Voici la liste des derniers avis du CERT-Renater en 2017 :


29 Dec 2017STAT52
28 Dec 2017VULN411Drupal : me aliases - Highly critical - Arbitrary code execution - SA-CONTRIB-2017-097Systems running me aliases for Drupal versions
28 Dec 2017VULN410OTRS : Security Update for OTRS FrameworkSystems running OTRS versions prior to 6.0.3,
28 Dec 2017VULN409Enigmail : Enigmail v1.9.9 addresses a number of security vulnerabilitiesSystems running Enigmail versions prior to 1.9.9.
27 Dec 2017VULN408WebKitGTK+ : WebKitGTK+ Security Advisory WSA-2017-0010Systems running WebKitGTK+ versions prior to
18 Dec 2017VULN407Qnap : Security Advisory for Buffer Overflow Vulnerabilities in QTSQTS versions prior to 4.2.6 build 20171208,
22 Dec 2017STAT51
15 Dec 2017STAT50
15 Dec 2017VULN406Ruby : CVE-2017-17405 Command injection vulnerability in Net::FTPSystems running Ruby.
14 Dec 2017VULN405Palo Alto : Remote code execution vulnerabilities fixed in PAN-OSPAN-OS versions prior to 6.1.19, 7.0.19, 7.1.14,
14 Dec 2017VULN404Jenkins : Random failures to initialize the setup wizard on startupSystems running Jenkins versions 2.81 up to and
14 Dec 2017VULN399APPLE : APPLE-SA-2017-12-13-4 iTunes 12.7.2 for WindowsWindows versions 7 and later running iTunes
14 Dec 2017VULN403Asterisk : Asterisk Project Security Advisory - AST-2017-012Systems running Asterisk Open Source versions
14 Dec 2017VULN402APPLE : APPLE-SA-2017-12-12-2 -1 AirPort Base Station Firmware Update 7.6.9 and 7.7.9AirPort Base Station Firmware versions prior to
14 Dec 2017VULN401APPLE : APPLE-SA-2017-12-13-3 iCloud for Windows 7.2Windows versions 7 and later running iCloud
14 Dec 2017VULN400APPLE : APPLE-SA-2017-12-13-1 iOS 11.2.1iOS versions prior to 11.2.1.
14 Dec 2017VULN398APPLE : APPLE-SA-2017-12-13-5 Safari 11.0.2Systems Safari versions prior to 11.0.2.
13 Dec 2017VULN397US-CERT : TLS implementations may disclose side channel informationSystems running TLS implementations.
13 Dec 2017VULN396Adobe : Security updates available for Flash Player APSB17-42Systems running Adobe Flash Player versions prior
13 Dec 2017VULN395Citrix : Vulnerabilities in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler GatewaySystems running Citrix NetScaler, Citrix NetScaler
13 Dec 2017VULN394VMware : VMware AirWatch Console updates address Broken Access ControlSystems running VMware AirWatch Console versions
13 Dec 2017VULN393Microsoft : Microsoft Security Update Summary for December 2017Windows versions 7, 8.1, RT 8.1, 10,
12 Dec 2017VULN392Xen : Multiple security vulnerabilities fixed in XenSystems running Xen.
12 Dec 2017VULN391Jenkins : Arbitrary file read vulnerability in Script Security PluginSystems running Script Security Plugin for Jenkins
12 Dec 2017VULN390Cisco : Bleichenbacher Attack on TLS Affecting Cisco Products December 2017Cisco products running TLS stack implementations.
11 Dec 2017VULN389PowerDNS : Crafted CNAME answer can cause a denial of serviceSystems running PowerDNS versions 4.0.x prior to
11 Dec 2017VULN388GraphicsMagick : GraphicsMagick 1.3.27 fixes multiple security vulnerabilitiesSystems running GraphicsMagick versions prior to
11 Dec 2017VULN387Apache Synapse : CVE-2017-15708 Apache Synapse Remote Code Execution VulnerabilitySystems running Apache Synapse versions prior to
8 Dec 2017STAT49
8 Dec 2017VULN386Google Chrome : Google Chrome 63.0.3239.84 fixes multiple security vulnerabilitiesSystems running Google Chrome versions prior to
8 Dec 2017VULN385Mozilla : Security vulnerabilities fixed in Firefox ESR 52.5.2 and Firefox 57.0.2Systems running Firefox versions prior to 57.0.2,
8 Dec 2017VULN384OpenSSL : Vulnerabilities fixed in OpenSSL 1.0.2nSystems running OpenSSL versions prior to 1.0.2n.
7 Dec 2017VULN383Jenkins : EC2 Plugin Arbitrary shell command executionSystems running EC2 Plugin for Jenkins versions
7 Dec 2017VULN382Microsoft : CVE-2017-11937 Microsoft Malware Protection Engine Remote Code Execution VulnerabilityWindows running Microsoft Malware Protection
7 Dec 2017VULN381APPLE : APPLE-SA-2017-12-6-4 tvOS 11.2tvOS versions prior to 11.2.
7 Dec 2017VULN380APPLE : APPLE-SA-2017-12-6-3 watchOS 4.2watchOS versions prior to 4.2.
7 Dec 2017VULN379APPLE : APPLE-SA-2017-12-6-2 iOS 11.2iOS versions prior to 11.2.
7 Dec 2017VULN378APPLE : APPLE-SA-2017-12-6-1 macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El CapitanmacOS X versions prior to 10.13.2.
5 Dec 2017VULN377Jenkins : Jenkins Security Advisory 2017-12-05Systems running Jenkins versions 2 prior to
5 Dec 2017VULN376Wireshark : Multiple Vulnerabilities fixed in WiresharkSystems running Wireshark versions 2 prior to
5 Dec 2017VULN375Mozilla : Security vulnerabilities fixed in Firefox 57.0.1Systems running Firefox versions prior to 57.0.1.
4 Dec 2017VULN374Asterisk : DOS Vulnerability in Asterisk chan_skinnySystems running Asterisk Open Source versions
4 Dec 2017VULN373Citrix XenServer : Citrix XenServer Multiple Security UpdatesSystems running Citrix XenServer versions up to
4 Dec 2017VULN372Apache Struts : Vulnerabilities fixed in Apache StrutsSystems running Apache Struts versions prior to
1 Dec 2017STAT48
30 Nov 2017VULN371WordPress : WordPress 4.9.1 Security and Maintenance ReleaseSystems running WordPress versions prior to 4.9.1.
30 Nov 2017VULN370APPLE : Administrator authentication bypass vulnerability in macOS fixedmacOS versions 10.12.6 and later prior to 10.13.1.
29 Nov 2017VULN369Cisco : Multiple Vulnerabilities in Cisco WebEx Recording Format and Advanced Recording Format PlayersSystems running Cisco WebEx Business Suite,
29 Nov 2017VULN368curl : buffer overflow, out of bounds reads vulnerabilities fixedSystems running libcurl versions 7.21.0 up to and
28 Nov 2017VULN367Xen : DoS, information leak or full privilege escalation vulnerabilities fixed in XenSystems running Xen versions from 3.4.x onwards.
28 Nov 2017VULN366PowerDNS : Multiple vulnerabilities fixed in PowerDNSSystems running PowerDNS Authoritative Server
27 Nov 2017VULN365Exim : Critical Exim Security Vulnerability disable chunkingSystems running Exim.
27 Nov 2017VULN364Mozilla : Security vulnerabilities fixed in Thunderbird 52.5Systems running Mozilla Thunderbird versions prior
24 Nov 2017VULN363Atlassian : Hipchat Server Security Advisory 2017-11-22Systems running Hipchat Server,
24 Nov 2017STAT47
24 Nov 2017VULN362US-CERT : Install Norton Security for Mac does not verify SSL certificatesSystems running Install Norton Security for Mac
24 Nov 2017VULN361OTRS : Security Advisory 2017-07 Security Update for OTRS FrameworkSystems running OTRS version prior to 5.0.24,
23 Nov 2017VULN360Cacti : Cacti 1.1.28 fixes multiple security vulnerabilitiesSystems running Cacti version prior to 1.1.28.
22 Nov 2017VULN359Samba : Server heap memory information leak and Use-after-free vulnerabilitySystems running Samba version prior to 4.7.3,
22 Nov 2017VULN358Moodle : Students can find out email addresses of other students in the same courseSystems running Moodle versions prior to 3.4,
21 Nov 2017VULN357US-CERT : Microsoft Windows 8 non-DYNAMICBASE applications relocation vulnerabilityMicrosoft Windows version 8.
21 Nov 2017VULN356US-CERT : Microsoft Office Equation Editor stack buffer overflowMicrosoft Windows version 8 and later.
20 Nov 2017VULN355BIG-IP : BIG-IP SSL vulnerability CVE-2017-6168Systems running F5 BIG-IP software.
17 Nov 2017STAT46
17 Nov 2017VULN354Oracle : Oracle Security Alert Advisory - CVE-2017-10269Systems running Oracle Tuxedo.
17 Nov 2017VULN352VMware : NSX for vSphere update addresses NSX Edge Cross-Site Scripting (XSS) issueSystems running VMware NSX for vSphere versions
17 Nov 2017VULN353VMware : VMware AirWatch Console and Launcher for Android updates resolve multiple vulnerabilitiesSystems running VMware AirWatch Console versions
17 Nov 2017VULN351VMware : VMware Workstation, Fusion and Horizon View Client updates resolve multiple security vulnerabilitiesSystems running VMware Workstation versions 12.x
16 Nov 2017VULN350Jenkins : Reflected Cross-Site Scripting vulnerability in Delivery Pipeline pluginSystems running Delivery Pipeline for Jenkins
16 Nov 2017VULN349Shibboleth : Shibboleth Service Provider Security Advisory [15 November 2017]Systems running Shibboleth versions prior to
16 Nov 2017VULN348MediaWiki : Security release 1.29.2 / 1.28.3 / 1.27.4Systems running MediaWiki versions prior to
15 Nov 2017VULN347Mozilla : Security vulnerabilities fixed in Firefox 57Systems running Firefox versions prior to 57, ESR
15 Nov 2017VULN346Microsoft : Microsoft Security Update Summary for November 2017Windows versions 7, 8.1, RT 8.1, 10,
15 Nov 2017VULN345Apache Camel : New security advisory CVE-2017-12634 released for Apache CamelSystems running Apache Camel versions prior to
15 Nov 2017VULN344Apache CouchDB : Apache CouchDB CVE-2017-12635 and CVE-2017-12636Systems running CouchDB versions prior to 2.1.1,
15 Nov 2017VULN343Cisco : Cisco Voice Operating System-Based Products Unauthorized Access VulnerabilityCisco Voice Operating System-Based Products.
14 Nov 2017VULN342Roundcube : Security updates 1.3.3, 1.2.7 and 1.1.10 releasedSystems running Roundcube versions prior to
13 Nov 2017VULN341WebKitGTK+ : WebKitGTK+ Security Advisory WSA-2017-0009Systems running WebKitGTK+ versions prior to
10 Nov 2017STAT45
10 Nov 2017VULN340Joomla! : Information Disclosure and Two-Factor Authentication Bypass vulnerabilities fixedSystems running Joomla! versions prior to 3.8.2.
10 Nov 2017VULN339Asterisk : Multiple vulnerabilities fixed in AsteriskSystems running Asterisk Open Source versions
10 Nov 2017VULN338PostgreSQL : PostgreSQL 10.1, 9.6.6, 9.5.10, 9.4.15, 9.3.20, and 9.2.24 released!Systems running PostgreSQL versions prior to
10 Nov 2017VULN337TYPO3 : Vulnerabilities in multiple third party TYPO3 CMS extensionsSystems running File manager for TYPO3,
10 Nov 2017VULN336DRUPAL : Vulnerabilities fixed in Custom Permissions, Permissions by Term, Automated LogoutSystems running Custom Permissions for DRUPAL
10 Nov 2017VULN335VMware : VMware vCenter Server update resolves LDAP DoS, SSRF,and CRLF injection issuesSystems running VMware vCenter Server.
8 Nov 2017VULN334Apache Hadoop : CVE-2017-3166 Apache Hadoop Privilege escalation vulnerabilitySystems running Apache Hadoop versions prior to
7 Nov 2017VULN333OpenSSL : OpenSSL Security Advisory [02 Nov 2017]Systems running OpenSSL versions prior to 1.1.0g,
7 Nov 2017VULN332Google : Updates for Chrome, Chrome OS fix security vulnerabilitiesSystems running Google Chrome versions prior to
6 Nov 2017VULN331US-CERT : IEEE P1735 implementations may have weak cryptographic protectionsSystems running IEEE P1735 implementations.
6 Nov 2017VULN330LibreOffice : CVE-2017-12608 Out-of-Bounds Write vulnerabilitiesfixed in 5.0.2/5.1.0Systems running LibreOffice versions prior to
3 Nov 2017STAT44
2 Nov 2017VULN329Apache Hive : CVE-2017-12625 Apache Hive information disclosure vulnerability for column maskingSystems running Apache Hive versions 2.1.0 up to
2 Nov 2017VULN328Splunk : Splunk response to Potential Local Privilege Escalation through instructions to run Splunk as non-root userSystems running Splunk.
2 Nov 2017VULN327Cisco : Cisco Application Policy Infrastructure Controller Enterprise Module Unauthorized Access VulnerabilityCisco Application Policy Infrastructure Controller
2 Nov 2017VULN326Cisco : Cisco Prime Collaboration Provisioning Authenticated SQL Injection VulnerabilityCisco Prime Collaboration Provisioning Software
2 Nov 2017VULN325Cisco : Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Smart Licensing Command Injection VulnerabilityFX-OS versions 1.1.3, 1.1.4, 2.0.1.
2 Nov 2017VULN324Cisco : Cisco Identity Services Engine Privilege Escalation VulnerabilityCisco Identity Services Engine software versions
2 Nov 2017VULN323Cisco : Cisco Wireless LAN Controller 802.11v Basic Service Set Transition Management Denial of Service VulnerabilityCisco Wireless LAN Controller Software versions
2 Nov 2017VULN322Cisco : Cisco Aironet 1560, 2800, and 3800 Series Access Point Platforms 802.11 Denial of Service VulnerabilityCisco Aironet Series Access Point Software.
2 Nov 2017VULN321APPLE : APPLE-SA-2017-10-31-7 iCloud for Windows 7.1Windows running iCloud versions prior to 7.1.
2 Nov 2017VULN320APPLE : APPLE-SA-2017-10-31-3 tvOS 11.1tvOS versions prior to 11.1.
2 Nov 2017VULN319APPLE : APPLE-SA-2017-10-31-6 iTunes 12.7.1 for WindowsWindows running iTunes versions prior to 12.7.1.
2 Nov 2017VULN318APPLE : APPLE-SA-2017-10-31-5 Safari 11.1Systems running Safari versions prior to 11.1.
2 Nov 2017VULN317APPLE : APPLE-SA-2017-10-31-2 macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, Security Update 2017-004 El CapitanmacOS X versions prior to 10.13.1.
2 Nov 2017VULN316APPLE : APPLE-SA-2017-10-31-1 iOS 11.1iOS versions prior to 11.1.
2 Nov 2017VULN315WordPress : Important WordPress 4.8.3 Security ReleaseSystems running wordpress versions prior to 4.8.3.
31 Oct 2017VULN313Oracle : Oracle Security Alert Advisory - CVE-2017-10151Systems running Oracle Identity Manager.
30 Oct 2017VULN312NCSC-FI : Two vulnerabilities patched in GNU Wget CVE-2017-13089, CVE-2017-13090Systems running GNU Wget versions prior to 1.19.2.
27 Oct 2017STAT43
24 Oct 2017VULN311Jenkins : Jenkins Security Advisory 2017-10-23Systems running Build-Publisher for Jenkins,
24 Oct 2017VULN310Xen : pin count / page reference race in grant table codeSystems running Xen versions 4.2 and newer.
24 Oct 2017VULN309curl : IMAP FETCH response out of bounds readSystems running curl versions prior to 7.56.1.
20 Oct 2017STAT42
19 Oct 2017VULN308Cisco : Cisco Cloud Services Platform 2100 Unauthorized Access VulnerabilityCisco Cloud Services Platform software prior to
19 Oct 2017VULN307Cisco : Cisco FXOS and NX-OS System Software Authentication, Authorization, and Accounting Denial of Service VulnerabilityCisco FXOS, Cisco NX-OS System Software.
19 Oct 2017VULN306WebKitGTK+ : WebKitGTK+ Security Advisory WSA-2017-0008Systems running WebKitGTK+ versions prior to
19 Oct 2017VULN305Webmin : Webmin 1.860 fixes XSS vulnerability and Upload and Download security issueSystems running webmin versions prior to 1.860.
18 Oct 2017VULN304Oracle : October 2017 Critical Patch Update ReleasedSystems running Oracle Database Server,
16 Oct 2017VULN303Cisco : Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access IICisco wireless products software.
16 Oct 2017VULN302Apache Solr : CVE-2017-12629 Please secure your Apache Solr servers since a zero-day exploit has been reported on a public mailing listSystems running Apache Solr.
16 Oct 2017VULN301Jenkins : Important security updates for Jenkins core and pluginsSystems running Jenkins versions prior to 2.84,
13 Oct 2017STAT41
13 Oct 2017VULN300Xen : Multiple vulnerabilities fixed in XenSystems running Xen.
11 Oct 2017VULN299Microsoft : Microsoft Security Update Summary for October 2017Windows versions 7, 8.1, RT 8.1, 10,
10 Oct 2017VULN298EMC : RSA Archer® GRC Platform Multiple VulnerabilitiesSystems running RSA Archer versions prior to
10 Oct 2017VULN297RubyGems : RubyGems 2.6.14 fixes an unsafe object deserialization vulnerabilitySystems running RubyGems versions prior to 2.6.14.
10 Oct 2017VULN296Apache NiFi : CVE-2017-12623 Apache NiFi XXE issue in template XML uploadSystems running Apache NiFi versions 1.x prior to
10 Oct 2017VULN295X.Org : X server fixes for CVE-2017-13721 & CVE-2017-13723Systems running xorg-server versions prior to
9 Oct 2017VULN294Apache OpenNLP : CVE-2017-12620 Apache OpenNLP XXE vulnerabilitySystems running Apache OpenNLP versions prior to
6 Oct 2017STAT40
6 Oct 2017VULN293Shibboleth IdP : Shibboleth Identity Provider Security Advisory [4 October 2017]Systems running Shibboleth IdP versions prior to
6 Oct 2017VULN292Apache httpd : Apache httpd 2.4.28 fix Corrupted or freed memory access vulnerabilitySystems running Apache httpd versions prior to
6 Oct 2017VULN291APPLE : APPLE-SA-2017-10-05-1 macOS High Sierra 10.13 Supplemental UpdatemacOS High versions Sierra 10.13.
5 Oct 2017VULN290Project curl : FTP PWD response parser out of bounds readSystems running libcurl versions 7.7 up to and
5 Oct 2017VULN289OpenVPN : OpenVPN 2.4.4 and 2.3.18 fix out of bounds write in key-method 1Systems running OpenVPN versions prior to 2.4.4,
5 Oct 2017VULN288Cisco : Cisco License Manager Directory Traversal Information Disclosure VulnerabilitySystems running Cisco License Manager.
5 Oct 2017VULN287Cisco : Cisco Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service VulnerabilityCisco Firepower Threat Defense Software versions
5 Oct 2017VULN286Cisco : Cisco Firepower Denial of Service VulnerabilitiesCisco Firepower System Software versions 6.0 and
5 Oct 2017VULN285Cisco : Cisco Adaptive Security Appliance Software Direct Authentication Denial of Service VulnerabilityCisco Adaptive Security Appliance Software.
4 Oct 2017VULN284Apache Tomcat : CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP UploadSystems running Apache Tomcat versions prior to
3 Oct 2017VULN283dnsmasq : dnsmasq-2.78 fixes multiple vulnerabilitiesSystems running dnsmasq versions prior to 2.78.
3 Oct 2017VULN282Xen : ARM: Some memory not scrubbed at bootSystems running Xen versions since 4.5.
29 Sep 2017STAT39
28 Sep 2017VULN281Cisco : Cisco IOS and IOS XE Software multiple vulnerabilitiesCisco IOS, Cisco IOS XE Software.
26 Sep 2017VULN280Google Chrome : Stable channel 61.0.3163.100 fix Out-of-bounds access in V8Systems running Google Chrome versions prior to
26 Sep 2017VULN279Citrix : Authentication Bypass Vulnerability in Citrix NetScaler ADC and NetScaler Gateway Management InterfaceSystems running Citrix NetScaler, NetScaler Gateway
26 Sep 2017VULN278APPLE : APPLE-SA-2017-09-25-2 iCloud for Windows 7Windows running iCloud for Windows 7.
26 Sep 2017VULN277APPLE : APPLE-SA-2017-09-25-7 iTunes 12.7Systems running iTunes versions prior to 12.7.
26 Sep 2017VULN276APPLE : APPLE-SA-2017-09-25-9 macOS Server 5.4macOS Server versions prior to 5.4.
26 Sep 2017VULN275APPLE : APPLE-SA-2017-09-25-1 macOS High Sierra 10.13macOS versions prior to High Sierra 10.13.
22 Sep 2017STAT38
22 Sep 2017VULN274DRUPAL : Skype Status - Moderately Critical - Cross Site Scripting - DRUPAL-SA-CONTRIB-2017-076Systems running Skype Status for DRUPAL versions
22 Sep 2017VULN273DRUPAL : Page Access - Unsupported - SA-CONTRIB-2017-75Systems running Page Access for DRUPAL.
21 Sep 2017VULN272Cisco : Cisco Unified Customer Voice Portal Operations Console Privilege Escalation VulnerabilitySystems running Cisco Unified Customer Voice Portal
21 Sep 2017VULN271Cisco : Cisco Small Business Managed Switches Denial of Service VulnerabilityCisco Small Business Managed Switches software.
21 Sep 2017VULN270Cisco : Cisco Email Security Appliance Denial of Service VulnerabilityCisco AsyncOS Software for Cisco Email Security
21 Sep 2017VULN269Joomla! : Information Disclosure vulnerabilities fixedSystems running Joomla! versions prior to 3.8.0.
21 Sep 2017VULN268WordPress : WordPress 4.8.2 Security and Maintenance ReleaseSystems running WordPress versions prior to 4.8.2.
20 Sep 2017VULN267APPLE : APPLE-SA-2017-09-19-3 Xcode 9Systems running Xcode versions prior to 9.
20 Sep 2017VULN266APPLE : APPLE-SA-2017-09-19-2 Safari 11Systems running Safari versions prior to 11.
20 Sep 2017VULN265APPLE : APPLE-SA-2017-09-19-1 iOS 11iOS versions prior to 11.
20 Sep 2017VULN264Apache Tomcat : Apache Tomcat Remote Code Execution and Information DisclosureSystems running Apache Tomcat versions 7 prior to
20 Sep 2017VULN263Samba : Security vulnerabilities fixed in Samba 4.6.8, 4.5.14 and 4.4.16Systems running Samba versions prior to 4.6.8,
19 Sep 2017VULN262Apache Solr : Security vulnerability in kerberos delegation token functionalitySystems running Apache Solr versions 6.x prior to
18 Sep 2017VULN261Moodle : Multiple vulnerabilities fixedSystems running Moodle versions prior to 3.3.2,
15 Sep 2017STAT37
15 Sep 2017VULN260US-CERT : Multiple Bluetooth implementation vulnerabilities affect many devicesSystems running Bluetooth implementations.
15 Sep 2017VULN259Ruby : Multiple vulnerabilities fixed in RubySystems running Ruby versions 2.2, 2.3, 2.4 prior
15 Sep 2017VULN258VMware : VMware ESXi, vCenter Server, Fusion & Workstation updates resolve multiple security vulnerabilitiesSystems running VMware ESXi versions 6.5, 5.5, 5.0,
14 Sep 2017VULN257Foxit : Security updates available in Foxit PhantomPDF and Foxit ReaderSystems running Foxit Reader versions prior to
14 Sep 2017VULN256Xen : Multiple DoS ans Privilege escalation vulnerabilities fixedSystems running Xen.
14 Sep 2017VULN254Cisco : Cisco Meeting Server TURN Server Unauthorized Access and Information Disclosure VulnerabilitySystems running Cisco Meeting Server TURN Server.
14 Sep 2017VULN255DRUPAL : Flag clear - Moderately Critical - CSRF - DRUPAL-SA-CONTRIB-2017-074Systems running Flag clear for DRUPAL versions
13 Sep 2017VULN253Adobe RoboHelp : Security update available for RoboHelp | APSB17-25Systems running Adobe RoboHelp versions prior to
13 Sep 2017VULN252Adobe ColdFusion : Security updates available for ColdFusion | APSB17-30Systems running Adobe ColdFusion versions 11,
13 Sep 2017VULN251.1Adobe ColdFusion : Security updates available for ColdFusion | APSB17-30Systems running Adobe ColdFusion versions 11,
13 Sep 2017VULN251Adobe Flash Player : Security updates available for Flash Player | APSB17-28Systems running Adobe Flash Player versions prior
13 Sep 2017VULN250Microsoft : Microsoft Security Update Summary for September 2017Windows versions 7, 8.1, RT 8.1, 10,
8 Sep 2017STAT36
8 Sep 2017VULN249 (Atlassian : Security Warning (Git,Mercurial,SVN))Systems running Atlassian versions products using
8 Sep 2017VULN248Cisco : Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco ProductsCisco products incorporating Apache Struts 2.
7 Sep 2017VULN247DRUPAL : Clientside Validation - Critical - Arbitary PHP ExecutionSystems running Clientside Validation versions 7.x
7 Sep 2017VULN246DRUPAL : CAPTCHA - Moderately Critical - Denial of ServiceSystems running CAPTCHA for DRUPAL versions 7.x
7 Sep 2017VULN245Google Chrome : Multiple vulnerabilities fixed in Google ChromeSystems running Google Chrome versions prior to
7 Sep 2017VULN244TYPO3-CORE : TYPO3-CORE-SA-2017 Multiple vulnerabilities fixed in TYPO3 CMSSystems running TYPO3 CMS versions 7, 8 prior to
7 Sep 2017VULN243Cisco : Cisco IoT Field Network Director Memory Exhaustion Denial of Service VulnerabilitySystems running Cisco IoT Field Network Director.
6 Sep 2017VULN242Apache Struts : Remote Code Execution vulnerability (and others) fixed in Apache StrutsSystems running Apache Struts versions 2 prior to
6 Sep 2017VULN241Django : Django security releases issued 1.11.5 and 1.10.8Systems running Django versions prior to
4 Sep 2017VULN240Wireshark : Multiple vulnerabilities fixed in WiresharkSystems running Wireshark versions 2 prior to
4 Sep 2017VULN239Ruby : Multiple vulnerabilities in RubyGemsSystems running Ruby versions 2.2, 2.3, 2.4 prior
1 Sep 2017STAT35
25 Aug 2017STAT34
24 Aug 2017VULN238Xen : add-to-physmap error paths fail to release lock on ARMSystems running Xen versions 4.4 and later.
23 Aug 2017VULN237Apache Log4j : CVE-2017-5645 Apache Log4j socket receiver deserialization vulnerabilitySystems running Apache Log4j versions prior to
23 Aug 2017VULN236ZDI : Foxit Reader Remote Code Execution VulnerabilitiesSystems running Foxit Reader.
22 Aug 2017VULN235Apache Struts : DoS attack is available for Spring secured actionsSystems running Apache Struts versions 2 prior to
21 Aug 2017STAT33
18 Aug 2017VULN234 (Juniper : Junos OS buffer overflow vulnerability in Junos CLI (CVE-2017-10602))Junos OS versions 14.1X53, 14.2, 15.1, 15.1X49,
18 Aug 2017VULN233Git : New Git versions contain a security fix for CVE-2017-1000117Systems running Git versions 8.x prior to 2.14.1,
17 Aug 2017VULN232Drupal Core : Multiple Vulnerabilities - SA-CORE-2017-004Systems running Drupal Core versions 8.x prior to
17 Aug 2017VULN231.1Drupal Core : Multiple Vulnerabilities - SA-CORE-2017-004Systems running Drupal Core versions 8.x prior to
17 Aug 2017VULN231Cisco : Cisco Virtual Network Function Element Manager Arbitrary Command Execution VulnerabilitySystems running Drupal Core versions 8.x prior to
17 Aug 2017VULN230Cisco : Cisco Application Policy Infrastructure Controller Privilege Escalation VulnerabilitiesSystems running Cisco Application Policy
16 Aug 2017VULN228Xen : Multiple vulnerabilities fixed in XenSystems running Xen.
16 Aug 2017VULN229VMware : VMware NSX-V Edge updates address OSPF Protocol LSA DoSSystems running VMware NSX-V Edge versions prior
16 Aug 2017VULN227Apache Subversion : Arbitrary code execution on clients through malicious svn+ssh URLs in svn:externals and svn:sync-from-urlSystems running Apache Subversion clients versions
16 Aug 2017VULN226PostgreSQL : 2017-08-10 Security Update ReleaseSystems running PostgreSQL.
14 Aug 2017STAT32
11 Aug 2017VULN225Mozilla : Security vulnerabilities fixed in Firefox 55Systems running Firefox versions prior to 55,
10 Aug 2017VULN224Adobe: Security Update Available for Adobe Acrobat and Reader APSB17-24Systems running Adobe Acrobat and Reader versions
10 Aug 2017VULN223Adobe : Security updates available for Flash Player APSB17-23Systems running Adobe Flash Player versions prior
10 Aug 2017VULN222Microsoft : Microsoft Security Update Summary for August 2017Windows versions 7, 8.1, RT 8.1, 10,
4 Aug 2017STAT31
28 Jul 2017STAT30
21 Jul 2017STAT29
20 Jul 2017VULN221APPLE : tvOS 10.2.2Systems running tvOS 10.2.2
20 Jul 2017VULN220APPLE : iTunes 12.6.2 for WindowsSystems running iTunes 12.6.2 for Windows
20 Jul 2017VULN219APPLE : iCloud for Windows 6.2.2Systems running iCloud for Windows 6.2.2
20 Jul 2017VULN218APPLE : watchOS 3.2.3Systems running watchOS 3.2.3
20 Jul 2017VULN216APPLE : macOS Sierra 10.12.6, Security Update 2017-003 El Capitan, and Security Update 2017-003 YosemiteSystems running macOS Sierra 10.12.5, OS X El
20 Jul 2017VULN215APPLE : About the security content of Safari 10.1.2Systems running Safari versions prior to 10.1.2.
20 Jul 2017VULN217APPLE : iOS 10.3.3Systems running iOS 10.3.3
19 Jul 2017VULN214Oracle : Critical Patch Update de Oracle pour Juillet 2017Systems running
17 Jul 2017VULN213Moodle : Multiple vulnerabilities fixed in MoodleSystems running Moodle versions prior to 3.3.1,
13 Jul 2017VULN212 (nginx : nginx security advisory (CVE-2017-7529))Systems running nginx versions prior to 1.13.3,
13 Jul 2017VULN211.1Samba : Orpheus' Lyre mutual authentication validation bypassSystems running Samba versions 4 prior to 4.6.6,
13 Jul 2017VULN211Samba : Orpheus' Lyre mutual authentication validation bypassSystems running Samba versions 4 prior to 4.6.6,
13 Jul 2017STAT28
12 Jul 2017VULN209Adobe : Security updates available for Flash Player | APSB17-21Systems running Flash Player.
12 Jul 2017VULN210Microsoft : Microsoft Security Update for July 2017Windows versions 7, 8.1, RT 8.1, 10,
10 Jul 2017VULN208Apache Struts : possible RCE in the Struts Showcase app in the Struts 1 plugin example in the Struts 2.3.x seriesSystems running Apache Struts versions 2.3.x with
3 Jul 2017VULN199Kaspersky : Vulnerabilities fixed in Kaspersky Anti-Virus for Linux File Server 8Systems running Kaspersky Anti-Virus for Linux
7 Jul 2017STAT27
7 Jul 2017VULN207Drupal : Security vulnerabilities fixed in multiple Drupal pluginsSystems running DrupalChat versions prior to
7 Jul 2017VULN206PHP : PHP versions 7.1.7, 7.0.21, 5.6.31 fix security vulnerabilitiesSystems running PHP versions prior to 7.1.7,
6 Jul 2017VULN205Cisco : Cisco Ultra Services Framework Staging Server Arbitrary Command Execution VulnerabilitySystems running Cisco Ultra Services Framework
6 Jul 2017VULN203Cisco : Cisco Ultra Services Framework Vulnerabilities fixedSystems running Cisco Ultra Services Framework.
6 Jul 2017VULN204Cisco : Cisco Elastic Services Vulnerabilities fixedSystems running Cisco Elastic Services Controller.
6 Jul 2017VULN202Cisco : Cisco StarOS CLI Command Injection VulnerabilityCisco StarOS, systems running Cisco Virtualized
5 Jul 2017VULN201RSA Archer GRC : RSA Archer GRC Platform Multiple VulnerabilitiesSystems running RSA Archer GRC versions 5 prior to
5 Jul 2017VULN200Joomla! : XSS and Information Disclosure Vulnerabilities fixed in Joomla! 3.7.3Systems running Joomla! versions prior to 3.7.3.
30 Jun 2017STAT26
30 Jun 2017VULN198Cisco : SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE SoftwareCisco IOS, CISCO IOS XE.
30 Jun 2017VULN197ISC BIND : CVE-2017-3142 An error in TSIG authentication can permit unauthorized zone transfersWindows running ISC BIND versions 9 prior to
26 Jun 2017VULN196OCaml : Local privilege escalation Vulnerability fixed in OCamlWindows running OCaml versions 4.04.0, 4.04.1.
26 Jun 2017VULN195Microsoft : Arbitrary Code Execution Vulnerability fixed in Malware Protection EngineWindows running Malware Protection Engine versions
23 Jun 2017VULN194Horde : Vulnerabilities fixed in Horde GroupwareSystems running Horde Groupware, Horde Groupware
23 Jun 2017VULN193Horde_Image : RCE and DOS vulnerabilities in Horde_ImageSystems running Horde_Image versions 2 prior to
23 Jun 2017STAT25
23 Jun 2017VULN192Drupal Core : Multiple Vulnerabilities - SA-CORE-2017-003Systems running Drupal Core versions prior to
21 Jun 2017VULN191Cisco : Cisco Virtualized Packet Core Distributed Instance Denial of Service VulnerabilitySystems running Cisco Virtualized Packet
21 Jun 2017VULN190Cisco : Cisco WebEx Network Recording Player Multiple Buffer Overflow VulnerabilitiesSystems running Cisco WebEx Network Recording
21 Jun 2017VULN189Cisco : Cisco Prime Infrastructure and Evolved Programmable Network Manager XML Injection VulnerabilitySystems running Cisco Prime Infrastructure and
21 Jun 2017VULN188EMC Avamar : EMC Avamar Multiple VulnerabilitiesSystems running EMC Avamar.
21 Jun 2017VULN187Xen : Multiple Security vulnerabilities fixed in XenSystems running Xen.
20 Jun 2017VULN186.1Glibc : Local privilege escalation vulnerability fixed in GlibcSystems running glibc.
20 Jun 2017VULN186Apache HTTP Server : Multiple Security vulnerabilities fixed in Apache HTTP ServerSystems running Apache HTTP Server versions 2
16 Jun 2017STAT24
16 Jun 2017VULN185RT : Security vulnerabilities in RTSystems running RT versions 4.0.x, 4.2.x, 4.4.x,
15 Jun 2017VULN184Project curl : URL file scheme drive letter buffer overflowSystems running curl, libcurl versions prior to
15 Jun 2017VULN183Bind : Vulnerabilities fixed in BindSystems running Bind versions 9 prior to 9.9.10-P1,
14 Jun 2017VULN182Apache NiFi : CVE-2017-7667 Apache NiFi XFS issue due to insufficient response headersSystems running Apache NiFi versions prior to
14 Jun 2017VULN181Adobe : Security updates available for Adobe Captivate APSB17-19Systems running Adobe Captivate versions prior to
14 Jun 2017VULN180Adobe : Security updates available for Adobe Digital Editions APSB17-20Systems running Adobe Digital Editions versions
14 Jun 2017VULN179Mozilla : Security vulnerabilities fixed in Firefox 54 and ESR 52.2Systems running Firefox versions prior to 54,
14 Jun 2017VULN178Adobe : Security update available for Shockwave Player APSB17-18Systems running Adobe Shockwave Player.
14 Jun 2017VULN177Adobe : Security updates available for Flash Player APSB17-17Systems running Adobe Flash Player.
14 Jun 2017VULN176Microsoft : Microsoft Security Update Summary for June 2017Windows versions 7, 8.1, RT 8.1, 10,
9 Jun 2017STAT23
9 Jun 2017VULN175VMware : Horizon View Client update addresses a command injection vulnerabilitySystems running VMware Horizon View Client
8 Jun 2017VULN174Cisco : Cisco TelePresence Endpoint Denial of Service VulnerabilitySystems running Cisco TelePresence Endpoint
8 Jun 2017VULN172Cisco : Cisco AnyConnect Local Privilege Escalation VulnerabilityWindows running Cisco AnyConnect Secure Mobility
8 Jun 2017VULN173Cisco : Cisco Prime DCNM Debug Remote Code Execution and Static Credential VulnerabilitiesSystems running Cisco Prime Data Center Network
2 Jun 2017STAT22
1 Jun 2017VULN168Veritas : Use-After-Free Vulnerability in Multiple Veritas Backup Exec AgentsSystems running Veritas Backup Exec Agents
1 Jun 2017VULN167Trend Micro : Trend Micro InterScan Web Security Virtual Appliance 6.5 Multiple VulnerabilitiesCisco Firepower System Software.
1 Jun 2017VULN166Freeradius : freeradius Erroneous Session ResumptionSystems running Freeradius versions prior to
1 Jun 2017VULN165Cisco : Cisco Firepower System Software URL Filtering Bypass VulnerabilityCisco Firepower System Software.
1 Jun 2017VULN164Sudo : Potential overwrite of arbitrary files on LinuxSystems running sudo versions prior to 1.8.20p1.
31 May 2017VULN163Cisco : Vulnerability in Samba Affecting Cisco Products May 2017Cisco OS running Samba.
30 May 2017VULN162Shibboleth IdP : Default Kerberos configurations are unsafeSystems running Shibboleth Identity Provider.
29 May 2017VULN161Microsoft : Microsoft Malware Protection Engine multiple vulnerabilitiesSystems running Microsoft Malware Protection
29 May 2017VULN160Samba : Symlink race allows access outside share definitionSystems running Samba versions prior to 4.6.1,
29 May 2017VULN159Puppet : Puppet Server Remote Code Execution Via YAML DeserializationSystems running Puppet versions prior to 4.10.1,
26 May 2017STAT21
19 May 2017STAT20
19 May 2017VULN158VMware : VMware Workstation update addresses multiple security issuesSystems running VMware Workstation Pro versions
18 May 2017VULN157APPLE : APPLE-SA-2017-05-15-7 Safari 10.1.1Systems running Safari versions prior to 10.1.1.
18 May 2017VULN155APPLE : APPLE-SA-2017-05-15-2 iOS 10.3.2iOS versions prior to 10.3.2.
18 May 2017VULN154APPLE : APPLE-SA-2017-05-15-1 macOS 10.12.5macOS X versions prior to 10.12.5.
18 May 2017VULN153Joomla! : [20170501] - Core - SQL InjectionSystems running Joomla! versions 3.7.0.
18 May 2017VULN152WordPress : WordPress 4.7.5 Security and Maintenance ReleaseSystems running WordPress versions prior to 4.7.5.
18 May 2017VULN151KDE : kauth Local privilege escalationSystems running kauth versions prior to 5.34,
18 May 2017VULN150Cisco : Cisco TelePresence IX5000 Series Directory Traversal VulnerabilitySystems running Cisco TelePresence IX5000 Series
18 May 2017VULN149Cisco : Cisco Prime Collaboration Provisioning VulnerabilitiesSystems running Cisco Prime Collaboration
18 May 2017VULN148Cisco : Cisco Policy Suite Privilege Escalation VulnerabilitySystems running Cisco Policy Suite (CPS) Software
12 May 2017STAT19
11 May 2017VULN147Cisco : Cisco WebEx Meetings Server Information Disclosure VulnerabilitySystems running Cisco WebEx Meetings Server8.
10 May 2017VULN146Adobe : Security updates available for Adobe Experience Manager FormsSystems running Adobe Experience Manager Forms
10 May 2017VULN145Adobe : Security updates available for Adobe Flash PlayerSystems running Adobe Flash Player versions prior
10 May 2017VULN144Microsoft : Microsoft Security Update Summary for May 2017Windows versions 7, 8.1, RT, RT 8.1, 10,
10 May 2017VULN143Microsoft : Security Update for Microsoft Malware Protection EngineSystems running Microsoft Forefront Endpoint
2 May 2017VULN130Intel : Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of PrivilegeIntel® Active Management Technology firmware,
5 May 2017STAT18
5 May 2017VULN142Apache Hadoop : Apache Hadoop NameNode XSS and DataNode web UI vulnerabilitySystems running Apache Hadoop versions prior to
5 May 2017VULN141MediaWiki : Security release 1.27.3 and 1.28.2Systems running MediaWiki versions prior to
5 May 2017VULN140EMC : EMC Data Domain Privilege Escalation VulnerabilityEMC Data Domain OS versions 5.2, 5.4, 5.5, 5.6,
5 May 2017VULN139QNAP NAS : Security Advisory for XMR Mining ProgramQTS.
4 May 2017VULN138Citrix XenServer : Citrix XenServer Multiple Security UpdatesSystems running XenServer versions 7.1, 7.0,
4 May 2017VULN137DRUPAL : shib_auth Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2017-043Systems running Shibboleth authentication for
4 May 2017VULN136Cisco : Cisco TelePresence ICMP Denial of Service VulnerabilitySystems running Cisco TelePresence Collaboration
4 May 2017VULN135Cisco : Cisco CVR100W Wireless-N VPN Router Universal Plug-and-Play Buffer Overflow VulnerabilityCisco CVR100W Wireless-N VPN Router firmware.
4 May 2017VULN134Cisco : Cisco IOS XR Software Denial of Service VulnerabilityCisco IOS XR.
4 May 2017VULN133Cisco : Cisco Aironet 1800, 2800, and 3800 Series Access Points Plug-and-Play Arbitrary Code Execution VulnerabilityCisco Aironet Series Access Points firmware.
3 May 2017VULN132Google : Vulnerabilities fixed in Google Chrome and Chrome OSSystems running Chrome versions prior to
3 May 2017VULN131Xen : Multiple Vulnerabilities fixed in XenSystems running Xen.
28 Apr 2017STAT17
28 Apr 2017VULN129Joomla! : Multiple vulnerabilities fixed in Joomla!Systems running Joomla! versions prior to 3.7.0.
28 Apr 2017VULN128LibreOffice : CVE-2017-7870 Heap-buffer-overflow in WMF polygon processingSystems running LibreOffice versions prior to
27 Apr 2017VULN127Atlassian Confluence : Unauthenticated users can view the content of Confluence blogs and pagesSystems running Atlassian Confluence versions
27 Apr 2017VULN126Jenkins : multiple vulnerabilities fixed in JenkinsSystems running Jenkins versions prior to 2.57,
26 Apr 2017VULN125Adobe : Security Update Hotfixes available for ColdFusionSystems running Adobe ColdFusion versions 10, 11,
21 Apr 2017STAT16
21 Apr 2017VULN124Drupal Core : Drupal Core Critical Access Bypass - SA-CORE-2017-002Systems running Drupal Core versions 8.x prior to
21 Apr 2017VULN123 (IBM : IBM Domino server IMAP EXAMINE command stack buffer,overflow (CVE-2017-1274))Systems running IBM Domino server versions 8.5.3,
21 Apr 2017VULN122 (curl : TLS session resumption client cert bypass (again))Systems running curl versions 7.52.0 up to and
20 Apr 2017VULN121Google chrome : Chrome 58.0.3029.81 fixes Multiple Security vulnerabilitiesSystems running Google chrome versions prior to
20 Apr 2017VULN120Mozilla : Multiple Security vulnerabilities fixed in Firefox 53Systems running Firefox versions prior to 53,
20 Apr 2017VULN119Cisco : Cisco Unified Communications Manager Denial of Service VulnerabilitySystems running Cisco Unified Communications
20 Apr 2017VULN118Cisco : Cisco IOS and IOS XE Software EnergyWise,Denial of Service VulnerabilitiesCisco IOS, Cisco IOS XE.
20 Apr 2017VULN117Cisco : Cisco ASA Software Denial of Service VulnerabilitiesCisco ASA Software.
20 Apr 2017VULN116Cisco : Cisco Firepower Detection Engine Pragmatic General Multicast Protocol Decoding Denial of Service VulnerabilitySystems running Cisco Firepower Detection Engine.
19 Apr 2017VULN115US-CERT : IBM Lotus Domino server mailbox name stack buffer overflowSystems running IBM Lotus Domino server.
19 Apr 2017VULN114Apache CXF : Apache CXF JAX-RS XML Security streaming clients do not validate that the service response was signed or encryptedSystems running Apache CXF versions prior to
19 Apr 2017VULN113Oracle : Critical Patch Update de Oracle pour Avril 2017Systems running Oracle Database Server,
19 Apr 2017VULN112VMware : VMware Unified Access Gateway, Horizon View and Workstation updates resolve multiple securitySystems running VMware Unified Access Gateway,
19 Apr 2017VULN111VMware : VMware vCenter Server updates resolve a remote code execution vulnerability via BlazeDSSystems running VMware vCenter Server.
14 Apr 2017STAT15
14 Apr 2017VULN110ISC BIND : Multiple vulnerabilities fixed in BINDSystems running ISC Bind versions 9 prior to
14 Apr 2017VULN109Microsoft : Microsoft Security Update Summary for April 2017Windows running Internet Explorer, Microsoft Edge,
12 Apr 2017VULN108Adobe : Security updates available for Adobe Flash PlayerSystems running Adobe Flash Player versions prior
11 Apr 2017VULN106Apache Tomcat : Information Disclosure and Denial of Service Vulnerabilities fixedSystems running Apache Tomcat versions 6, 7, 8, 9
7 Apr 2017STAT14
7 Apr 2017VULN105MyBB : MyBB 1.8.11 Security & Merge System 1.8.11 ReleasesSystems running MyBB versions prior to 1.8.11,
6 Apr 2017VULN104Cisco : Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential VulnerabilitySystems running Cisco Mobility Express Software.
6 Apr 2017VULN103Cisco : Cisco Wireless LAN Controller Multiple Denial of Service VulnerabilitiesCisco Wireless LAN Controller (WLC) Software.
5 Apr 2017VULN102Xen : x86 broken check in memory_exchange() permits PV guest breakoutSystems running Xen.
5 Apr 2017VULN101Apache Geode : Apache Geode information disclosure vulnerabilitySystems running Apache Geode versions 1.1.0.
5 Apr 2017VULN099Asterisk : Buffer overflow in CDR's set userSystems running Asterisk versions 13.x, 14.x prior
5 Apr 2017VULN098Django : Django security releases issued: 1.10.7, 1.9.13, and 1.8.18Systems running Django versions prior to 1.10.7,
4 Apr 2017VULN097APPLE : APPLE-SA-2017-04-03-1 iOS 10.3.1iOS versions prior to 10.3.1.
3 Apr 2017VULN096Splunk : Splunk Enterprise 6.5.3, 6.2.13.1 and Splunk Light 6.5.2 address multiple vulnerabilitiesSystems running Splunk Enterprise versions
31 Mar 2017STAT13
31 Mar 2017VULN095DRUPAL : Office Hours XSS and Linkit Access BypassSystems running Office Hours for DRUPAL versions
31 Mar 2017VULN094Xen : xenstore denial of service via repeated updateSystems running Xen.
30 Mar 2017VULN093Phpmyadmin : Bypass $cfg['Servers'][$i]['AllowNoPassword']Systems running phpmyadmin versions 4 prior to
29 Mar 2017VULN092VMware : VMware ESXi, Workstation and Fusion updates address critical and moderate security issuesSystems running VMware ESXi, VMware Workstation,
28 Mar 2017VULN090APPLE : APPLE-SA-2017-03-27-5 watchOS 3.2watchOS versions prior to 3.2.
28 Mar 2017VULN089APPLE : APPLE-SA-2017-03-27-7 macOS Server 5.3Systems running macOS Server versions prior to 5.3.
28 Mar 2017VULN088APPLE : APPLE-SA-2017-03-27-4 iOS 10.3iOS versions prior to 10.3.
28 Mar 2017VULN087APPLE : APPLE-SA-2017-03-27-3 macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 YosemitemacOS X versions prior to 10.12.4.
28 Mar 2017VULN086APPLE : APPLE-SA-2017-03-27-2 Safari 10.1Systems running Safari versions prior to 10.1.
27 Mar 2017VULN085Cisco : Cisco IOx Data in Motion Stack Overflow VulnerabilitySystems running Cisco IOx application environment.
27 Mar 2017VULN084Cisco : Cisco Application-Hosting Framework VulnerabilitiesSystems running Cisco Application-Hosting
27 Mar 2017VULN083NTP : March 2017 ntp-4.2.8p10 NTP Security Vulnerability AnnouncementSystems running NTP versions prior to 4.2.8p10.
27 Mar 2017VULN082Samba : Symlink race allows access outside share definitionSystems running Samba versions prior to 4.6.1,
24 Mar 2017STAT12
23 Mar 2017VULN081Cisco : Denial of Service Vulnerabilities fixed in Cisco IOS and IOS XECisco IOS, Cisco IOS XE.
22 Mar 2017VULN080QNAP : Security Vulnerabilities Addressed in QTS 4.2.4 Build 2017031QTS versions prior to 4.2.4 Build 20170313.
21 Mar 2017VULN079Moodle : Multiple vulnerabilities fixed in MoodleSystems running Moodle versions prior to 3.2.2,
21 Mar 2017VULN078OpenSSH : OpenSSH 7.5 releasedSystems running OpenSSH versions prior to 7.5.
21 Mar 2017VULN077Jenkins : Vulnerabilities fixed in several Jenkins pluginsSystems running Active Directory Plugin for
20 Mar 2017VULN076.1 (Mozilla : integer overflow in createImageBitmap())Systems running Firefox versions prior to 52.0.1,
20 Mar 2017VULN075.1Cisco : Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution VulnerabilityCisco IOS, Cisco IOS XE.
17 Mar 2017STAT11
17 Mar 2017VULN076Cisco : Cisco Workload Automation and Tidal Enterprise Scheduler Client Manager Server Arbitrary File Read VulnerabilitySystems running Client Manager Server of Cisco
17 Mar 2017VULN075Cisco : Cisco Meshed Wireless LAN Controller Impersonation VulnerabilityCisco Meshed Wireless LAN Controller software.
17 Mar 2017VULN074Roundcube : Updates 1.2.4 and 1.1.8 releasedSystems running Roundcube versions prior to
17 Mar 2017VULN073Drupal : Private - Critical - Access bypassSystems running Private for Drupal versions
16 Mar 2017VULN072Drupal Core : Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-001Systems running Drupal Core versions 8.x prior to
15 Mar 2017VULN071 (Microsoft : Critical Security Update for Microsoft Graphics Component (4013075))Windows versions Vista, 7, Server 2008, 8.1, 10,
15 Mar 2017VULN070 (Microsoft : Critical Security Update for Microsoft Uniscribe (4013076))Windows versions Vista, 7, Server 2008, 8.1,
15 Mar 2017VULN069 (Microsoft : Critical Security Update for Microsoft Windows PDF Library (4010319))Windows versions 8.1, Server 2012, RT 8.1, 10,
15 Mar 2017VULN068Microsoft : Important Security Update for Microsoft OfficeSystems running Microsoft Office versions 2007,
15 Mar 2017VULN067Cisco : Cisco Mobility Express 1800 Access Point Series Authentication Bypass VulnerabilityCisco Mobility Express 1800 software.
15 Mar 2017VULN066Cisco : Cisco StarOS SSH Privilege Escalation VulnerabilityCisco StarOS.
15 Mar 2017VULN065 (Microsoft : Critical Security Update for Windows SMB Server (4013389))Windows versions Vista, 7, 8, Server 2008, 8.1,
15 Mar 2017VULN064 (Microsoft : Critical Security Update for Windows Hyper-V (4013082))Windows versions Vista, 7, 8, Server 2008, 8.1,
15 Mar 2017VULN063 (Microsoft : Critical Security Update for Windows SMB Server (4013389))Windows versions Vista, 7, 8, Server 2008, 8.1,
15 Mar 2017VULN062Microsoft : Critical Security Update for Microsoft EdgeWindows versions 10, Server 2016 running Edge.
15 Mar 2017VULN061Microsoft : Critical Cumulative Security Update for Internet ExplorerSystems running Internet Explorer versions 11, 10,
15 Mar 2017VULN060Apache Tomcat : CVE-2016-8747 Apache Tomcat Information DisclosureSystems running Apache Tomcat versions prior
15 Mar 2017VULN057Xen : Cirrus VGA Heap overflow via display refreshSystems running Xen.
15 Mar 2017VULN059Adobe : Security updates available for Adobe Flash PlayerSystems running Adobe Flash Player versions prior
15 Mar 2017VULN058Adobe : Security update available for Adobe Shockwave PlayerSystems running Adobe Shockwave Player versions
14 Mar 2017VULN056VMware : VMware Workstation and Fusion updates address out-of-bounds memory access vulnerabilitySystems running VMware Workstation Pro,
14 Mar 2017VULN055VMware : VMware product updates resolve remote code execution vulnerability via Apache Struts 2Systems running Horizon DaaS, vCenter Server,
10 Mar 2017VULN054VMware : VMware Workstation update addresses multiple security issuesSystems running VMware Workstation versions 12.x
10 Mar 2017VULN053Drupal : Services - Highly Critical - Arbitrary Code ExecutionSystems running Drupal versions 7.x prior to
10 Mar 2017VULN052SPIP : Mise à jour de sécurité : sortie de SPIP 3.1.4, SPIP 3.0.25 et SPIP 2.1.30Systems running SPIP versions prior to 3.1.4,
10 Mar 2017STAT10
9 Mar 2017VULN051Apache Struts : Possible Remote Code Execution when performing file uploadSystems running Apache Struts versions 2 prior to
7 Mar 2017VULN050WordPress : WordPress 4.7.3 Security and Maintenance ReleaseSystems running WordPress versions prior to 4.7.3.
7 Mar 2017VULN049TYPO3 : Authentication Bypass and XSS fixed in TYPO3Systems running TYPO3 CMS versions 8, 7 prior to
7 Mar 2017VULN048US-CERT : dotCMS contains multiple vulnerabilitiesSystems running dotCMS.
7 Mar 2017VULN047VMware : Horizon DaaS update addresses an insecure data validation issueSystems running VMware Horizon DaaS versions 6.1.x.
3 Mar 2017STAT09
24 Feb 2017STAT08
23 Feb 2017VULN046Microsoft : Critical Security Update for Adobe Flash PlayerWindows running Adobe Flash Player.
22 Feb 2017VULN045Xen : cirrus_bitblt_cputovideo does not check if memory region is safeSystems running Xen.
22 Feb 2017VULN044curl : SSL_VERIFYSTATUS ignoredSystems running curl versions 7.52.x.
15 Feb 2017VULN040Adobe : Security update available for Adobe CampaignSystems running Adobe Campaign versions 6.11 prior
17 Feb 2017STAT07
17 Feb 2017VULN042OpenSSL : OpenSSL Security Advisory [16 Feb 2017]Systems running openssl versions 1.1.0 prior to
15 Feb 2017VULN041Cisco : Cisco UCS Director Privilege Escalation VulnerabilitySystems running Cisco UCS Director.
15 Feb 2017VULN039Adobe : Security update available for Adobe Digital EditionsSystems running Adobe Digital Editions versions
15 Feb 2017VULN038Adobe : Security updates available for Adobe Flash PlayerSystems running Adobe Flash Player versions
15 Feb 2017VULN037Fortiguard : FortiManager TLS certificate validation failureSystems running FortiManager versions prior to
15 Feb 2017VULN036Cisco : Cisco Smart Install Protocol MisuseSystems running Cisco Smart Install.
13 Feb 2017VULN035Xen : oob access in cirrus bitblt copySystems running Xen.
10 Feb 2017VULN034PostfixAdmin : PostfixAdmin 3.0.2 SECURITY FIXSystems running PostfixAdmin versions 3, 2.9 prior
10 Feb 2017STAT06
9 Feb 2017VULN033Bind : CVE-2017-3135 Combination of DNS64 and RPZ Can Lead to CrashSystems running Bind versions 9 prior to 9.9.9-P6,
8 Feb 2017VULN032Citrix : Vulnerability in Citrix NetScaler Application Delivery Controller and NetScaler Gateway GCM nonce generationSystems running Citrix NetScaler ADC, Citrix
8 Feb 2017VULN031Cisco : Cisco ASA Clientless SSL VPN CIFS Heap Overflow VulnerabilitySystems running Cisco ASA Clientless SSL VPN.
8 Feb 2017VULN030Cisco : Cisco AnyConnect Secure Mobility Client for Windows SBL Privileges Escalation VulnerabilitySystems running Cisco AnyConnect Secure Mobility
8 Feb 2017VULN029Google Android : Android Security Bulletin―February 2017Android.
3 Feb 2017STAT05
3 Feb 2017VULN028US-CERT : Microsoft Windows SMB Tree Connect Response memory corruption vulnerabilityMicrosoft Windows.
2 Feb 2017VULN027Jenkins : Jenkins Security Advisory 2017-02-01 Multiple Vulnerabilities fixed in JenkinsSystems running Jenkins versions prior to 2.44,
2 Feb 2017VULN026Cisco : Cisco Prime Home Authentication Bypass VulnerabilitySystems running Cisco Prime Home.
27 Jan 2017STAT04
27 Jan 2017VULN025Google Chrome : Google Chrome 56.0.2924.76 fix multiple vulnerabilitiesSystems running Chrome versions prior to
26 Jan 2017VULN024Cisco : Cisco TelePresence Multipoint Control Unit Remote Code Execution VulnerabilityCisco TelePresence Multipoint Control Unit
26 Jan 2017VULN023Cisco : Cisco Expressway Series and TelePresence VCS Denial of Service VulnerabilityCisco Expressway Series software,
26 Jan 2017VULN022Cisco Security Advisory: Cisco Adaptive Security Appliance CX Context-Aware Security Denial of Service VulnerabilityCisco Adaptive Security Appliance CX Context-Aware
25 Jan 2017VULN021Wireshark : ASTERIX and DHCPv6 loopsSystems running Wireshark versions 2 prior to
25 Jan 2017VULN020Mozilla : Multiple Security vulnerabilities fixed in Firefox 51 and ESR 45.7Systems running Firefox versions prior to 51,
25 Jan 2017VULN019Cisco : Cisco WebEx Browser Extension Remote Code Execution VulnerabilitySystems running Cisco WebEx Browser Extension.
24 Jan 2017VULN018Phpmyadmin : PMASA-2017-1 Open redirectSystems running phpmyadmin versions 4.6.x, 4.4.x,
20 Jan 2017STAT03
18 Jan 2017VULN017Citrix : Citrix Provisioning Services Multiple Security UpdatesSystems running Citrix Provisioning Services
18 Jan 2017VULN016Plone : Hotfix to patch XSS and sandbox escape vulnerabilitySystems running Plone prior to 4.3.12, 5.0.7.
18 Jan 2017VULN015Oracle : January 2017 Critical Patch Update ReleasedSystems running Oracle Database Server,
17 Jan 2017VULN014Drupal : Vulnerabilities fixed in Mailjet, OpenLucius, Autocomplete DeluxeSystems running Mailjet versions 7.x prior to
17 Jan 2017VULN013Apache : Apache HTTP Server 2.2.32 security and bug fix maintenance releaseSystems running Apache HTTP Server versions prior
17 Jan 2017VULN012Moodle : Multiple vulnerabilities fixed in MoodleSystems running Moodle versions prior to 3.2.1,
16 Jan 2017VULN011GNUTLS : Memory corruption vulnerabilities fixed in GNUTLSSystems running GNUTLS versions prior to 3.3.26,
16 Jan 2017VULN010TYPO3-CORE : Remote Code Execution in third party library swiftmailerSystems running swiftmailer for TYPO3 CMS versions
16 Jan 2017VULN009ikiwiki : Authentication bypass via repeated parametersSystems running ikiwiki versions prior to
13 Jan 2017STAT02
13 Jan 2017VULN008Computer Associates : Security Notice for CA Service Desk ManagerSystems running CA Service Desk Manager versions
13 Jan 2017VULN007Foxit : Security updates available for Foxit Reader, Foxit PhantomPDF, Foxit PDF ToolkitWindows, Linux running Foxit Reader,
13 Jan 2017VULN006WordPress : WordPress 4.7.1 Security and Maintenance ReleaseSystems running WordPress versions prior to 4.7.1.
12 Jan 2017VULN005BIND : A malformed response to an ANY query can cause an assertion failure during recursionSystems running BIND versions 9 prior to 9.9.9-P5,
11 Jan 2017VULN004 (Microsoft :Security Update for Local Security Authority Subsystem Service (3216771))Windows Vista, Windows Server 2008, Windows 7,
11 Jan 2017VULN003 (Microsoft : Security Update for Adobe Flash Player (3214628))Windows running Adobe Flash Player
11 Jan 2017VULN002(Microsoft : Security Update for Microsoft Office (3214291))Microsoft Office 2016, Microsoft SharePoint
11 Jan 2017VULN001(Microsoft : Security Update for Microsoft Edge (3214288))Windows versions 10, Server 2016
6 Jan 2017STAT01




      
Conception & développement : D.O.S.I. - Dernière mise à jour : 04/01/2018