8.10Systems running GitLab versions prior to 12.10.2,
4 May 2020VULN239WordPress : Multiple vulnerabilities fixed in WordPress 5.4.1Systems running WordPress versions prior to 5.4.1.
30 Apr 2020VULN238Apache : Apache OFBiz Host Header Injection and multiple CSRF vulnerabilitiesSystems running Apache OFBiz versions prior to
30 Apr 2020VULN237Cisco : Cisco IOS XE SD-WAN Software Command Injection VulnerabilityCisco IOS XE SD-WAN versions prior to 17.2.1r.
29 Apr 2020VULN236Tenable : Nessus Agent 7.6.3 Fixes Multiple Third-party VulnerabilitiesSystems running Nessus Agent versions prior to
29 Apr 2020VULN235Adobe : Security Updates Available for Adobe Bridge APSB20-19Systems running Adobe Bridge versions prior to
29 Apr 2020VULN234Adobe : Security Updates Available for Adobe Illustrator APSB20-20Systems running Illustrator 2020 versions prior to
29 Apr 2020VULN233Adobe : Security Updates Available for Magento APSB20-22Systems running Magento Commerce, Magento Open
29 Apr 2020VULN232 (VMware : VMware ESXi patches address Stored Cross-Site Scripting (XSS) vulnerability (CVE-2020-3955))Systems running VMware ESXi versions prior to 7.0.
28 Apr 2020VULN231Fortinet : Authentication bypass in FortiMail and FortiVoiceEntrepriseSystems runningFortiMail versions prior to 5.4.11,
28 Apr 2020VULN230Sophos : Fixing SQL injection vulnerability and malicious code execution in XG Firewall/SFOSSFOS versions prior to 17.0, 17.1, 17.5, 18.0.
28 Apr 2020VULN229Google Chrome : Chrome 81.0.4044.129 fixes multiple security vulnerabilitiesSystems running Google Chrome versions prior to
28 Apr 2020VULN228Samba : Use-after-free and LDAP Denial of Service in Samba AD DCSystems running Samba versions 4 prior to 4.10.15,
28 Apr 2020VULN227 (Apache : Apache Traffic Server is vulnerable to a HTTP/2 slow read attack (revised URL to CVE))Systems running Apache Traffic Server versions
28 Apr 2020VULN226Apache : CVE-2020-9482: Apache NiFi Registry user log out issueSystems running Apache NiFi versions prior to
28 Apr 2020VULN225WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2020-0005Systems running WebKitGTK, WPE WebKit versions
27 Apr 2020VULN224Apache : [CVE-2020-1952] Apache IoTDB (incubating) Remote Code execution vulnerabilitySystems running Apache IoTDB versions 0.8.x, 0.9.x
27 Apr 2020VULN223Apache : [CVE-2020-9488] Improper validation of certificate with host mismatch in Apache Log4j SMTP appenderSystems running Apache Log4j versions prior to
27 Apr 2020VULN222Apache : [CVE-2020-9489] Denial of Service (DOS) Vulnerabilities in Some of Apache Tika's ParsersSystems running Apache Tika versions 1.24.
24 Apr 2020STAT17
23 Apr 2020VULN221Git : Git Malicious URLs can still cause Git to send a stored credential to the wrong serverSystems running Git versions prior to 2.26.2,
22 Apr 2020VULN220Google Chrome : Chrome 81.0.4044.122 fixes multiple vulnerabilitiesSystems running Google Chrome versions prior to
22 Apr 2020VULN219Joomla : Joomla 3.9.17 fixes multiple vulnerabilitiesSystems running Joomla! versions prior to 3.9.17.
21 Apr 2020VULN218 (OpenSSL : Segmentation fault in SSL_check_chain (CVE-2020-1967))Systems running OpenSSL versions 1.1.1d, 1.1.1e,
20 Apr 2020VULN217Tenable : Tenable.sc 5.14.0 Fixes Multiple VulnerabilitiesSystems running Tenable.sc versions prior to
20 Apr 2020VULN216Apache Solr : [CVE-2019-17558] Apache Solr RCE through VelocityResponseWriterSystems running Apache Solr versions prior to 8.4.
20 Apr 2020VULN215APPLE : Potential Credential DisclosureVulnerability fixed in APPLE XcodeSystems running APPLE Xcode versions prior to
20 Apr 2020VULN214Squid : Access control bypass, cache poisoning and cross-site scripting vulnerabilities fixed in Squid Proxy CacheSystems running Squid versions prior to 4.8
17 Apr 2020STAT16
17 Apr 2020VULN213Aruba : Aruba ClearPass Policy Manager Multiple VulnerabilitiesSystems running Aruba ClearPass versions 6.8.x,
17 Apr 2020VULN212IBM : Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application ServerSystems running IBM HTTP Server versions 9.0, 8.5,
17 Apr 2020VULN211Google Chrome : Chrome 81.0.4044.113 fixes multiple VulnerabilitiesSystems running Google Chrome versions prior to
17 Apr 2020VULN210PHP : PHP 7.4.5 and 7.3.17 fix VulnerabilitySystems running PHP versions prior to 7.4.5,
17 Apr 2020VULN209Jenkins : Jenkins Security Advisory 2020-04-16Systems running AWS SAM Plugin for Jenkins,
17 Apr 2020VULN208Apache : CVE-2020-1964 Apache Heron (incubating) information disclosure,vulnerabilitySystems running Apache Heron versions
17 Apr 2020VULN207WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2020-0004Systems running WebKitGTK versions before 2.28.1,
16 Apr 2020VULN206Cisco : Cisco IoT Field Network Director Denial of Service VulnerabilitySystems running Cisco IoT Field Network Director
16 Apr 2020VULN205Cisco : Cisco Mobility Express Software Cross-Site Request Forgery VulnerabilityCisco Mobility Express Software versions prior to
16 Apr 2020VULN204Cisco : Cisco Unified Communications Manager Path Traversal VulnerabilitySystems running Cisco Unified Communications
16 Apr 2020VULN203Cisco : Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big DataSystems running Cisco UCS Director,
16 Apr 2020VULN202Cisco : Cisco Wireless LAN Controller Denial of Service VulnerabilitiesCisco Wireless LAN Controller (WLC) Software
16 Apr 2020VULN201Cisco : Cisco Aironet Series Access Points Client Packet Processing Denial of Service VulnerabilityCisco Aironet Access Points Software versions prior
16 Apr 2020VULN200Cisco : Cisco IP Phones Web Server Remote Code Execution and Denial of Service VulnerabilityCisco IP Phones firmware.
16 Apr 2020VULN199Cisco : Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution VulnerabilitySystems running Cisco Webex Network Recording
16 Apr 2020VULN198Drupal : JSON:API - Critical - Unsupported - SA-CONTRIB-2020-010Systems running JSON:API for Drupal.
15 Apr 2020VULN197Citrix : Citrix Hypervisor Multiple Security Updates CTX270837Systems running Citrix Hypervisor versions 8.1,
15 Apr 2020VULN196Adobe : Security Updates Available for Adobe After Effects APSB20-21Systems running Adobe After Effects versions prior
15 Apr 2020VULN195Adobe : Security updates available for ColdFusion | APSB20-18Systems running Adobe ColdFusion versions prior to
15 Apr 2020VULN194Adobe : Security Updates Available for Adobe Digital Editions APSB20-23Windows running Adobe Digital Editions versions
15 Apr 2020VULN193Palo Alto : Multiple vulnerabilities fixed in PAN-OSPAN-OS versions prior to 7.1.26, 8.0.21, 8.1.13,
15 Apr 2020VULN192Palo Alto : Security Vulnerabilities fixed in GlobalProtect AgentSystems running GlobalProtect Agent versions prior
15 Apr 2020VULN191 (VMware : VMware vRealize Log Insight addresses Cross Site Scripting (XSS) and Open Redirect vulnerabilities (CVE-2020-3953, CVE-2020-3954))Systems running vRealize Log Insight versions prior
15 Apr 2020VULN190GitLab : GitLab Critical Security Release: 12.9.3, 12.8.9, and 12.7.9Systems running GitLab Community Edition,
15 Apr 2020VULN189Oracle : April 2020 Critical Patch Update ReleasedSystems running Oracle Database Server,
15 Apr 2020VULN188Microsoft : Microsoft Security Update Summary for April 14, 2020Systems running Internet Explorer,
14 Apr 2020VULN187openSUSE : moderate Security update for eximopenSUSE versions prior to Leap 15.1,
14 Apr 2020VULN186Xen : Vulnerabilities fixed in Grant table operationsSystems running Xen.
14 Apr 2020VULN185 (VMware : VMware vCenter Server updates address sensitive information disclosure vulnerability in the VMware Directory Service (vmdir) (CVE-2020-3952))Systems running VMware vCenter Server versions
14 Apr 2020VULN184Mozilla : Security Vulnerabilities fixed in Thunderbird 68.7.0Systems running Mozilla Thunderbird versions prior
10 Apr 2020STAT15
9 Apr 2020VULN183Wireshark : wnpa-sec-2020-07 · BACapp dissector crashSystems running Wireshark versions prior to 3.2.3,
9 Apr 2020VULN182LibSSH : Client/server denial of service when handling AES-CTR ciphersSystems running libssh versions prior to 0.8.9,
8 Apr 2020VULN181US-CERT : Vertiv Avocent UMG-4000 vulnerable to command injection and cross-site scripting vulnerabilitiesUniversal Management Gateway firmware versions
8 Apr 2020VULN180Google Chrome : Chrome 81 fixes multiple security vulnerabilitiesSystems running Google Chrome versions prior to 81.
7 Apr 2020VULN179Jenkins : Jenkins Security Advisory 2020-04-07Systems running AWSEB Deployment Plugin for
6 Apr 2020VULN178Mozilla : Security Vulnerabilities fixed in Firefox 74.0.1 and Firefox ESR 68.6.1Systems running Firefox versions prior to 74.0.1,
3 Apr 2020STAT14
3 Apr 2020VULN177MediaWiki : Security and maintenance release: 1.31.7 / 1.33.3 / 1.34.1Systems running MediaWiki versions prior to 1.34.1,
2 Apr 2020VULN176Puppet : CVE-2020-7944 - ContinuousDelivery for Puppet Enterprise impact analysis reports show sensitiveparametersSystems running Continuous Delivery for Puppet
2 Apr 2020VULN175Apache : Apache Server 2.4.43 security,feature and bug fix releaseSystems running Apache Server versions prior to
2 Apr 2020VULN174Apache : CVE-2020-1954 Apache CXF JMXIntegration is vulnerable to a MITM attackSystems running Apache CXF versions prior to 3.3.6,
2 Apr 2020VULN173Apache : [CVE-2020-1958]: Apache DruidLDAP injection vulnerabilitySystems running Apache Druid versions prior to
2 Apr 2020VULN172Apache : 'Apache NetBeans' autoupdatevulnerabilitiesSystems running Apache NetBeans versions prior to
27 Mar 2020STAT13
26 Mar 2020VULN171Adobe : Security update available for Creative Cloud Desktop Application | APSB20-11Windows running Adobe Creative Cloud Desktop
26 Mar 2020VULN170Apache : CVE-2020-1949: Apache Sling CMS Reflected XSS VulnerabilitySystems running Apache Sling CMS versions prior to
26 Mar 2020VULN169Apache : [CVE-2020-1957] Apache Shiro 1.5.2 releasedSystems running Apache Shiro versions prior to
26 Mar 2020VULN168Kubernetes : CVE-2020-8551, CVE-2020-8552: Kubernetes: Denial of serviceSystems running Kubernetes versions prior to
26 Mar 2020VULN167Serendipity : Serendipity 2.3.4 fix possible malicious file uploadSystemss running Serendipity versions prior to
26 Mar 2020VULN166Drupal : Svg Image - Critical - Cross site scripting - SA-CONTRIB-2020-008Systems running Svg Image for Drupal versions prior
26 Mar 2020VULN165Jenkins : Jenkins Security Advisory 2020-03-25Systems running Jenkins versions prior to 2.228,
25 Mar 2020VULN164US-CERT : Microsoft Windows Type 1 font parsing remote code execution vulnerabilitiesWindows running Windows Adobe Type Manager library.
25 Mar 2020VULN163Apache : CVE-2019-10091 Apache Geode SSL endpoint verification vulnerabilitySystems running Apache Geode versions prior to
25 Mar 2020VULN162Apache : DoS vulnerabilities fixed in Apache Tika's PSDParserSystems running Apache Tika versions prior to 1.24.
25 Mar 2020VULN161Apache : Apache Traffic Server is vulnerable to various smugging attacksSystems running Apache Traffic Server versions
25 Mar 2020VULN160Apache : [CVE-2020-1953] Uncontrolled class instantiation when loading YAML files in Apache Commons ConfigurationSystems running Apache Commons versions prior to
25 Mar 2020VULN159APPLE : APPLE-SA-2020-03-24-6 iTunes for Windows 12.10.5Windows running iTunes versions prior to 12.10.5.
25 Mar 2020VULN158APPLE : APPLE-SA-2020-03-24-3 tvOS 13.4tvOS versions prior to 13.4.
25 Mar 2020VULN157APPLE : APPLE-SA-2020-03-24-4 watchOS 6.2watchOS versions prior to 6.2.
25 Mar 2020VULN156APPLE : APPLE-SA-2020-03-24-7 Xcode 11.4Systems running Xcode versions prior to 11.4.
25 Mar 2020VULN155APPLE : APPLE-SA-2020-03-24-5 Safari 13.1Systems running Safari versions prior to 13.1.
25 Mar 2020VULN154APPLE : APPLE-SA-2020-03-24-2 macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High SierramacOS versions prior to 10.15.4.
25 Mar 2020VULN153APPLE : APPLE-SA-2020-03-24-1 iOS 13.4 and iPadOS 13.4iOS versions prior to 13.4,
25 Mar 2020VULN152phpMyAdmin : Multiple SQL injection vulnerabilities fixed in phpMyAdminSystems running phpMyAdmin versions prior to 4.9.5,
25 Mar 2020VULN151 (Ruby : CVE-2020-10663 Unsafe Object Creation Vulnerability in JSON (Additional fix))Systems running json gem for Ruby
25 Mar 2020VULN150Ruby on Rails : Rails 6.0.2.2 and 5.2.4.2 fix XSS vulnerability in JS escape helperSystems running Ruby on Rails versions prior to
20 Mar 2020STAT12
20 Mar 2020VULN149Adobe : Security Updates Available for Adobe Genuine Integrity Service | APSB20-12Systems running Adobe Genuine Integrity Service
20 Mar 2020VULN148Adobe : Security updates available for Adobe Experience Manager | APSB20-15Systems running Adobe Experience Manager
20 Mar 2020VULN147Adobe : Security Updates Available for Adobe Bridge | APSB20-17Systems running Adobe Bridge versions 10.0 prior to
20 Mar 2020VULN146Adobe : Security Bulletin for Adobe Acrobat and Reader | APSB20-13Systems running Adobe Acrobat, Adobe Reader
20 Mar 2020VULN145Adobe : Security updates available for ColdFusion | APSB20-16Systems running ColdFusion 2016 versions prior to
20 Mar 2020VULN144Adobe : Security updates available for Adobe Photoshop | APSB20-14Systems running Adobe Photoshop CC 2019, Adobe
19 Mar 2020VULN143Drupal core : Drupal core - Moderately critical - Third-party library - SA-CORE-2020-001Systems running Drupal core versions prior to
19 Mar 2020VULN142Drupal : CKEditor - WYSIWYG HTML editor - Moderately critical - Cross site scripting - SA-CONTRIB-2020-007Systems running CKEditor for Drupal versions prior
18 Mar 2020VULN141 (VMware : VMware Workstation, Fusion, VMware Remote Console and Horizon Client updates (CVE-2020-3950, CVE-2020-3951))Systems running VMware Workstation versions prior
16 Mar 2020VULN140WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2020-0003Systems running WebKitGTK, WPE WebKit versions
16 Mar 2020VULN139Moodle : Multiple vulnerabilities fixed in MoodleSystems running Moodle versions prior to 3.8.2,
13 Mar 2020STAT11
13 Mar 2020VULN138GitLab : GitLab Critical Security Release: 12.8.6Systems running GitLab CE/EE versions 12.8 prior to
13 Mar 2020VULN137Mozilla : Security Vulnerabilities fixed in Thunderbird 68.6Systems running Thunderbird versions prior to 68.6.
13 Mar 2020VULN136VMware : VMware Horizon Client, VMRC, VMware Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilitiesSystems running VMware Workstation versions prior
12 Mar 2020VULN135Fortinet : XSS vulnerability in the FortiManager via the buffer parameterSystems running FortiManager versions prior to
12 Mar 2020VULN134Fortinet : Authorizations Bypass in the FortiPresence portal parametersSystems running FortiPresence versions prior to
12 Mar 2020VULN133Fortinet : Stored XSS vulnerability in traffic group interfaceSystems running FortiADC versions prior to 5.3.4.
12 Mar 2020VULN132Fortinet : Unquoted Service Path exploit in FortiClientWindows running FortiClient versions prior to 6.2.3.
12 Mar 2020VULN131Fortinet : multiple vulnerabilities fixed in FortiWebSystems running FortiWeb versions prior to 6.0.6,
12 Mar 2020VULN130Fortinet : XSS vulnerability in the URL Description of URL filterSystems running FortiIsolator versions prior to
12 Mar 2020VULN129Drupal : SAML Service Provider - Critical - Access bypass - SA-CONTRIB-2020-006Systems running SAML Service Provider for Drupal
12 Mar 2020VULN128Joomla! : Mutiple vulnerabilities fixed in Joomla!Systems running Joomla! versions prior to 3.9.16.
12 Mar 2020VULN127Apache ShardingSphere : CVE-2020-1947 Apache ShardingSphere(incubator) deserialization,vulnerabilitySystems running Apache ShardingSphere(incubator)
12 Mar 2020VULN126Puppet : CVE-2020-7943 and CVE-2020-7942- Sensitive information leak via metrics API and Arbitrary Catalog RetrievalSystems running Puppet Enterprise versions prior to
11 Mar 2020VULN125INTEL : Intel Processors Load Value Injection AdvisoryIntel SGX PSW versions prior to 2.7.100.2,
11 Mar 2020VULN124INTEL : Intel Graphics Drivers AdvisoryIntel(R) Graphics Drivers before versions
11 Mar 2020VULN123Mozilla : Security Vulnerabilities fixed in Firefox ESR 68.6 and 74Systems Firefox versions prior to 74, ESR 68.6.
11 Mar 2020VULN122Microsoft : Microsoft Security Update Summary for March 10, 2020Systems running Internet Explorer,
11 Mar 2020VULN121Xen : Load Value Injection (LVI) speculative side channelSystems running Xen.
11 Mar 2020VULN120US-CERT : Microsoft SMBv3 compression remote code execution vulnerabilityWindows running Microsoft SMBv3.
10 Mar 2020VULN119 (Horde : Directory Traversal/RCE Vulnerability fixed in Trean H5 (1.1.10) (final))Systems running Trean H5 versions prior to 1.1.10.
10 Mar 2020VULN118Horde : CVE-2020-8866: Arbitrary File Creation in Temporary Directory VulnerabilitySystems running Horde_Form versions prior to
10 Mar 2020VULN117Horde : CVE-2020-8518: RCE vulnerability in Horde_DataSystems running Horde_Data versions prior to 2.1.5.
10 Mar 2020VULN116Jenkins : Jenkins Security Advisory 2020-03-09Systems running Audit Trail Plugin for Jenkins,
10 Mar 2020VULN115GitLab : GitLab Security Release: 12.8.2, 12.7.7, and 12.6.8Systems running GitLab versions prior to 12.8.2,
9 Mar 2020VULN114Zoho : ManageEngine Desktop Central remote code execution vulnerabilitySystems running Zoho ManageEngine Desktop Central
6 Mar 2020STAT10
6 Mar 2020VULN113Yubico : Security advisory 2020-03-03 – insufficient data validation in yubikey-valSystems running YubiKey Validation Server versions
6 Mar 2020VULN112US-CERT : pppd vulnerable to buffer overflow due to a flaw in EAP packet processingSystems running pppd versions 2.4.2 up to and
6 Mar 2020VULN111Apache OFBiz : [CVE-2020-1943] Apache OFBiz XSS VulnerabilitySystems running Apache OFBiz versions prior to
5 Mar 2020VULN110Cisco : Cisco Intelligent Proximity SSL Certificate Validation VulnerabilitySystems running Cisco Intelligent Proximity,
5 Mar 2020VULN109Cisco : Cisco Prime Network Registrar Cross-Site Request Forgery VulnerabilitySystems running Cisco Prime Network Registrar
5 Mar 2020VULN108Cisco : Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution VulnerabilitiesWindows running Cisco Webex Meetings versions prior
5 Mar 2020VULN107Drupal : SVG Formatter - Critical - Cross site scripting - SA-CONTRIB-2020-005Systems running SVG Formatter for Drupal prior to
5 Mar 2020VULN106Django : Django security releases issued 3.0.4, 2.2.11, and 1.11.29Systems running Django versions prior to
4 Mar 2020VULN105Google Chrome : Stable Channel Update for Desktop fixes Insufficient policy enforcement in mediaSystems running Google Chrome prior to
3 Mar 2020VULN104 (Puma for Ruby : HTTP Response Splitting (Early Hints))Systems running Puma for Ruby versions prior to
28 Feb 2020STAT09
27 Feb 2020VULN103Adobe : Security Updates Available for Adobe Framemaker APSB20-04Systems running Adobe Framemaker versions prior to
27 Feb 2020VULN102npmjs : Arbitrary File Write vulnerability in decompressSystems running decompress package for Node.js.
27 Feb 2020VULN101Wireshark : memory leak and multiple dissector crashesSystems running Wireshark versions prior to 3.2.2,
27 Feb 2020VULN100Cisco : Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution and Denial of Service VulnerabilityCisco FXOS Software, Cisco NX-OS Software,
26 Feb 2020VULN099Cisco : Cisco MDS 9000 Series Multilayer Switches Denial of Service VulnerabilityCisco NX-OS Software.
26 Feb 2020VULN098Cisco : Cisco Nexus 1000V Switch for VMware vSphere Secure Login Enhancements Denial of Service VulnerabilityCisco NX-OS Software Release 5.2(1)SV3(4.1a).
26 Feb 2020VULN097Cisco: Cisco FXOS and UCS Manager Software Local Management CLI Command Injection VulnerabilitiesCisco FXOS Software, Cisco UCS Manager Software,
26 Feb 2020VULN096OpenSMTPD : OpenSMTPD 6.6.4p1 released: addresses CRITICAL vulnerabilitySystems running OpenSMTPD versions prior to 6.6.4p1.
26 Feb 2020VULN095Sympa : 2020-001 Security flaws in CSRF prevensionSystems running Sympa versions prior to 6.2.54.
25 Feb 2020VULN094Nagios : Nagios 5.6.10 fixes RCE and XSS vulnerabilitiesSystems running Nagios versions prior to 5.6.10.
25 Feb 2020VULN093PHP : Multiple vulnerabilities fixed in PHP versions 7.2.28Systems running PHP versions prior to 7.4.3,
25 Feb 2020VULN092Zyxel : Zyxel security advisory for the remote code execution vulnerability of NAS productsZyxel NAS products running firmware version 5.21
25 Feb 2020VULN091Apache Kylin : CVE-2020-1937 Apache Kylin SQL injection vulnerabilitySystems running Apache Kylin versions prior to
25 Feb 2020VULN090Google Chrome : Integer overflow, Out of bounds memory access and Type confusion vulnerabilities fixedSystems running Google Chrome versions prior to
25 Feb 2020VULN089Apache Tomcat : AJP Request Injection, potential Remote Code Execution and HTTP Request Smuggling vulnerabilitiesSystems running Apache Tomcat versions prior to
21 Feb 2020STAT08
20 Feb 2020VULN088Cacti : Cacti 1.2.9 fixes XSS and Remote Code Execution vulnerabilitiesSystems running Cacti versions prior to 1.2.9.
20 Feb 2020VULN087Fortiguard : FortiOS URL redirection attack via the admin password change pageFortiOS versions prior to 6.2.2, 6.0.9.
20 Feb 2020VULN086Puppet : CVE-2020-7942 - Arbitrary Catalog Retrieval in PuppetSystems running Puppet versions 6.x prior to
20 Feb 2020VULN085Drupal : Profile Access Bypass and SpamSpan filter Cross site scripting VulnerabilitiesSystems running Profile for Drupal,
20 Feb 2020VULN084Cisco : Multiple Cisco UCS-Based Products UEFI Secure Boot Bypass VulnerabilityCisco Integrated Management Controller (IMC)
19 Feb 2020VULN083Cisco : Cisco Email Security Appliance and Cisco Content Security Management Appliance Denial of Service VulnerabilitiesCisco AsyncOS running Cisco ESA versions prior to
19 Feb 2020VULN082Cisco : Cisco Data Center Network Manager Cross-Site Request Forgery and Privilege Escalation VulnerabilitiesSystems running Cisco Data Center Network Manager
19 Feb 2020VULN081Cisco : Cisco Unified Contact Center Express Privilege Escalation VulnerabilitySystems running Cisco Unified Contact Center
19 Feb 2020VULN080Cisco : Cisco Smart Software Manager On-Prem Static Default Credential ,VulnerabilitySystems running Cisco Smart Software Manager
19 Feb 2020VULN079 (VMware : vRealize Operations for Horizon Adapter updates address multiple security vulnerabilities (CVE-2020-3943, CVE-2020-3944, CVE-2020-3945))Systems running VMware vRealize Operations for
18 Feb 2020VULN078US-CERT : IBM ServeRAID Manager exposes unauthenticated Java Remote Method Invocation (RMI) serviceSystems running IBM ServeRAID Manager.
17 Feb 2020VULN077Gitlab : GitLab Critical Security Release 12.7.6, 12.6.7, and 12.5.10Systems running GitLab versions prior to 12.7.6,
17 Feb 2020VULN076CA Technologies : CA20200205-01 Security Notice for CA Unified Infrastructure ManagementSystems running CA Unified Infrastructure
17 Feb 2020VULN075Webkit : WebKitGTK and WPE WebKit Security Advisory WSA-2020-0002Systems running WebKitGTK, WPE WebKit versions
17 Feb 2020VULN074Dovecot Core : Denial of Service vulnerabilities fixed in 2.3.9.3Systems running Dovecot Core versions 2.3.9 prior
14 Feb 2020STAT07
13 Feb 2020VULN073Jenkins : Jenkins Security Advisory 2020-02-12Systems running Applatix Plugin for Jenkins,
7 Feb 2020STAT06
7 Feb 2020VULN072Node.js : Security updates for all active release lines, February 2020Systems running Node.js versions prior to 10.19.0
7 Feb 2020VULN071ClamAV : ClamAV® blog: ClamAV 0.102.2 security patch releasedSystems running ClamAV versions prior to 0.102.2.
6 Feb 2020VULN070Drupal : Views Bulk Operations (VBO) - Moderately critical - Access bypass -,SA-CONTRIB-2020-003Systems running Drupal Views Bulk Operations
6 Feb 2020VULN069Cisco : Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution VulnerabilityCisco NX-OS versions prior to 7.0(3)I7(8) (Feb
6 Feb 2020VULN068Cisco : Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service VulnerabilityCisco FXOS, IOS XR, NX-OS.
6 Feb 2020VULN067Cisco : Cisco IOS XR Software Cisco Discovery Protocol Format String VulnerabilityCisco IOS XR versions prior to 6.6.3 or appropriate
6 Feb 2020VULN066Cisco : Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service VulnerabilityCisco Video Surveillance 8000 Series IP
6 Feb 2020VULN065Cisco : Cisco IP Phone Remote Code Execution and Denial of Service VulnerabilitySystems running IP Conference Phone software.
6 Feb 2020VULN064Adobe : Security Updates Available for Magento | APSB20-02Systems running Magento Commerce, Magento Open
5 Feb 2020VULN063OpenSMTPD : OpenSMTPD incorrect check allows arbitrary commands executionSystems running OpenSMTPD versions prior to
5 Feb 2020VULN062Apache Jackrabbit Oak : CVE-2020-1940 Apache Jackrabbit Oak sensitive information disclosure vulnerabilitySystems running Apache Jackrabbit Oak versions
5 Feb 2020VULN061Apache NiFi : Apache NiFi information disclosure, XSS and Dependency VulnerabilitiesSystems running Apache NiFi versions prior
5 Feb 2020VULN060Apache Incubator Superset : [CVE-2020-1932] Apache Incubator Superset user data leak vulnerabilitySystems running Apache Incubator Superset versions
5 Feb 2020VULN059PHP : Multiple vulnerabilities fixed in PHPSystems running PHP versions prior to 7.2.27,
5 Feb 2020VULN058SQUID : Improper Input Validation, Information Disclosure and Buffer overflow vulnerabilities in SquidSystems running Squid versions 2, 3, 4 up to and
5 Feb 2020VULN057GitLab : GitLab Security Release: 12.7.4, 12.6.6, and 12.5.9Systems running GitLab versions prior to 12.7.4,
5 Feb 2020VULN056Jenkins : Jenkins Security Advisory 2020-01-29Systems running Jenkins versions prior to 2.219,
4 Feb 2020VULN055Sudo : Buffer overflow when pwfeedback is set in sudoersSystems running Sudo versions 1.7.1 up to and
4 Feb 2020VULN054Apache SpamAssassin : Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commandsSystems running Apache SpamAssassin versions prior
4 Feb 2020VULN053Django : Django security releases issued 3.0.3, 2.2.10 and 1.11.28Systems running Django versions prior to 3.0.3,
31 Jan 2020STAT05
30 Jan 2020VULN052APPLE : APPLE-SA-2020-1-28-5 Safari 13.0.5Systems running Safari versions prior to 13.0.5.
30 Jan 2020VULN051APPLE : APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High SierramacOS versions prior to 10.15.3.
30 Jan 2020VULN050APPLE : APPLE-SA-2020-1-28-1 iOS 13.3.1 and iPadOS 13.3.1iOS versions prior to 13.3.1, iPadOS versions prior
30 Jan 2020VULN049Joomla! : CSRF and XSS vulnerabilities fixed in Joomla! CoreSystems running Joomla! versions 3 prior to 3.9.15.
30 Jan 2020VULN048Cisco : Cisco Small Business Switches Denial of Service and Information Disclosure VulnerabilitiesCisco Small Business Switches software.
27 Jan 2020VULN047SimpleSAMLphp : Cross-site scripting in error reports and Log injectionSystems running SimpleSAMLphp versions prior to
27 Jan 2020VULN046Cisco : Cisco Webex Meetings Suite and Cisco Webex Meetings Online Unauthenticated Meeting Join VulnerabilitySystems running Cisco Webex Meetings Suite, Cisco
24 Jan 2020STAT04
24 Jan 2020VULN045WebKit :WebKitGTK and WPE WebKit Security Advisory WSA-2020-0001Systems running WebKitGTK, WPE WebKit versions
23 Jan 2020VULN044Cisco : Cisco Smart Software Manager On-Prem Web Interface Denial of Service VulnerabilitySystems running Cisco Smart Software Manager On-
23 Jan 2020VULN043Cisco : Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal VulnerabilitySystems Cisco TelePresence CE Software versions
23 Jan 2020VULN042Cisco : Cisco SD-WAN Solution Local Privilege Escalation VulnerabilitySystems running Cisco SD-WAN Solution vManage
23 Jan 2020VULN041Cisco : Cisco Firepower Management Center Lightweight Directory Access Protocol Authentication Bypass VulnerabilitySystems running Cisco Firepower Management Center
23 Jan 2020VULN040Cisco : Cisco IOS XR Software Denial of Service VulnerabilitiesCisco IOS XR Software versions prior to 6.63, 7.02,
23 Jan 2020VULN039Cisco : Cisco IOS XE SD-WAN Software Default Credentials VulnerabilityCisco IOS XE SD-WAN versions prior to 16.12.1.
22 Jan 2020VULN038Fortinet : FortiSIEM default SSH key for the 'tunneluser' account is the same across all appliancesSystems running FortiSIEM versions 9, 10,
22 Jan 2020VULN037Chrome OS : Stable Channel Update 79.0.3945.119 for Chrome OSChrome OS versions prior to 79.0.3945.119.
22 Jan 2020VULN036Microsoft : Microsoft Guidance on Scripting Engine Memory Corruption VulnerabilityWindows running Internet Explorer versions 9, 10,
22 Jan 2020VULN035Trustwave SpiderLabs : ModSecurity Denial of Service Details - CVE-2019-19886Systems running ModSecurity versions 3.x prior to
22 Jan 2020VULN034Plone : Plone security hotfix 20200121 addresses several security vulnerabilitiesSystems running Plone versions All supported.
22 Jan 2020VULN033Trend Micro : Trend Micro Security (Consumer) Persistent Arbitrary Code Execution VulnerabilitiesSystems runningTrend Micro Security 2020(Consumer),
21 Jan 2020VULN032Samba : Multiple vulnerabilities fixed in Samba versions 4.11.5, 4.10.12, 4.9.18Systems running Samba versions 4 prior to
20 Jan 2020VULN031Apache CXF : Apache CXF vulnerabilities fixed in versions 3.3.5 and 3.2.12Systems running Apache CXF versions prior to
20 Jan 2020VULN030Apache Airflow : [CVE-2019-12398] Apache Airflow Stored XSS vulnerability in classic UISystems running Apache Airflow versions prior to
20 Jan 2020VULN029Moodle : Stored XSS in message conversation overviewSystems running Moodle versions 3.8 prior to 3.8.1.
17 Jan 2020STAT03
16 Jan 2020VULN028US-CERT : Multiple caching service providers are vulnerable to HTTP cache poisoningSystems running Content Delivery Networks software.
16 Jan 2020VULN027Drupal : Radix - Moderately critical - Cross site scripting - SA-CONTRIB-2020-001Systems running Radix for Drupal versions prior to
16 Jan 2020VULN026Wireshark : Dissector crashes vulnerabilities fixedSystems running Wireshark versions 3 prior to
16 Jan 2020VULN025Apache Beam : [CVE-2020-1929] Apache Beam MongoDB IO connector disables certificate trust verificationSystems running Apache Beam versions 2.10.x prior
16 Jan 2020VULN024Jenkins : Jenkins Security Advisory 2020-01-15Systems running Amazon EC2 Plugin for Jenkins
15 Jan 2020VULN023Intel® : Intel® DAAL AdvisorySystems running Intel® Data Analytics Acceleration
15 Jan 2020VULN022Intel® : Intel® VTune™ Amplifier for Windows* AdvisorySystems running Intel® VTune™ Amplifier versions
15 Jan 2020VULN021Intel® : Intel® Processor Graphics AdvisoryWindows, Linux running Intel® Processor Graphics.
15 Jan 2020VULN020Intel® : Intel® RWC 3 for Windows* AdvisoryWindows running Intel® RWC 3 versions prior to
15 Jan 2020VULN019Intel® : Intel® Chipset Device Software AdvisoryIntel® Chipset Device Software INF Utility version
15 Jan 2020VULN018Intel® : Intel® SNMP Subagent Stand-Alone Advisory for Windows*Windows running Intel® SNMP Subagent Stand-Alone
15 Jan 2020VULN017Adobe : Security updates available for Adobe Experience Manager APSB20-01Systems running Adobe Experience Manager versions
15 Jan 2020VULN016Adobe : Security Updates Available for Adobe Illustrator CC APSB20-03Systems running Adobe Illustrator CC versions prior
15 Jan 2020VULN015Oracle : January 2020 Critical Patch Update ReleasedSystems running Oracle Database Server,
15 Jan 2020VULN014Xen : arm a CPU may speculate past the ERET instructionSystems running Xen.
15 Jan 2020VULN013 (VMware : VMSA-2020-0002 VMware Tools workaround addresses a local privilege escalation vulnerability (CVE-2020-3941))Systems running VMware Tools versions 10.x.y prior
15 Jan 2020VULN012Microsoft : Microsoft Security Update Summary for January 14, 2020Systems running Internet Explorer,
14 Jan 2020VULN011Google Chrome : Chrome Stable Channel Update 79.0.3945.117 for DesktopSystems running Google Chrome versions prior to
14 Jan 2020VULN010Citrix : CVE-2020-6175 - Citrix SD-WAN Security UpdateSystems running Citrix SD-WAN versions prior to
14 Jan 2020VULN009Symantec : Symantec Endpoint Detection and Response XSS vulnerabilitySystems running Symantec Endpoint Detection and
14 Jan 2020VULN008Mozilla : Security Vulnerabilities fixed in Firefox 72.0.1, ESR 68.4.1Systems running Firefox versions prior to
14 Jan 2020VULN007Mozilla : Security Vulnerabilities fixed in Thunderbird 68.4.1Systems running Mozilla Thunderbird versions prior
14 Jan 2020VULN006Apache Kafka : CVE-2019-12399 Apache Kafka Connect REST API may expose plaintext secrets in tasks endpointSystems running Apache Kafka versions prior to
14 Jan 2020VULN005Apache Olingo : CVE-2020-1925 Possible SSRF in AsyncResponseWrapperImplSystems running Apache Olingo versions 4.x.x prior
14 Jan 2020VULN004phpMyAdmin : SQL injection flaw in the user accounts pageSystems running phpMyAdmin versions 4.x, 5.x prior
14 Jan 2020VULN003Project curl : SMB access smuggling via FILE URL on WindowsSystems running libcurl versions prior to 7.68.0.
14 Jan 2020VULN002 (VMware : VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability (CVE-2020-3940))Systems running VMware Workspace ONE SDK,
14 Jan 2020VULN001GitLab : GitLab Critical Security Release: 12.6.4, 12.5.7, and 12.4.8Systems running GitLab Community Edition (CE),
10 Jan 2020STAT02
3 Jan 2020STAT01




      
Conception & développement : D.O.S.I. - Dernière mise à jour : 14/01/2021