|
3 Jan 2023 | STAT52 | |
|
|
27 Dec 2022 | STAT51 | |
|
|
23 Dec 2022 | VULN489 | Adobe : Security updates available for Adobe Campaign Classic APSB22-58 | Systems running Adobe Campaign Classic versions
|
|
23 Dec 2022 | VULN488 | Adobe : Security Updates Available for Adobe Illustrator APSB22-60 | Systems running Adobe Illustrator versions prior
|
|
22 Dec 2022 | VULN487 | Jetbrains : Vulnerabilities fixed in IntelliJ IDEA 2022.3.1 | Systems running IntelliJ IDEA versions prior
|
|
22 Dec 2022 | VULN486 | Apache : CVE-2022-34271 Apache Atlas: zip path traversal in import functionality | Systems running Apache Atlas versions 0.8.4 up
|
|
22 Dec 2022 | VULN485 | Apache : CVE-2022-45347 Apache ShardingSphere-Proxy: ShardingSphere-Proxy MySQL authentication bypass | Systems running Apache ShardingSphere-Proxy
|
|
22 Dec 2022 | VULN484 | Mozilla : Security Vulnerabilities fixed in Thunderbird 102.6.1 | Systems running Thunderbird versions prior to
|
|
22 Dec 2022 | VULN483 | Citrix : Citrix Hypervisor Security Bulletin for CVE-2022-3643, CVE-2022-42328 & CVE-2022-42329 | Systems running Citrix Hypervisor versions prior
|
|
22 Dec 2022 | VULN482 | (Elastic : Kibana reporting vulnerability (ESA-2022-12)) | Systems running Kibana versions 8.5.0, 7.17.8.
|
|
21 Dec 2022 | VULN481 | Pjsip : Heap buffer overflow when decoding STUN message | Systems running Pjsip versions prior to 2.13.1.
|
|
21 Dec 2022 | VULN480 | Apache : CVE-2022-40145 LDMP injection vulnerability in JDBC Login Module with JDK 8 | Systems running Apache Karaf versions prior to
|
|
21 Dec 2022 | VULN479 | Project curl : HSTS bypass via IDN and HTTP Proxy deny use-after-free vulnerabilities | Systems running curl versions prior to 7.87.0
|
|
21 Dec 2022 | STAT50 | |
|
|
20 Dec 2022 | VULN478 | cortex (Go) : Alertmanager can expose local files content via specially crafted config | Systems running cortex (Go) versions prior to
|
|
20 Dec 2022 | VULN477 | Contiki-ng : Invalid memory access in the BLE L2CAP module | Systems running Contiki-NG versions prior to 4.9.
|
|
19 Dec 2022 | VULN476 | APPLE : Safari 16.2 | Systems running Safari versions prior to 16.2.
|
|
19 Dec 2022 | VULN475 | Fortinet : FortiOS - heap-based buffer overflow in sslvpnd | FortiOS versions prior to 7.2.3, 7.0.9, 6.4.11,
|
|
19 Dec 2022 | VULN474 | Tenable : [R1] Tenable.ad Versions 3.29.4, 3.19.12 and 3.11.9 Fix One Vulnerability | Systems running Tenable.ad versions prior
|
|
19 Dec 2022 | VULN473 | rails-html-sanitizer : Multiple vulnerabilities fixed in rails-html-sanitizer | Systems running rails-html-sanitizer versions
|
|
16 Dec 2022 | VULN472 | Loofah : Multiple vulnerabilities fixed in Loofah | Systems running loofah (RubyGems) versions prior
|
|
16 Dec 2022 | VULN471 | Apache : Apache BookKeeper Java Client Uses Connection to Host that Failed Hostname Verification | Systems running Apache BookKeeper versions prior
|
|
16 Dec 2022 | VULN470 | Samba : Multiple vulnerabilities fixed in Samba 4.15.13, 4.16.8 and 4.17.4 | Systems running Samba versions prior to 4.15.13,
|
|
16 Dec 2022 | VULN469 | Vmware : VMware Workspace ONE Access and Identity Manager updates address multiple vulnerabilities | Systems running VMware Workspace ONE Access (Access),
|
|
16 Dec 2022 | VULN468 | Vmware : VMware vRealize Network Insight (vRNI) updates address command injection and directory traversal | Systems running VMware vRealize Network Insight
|
|
15 Dec 2022 | VULN467 | APPLE : macOS Monterey 12.6.2, macOS Monterey 12.6.2 | Systems running macOS versions prior to Monterey
|
|
15 Dec 2022 | VULN466 | Microsoft : December 2022 Security Updates | Systems running Microsoft software.
|
|
15 Dec 2022 | VULN465 | Citrix : Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518 | Systems running Citrix ADC, Citrix Gateway
|
|
15 Dec 2022 | VULN464 | VMware : VMware ESXi, Workstation, and Fusion address a heap out-of-bounds write vulnerability | Systems running VMware ESXi,
|
|
14 Dec 2022 | VULN463 | X.Org : Multiple security issues in X server extensions | Systems running X.Org Server versions prior
|
|
14 Dec 2022 | VULN462 | (OpenSSL : X.509 Policy Constraints Double Locking (CVE-2022-3996)) | Systems running OpenSSL versions 3 prior to 3.0.8.
|
|
14 Dec 2022 | VULN461 | TYPO3 : Multiple vulnerabilities fixed in TYPO3 | Systems running TYPO3 versions prior to
|
|
14 Dec 2022 | STAT49 | |
|
|
13 Dec 2022 | VULN460 | Apache : Apache ManifoldCF LDAP Injection Vulnerability - ActiveDirectory Authorities | Systems running Apache ManifoldCF versions prior
|
|
13 Dec 2022 | VULN459 | Apache : Apache CXF directory listing / code exfiltration and CXF SSRF Vulnerability | Systems running Apache CXF versions prior to
|
|
13 Dec 2022 | VULN458 | cubejs : Row level security bypass | -
|
|
13 Dec 2022 | VULN457 | Spring Boot Admins : Spring Boot Admins integrated notifier support allows arbitrary code execution | Systems running Spring Boot Admins versions prior
|
|
9 Dec 2022 | VULN456 | Aruba : ClearPass Policy Manager Multiple Vulnerabilities | Systems running Aruba ClearPass Policy Manager
|
|
9 Dec 2022 | VULN455 | Wireshark : Multiple dissector infinite loops and Kafka dissector memory exhaustion | Systems running Wireshark versions prior
|
|
9 Dec 2022 | VULN454 | go-libp2p (Go) : libp2p DoS vulnerability from lack of resource management | Systems running go-libp2p (Go) versions prior
|
|
9 Dec 2022 | VULN453 | VMware : VMware ESXi and vCenter Server updates address multiple security vulnerabilities | Systems running VMware ESXi versions prior to
|
|
8 Dec 2022 | VULN452 | containerd : containerd CRI stream server Host memory exhaustion through Terminal resize goroutine leak | Systems running containerd versions prior to
|
|
8 Dec 2022 | VULN451 | Hasura GraphQL Engine : Critical vulnerability impacting Hasura GraphQL Engine v2.10.0 to v2.15.1 | Systems running Hasura GraphQL Engine versions
|
|
8 Dec 2022 | VULN450 | nokogiri : Unchecked return value from xmlTextReaderExpand | Systems running nokogiri (RubyGems) versions
|
|
7 Dec 2022 | VULN449 | Jenkins : Jenkins Security Advisory 2022-12-07 | Systems running plugins for Jenkins.
|
|
7 Dec 2022 | VULN448 | Cacti : Unauthenticated Command Injection | Systems running Cacti versions prior to 1.2.23,
|
|
7 Dec 2022 | STAT48 | |
|
|
6 Dec 2022 | VULN447 | Prometheus : Prometheus vulnerable to basic authentication bypass | Systems running prometheus (Go), prometheus/v2 (Go)
|
|
6 Dec 2022 | VULN446 | NodeBB : Account takeover via prototype vulnerability | Systems running NodeBB versions prior to 2.6.1.
|
|
6 Dec 2022 | VULN445 | Xen : Guests can trigger Denial of Service via netback | Systems running Xen using the Linux kernel based
|
|
5 Dec 2022 | VULN444 | Apache : CVE-2022-46366: Apache Tapestry prior to version 4 (EOL) allows RCE | Systems running Apache Tapestry versions prior
|
|
5 Dec 2022 | VULN443 | Apache : CVE-2022-45046 Apache Camel: LDAP Injection in Camel-LDAP | Systems running Apache Camel versions prior
|
|
5 Dec 2022 | VULN442 | Gitlab : GitLab Security Release: 15.6.1, 15.5.5 and 15.4.6 | Systems running GitLab versions prior to 15.6.1,
|
|
5 Dec 2022 | VULN441 | Airtable : Credentials exposed in browser builds | Systems running airtable (npm) versions prior
|
|
5 Dec 2022 | VULN440 | (Vmware : VMware Tools for Windows update addresses a denial-of-service vulnerability (CVE-2022-31693)) | Systems running VMware Tools for Windows versions
|
|
30 Nov 2022 | STAT47 | |
|
|
29 Nov 2022 | VULN439 | Google Chrome : Heap buffer overflow in GPU fixed in 107.0.5304.121 | Systems running Google Chrome versions prior
|
|
29 Nov 2022 | VULN438 | Apache : CVE-2022-44635 Apache Fineract allowed an authenticated user to perform remote code execution due to path traversal | Systems running Apache Fineract versions prior
|
|
29 Nov 2022 | VULN437 | Prometheus exporter-toolkit : Basic authentication bypass | Systems running Prometheus exporter-toolkit
|
|
24 Nov 2022 | VULN436 | Apache : CVE-2022-40189 Apache Airlfow Pig Provider RCE | Systems running Apache Airlfow Pig Provider
|
|
24 Nov 2022 | VULN435 | Apache : CVE-2022-38649 Apache Airflow Pinot Provider, Apache Airflow: PinotAdminHook Command Injection | Systems running Apache Airflow Pinot Provider
|
|
24 Nov 2022 | VULN434 | Postgresql : PostgreSQL JDBC 42.5.1, 42.4.3, 42.3.8, 42.2.27.jre7 Security update for CVE-2022-41946 | Systems running Postgresql versions prior to
|
|
24 Nov 2022 | VULN433 | Engine.io : Uncaught exception in engine.io | Systems running engine.io versions prior to
|
|
24 Nov 2022 | VULN432 | Samba : Samba buffer overflow vulnerabilities on 32-bit systems | Systems running Samba versions prior to 4.15.12,
|
|
22 Nov 2022 | VULN431 | Moodle : Multiple vulnerabilities fixed in 4.0.5, 3.11.11, 3.9.18 | Systems running moodle versions prior to 4.0.5,
|
|
22 Nov 2022 | VULN430 | (Apache : CVE-2022-41131 Apache Airflow Hive Provider vulnerability (command injection via hive_cli connection)) | Systems running Apache Airflow Hive Provider
|
|
22 Nov 2022 | VULN429 | Apache : CVE-2022-40954: Apache Airflow Spark Provider, Apache Airflow: Airflow 2.3.4 spark provider RCE that bypass restrictions to read arbitrary files | Systems running Apache Spark Provider versions
|
|
22 Nov 2022 | VULN428 | Apache : Apache Solr is vulnerable to CVE-2022-39135 via /sql handler | Systems running Apache Solr versions 6.5 up to
|
|
22 Nov 2022 | STAT46 | |
|
|
21 Nov 2022 | VULN427 | Zimbra : NEW! Zimbra Patches 9.0.0 Patch 28 + 8.8.15 Patch 35 | Systems running Zimbra versions prior
|
|
17 Nov 2022 | VULN426 | Apache : Apache Archiva Arbitrary files read and arbitrary directories deletion Vulnerabilities fixed | Systems running Apache Archiva versions prior
|
|
17 Nov 2022 | VULN425 | Kubernetes : kube-apiserver Vulnerabilities fixed | Systems running Kubernetes kube-apiserver versions
|
|
17 Nov 2022 | VULN424 | Apache : CVE-2022-45378 Apache SOAP allows unauthenticated users to potentially invoke arbitrary code | Systems running Apache SOAP.
|
|
17 Nov 2022 | VULN423 | Jenkins : Jenkins Security Advisory 2022-11-15 | Systems running Jenkins plugins.
|
|
17 Nov 2022 | VULN422 | FreeRDP : Multiple Vulnerabilities fixed in FreeRDP 2.9.0 | Systems running FreeRDP versions prior to 2.9.0.
|
|
16 Nov 2022 | VULN421 | Cisco : Cisco Identity Services Engine Vulnerabilities | Systems running Cisco Identity Services Engine
|
|
16 Nov 2022 | STAT45 | |
|
|
10 Nov 2022 | VULN420 | VMware : VMware Workspace ONE Assist update addresses multiple vulnerabilities | Systems running VMware Workspace ONE Assist
|
|
10 Nov 2022 | VULN419 | Cisco : Cisco Security Advisories Published on November 09, 2022 | Systems running Cisco Firepower Threat Defense
|
|
10 Nov 2022 | VULN418 | Apache : Apache Ivy vulnerabilities fixed in 2.5.1 | Systems running Apache Ivy versions prior to
|
|
10 Nov 2022 | VULN417 | Xen : x86 Multiple speculative security issues | Systems running Xen.
|
|
10 Nov 2022 | VULN416 | Apache : CVE-2022-42920 Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing | Systems running Apache Commons BCEL versions
|
|
10 Nov 2022 | VULN415 | Electron : Exfiltration of hashed SMB credentials on Windows via file:// redirect | Systems running electron (npm) versions prior
|
|
9 Nov 2022 | VULN414 | Grafana : Multiple vulnerabilities fixed in 9.2.4, 8.5.15 | Systems running Grafana versions prior to 9.2.4,
|
|
9 Nov 2022 | VULN413 | Varnish Cache : Varnish HTTP/2 Request Forgery and Request Smuggling Vulnerability | Systems running Varnish Cache versions
|
|
9 Nov 2022 | VULN412 | Node.js : Nov 3 2022 Security Releases | Systems running Node.js versions prior to 14.21.1
|
|
9 Nov 2022 | VULN411 | Microsoft : November 2022 Security Updates | Systems running .NET Framework, AMD CPU Branch,
|
|
9 Nov 2022 | STAT44 | |
|
|
3 Nov 2022 | VULN410 | GitLab : GitLab Security Release 15.5.2, 15.4.4, and 15.3.5 | Systems running GitLab versions prior to 15.5.2,
|
|
2 Nov 2022 | VULN409 | Citrix : Citrix Hypervisor Security Bulletin for CVE-2022-42316, CVE-2022-42317 & CVE-2022-42318 | Systems running Citrix Hypervisor versions
|
|
2 Nov 2022 | VULN408 | OpenSSL : X.509 Email Address Buffer Overflow vulnerabilities fixed | Systems running OpenSSL versions prior to 3.0.7.
|
|
2 Nov 2022 | VULN407 | Apache : Open Redirect and Reflected XSS vulnerabilities fixed in Apache Airflow | Systems running Apache Airflow versions prior
|
|
2 Nov 2022 | VULN406 | phpcas : Service Hostname Discovery Exploitation | Systems running phpcas versions prior to 1.6.0.
|
|
31 Oct 2022 | STAT43 | (pas de STAT42. Correction du doublon sur STAT38) |
|
|
26 Oct 2022 | VULN405 | Project curl : Multiple vulnerabilities fixed in curl 7.86.0 | Systems running curl versions prior to 7.86.0.
|
|
26 Oct 2022 | VULN404 | Apache : CVE-2022-43766 Apache IoTDB ReDoS Vulnerability by REGEXP | Systems running Apache IoTDB versions prior to
|
|
26 Oct 2022 | VULN403 | Apache : CVE-2022-39944 The Apache Linkis JDBC EngineConn module has a RCE Vulnerability | Systems running Apache Linkis versions prior to
|
|
26 Oct 2022 | VULN402 | Joomla! : Disclosure of critical information and RXSS through reflection of user input | Systems running Joomla! versions prior to 4.2.4.
|
|
26 Oct 2022 | VULN401 | VMware : VMware Cloud Foundation updates address multiple vulnerabilities | Systems running VMware Cloud Foundation (NSX-V)
|
|
25 Oct 2022 | VULN400 | Samba : Buffer overflow in Heimdal and Wide links protection broken | Systems running Samba versions prior to
|
|
25 Oct 2022 | VULN399 | Flux v2 : Improper use of metav1.Duration allows for Denial of Service | Systems running flux2 (Go) versions prior to
|
|
25 Oct 2022 | VULN398 | Kirby : User enumeration vulnerabilities ixed in Kirby | Systems running getkirby/cms (Composer) versions
|
|
24 Oct 2022 | STAT41 | |
|
|
21 Oct 2022 | VULN397 | Cisco : Cisco Security Advisories Published on October 19, 2022 | Cisco Meraki MX Firmware versions prior to
|
|
21 Oct 2022 | VULN396 | NGINX : Updating NGINX for Vulnerabilities in the MP4 and HLS Video-Streaming Modules | Systems running NGINX Plus versions prior to
|
|
21 Oct 2022 | VULN395 | Apache : XSS vulnerability and h2 webconsole security issue | Systems running Apache Isis versions prior to
|
|
20 Oct 2022 | VULN394 | Jenkins : Jenkins Security Advisory 2022-10-19 | Systems running Jenkins plugins.
|
|
19 Oct 2022 | VULN393 | US-CERT : Heimdal Kerbos vulnerable to remotely triggered NULL pointer dereference | Systems running Heimdal Software Kerberos 5
|
|
19 Oct 2022 | VULN392 | Mozilla : Security Vulnerabilities fixed in Firefox 106, ESR 102.4 | Systems running Mozilla Firefox versions prior
|
|
19 Oct 2022 | VULN391 | Oracle : October 2022 Critical Patch Update Released | Systems running Oracle products.
|
|
19 Oct 2022 | VULN390 | Git : RCE and default symbolic link dereferencing vulnerabilities fixed | Systems running Git versions prior to 2.30.6,
|
|
18 Oct 2022 | VULN389 | Apache : CVE-2022-39198 Apache Dubbo Hession Deserialization Vulnerability Gadgets Bypass | Systems running Apache Dubbo versions up to and
|
|
18 Oct 2022 | VULN388 | WordPress : WordPress 6.0.3 fix multiple security vulnerabilities | Systems running WordPress versions prior to
|
|
18 Oct 2022 | STAT40 | |
|
|
14 Oct 2022 | VULN387 | libexpat : libexpat 2.4.9 fixes CVE-2022-40674 potentially arbitrary code execution vulnerability | Systems running libexpat versions prior to
|
|
14 Oct 2022 | VULN386 | (strongSwan : strongSwan Vulnerability (CVE-2022-40617)) | Systems running strongSwan versions prior to
|
|
14 Oct 2022 | VULN385 | Grafana : Multiple vulnerabilities fixed in 9.1.8, 8.5.14 | Systems running Grafana versions prior to 9.1.8,
|
|
14 Oct 2022 | VULN384 | Apache : CVE-2022-42889 Apache Commons Text prior to 1.10.0 allows RCE | Systems running Apache Commons Text versions
|
|
14 Oct 2022 | VULN383 | October CMS : Safe Mode bypass leads to authenticated Remote Code Execution | Systems running october/system (Composer)
|
|
14 Oct 2022 | VULN382 | node-saml : Signature bypass via multiple root elements | Systems running node-saml (npm) versions prior
|
|
13 Oct 2022 | VULN381 | Google Chrome : Stable Channel Update for Desktop updated to 106.0.5249.119 | Systems running Google Chrome versions prior to
|
|
13 Oct 2022 | VULN380 | LibreOffice : CVE-2022-3140 Macro URL arbitrary script execution | Systems running LibreOffice versions prior to
|
|
13 Oct 2022 | VULN379 | Palo Alto : CVE-2022-0030 PAN-OS: Authentication Bypass in Web Interface | Systems running Cloud NGFW, PAN-OS, Prisma Access.
|
|
13 Oct 2022 | VULN378 | Microsoft : Mises à jour de sécurité d’octobre 2022 | Systems running Microsoft software.
|
|
12 Oct 2022 | VULN377 | Zimbra : Zimbra Patches: 9.0.0 Patch 27 + 8.8.15 Patch 34 fix multiple security vulnerabilities | Systems running Zimbra versions prior to
|
|
12 Oct 2022 | VULN376 | (OpenSSL : Using a Custom Cipher with NID_undef may lead to NULL encryption (CVE-2022-3358)) | Systems running OpenSSL versions 3.0 prior to
|
|
12 Oct 2022 | VULN375 | Apache : [CVE-2022-40664] Apache Shiro 1.10.0 released | Systems running Apache Shiro versions prior to
|
|
12 Oct 2022 | VULN374 | Citrix : Citrix Hypervisor Security Bulletin for CVE-2022-33748 & CVE-2022-33749 | Systems running Citrix Hypervisor versions
|
|
12 Oct 2022 | VULN373 | (VMware : VMware Aria Operations patches address an arbitrary file read vulnerability (CVE-2022-31682)) | Systems running Aria Operations versions prior
|
|
11 Oct 2022 | STAT39 | |
|
|
11 Oct 2022 | VULN372 | APPLE : APPLE-SA-2022-10-10-1 iOS 16.0.3 | APPLE iOS versions prior to 16.0.3.
|
|
11 Oct 2022 | VULN371 | Apache : CVE-2022-24697 Apache Kylin Command injection | Systems running Apache Kylin versions prior to
|
|
11 Oct 2022 | VULN370 | Xen : Multiple security vulnerabilities fixed in Xen | Systems running Xen.
|
|
11 Oct 2022 | VULN369 | Trend Micro : October 2022 Security Bulletin for Trend Micro Apex One | Systems running Apex One (on-prem),
|
|
11 Oct 2022 | VULN368 | xmldom : Improperly Controlled Modification of Object Prototype Attributes | Systems running @xmldom/xmldom (npm) versions prior
|
|
10 Oct 2022 | VULN367 | Fortinet : FortiOS / FortiProxy / FortiSwitchManager - Authentication bypass on administrative interface | Systems running FortiOS versions prior to 7.2.2,
|
|
10 Oct 2022 | VULN366 | Fortinet : FortiOS / FortiProxy - Access to NULL pointer in SSL VPN portal | Systems running FortiOS versions prior to 7.2.2,
|
|
10 Oct 2022 | VULN365 | Fortinet : FortiOS - Privilege escalation via switch-control CLI command | FortiOS versions prior to 7.0.7, 6.4.9, 6.2.11,
|
|
10 Oct 2022 | VULN364 | (VMware : VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2022-31680, CVE-2022-31681)) | Systems VMware ESXi ersions prior to
|
|
7 Oct 2022 | VULN363 | MyBB : Mail settings' command parameter injection | Systems running MyBB(PHP) versions prior to
|
|
7 Oct 2022 | VULN362 | RabbitMQ : Predictable credential obfuscation seed value used in Shovel and Federation plugins | Systems running RabbitMQ versions prior to
|
|
7 Oct 2022 | VULN361 | PJSIP : Potential media transport downgrade and Potential buffer overflow | Systems running PJSIP versions prior to 2.13.
|
|
7 Oct 2022 | VULN360 | Chat (Discourse) : Channel name and description susceptible to XSS | Systems running Chat (Discourse) versions prior
|
|
7 Oct 2022 | VULN359 | (VMware : VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2022-31680, CVE-2022-31681)) | Systems running VMware ESXi versions prior to
|
|
6 Oct 2022 | VULN358 | ISC : An option refcount overflow exists in dhcpd and DHCP memory leak | Systems running ISC DHCP versions prior to
|
|
6 Oct 2022 | VULN357 | Apache : CVE-2022-41672 Apache Airflow Session still funtional after user is deactivated | Systems running Apache Airflow versions prior to
|
|
6 Oct 2022 | VULN356 | Django : Django security releases issued: 4.1.2, 4.0.8, and 3.2.16 | Systems running Django versions prior to 4.1.2,
|
|
4 Oct 2022 | VULN355 | Drupal : Drupal core - Critical - Multiple vulnerabilities - SA-CORE-2022-016 | Systems running Drupal core versions prior to
|
|
4 Oct 2022 | VULN354 | GitLab : GitLab Security Release: 15.4.1, 15.3.4, and 15.2.5 | Systems running GitLab versions prior to 15.4.1,
|
|
4 Oct 2022 | VULN353 | OpenSSH : OpenSSH 9.1 fixes potential RCE Vulnerability | Systems running OpenSSH versions prior to 9.1.
|
|
4 Oct 2022 | VULN352 | Apache : CVE-2021-43980 Apache Tomcat - Information Disclosure | Systems running Apache Tomcat versions prior to
|
|
4 Oct 2022 | VULN351 | Zimbra : Security Update – make sure to install pax/spax | Systems running Zimbra.
|
|
4 Oct 2022 | VULN350 | Node.js : September 22nd 2022 Security Releases | Systems running Node.js versions prior to
|
|
3 Oct 2022 | STAT38 bis | |
|
|
26 Sep 2022 | STAT38 | |
|
|
23 Sep 2022 | VULN349 | (Apache : RCE Vulnerability in Apache Inlong (incubator)) | Systems running Apache Inlong.
|
|
23 Sep 2022 | VULN348 | Apache : Multiple vulnerabilities fixed in Apache Batik 1.15+ | Systems running Apache Batik 1.x versions prior
|
|
23 Sep 2022 | VULN347 | Apache : Multiple vulnerabilities fixed in Apache Pulsar Broker, Proxy, WebSocket Proxy | Systems running Apache Pulsar Broker, Proxy,
|
|
23 Sep 2022 | VULN346 | Squid : Vulnerabilities fixed in Squid 5.7 | Systems running Squid versions 4.9 up to and
|
|
23 Sep 2022 | VULN345 | Redis : Heap overflow in Redis 7.0 XAUTOCLAIM command's COUNT argument | Systems running Redis versions 7.0.x prior
|
|
22 Sep 2022 | VULN344 | VMware : CVE-2022-31679 Potential Unintended Data Exposure for Resource Exposed by Spring Data REST | Systems running Spring Data REST versions prior
|
|
22 Sep 2022 | VULN343 | Mozilla : Security Vulnerabilities fixed in Thunderbird 102.3 | Systems running Thunderbird versions prior to
|
|
22 Sep 2022 | VULN342 | Apache : CVE-2022-40604 Apache Airflow Format String Vulnerability and Open Redirect | Systems running Apache Airflow versions prior
|
|
22 Sep 2022 | VULN341 | Grafana : Grafana privilege escalation vulnerabilities fixed | Systems running Grafana versions prior
|
|
22 Sep 2022 | VULN340 | (Apache : CVE-2022-40705 Apache SOAP XML External Entity Injection (XXE)) | Systems running Apache SOAP.
|
|
22 Sep 2022 | VULN339 | Bind : Multiple security vulnerabilities fixed in Bind | Systems running Bind versions prior to 9.16.33,
|
|
21 Sep 2022 | VULN338 | Apache : CVE-2022-40604 Apache Airflow Format String Vulnerability and Open Redirect | Systems running Apache Airflow versions prior
|
|
21 Sep 2022 | VULN337 | WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2022-0009 | Systems running WebKitGTK, WPE WebKit versions
|
|
21 Sep 2022 | VULN336 | Jenkins : Jenkins Security Advisory 2022-09-21 | Systems running Jenkins (core),
|
|
21 Sep 2022 | VULN335 | Mozilla : Security Vulnerabilities fixed in Firefox ESR 102.3 | Systems running Firefox versions prior to 105,
|
|
20 Sep 2022 | VULN334 | Moodle : Multiple security vulnerabilities fixed in Moodle | Systems running Moodle versions prior to 4.0.4,
|
|
20 Sep 2022 | VULN333 | (Kubernetes : CVE-2022-3172 Aggregated API server can cause clients to be redirected (SSRF)) | Systems running kube-apiserver 1.25.1, 1.24.5,
|
|
20 Sep 2022 | VULN332 | GLPI : Multiple vulnerabilities fixed in GLPI 10.0.3 | Systems running GLPI versions prior to 10.0.3.
|
|
19 Sep 2022 | STAT37 | |
|
|
16 Sep 2022 | VULN331 | Microsoft : Microsoft Security Update Summary for September 13, 2022 | Systems running .NET et Visual Studio,
|
|
16 Sep 2022 | VULN330 | Google Chrome : Stable Channel Update for Desktop updated to 105.0.5195.125 | Systems running Google Chrome versions prior
|
|
15 Sep 2022 | VULN329 | Palo Alto : Cortex XDR Agent Improper Link Resolution Vulnerability When Generating a Tech Support File | Systems running Cortex XDR Agent versions prior
|
|
15 Sep 2022 | VULN328 | TYPO3-CORE : Multiple vulnerabilities fixed in TYPO3-CORE | Systems running TYPO3-CORE versions prior to
|
|
15 Sep 2022 | VULN327 | cargo (Rust) : Malicious crates extraction vulnerabilities | Systems running cargo (Rust) versions prior to
|
|
15 Sep 2022 | VULN326 | Cisco : Cisco Security Advisories Published on September 14, 2022 | Cisco IOS XR Software versions prior to 6.5.32,
|
|
13 Sep 2022 | VULN325 | APPLE : Multiple vulnerabilities fixed in macOS, iOS, iPadOS, macOS, Safari | macOS Big Sur versions prior to 11.7,
|
|
12 Sep 2022 | VULN324 | Jenkins : Jenkins Security Advisory 2022-09-09 | Systems running Jenkins (core) versions prior to
|
|
12 Sep 2022 | VULN323 | Apache : CVE-2022-39135 Apache Calcite potential XEE attacks | Systems running Apache Calcite versions prior to
|
|
12 Sep 2022 | VULN322 | ReactPHP : ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent | Systems running react/http (Composer) versions
|
|
12 Sep 2022 | VULN321 | Discourse : XSS issue for channel names and descriptions | Systems running Discourse versions prior to
|
|
12 Sep 2022 | VULN320 | xwiki.platform : Multiple vulnerabilities fixed in xwiki.platform | Systems running
|
|
9 Sep 2022 | STAT36 | |
|
|
8 Sep 2022 | VULN319 | Apache : Apache James fix STARTTLS command injection | Systems running Apache James versions prior to
|
|
8 Sep 2022 | VULN318 | jose (npm) : Resource exhaustion via specifically crafted JWE | Systems running jose (npm) versions prior to
|
|
6 Sep 2022 | VULN317 | Google Chrome : Stable Channel Update for Desktop updated to 105.0.5195.102 | Systems running Chrome versions prior to
|
|
6 Sep 2022 | VULN316 | Apache : Apache IoTDB vulnerabilities fixed | Systems running Apache IoTDB versions prior
|
|
6 Sep 2022 | VULN315 | Apache : Apache Airflow Overly permissive umask and Session Fixation vulnerabilities | Systems running Apache Airflow versions prior
|
|
6 Sep 2022 | VULN314 | (OTRS : OTRS Security Advisory 2022-10 Possible XSS in Admin Interface (CVE-2022-39049)) | Systems running OTRS versions prior to 8.0.25,
|
|
2 Sep 2022 | STAT35 | |
|
|
1 Sep 2022 | VULN313 | Joomla : Joomla 4.2.1 Security and Bug Fix Release | Systems running Joomla versions prior to 4.2.1.
|
|
1 Sep 2022 | VULN312 | QNAP : Multiple Vulnerabilities in Samba and Apache HTTP Server | Systems running QTS, QuTS hero, QuTScloud
|
|
1 Sep 2022 | VULN311 | Next.js : Unexpected server crash in Next.js version 12.2.3 | Systems running Next.js versions prior to 12.2.4.
|
|
1 Sep 2022 | VULN310 | NodeBB : Account takeover via cryptographically weak PRNG in `utils.generateUUID` | Systems running NodeBB versions prior to
|
|
1 Sep 2022 | VULN309 | NVIDIA : NVFLARE unsafe deserialization due to Pickle | Systems running NVIDIA NVFLARE versions
|
|
1 Sep 2022 | VULN308 | Apache : CVE-2022-37435 Apache ShenYu Admin Improper Privilege Management | Systems running Apache ShenYu versions prior to
|
|
1 Sep 2022 | VULN307 | WordPress : WordPress 6.0.2 Security and Maintenance Release | Systems running WordPress versions prior to
|
|
31 Aug 2022 | VULN306 | Samba : Multiple vulnerabilities ied in Samba 4.16.4, 4.15.9, 4.14.14 | Systems running Samba versions prior to 4.16.4,
|
|
31 Aug 2022 | VULN305 | rsync : Improved file-list validation in 3.2.5 and Zlib memory corruption bug fixed | Systems running rsync versions prior to 3.2.5.
|
|
31 Aug 2022 | VULN304 | React Editable Json Tree : Arbitrary code execution via function parsing | Systems running react-editable-json-tree (npm)
|
|
31 Aug 2022 | VULN303 | Apache : Apache Hadoop 3.3.4 fix vulnerabilities | Systems running Apache Hadoop versions prior to
|
|
31 Aug 2022 | VULN302 | Apache : Multiple Apache Geode deserialization of untrusted data flaw vulnerabilities | Systems running Apache Geode versions prior to
|
|
31 Aug 2022 | VULN301 | Project curl : CVE-2022-35252 control code in cookie denial of service | Systems running curl versions prior to
|
|
31 Aug 2022 | VULN300 | GitLab : GitLab Critical Security Release 15.3.2, 15.2.4 and 15.1.6 | Systems running GitLab versions prior to 15.3.2,
|
|
30 Aug 2022 | VULN299 | Apache : Multiple vulnerabilities fixed in Apache JSPWiki | Systems running Apache JSPWiki versions prior to
|
|
30 Aug 2022 | VULN298 | Kirby : Cross-site scripting (XSS) Vulnerabilities fixed in 3.5.8.1, 3.6.6.1, 3.7.4 | Systems running getkirby/cms (Composer) versions
|
|
30 Aug 2022 | VULN297 | Apache: Apache SkyWalking NodeJS patch version 0.5.1 Released | -
|
|
30 Aug 2022 | VULN296 | Grails : Grails Framework Remote Code Execution Vulnerability | Systems running Grails versions prior to 5.2.1,
|
|
30 Aug 2022 | VULN295 | Jsoup : jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled | systems running jsoup versions prior to 1.15.3.
|
|
30 Aug 2022 | VULN294 | Moodle : Vulnerabilities fixed in Moodle 4.0.3, 3.11.9 and 3.9.16 | Systems running Moodle versions prior to 4.0.3,
|
|
29 Aug 2022 | STAT34 | |
|
|
26 Aug 2022 | VULN293 | SonicWall : SonicWall SMA100 Post-Auth Heap-based Buffer Overflow Vulnerability | SMA100 firmware versions prior to 10.2.1.6-37sv.
|
|
26 Aug 2022 | VULN292 | Nessus : Nessus Agent Version 8.3.4 Fixes Multiple Vulnerabilities | Systems running Nessus Agent versions prior to
|
|
26 Aug 2022 | VULN291 | Elastic : Elastic Cloud Enterprise 3.4.0 Security Update | Systems running Elastic Cloud Enterprise versions
|
|
26 Aug 2022 | VULN290 | WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008 | Systems running WebKitGTK, WPE WebKit versions
|
|
25 Aug 2022 | VULN289 | Nagios XI : Nagios XI 5.9.0 fixes security issues | Systems running Nagios XI versions prior to 5.9.0.
|
|
25 Aug 2022 | VULN288 | Splunk : Multiple vulnerabilities fixed in Splunk | Systems running Splunk Enterprise versions prior
|
|
25 Aug 2022 | VULN287 | PostgreSQL : PostgreSQL JDBC versions 42.4.1/42.2.26 Security Update | Systems running PostgreSQL JDBC versions
|
|
25 Aug 2022 | VULN286 | Apache OpenOffice : Vulnerabilities fixed in Apache OpenOffice 4.1.13 | Systems running Apache OpenOffice versions prior
|
|
25 Aug 2022 | VULN285 | Atlassian : Bitbucket Server and Data Center - Command injection vulnerability - CVE-2022-36804 | Systems running Bitbucket Server,
|
|
25 Aug 2022 | VULN284 | Cisco : Cisco Security Advisories Published on August 24, 2022 | Cisco ACI MSO Cisco software, Cisco FXOS Software,
|
|
24 Aug 2022 | VULN283 | Jenkins : Jenkins Security Advisory 2022-08-23 | Systems running CollabNet Plugins Plugin for
|
|
24 Aug 2022 | VULN282 | Mozilla : Multiple vulnerabilities fixed in Mozilla Thunderbird | Systems running Thunderbird versions prior to
|
|
24 Aug 2022 | VULN281 | Mozilla : Multiple vulnerabilities fixed in Firefox | Systems running Firefox versions prior to 104,
|
|
24 Aug 2022 | VULN280 | (VMware : VMware Tools update addresses a local privilege escalation vulnerability (CVE-2022-31676)) | Systems running VMware Tools versions prior to
|
|
24 Aug 2022 | VULN279 | Cisco : vulnerabilities fixed in Multiple Cisco products | Cisco AsyncOS for Cisco Secure Web Appliance,
|
|
23 Aug 2022 | VULN278 | APPLE : APPLE-SA-2022-08-18-1 Safari 15.6.1 | Systems running Safari versions prior to 15.6.1.
|
|
23 Aug 2022 | VULN277 | APPLE : APPLE-SA-2022-08-17-2 macOS Monterey 12.5.1 | macOS versions prior to Monterey 12.5.1.
|
|
23 Aug 2022 | VULN276 | APPLE : APPLE-SA-2022-08-17-1 iOS 15.6.1 and iPadOS 15.6.1 | iOS, iPadOS versions prior to 15.6.1.
|
|
23 Aug 2022 | VULN275 | Apache : CVE-2022-35278 Apache ActiveMQ Artemis: HTML Injection in ActiveMQ Artemis Web Console | Systems running Apache ActiveMQ Artemis versions
|
|
23 Aug 2022 | VULN274 | GitLab : GitLab Critical Security Release: 15.3.1, 15.2.3, 15.1.5 | Systems running GitLab versions prior to
|
|
23 Aug 2022 | VULN273 | Apache : CVE-2022-34916 Apache Flume Improper Input Validation (JNDI Injection) in JMSMessageConsumer | Systems running Apache Flume versions 1.4.0
|
|
23 Aug 2022 | VULN272 | PowerDNS : incomplete exception handling related to protobuf message generation | Systems running PowerDNS Recursor versions prior
|
|
22 Aug 2022 | STAT33 | |
|
|
12 Aug 2022 | STAT32 | |
|
|
12 Aug 2022 | VULN271 | Cisco: Cisco Small Business RV Series Routers Vulnerabilities | /
|
|
11 Aug 2022 | VULN270 | Adobe: Security updates available for Adobe Premiere Elements | APSB22-43 | Systems running Adobe Premiere Element
|
|
11 Aug 2022 | VULN269 | Adobe: Security Updates Available for Adobe FrameMaker | APSB22-42 | Systems running Adobe FrameMaker
|
|
11 Aug 2022 | VULN268 | Adobe:Security Updates Available for Adobe Illustrator | APSB22-41 | Systems running Adobe Illustrator
|
|
11 Aug 2022 | VULN267 | Adobe: Security update available for Adobe Acrobat and Reader | APSB22-39 | Systems running Adobe Acrobat and Reader
|
|
11 Aug 2022 | VULN266 | Adobe: APSB22-38 : Security update available for Adobe Commerce | Systems running Adobe Commerce
|
|
11 Aug 2022 | VULN265 | Microsoft : Microsoft Security Update Summary for August 9, 2022 | Systems running .NET 6.0; .NET Core 3.1; Azure
|
|
5 Aug 2022 | STAT31 | |
|
|
3 Aug 2022 | VULN264 | Atlassian : Questions For Confluence Security Advisory 2022-07-20 | Systems running Confluence Server; Confluence Data
|
|
3 Aug 2022 | VULN263 | Atlassian : Servlet Filter Dispatcher Vulnerabilities in Multiple Products | Systems running Bamboo Server and Data Center,
|
|
3 Aug 2022 | VULN262 | (VMware: VMware Workspace ONE Access, Access Connector, Identity Manager, Identity Manager Connector and vRealize Automation updates address multiple vulnerabilities. (CVE-2022-31656)) | Systems running
|
|
29 Jul 2022 | STAT30 | |
|
|
22 Jul 2022 | STAT29 | |
|
|
22 Jul 2022 | VULN261 | (Apple: watchOS 8.7 | watchOS
|
|
22 Jul 2022 | VULN260 | Apple: iOS 15.6 and iPadOS 15.6 | iOS and iPadOS
|
|
22 Jul 2022 | VULN259 | Apple: tvOS 15.6 | tvOS
|
|
22 Jul 2022 | VULN258 | Apple: macOS Monterey 12.5 | MacOS Monterey
|
|
22 Jul 2022 | VULN257 | Apple: macOS Monterey 12.5 | MacOS Monterey
|
|
22 Jul 2022 | VULN256 | Apple: Security Update 2022-005 Catalina | MacOS Catalina
|
|
22 Jul 2022 | VULN255 | (Apple: Safari 15.6 | Safari on macOS Big Sur et Catalina
|
|
21 Jul 2022 | VULN254 | Confluence : Multiple Products Security Advisory 2022-07-20 | Systems using Servlet Filter Dispatcher
|
|
18 Jul 2022 | VULN253 | Apache Spark : CVE-2022-33891 Apache Spark shell command injection vulnerability via Spark UI | Systems running Apache Spark versions prior to
|
|
18 Jul 2022 | VULN252 | Git : Bypass of safe.directory protections | Systems running Git versions prior to 2.37.1,
|
|
18 Jul 2022 | VULN251 | Grafana : Grafana account takeover and Stored XSS vulnerabilities fixed | Systems running versions prior to 8.3.10, 8.4.10,
|
|
18 Jul 2022 | VULN250 | Citrix : Citrix Hypervisor Security Bulletin for CVE-2022-23825 and CVE-2022-29900 | Systems running Citrix Hypervisor XenServer.
|
|
18 Jul 2022 | VULN249 | Rails: CVE-2022-32224 Possible RCE escalation bug with Serialized Columns in Active Record | Systems running Rails version prior to 7.0.3.1,
|
|
15 Jul 2022 | STAT28 | |
|
|
13 Jul 2022 | VULN248 | (VMware: VMware vCenter Server updates address a server-side request forgery vulnerability (CVE-2022-22982)) | Systems running VMware vCenter Server,
|
|
13 Jul 2022 | VULN247 | VMware : VMware ESXi addresses Return-Stack-Buffer-Underflow and Branch Type Confusion vulnerabilities | Systems running VMware ESXi,
|
|
13 Jul 2022 | VULN246 | X.Org : X.Org Security Advisory July 12, 2022 | Systems running X.Org versions prior to 21.1.4.
|
|
13 Jul 2022 | VULN245 | Xen : Xen Security Advisory CVE-2022-23816,CVE-2022-23825,CVE-2022-29900 - XSA-407 | Systems running Xen.
|
|
13 Jul 2022 | VULN244 | Microsoft : Microsoft Security Update Summary for July 12, 2022 | Systems running Azure Site Recovery,
|
|
11 Jul 2022 | STAT27 | |
|
|
11 Jul 2022 | VULN243 | Node.js : July 7th 2022 Security Releases | Systems running Node.js versions prior to
|
|
8 Jul 2022 | VULN242 | Cisco : Cisco Security Advisories Published on July 06, 2022 | Systems running Cisco Expressway Series,
|
|
8 Jul 2022 | VULN241 | Apache : Apache Druid Clickjacking in the web console and Reflected XSS | Systems running Apache Druid versions prior
|
|
7 Jul 2022 | VULN240 | NextAuth.js : Improper handling of email input | Systems running next-auth (npm) versions prior
|
|
7 Jul 2022 | VULN239 | OpenSearch : Unsafe YAML deserialization in Ruby Client | Systems running opensearch-ruby (RubyGem)
|
|
7 Jul 2022 | VULN238 | Dovecot : CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used | Systems running Dovecot IMAP Server.
|
|
6 Jul 2022 | VULN237 | VMware : CVE-2022-22980 Spring Data MongoDB SpEL Expression injection vulnerability through annotated repository query methods | Systems running Spring Data MongoDB versions prior
|
|
6 Jul 2022 | VULN236 | UltraJSON : Vulnerabilities fixed in UltraJSON 5.4.0 | Systems running ujson (pip) versions prior to
|
|
6 Jul 2022 | VULN235 | Elastic: Elastic 8.3.1, 8.3.0, and 7.17.5 Security Update | Systems running Elastic versions prior to 8.3.1,
|
|
6 Jul 2022 | VULN234 | LDAP Account Manager: multiple vulnerabilities fixed in LDAP Account Manager 8.0 | Systems running LDAP Account Manager versions
|
|
5 Jul 2022 | VULN233 | OpenSSL : Heap memory corruption and AES OCB mode cryptographic failures | Systems running OpenSSL versions prior to 3.0.5,
|
|
5 Jul 2022 | VULN232 | Google : Chrome Stable Channel Updated to 103.0.5060.114 | Systems running Google Chrome versions prior to
|
|
5 Jul 2022 | VULN231 | Xen : Multiple vulnerabilities fixed in Xen | Systems running Xen.
|
|
5 Jul 2022 | VULN230 | WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2022-0006 | Systems running WebKitGTK, WPE WebKit versions
|
|
4 Jul 2022 | VULN229 | GitLab : GitLab Critical Security Release: 15.1.1, 15.0.4, and 14.10.5 | Systems running GitLab versions prior to 15.1.1,
|
|
4 Jul 2022 | VULN228 | MediaWiki : Security and maintenance release: 1.35.7 / 1.37.3 / 1.38.2 | Systems running MediaWiki versions prior to 1.35.7,
|
|
4 Jul 2022 | VULN227 | Django : Django security releases issued 4.0.6 and 3.2.14 | Systems running Django versions prior to 4.0.6,
|
|
1 Jul 2022 | STAT26 | |
|
|
30 Jun 2022 | VULN226 | Apache : CVE-2022-33140 Apache NiFi, Apache NiFi Registry Improper Neutralization of Command Elements in Shell User Group Provider | Systems running Apache NiFi, Apache NiFi Registry.
|
|
30 Jun 2022 | VULN225 | Apache : CVE-2022-25167 - Apache Flume JMSSource does not protect from malicious JNDI urls | Systems running Apache Flume versions prior to
|
|
30 Jun 2022 | VULN224 | Jenkins : Jenkins Security Advisory 2022-06-30 | Systems running Build Notifications Plugin for
|
|
30 Jun 2022 | VULN223 | Atlassian : Jira Server Security Advisory 29nd June 2022 | Systems running Jira Core Server,
|
|
29 Jun 2022 | VULN222 | Apache : CVE-2022-33879 Apache Tika Incomplete fix and new regex DoS in StandardsExtractingContentHandler | Systems running Apache Tika versions prior to
|
|
29 Jun 2022 | VULN221 | Apache: [ANNOUNCE][CVE-2022-32532] Apache Shiro 1.9.1 released | Systems running Apache Shiro versions prior to
|
|
29 Jun 2022 | VULN220 | Mozilla : Security Vulnerabilities fixed in Thunderbird 91.11 and Thunderbird 102 | Systems running Thunderbird versions prior to 102,
|
|
29 Jun 2022 | VULN219 | Mozilla: Security Vulnerabilities fixed in Firefox | Systems running Firefox versions prior to 102,
|
|
29 Jun 2022 | VULN218 | Foxit : Security updates for Foxit PDF Reader, Foxit PDF Editor, Foxit PhantomPDF | Systems running Foxit PDF Reader, Foxit PDF Editor
|
|
28 Jun 2022 | VULN217 | Qnap: PHP Vulnerability | Systems running QTS versions prior to
|
|
28 Jun 2022 | VULN216 | Google : Multiple vulnerabilities fixed in ChromeOS 103.0.5060.64 | Systems running ChromeOS versions prior to
|
|
28 Jun 2022 | VULN215 | curl: Multiple vulnerabilities in curl 7.84.0 | Systems running curl versions prior to 7.84.0.
|
|
28 Jun 2022 | STAT25 | |
|
|
24 Jun 2022 | VULN214 | Citrix: Citrix Hypervisor Security Update | Systems running Citrix Hypervisor.
|
|
24 Jun 2022 | VULN213 | Jenkins : Jenkins Security Advisory 2022-06-22 | Systems running Jenkins (core), Plugins for
|
|
23 Jun 2022 | VULN212 | Apache : CVE-2022-34305 Apache Tomcat - XSS in examples web application | Systems running Apache Tomcat versions prior to
|
|
23 Jun 2022 | VULN211 | Cisco: Cisco Security Advisories Published on June 22, 2022 | Cisco ASA Software, Cisco ASDM Software.
|
|
23 Jun 2022 | VULN210 | Google Chrome : Multiple vulnerabilities fixed in Chrome 103.0.5060.53 | Systems running Google Chrome versions prior to
|
|
23 Jun 2022 | VULN209 | Cisco : Cisco Security Advisories Published on June 15, 2022 | Systems running Cisco Small Business RV110W, RV130,
|
|
23 Jun 2022 | VULN208 | TYPO3 : Multiple Vulnerabilities fixed in TYPO3 CMS | Systems running TYPO3 CMS versions prior to
|
|
23 Jun 2022 | VULN207 | TYPO3: Cross-Site Scripting Vulnerabilities fixed in TYPO3 extensions | Systems running libconnect for TYPO3,
|
|
17 Jun 2022 | STAT24 | |
|
|
16 Jun 2022 | VULN206 | VMware : CVE-2022-22979: Spring Cloud Function Dos Vulnerability | Systems running Spring Cloud Function versions
|
|
16 Jun 2022 | VULN205 | Microsot : Microsoft Security Update Summary for June 14, 2022 | Systems running .NET and Visual Studio,
|
|
16 Jun 2022 | VULN204 | Citrix : Citrix Application Delivery Management Security Bulletin for CVE-2022-27511 and CVE-2022-27512 | Systems running Citrix ADM server,
|
|
16 Jun 2022 | VULN203 | Xen : Xen Security Advisory CVE-2022-21123,CVE-2022-21124,CVE-2022-21166 / XSA-404 | Systems running Xen with Intel x86.
|
|
13 Jun 2022 | VULN202 | ruby on rails : [CVE-2022-32209] Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer | Systems running Rails::Html::Sanitizer versions
|
|
13 Jun 2022 | VULN201 | Drupal : Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-011 | Systems running Drupal core versions prior
|
|
10 Jun 2022 | STAT23 | |
|
|
9 Jun 2022 | VULN200 | Apache : Security Vulnerabilities Fixed in Apache HTTP Server 2.4.54 | Systems running Apache HTTP Server versions prior
|
|
9 Jun 2022 | VULN199 | Containerd : containerd CRI plugin Host memory exhaustion through ExecSync | Systems running containerd versions prior to
|
|
7 Jun 2022 | STAT22 | |
|
|
3 Jun 2022 | VULN198 | Confluence : Confluence Security Advisory 2022-06-02 | Systems running Confluence Server,
|
|
3 Jun 2022 | VULN197 | GitLab : GitLab Critical Security Release: 15.0.1, 14.10.4, and 14.9.5 | Systems running GitLab versions 6.8.x,
|
|
1 Jun 2022 | VULN196 | Elastic : Elastic Stack 7.17.4 and 8.2.1 Security Update | Systems running Elasticsearch versions 6.8.x,
|
|
1 Jun 2022 | VULN195 | Google : Chrome 102.0.5005.61 fixes multiple security vulnerabilities | Systems running Google Chrome versions prior
|
|
1 Jun 2022 | VULN194 | Mozilla : Security Vulnerabilities fixed in Thunderbird 91.10 | Systems running Thunderbird versions prior
|
|
1 Jun 2022 | VULN193 | Mozilla : Security Vulnerabilities fixed in Firefox 101 | Systems running Firefox versions prior
|
|
1 Jun 2022 | VULN192 | WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2022-0005 | Systems running WebKitGTK, WPE WebKit versions
|
|
31 May 2022 | VULN191 | Grafana : CVE-2022-29170 Grafana Enterprise datasource network restrictions bypass via HTTP redirects | Systems running Grafana Enterprise versions prior
|
|
31 May 2022 | VULN190 | Drupal : Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-010 | Systems running Drupal core versions prior to
|
|
31 May 2022 | VULN189 | Ruby on Rails : Possible shell escape sequence injection vulnerability and DoS in Rack | Systems running Rack versions prior to 2.0.9.1,
|
|
31 May 2022 | VULN188 | SPIP : Mise à jour de maintenance et sécurité sortie de SPIP 4.1.2, SPIP 4.0.7 & SPIP 3.2.15 | Systems running SPIP versions prior to 4.1.2,
|
|
31 May 2022 | VULN187 | Microsoft : Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability | Windows.
|
|
30 May 2022 | STAT21 | |
|
|
25 May 2022 | VULN186 | ISC BIND : CVE-2022-1183 Destroying a TLS session early causes assertion failure | Systems running ISC BIND versions prior to 9.18.3,
|
|
25 May 2022 | VULN185 | Apache : CVE-2022-29599 Apache Maven Commandline class shell injection vulnerabilities | Systems running Apache Maven versions prior to
|
|
25 May 2022 | VULN184 bis | (VMware : VMware Tools for Windows update addresses an XML External Entity (XXE) vulnerability (CVE-2022-22977)) | Systems running VMware Tools for Windows versions
|
|
24 May 2022 | STAT20 | |
|
|
18 May 2022 | VULN184 | VMware : VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities | Systems running VMware Workspace ONE Access
|
|
17 May 2022 | VULN183 | flux2 : Improper kubeconfig validation allows arbitrary code execution | Systems running flux2 (Go ) versions prior to
|
|
17 May 2022 | VULN182 | Project curl : Multiple Vulnerabilities fixed in curl 7.83.1 | Systems running curl versions prior to 7.83.1.
|
|
17 May 2022 | VULN181 | Jenkins : Jenkins Security Advisory 2022-05-17 | Systems running Application Detector Plugin
|
|
16 May 2022 | STAT19 | |
|
|
9 May 2022 | STAT18 | |
|
|
4 May 2022 | VULN180 | Ruby on Rails: Possible XSS Vulnerability in Action Pack and Action View tag helpers | Systems running Rails versions prior to
|
|
4 May 2022 | VULN179 | Nagios : Multiple security vulnerabilities fixed in Nagios XI | Systems running Nagios versions prior to 5.8.9.
|
|
4 May 2022 | VULN178 | GitLab : GitLab Security Release: 14.10.1, 14.9.4, and 14.8.6 | Systems running GitLab versions prior to 14.10.1,
|
|
2 May 2022 | STAT17 | |
|
|
27 Apr 2022 | VULN177 | Atlassian : Jira Security Advisory 2022-04-20 | Systems running Jira versions prior to
|
|
27 Apr 2022 | VULN176 | discourse-assign : Secure assigned user/group private info leaked via bookmark serializer | Systems running discourse-assign versions prior to
|
|
27 Apr 2022 | VULN175 | FreeRDP : Critical Server side NTLM and Moderate Server side authentication vulnerabilities | Systems running FreeRDP versions prior to 2.7.0.
|
|
27 Apr 2022 | VULN174 | Apache : CVE-2022-23942 Apache Doris hardcoded cryptography initialization | Systems running Apache Doris versions prior to
|
|
27 Apr 2022 | VULN173 | Project curl : Multiple Vulnerabilities fixed in curl 7.83.0 | Systems running curl versions prior to 7.83.0.
|
|
26 Apr 2022 | VULN172 | (Kibana : Kibana Exposure of Sensitive Information (ESA-2022-05)) | Systems running Kibana versions prior to 7.17.3,
|
|
26 Apr 2022 | VULN171 | GLPI : Multiple security vulnerabilities fixed in GLPI 10.0.0 | Systems running GLPI versions prior to 10.0.0.
|
|
26 Apr 2022 | VULN170 | Apache : CVE-2022-24706 Apache CouchDB Remote Code Execution Vulnerability in Packaging | Systems running Apache CouchDB versions
|
|
26 Apr 2022 | VULN169 | WSO2 : WSO2-2021-1738 Unrestricted arbitrary file upload and remote code to execution vulnerability | Systems running WSO2 API Manager 2.2.0 and above,
|
|
25 Apr 2022 | STAT16 | |
|
|
21 Apr 2022 | VULN168 | Spring by VMware : CVE-2022-22969 Denial-of-Service (DoS) in spring-security-oauth2 | Systems running Spring Security OAuth versions
|
|
21 Apr 2022 | VULN167 | Cisco: Cisco Security Advisories Published on April 20, 2022 | Systems running Cisco TelePresence Collaboration
|
|
21 Apr 2022 | VULN166 | Drupal: Drupal core - Moderately critical - Access bypass - SA-CORE-2022-009 | Systems running Drupal core versions prior to
|
|
21 Apr 2022 | VULN165 | node-convict: Prototype Pollution in convict | Systems running Convict versions prior to 6.2.2.
|
|
20 Apr 2022 | VULN164 | Oracle: April 2022 Critical Patch Update Released | Systems running Oracle products.
|
|
19 Apr 2022 | STAT15 | |
|
|
15 Apr 2022 | VULN163 | xzgrep: xzgrep security fix for XZ Utils <= 5.2.5, 5.3.2alpha | Systems running xzgrep versions prior to
|
|
15 Apr 2022 | VULN162 | mutt : mutt 2.2.3 fix buffer overread vulnerability CVE-2022-1328 | Systems running mutt versions prior to 2.2.3.
|
|
15 Apr 2022 | VULN161 | Google Chrome: Type Confusion vulnerabilit in V8 fixed in Chrome 100.0.4896.127 | Systems running Google Chrome versions prior to
|
|
15 Apr 2022 | VULN160 | (Discourse (): Multiple vulnerabilities fixed in Discourse ()) | Systems running Discourse ( ) versions prior
|
|
15 Apr 2022 | VULN159 | Git for Windows : Uncontrolled search for the Git directory and DLL hijacking vulnerabilities | Systems running Git for Windows versions prior
|
|
14 Apr 2022 | VULN158 | Citrix : CTX341455,Citrix Gateway Plug-in for Windows Security Bulletin for CVE-2022-21827 | Systems running Citrix Gateway Plug-in for Windows
|
|
14 Apr 2022 | VULN157 | Citrix : CTX370551 Citrix Endpoint Management (XenMobile Server) Security Bulletin for CVE-2021-44519, CVE-2021-44520, and CVE-2022-26151 | Systems running Citrix Endpoint Management
|
|
14 Apr 2022 | VULN156 | Apache : CVE-2022-27479 Apache Superset SQL injection vulnerability in chart data API | Systems running Apache Superset versions prior to
|
|
14 Apr 2022 | VULN155 | (VMware : VMware Cloud Director update addresses remote code execution vulnerability (CVE-2022-22966)) | Systems running VMware Cloud Director versions
|
|
14 Apr 2022 | VULN154 | Microsoft : Microsoft Security Update Summary for April 12, 2022 | Systems running .NET Framework,
|
|
13 Apr 2022 | VULN153 | Apache : CVE-2021-31805 Apache Struts Forced OGNL evaluation may lead to RCE | Systems running Apache Struts versions prior
|
|
13 Apr 2022 | VULN152 | Jenkins : Jenkins Security Advisory 2022-04-12 | Systems running Credentials Plugin for Jenkins,
|
|
12 Apr 2022 | VULN151 | Apache : Apache Subversion 1.14.2 and 1.10.8 released | Systems running Apache Subversion versions prior
|
|
12 Apr 2022 | VULN150 | Nokogiri : Multiple vulnerabilities fixed in Nokogiri 1.13.4 | Systems running Nokogiri versions prior to 1.13.4.
|
|
12 Apr 2022 | VULN149 | Ruby : Buffer overrun in String-to-Float conversion and Double free in Regexp compilation | Systems running Ruby versions prior to 2.6.10,
|
|
12 Apr 2022 | VULN148 | Libarchive : Libarchive 3.6.1 bugfix and security release | Systems running Libarchive versions prior to
|
|
12 Apr 2022 | VULN147 | Django : Django security releases issued: 4.0.4, 3.2.13, and 2.2.28 | Systems running Django versions prior to 4.0.4,
|
|
12 Apr 2022 | VULN146 | WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2022-0004 | Systems running WebKitGTK, WPE WebKit versions
|
|
11 Apr 2022 | STAT14 | |
|
|
7 Apr 2022 | VULN145 | (VMware : VMware Horizon Client for Linux update addresses multiple vulnerabilities (CVE-2022-22962, CVE-2022-22964)) | Systems running VMware Horizon Client for Linux
|
|
7 Apr 2022 | VULN144 | VMware : VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address Critical vulnerabilities | Systems running VMware Workspace ONE Access
|
|
6 Apr 2022 | VULN143 | Fortinet : Multiple vulnerabilities fixed in FortiClient | Windows, Linux running FortiClient versions prior
|
|
6 Apr 2022 | VULN142 | Fortinet : Multiple vulnerabilities fixed in FortiEDR | Systems running FortiEDR versions prior to 5.0.3,
|
|
6 Apr 2022 | VULN141 | Fortinet : Multiple vulnerabilities fixed in FortiWAN 4.5.9 | Systems running FortiWAN versions prior to 4.5.9.
|
|
6 Apr 2022 | VULN140 | Citrix : CTX390511 Citrix Hypervisor Security Update | Systems running Citrix Hypervisor, XenServer.
|
|
6 Apr 2022 | VULN139 | Google Chrome : Chrome 100.0.4896.75 fixes Type Confusion vulnerability in V8 | Systems running Google Chrome versions prior to
|
|
6 Apr 2022 | VULN138 | Apache : CVE-2022-25757 Apache APISIX the body_schema check in request-validation plugin can be bypassed | Systems running Apache APISIX versions prior to
|
|
6 Apr 2022 | VULN137 | Apache : CVE-2022-23974 Apache Pinot Pinot segment push endpoint has a vulnerability in unprotected environments | Systems running Apache Pinot versions prior to
|
|
6 Apr 2022 | VULN136 | Xen : Multiple vulnerabilities fixed in Xen | -
|
|
4 Apr 2022 | VULN135 | Zimbra : Multiple vulnerabilities fixed in Zimbra 9.0.0 P24, 8.8.15 | Systems running Zimbra versions prior to 9.0.0 P24,
|
|
4 Apr 2022 | VULN134 | GitLab : GitLab Critical Security Release: 14.9.2, 14.8.5, and 14.7.7 | Systems running GitLab versions prior to 14.9.2,
|
|
4 Apr 2022 | STAT13 | |
|
|
31 Mar 2022 | VULN133 | Spring by VMware : CVE-2022-22963 Remote code execution in Spring Cloud Function by malicious Spring Expression | Systems running Spring Cloud Function versions
|
|
31 Mar 2022 | VULN132 | Spring Boot : Spring Boot 2.6.6 and 2.5.12 fix CVE-2022-22965 RCE vulnerability | Systems running Spring Boot versions prior to
|
|
31 Mar 2022 | VULN131 | Spring by VMware : CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+ | Systems running Spring Framework versions prior to
|
|
30 Mar 2022 | VULN130 | Joomla! : Multiple vulnerabilities fixed in Joomla! CMS versions 3.10.7, 4.1.1 | Systems running Joomla! CMS versions prior to
|
|
30 Mar 2022 | VULN129 | Jenkins : Jenkins Security Advisory 2022-03-29 | Systems running Bitbucket Server Integration Plugin
|
|
30 Mar 2022 | VULN128 | (VMware : VMware vCenter Server updates address an information disclosure vulnerability (CVE-2022-22948)) | Systems running vCenter Server versions prior to
|
|
28 Mar 2022 | STAT12 | |
|
|
24 Mar 2022 | VULN127 | (VMware : VMware Carbon Black App Control update addresses multiple vulnerabilities (CVE-2022-22951, CVE-2022-22952)) | Systems running VMware Carbon Black App Control
|
|
23 Mar 2022 | VULN126 | PJSIP : Potential stack buffer overflow when printing SDP into a buffer | Systems running PJSIP versions 2.12 or lower.
|
|
23 Mar 2022 | VULN125 | Drupal : Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-006 | Systems running Drupal core versions prior to
|
|
23 Mar 2022 | VULN124 | CKEditor 4 : HTML processing vulnerability allowing to execute JavaScript code and Regular expression Denial of Service | Systems running CKEditor 4 versions prior to
|
|
22 Mar 2022 | VULN123 | CRI-O : cri-o Arbitrary code execution and Sysctls arbitrary application to containers | Systems running CRI-O versions prior to 1.19.6,
|
|
18 Mar 2022 | VULN122 | WordPres : WordPress 5.9.2 Security and Maintenance Release | Systems running WordPress versions prior to 5.9.2.
|
|
18 Mar 2022 | VULN121 | Node.js : OpenSSL security releases require Node.js security releases | Systems running Node.js versions prior to
|
|
21 Mar 2022 | STAT11 | |
|
|
17 Mar 2022 | VULN120 | Drupal : Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-005 | Systems running Drupal core versions prior
|
|
17 Mar 2022 | VULN119 | ISC BIND : Multiple vulnerabilities fixed in ISC BIND | Systems running ISC BIND versions prior to 9.11.37,
|
|
16 Mar 2022 | VULN118 | Apache : Multiple vulnerabilities fixed in Apache HTTP Server 2.4.53 | Systems running Apache HTTP Server versions prior
|
|
16 Mar 2022 | VULN117 | OpenSSL : OpenSSL Security Advisory [15 March 2022] | Systems running OpenSSL versions prior to 1.1.1n,
|
|
16 Mar 2022 | VULN116 | Jenkins : Jenkins Security Advisory 2022-03-15 | Systems running CloudBees AWS Credentials Plugin
|
|
14 Mar 2022 | STAT10 | |
|
|
9 Mar 2022 | VULN115 | Xen : XSA-398 Multiple speculative security issues | Xen.
|
|
9 Mar 2022 | VULN114 | Adobe : Security Updates Available for Adobe Illustrator APSB22-15 | Windows, macOS running Adobe Illustrator versions
|
|
9 Mar 2022 | VULN113 | Debian : linux security update | Debian linux bullseye versions prior to
|
|
9 Mar 2022 | VULN112 | Microsoft : Microsoft Security Update Summary for March 8, 2022 | Systems running .NET et Visual Studio,
|
|
8 Mar 2022 | VULN111 | SPIP : Mise à jour critique de sécurité sorties de SPIP 4.0.5 et SPIP 3.2.14 | Systems running SPIP versions prior to 4.0.5,
|
|
8 Mar 2022 | VULN110 | Elastic : Elastic Stack 7.17.1 Security Update | Systems running Elastic Stack versions prior to
|
|
7 Mar 2022 | VULN109 | Nokogiri: Vulnerable dependencies in Nokogiri | Systems running Nokogiri versions prior to 1.13.2.
|
|
7 Mar 2022 | VULN108 | CodeIgniter4 : Remote CLI Command Execution and CSRF Protection Bypass Vulnerabilities | Systems running CodeIgniter4 versions prior to
|
|
7 Mar 2022 | VULN107 | Containerd: containerd CRI plugin Insecure handling of image volumes | Systems running Containerd versions prior to
|
|
7 Mar 2022 | VULN106 | GitLab: GitLab Critical Security Release: 14.8.2, 14.7.4, and 14.6.5 | Systems running GitLab versions prior to 14.8.2,
|
|
7 Mar 2022 | VULN105 | Mozilla : Security Vulnerabilities fixed in Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0 | Systems running Firefox versions prior to 97.0.2,
|
|
4 Mar 2022 | STAT09 | |
|
|
2 Mar 2022 | VULN104 | Fortinet : FortiAnalyzer, FortiManager - bypass of client-side password change policy enforcement | Systems running FortiAnalyzer, FortiManager
|
|
2 Mar 2022 | VULN103 | Fortinet : FortiManager --- Password observed in cleartext in the config conflict file | Systems running FortiManager versions prior to
|
|
2 Mar 2022 | VULN102 | Fortinet : FortiOS - Bypassing FortiGate security profiles via SNI in Client Hello | FortiOS.
|
|
2 Mar 2022 | VULN101 | Fortinet : FortiWLM - Path traversal, unauthorized code or commands execution vulnerabilities | Systems running FortiWLM versions prior to 8.6.3.
|
|
2 Mar 2022 | VULN100 | Fortinet : FortiPortal - Insecure password generation | Systems running FortiPortal versions
|
|
2 Mar 2022 | VULN099 | Fortinet : FortiMail authentication bypass and Unsafe handling of CGI environment parameters | Systems running FortiMail versions
|
|
2 Mar 2022 | VULN098 | Fortinet : FortiAP-C - Command injection in CLI | Systems running FortiAP-C versions prior to 5.4.4.
|
|
2 Mar 2022 | VULN097 | (VMware : VMware Tools for Windows update addresses an uncontrolled search path vulnerability (CVE-2022-22943)) | Windows running VMware Tools for Windows versions
|
|
28 Feb 2022 | STAT08 | |
|
|
24 Feb 2022 | VULN096 | (IBM : IBM WebSphere Application Server is vulnerable to remote code execution due to,Dojo (CVE-2021-23450)) | Systems running IBM WebSphere Application Server.
|
|
24 Feb 2022 | VULN095 | (VMware : VMware Workspace ONE Boxer update addresses a stored cross-site scripting (XSS) vulnerability (CVE-2022-22944)) | iOS running VMware Workspace ONE Boxer versions
|
|
24 Feb 2022 | VULN094 | Cyrus : Cyrus-SASL 2.1.28 fix off by one and Escape password for SQL vulnerabilities | Systems running Cyrus-SASL versions prior to
|
|
23 Feb 2022 | VULN093 | Cisco : Cisco Security Advisories Published on February 23, 2022 | Cisco NX-OS Software,
|
|
23 Feb 2022 | VULN092 | TYPO3 : TYPO3-PSA-2022-001 Sanitization bypass in SVG Sanitizer | Systems running TYPO3 CMS versions prior
|
|
23 Feb 2022 | VULN091 | Capsule Proxy : Privilege escalation using hop-by-hop Connection header | Systems running capsule-proxy versions prior
|
|
22 Feb 2022 | VULN090 | (PHP : PHP 8.1.3, 8.0.16, 7.4.28 fix Use-After-Free (CVE-2021-21708)) | Systems running PHP versions prior to 8.1.3,
|
|
22 Feb 2022 | VULN089 | Debian : [DSA 5081-1] redis security update | Debian running redis versions prior to
|
|
22 Feb 2022 | VULN088 | Apache : CVE-2022-23437 Infinite loop within Apache XercesJ xml parser | Systems running XercesJ versions prior to 2.12.2.
|
|
22 Feb 2022 | VULN087 | Expat : Expat Release 2.4.6 fixes regression in security release 2.4.5 | Systems running Expat versions prior to 2.4.6.
|
|
18 Feb 2022 | STAT07 | |
|
|
18 Feb 2022 | VULN086 | Next.js : Improper CSP in Image Optimization API for Next.js versions between 10.0.0 and 12.0.10 | Systems running Next.js versions prior to 12.1.0.
|
|
18 Feb 2022 | VULN085 | WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2022-0003 | Systems running WebKitGTK, WPE WebKit versions
|
|
17 Feb 2022 | VULN084 | Drupal : Drupal core - Improper input validation and Information disclosure | Systems running Drupal core versions prior to
|
|
17 Feb 2022 | VULN083 | Cisco : Cisco Security Advisories Published on February 16, 2022 | Systems running Cisco Email Security Appliance
|
|
17 Feb 2022 | VULN082 | (VMware : Mware NSX Data Center for vSphere update addresses CLI shell injection vulnerability (CVE-2022-22945)) | Systems running VMware NSX Data Center for vSphere
|
|
17 Feb 2022 | VULN081 | PostgreSQL : PostgreSQL JDBC 42.3.3 Released | Systems running PostgreSQL JDBC versions prior to
|
|
16 Feb 2022 | VULN080 | Jenkins : Jenkins Security Advisory 2022-02-15 | Systems running Agent Server Parameter Plugin for
|
|
16 Feb 2022 | VULN079 | Google : Multiple vulnerabilities fixed in Chrome 98.0.4758.102 | Systems running Google Chrome versions prior to
|
|
15 Feb 2022 | VULN078 | APPLE : APPLE-SA-2022-02-10-1 iOS 15.3.1 and iPadOS 15.3.1 | iOS, iPadOS versions prior to 15.3.1.
|
|
15 Feb 2022 | VULN077 | APPLE : APPLE-SA-2022-02-10-3 Safari 15.3 | Systems running Safari versions prior to 15.3.
|
|
15 Feb 2022 | VULN076 | APPLE : APPLE-SA-2022-02-10-2 macOS Monterey 12.2.1 | macOS Monterey versions prior to 12.2.1.
|
|
15 Feb 2022 | VULN075 | VMware : VMSA-2022-0004 VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities | Systems running VMware ESXi,
|
|
14 Feb 2022 | STAT06 | |
|
|
10 Feb 2022 | VULN074 | Citrix : CTX337526 Security Advisory for Citrix Hypervisors | Systems running Citrix Hypervisor, XenServer.
|
|
10 Feb 2022 | VULN073 | WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2022-0002 | Systems running WebKitGTK, WPE WebKit versions
|
|
10 Feb 2022 | VULN072 | Jenkins : Jenkins Security Advisory 2022-02-09 | Systems running Jenkins versions prior to 2.334,
|
|
9 Feb 2022 | VULN071 | Tenable : [R1] Nessus Versions 8.15.3 and 10.1.1 Fix Multiple Third-Party Vulnerabilities | Systems running Nessus versions prior to 8.15.3,
|
|
9 Feb 2022 | VULN070 | Mozilla : Security Vulnerabilities fixed in Firefox ESR 91.6, 97 | Systems running Firefox versions prior to ESR 91.6,
|
|
9 Feb 2022 | VULN069 | Microsoft : Microsoft Security Update Summary for February 8, 2022 | Azure Data Explorer, Serveur web Kestrel,
|
|
8 Feb 2022 | VULN068 | Google : Chrome OS 98.0.4758.9 fixes multiple vulnerabilities | Chrome OS versions prior to 98.0.4758.9.
|
|
8 Feb 2022 | VULN067 | Apache : CVE-2022-23913 Apache ActiveMQ Artemis DoS | Systems running Apache ActiveMQ Artemis versions
|
|
8 Feb 2022 | VULN066 | Apache : CVE-2021-43350 Apache Traffic Control LDAP filter injection vulnerability in Traffic Ops | Systems running Apache Traffic Control versions
|
|
8 Feb 2022 | VULN065 | Fleet : Limited ability to spoof SAML authentication and Possible DoS fixed | Systems running Fleet versions prior to 4.9.1,
|
|
7 Feb 2022 | VULN064 | Zimbra : Hotfix Available 5 Feb for Zero-day Exploit Vulnerability in Zimbra 8.8.15 | Systems running Zimbra versions prior to 8.8.15.
|
|
4 Feb 2022 | STAT05 | |
|
|
3 Feb 2022 | VULN063 | Google Chrome : Multiple vulnerabilities fixed in Chrome 98.0.4758.80 | Systems running Google Chrome versions prior to
|
|
3 Feb 2022 | VULN062 | Cisco : Cisco Security Advisories Published on February 02, 2022 | Cisco Small Business RV Series Routers,
|
|
3 Feb 2022 | VULN061 | Fortinet : Multiple vulnerabilities fixed in Fortiweb | Systems running FortiWeb versions prior to 7.0.0,
|
|
3 Feb 2022 | VULN060 | Shibboleth IdP : OpenID Connect OP plugin allows unchecked use of request_uri feature | Systems running Shibboleth OIDC OP plugin versions
|
|
3 Feb 2022 | VULN059 | Neo4j : Path traversal in Neo4j Graph Database | Systems running Neo4j Graph Database versions
|
|
3 Feb 2022 | VULN058 | Postgresql JDBC : Remote code execution vulnerability using plugin features | Systems running org.postgresql (java) versions
|
|
1 Feb 2022 | VULN057 | Casdoor : CSRF token missing in forms | Systems running Casdoor versions prior to 1.13.1.
|
|
1 Feb 2022 | VULN056 | ipython : Execution with Unnecessary Privileges in ipython | Systems running ipython (pip) versions prior to
|
|
1 Feb 2022 | VULN055 | Apache : CVE-2021-44451: Apache Superset API sensitive information leak | Systems running Apache Superset versions prior to
|
|
1 Feb 2022 | VULN054 | Symfony : CSRF token missing in forms | Systems running Symfony versions 5.3.14,5.4.3,6.0.3
|
|
1 Feb 2022 | VULN053 | Django : Django security releases issued: 4.0.2, 3.2.12, and 2.2.27 | Systems running Django versions prior to
|
|
1 Feb 2022 | VULN052 | Samba : Samba 4.15.5, 4.14.12, 4.13.17 Security Releases | Systems running Samba versions prior to 4.15.5,
|
|
31 Jan 2022 | VULN051 | APPLE-SA-2022-01-26-1 iOS 15.3 and iPadOS 15.3 | Systems running iOS, iPadOS versions prior to 15.3.
|
|
31 Jan 2022 | VULN050 | APPLE : APPLE-SA-2022-01-26-7 Safari 15.3 | Systems running Safari versions prior to 15.3.
|
|
31 Jan 2022 | VULN049 | APPLE : APPLE-SA-2022-01-26 macOS security updates | macOS Monterey versions prior to 12.2,
|
|
31 Jan 2022 | VULN048 | (OpenSSL : BN_mod_exp may produce incorrect results on MIPS (CVE-2021-4160)) | Systems running OpenSSL versions prior to 1.1.1m,
|
|
31 Jan 2022 | VULN047 | (Rust : Security advisory for the standard library (CVE-2022-21658)) | Systems running Rust versions prior to 1.58.1.
|
|
28 Jan 2022 | STAT04 | |
|
|
27 Jan 2022 | VULN046 | Debian : DSA-5050 linux - security update | Linux kernel.
|
|
27 Jan 2022 | VULN045 | Ubuntu : PolicyKit local escalation to administrator vulnerability | Ubuntu running policykit-1.
|
|
27 Jan 2022 | VULN044 | Red Hat : Important polkit security update | Red Hat Enterprise Linux running polkit.
|
|
27 Jan 2022 | VULN043 | SUSE : Security update for polkit | Linux kernel.
|
|
27 Jan 2022 | VULN042 | SUSE : Multiple security vulnerabilities fixed in Linux kernel | Linux kernel.
|
|
27 Jan 2022 | VULN041 | Ubuntu : CVE-2022-0185 Linux kernel vulnerability | Linux kernel.
|
|
27 Jan 2022 | VULN040 | Debian : usbview security update CVE-2022-23220 | Debian Linux running usbview.
|
|
27 Jan 2022 | VULN039 | Debian : [DSA 5059-1] policykit-1 security update CVE-2021-4034 | Debian running policykit-1.
|
|
27 Jan 2022 | VULN038 | RedHat : CVE-2022-0185 could cause local privilege escalation | linux.
|
|
27 Jan 2022 | VULN037 | Xen : CVE-2022-23181 Apache Tomcat Local Privilege Escalation | Systems running Xen.
|
|
27 Jan 2022 | VULN036 | Apache : CVE-2022-23181 Apache Tomcat Local Privilege Escalation | Systems running Apache Tomcat versions prior
|
|
27 Jan 2022 | VULN035 | WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 | Systems running WebKitGTK, WPE WebKit versions
|
|
25 Jan 2022 | VULN034 | (Strongswan : strongSwan Vulnerability (CVE-2021-45079)) | Systems running strongswan versions from 4.1.2 and
|
|
25 Jan 2022 | VULN033 | Moodle : Multiple vulnerabilities fixed in Moodle | Systems running Moodle versions prior to 3.11.5,
|
|
25 Jan 2022 | VULN032 | Phpmyadmin : Authentication bypass, XSS and HTML injection attacks fixed | Systems running phpmyadmin versions prior to 4.9.8,
|
|
25 Jan 2022 | VULN031 | Drupal : Multiple vulnerabilities fixed in Drupal core | Systems running Drupal core versions prior to
|
|
21 Jan 2022 | STAT03 | |
|
|
21 Jan 2022 | VULN030 | Cisco : Cisco Security Advisories Published on January 19, 2022 | Systems running Cisco StarOS Software,
|
|
19 Jan 2022 | VULN029 | Node.js : January 10th 2022 Security Releases | System Running Nodejs package
|
|
19 Jan 2022 | VULN028 | shelljs : Improper Privilege Management in shell.exec | System Running shelljs package
|
|
19 Jan 2022 | VULN027 | (:VMware CVE-2021-22060: Additional Log Injection in Spring Framework (follow-up to CVE-2021-22096)) | System Running VMware Spring Framework
|
|
19 Jan 2022 | VULN026 | Oracle: January 2022 Critical Patch Update Released | System Windows Running Oracle
|
|
19 Jan 2022 | VULN025 | vmware: VMware Workstation and Horizon Client for Windows updates address a denial-of-service vulnerability | System Windows Running VMware Workstation and
|
|
14 Jan 2022 | STAT02 | |
|
|
14 Jan 2022 | VULN024 | Adobe: Security update available for Adobe Acrobat and Reader APSB22-01 | Windows, macOS running Adobe InCopy versions prior
|
|
14 Jan 2022 | VULN023 | Citrix : Citrix Hypervisor Security Update | Systems running Citrix Hypervisor.
|
|
13 Jan 2022 | VULN022 | APPLE : APPLE-SA-2022-01-12-1 iOS 15.2.1 and iPadOS 15.2.1 | Systems running iOS, iPadOS versions prior to 15.2.1.
|
|
13 Jan 2022 | VULN021 | Samba : Symlink race error can allow directory creation outside of the exported share | Systems running Samba versions prior to 4.13.16.
|
|
13 Jan 2022 | VULN020 | Cisco : Cisco Security Advisories Published on January 12, 2022 | Systems running Cisco Unified CCMP/CCDM Release,
|
|
13 Jan 2022 | VULN019 | Jenkins: | Systems running Jenkins
|
|
13 Jan 2022 | VULN018 | Mozilla: Security Vulnerabilities fixed in Firefox 96 and ESR 91.5 | Systems running Firefox versions prior to 96,
|
|
13 Jan 2022 | VULN017 | Gitlab: GitLab Security Release 14.6.2, 14.5.3, and 14.4.5 | Systems running GitLAb
|
|
13 Jan 2022 | VULN016 | Mozilla: Security Vulnerabilities fixed in Thunderbird 91.5 | Systems running Mozilla Thunderbird
|
|
13 Jan 2022 | VULN015 | Citrix: Citrix Workspace App for Linux Security Update | Systems running CitrixWorkspace App
|
|
13 Jan 2022 | VULN014 | : (Microsoft : Microsoft Security Update Summary for January 11, 2022 | Systems running .NET Framework, Microsoft Dynamics,
|
|
11 Jan 2022 | VULN013 | h2database : RCE in H2 Console | Systems running H2 Console
|
|
11 Jan 2022 | VULN012 | Android : Android Security Bulletin-January 2022 | Systems running Android
|
|
10 Jan 2022 | VULN011 | QNAP TFTP: Reflected XSS Vulnerability in TFTP Server | Systems running QNAP TFTP
|
|
10 Jan 2022 | VULN010 | QNAP QVPN : Vulnerability in QVPN Service | Systems running QNAP QVPN
|
|
10 Jan 2022 | VULN009 bis | Roundcube: Update 1.5.2 released | Systems running roudcube
|
|
10 Jan 2022 | VULN008 bis | Roundcube: Security update 1.4.13 released | Systems running roudcube
|
|
7 Jan 2022 | STAT01 | |
|
|
7 Jan 2022 | VULN009 | Apache Struts: Struts 2.5.28.2 General Availability | Systems running Apache Struts
|
|
7 Jan 2022 | VULN008 | Shibboleth: Shibboleth Identity Provider Plugin Security Advisory | Systems running Shibboleth
|
|
7 Jan 2022 | VULN007 | WordPress : WordPress 5.8.3 Security Release | Systems running WordPress
|
|
6 Jan 2022 | VULN006 | Apache Kylin:Multiples Vulnerabilities | Systems running Apache Kylin
|
|
6 Jan 2022 | VULN005 | Apache Geode: Apache Geode 1.12.7, 1.13.6, and 1.14.2 | Systems running Apache Geode
|
|
6 Jan 2022 | VULN004 | Apache Portals Pluto : Apache Pluto 3.1.1 fixes multiple XSS vulnerabilities | Systems running Apache Pluto
|
|
6 Jan 2022 | VULN003 | Google Chrome : Multiple vulnerabilities in Google Chrome | Systems running Google Chrome
|
|
6 Jan 2022 | VULN002 | VMware: VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability (CVE-2021-22045) | Systems running VMWare
|
|
4 Jan 2022 | VULN001 | Django : Django security releases issued: 4.0.1, 3.2.11, and 2.2.26 | Systems running Django versions prior to 4.0.1,
|