Voici la liste des derniers avis du CERT-Renater en 2021 :


31 Dec 2021STAT52
30 Dec 2021VULN677Qnap : Exposure of Sensitive Information in QTS, QuTS hero, and QuTScloudSystems running
30 Dec 2021VULN676Wireshark 3.6.1, 3.4.11 fixes multiple vulnerabilitiesSystems running Wireshark versions prior to
30 Dec 2021VULN675Apache Log4j 2.17.1 fixes remote code execution (RCE) attack CVE-2021-44832Systems running log4j-api (maven), log4j-core
24 Dec 2021STAT51
24 Dec 2021VULN674Apache : Apache HTTP Server 2.4.52 fixes security vulnerabilitiesSystems running Apache HTTP Server versions prior
24 Dec 2021VULN673Apache Log4j2 : Improper Input Validation and Uncontrolled Recursion in Apache Log4j2Systems running log4j-api (maven), log4j-core
21 Dec 2021VULN672 (IBM : There are multiple vulnerabilities in the Apache Log4j used,in IBM(R) QRadar Risk Manager that may allow for remote code execution (RCE))Systems running IBM(R) QRadar Risk Manager
21 Dec 2021VULN671Mozilla : Security Vulnerabilities fixed in Thunderbird 91.4.1Systems running Thunderbird versions prior to
21 Dec 2021VULN670Xen : frontends vulnerable to backends and Rogue backends can cause DoS of guestsSystems running Xen.
20 Dec 2021VULN669 (IBM : Vulnerability in Apache Log4j affects some features of IBM® Db2® On Openshift and IBM® Db2® and Db2 Warehouse® on Cloud Pak for Data (CVE-2021-44228))Linux running IBM Db2 On Openshift,
20 Dec 2021VULN668 (IBM : Log4j as used in IBM® QRadar User Behavior Analytics application add on to IBM® QRadar SIEM is vulnerable to remote code execution (RCE) (CVE-2021-44228))Linux running IBM QRadar SIEM versions prior to
20 Dec 2021VULN667Apache : CVE-2021-44548 Apache Solr information disclosure vulnerability and relation to Apache Log4J CVE-2021-44228Systems running Apache Solr versions prior to
20 Dec 2021VULN666MediaWiki : Security and maintenance release 1.35.5 / 1.36.3 / 1.37.1Systems running MediaWiki versions prior to 1.35.5,
17 Dec 2021STAT50
17 Dec 2021VULN665Elastic : Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228, CVE-2021-45046 - ESA-2021-31Systems running Elasticsearch, Elastic Cloud,
17 Dec 2021VULN664Sulu CMS : Privilege escalation and PHP file inclusion in the Sulu Admin panelSystems running Sulu (composer) versions prior to
17 Dec 2021VULN663nextjs-auth0 : Open redirect in @auth0/nextjs-auth0Systems running nextjs-auth0 (npm) versions prior
17 Dec 2021VULN662vault-cli : vault-cli possible RCE when reading user-defined dataSystems running vault-cli (pip) versions prior to
17 Dec 2021VULN661pear-archetype : Critical vulnerability in log4j may affect generated PEAR projectsSystems running pear-archetype (maven).
17 Dec 2021VULN660Citrix : Citrix Security Advisory for Apache CVE-2021-44228 and CVE-2021-45046Systems running Citrix customer-managed
17 Dec 2021VULN659 (VMware : VMware Workspace ONE UEM console patches address SSRF vulnerability (CVE-2021-22054))Systems running VMware Workspace ONE UEM console
17 Dec 2021VULN658TYPO3 : TYPO3-PSA-2021-003 Mitigation of Cache Poisoning Caused by Untrusted URL Query ParametersSystems running TYPO3 CMS.
17 Dec 2021VULN657SPIP : Mise à jour CRITIQUE de sécurité sortie de SPIP 4.0.1 et SPIP 3.2.12Systems running SPIP versions prior to 4.0.1,
16 Dec 2021VULN656SAP : SAP Security Patch Day - December 2021Systems running SAP Business Client, SAP Commerce,
16 Dec 2021VULN655APPLE : APPLE-SA-2021-12-15-5 tvOS 15.2tvOS versions prior to 15.2.
16 Dec 2021VULN654APPLE : APPLE-SA-2021-12-15-6 watchOS 8.3watchOS versions prior to 8.3.
16 Dec 2021VULN653APPLE : APPLE-SA-2021-12-15-7 Safari 15.2Systems running Safari versions prior to 15.2.
16 Dec 2021VULN652Apache Log4j : Incomplete fix for Apache Log4j vulnerabilitySystems running log4j-api (maven) versions prior
16 Dec 2021VULN651APPLE : APPLE-SA-2021-12-15 macOS Monterey 12.1, Big Sur 11.6.2 and Security Update 2021-008 CatalinamacOS versions prior to 12.1, 11.6.2.
16 Dec 2021VULN650APPLE : APPLE-SA-2021-12-15-1 iOS 15.2 and iPadOS 15.2iOS, iPadOS versions prior to 15.2.
15 Dec 2021VULN649GitLab : GitLab Runner Critical Security Release: 14.5.2, 14.4.2, and 14.3.4Systems running GitLab Runner versions prior
15 Dec 2021VULN648Google Chrome : Stable channel 96.0.4664.110 fixes multiple security vulnerabilitiesSystems running Google Chrome versions prior
15 Dec 2021VULN647pax-logging-log4j2 : Remote code injection in Log4j (through pax-logging-log4j2)Systems running pax-logging-log4j2 (maven) versions
15 Dec 2021VULN646Microsoft : Microsoft Security Update Summary for December 14, 2021Systems running Apps, SDK Azure Bot Framework, ASP.NET Core et Visual Studio, BizTalk ESB Toolkit...
15 Dec 2021VULN645X.Org : X.Org Security Advisory: December 14, 2021Systems running xorg-server versions prior
13 Dec 2021STAT49
13 Dec 2021ALER001Vulnérabilité dans la bibliothèque de journalisation Apache Log4j CVE-2021-44228
10 Dec 2021VULN644Grafana Agent : Instance config inline secret exposureSystems running grafana/agent (go) versions prior
10 Dec 2021VULN643Apache : CVE-2021-44228 Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpointsSystems running Apache Log4j2 versions prior to
7 Dec 2021STAT48
7 Dec 2021VULN642runc : Overflow in netlink bytemsg length field allows attacker to override netlink-based container configurationSystems running runc (go) versions prior to 1.0.3.
7 Dec 2021VULN641GitLab : GitLab Security Release: 14.5.2, 14.4.4, and 14.3.6Systems running GitLab versions prior to 14.5.2,
7 Dec 2021VULN640Zoho : Authentication bypass vulnerability identified and fixed in Desktop Central and Desktop Central MSPSystems running Zoho Desktop Central,
7 Dec 2021VULN639Apache : CVE-2021-43410 Apache Airavata Django Portal: airavata-django-portal allows CRLF log injectionSystems running Apache Airavata Django Portal
7 Dec 2021VULN638Django : Django security releases issued 3.2.10, 3.1.14, and 2.2.25Systems running Django versions prior to 3.2.10,
2 Dec 2021VULN637Mozilla : CVE-2021-43527 Memory corruption via DER-encoded DSA and RSA-PSS signatures-
30 Nov 2021VULN636Nodebb : Multiple vulnerabilities fixed in Nodebb-
30 Nov 2021VULN635F-Secure : CVE-2021-40833 Denial-of-Service (DoS) Vulnerability-
30 Nov 2021VULN634Kaspersky : Vulnerabilities fixed in multiple Kaspersky products-
30 Nov 2021VULN633Fortinet : FortiClientWindows & FortiClient EMS - Privilege escalation via DLL Hijacking-
26 Nov 2021STAT47
26 Nov 2021VULN632US-CERT : Compilers permit Unicode control and homoglyph characters-
25 Nov 2021VULN631Django-helpdesk : Cross-site Scripting in django-helpdeskSystems running django-helpdesk (pip) versions
25 Nov 2021VULN630Matrix-synapse : Path traversal when downloading remote media-
25 Nov 2021VULN629Roundcube : Security updates 1.4.12 and 1.3.17 released-
25 Nov 2021VULN628Zimbra : NEW Zimbra Patches: 9.0.0 Patch 21 + 8.8.15 Patch 28Systems running Zimbra versions prior to
25 Nov 2021VULN627Cisco : Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021-
25 Nov 2021VULN626IBM : WebSphere Application Server is vulnerable to a Privilege Escalation vulnerability and affects Content Collector for Email-
25 Nov 2021VULN625Ruby: Spoofing, Buffer Overrun and DoS vulnerabilities fixed in Rub and gemsSystems running Ruby versions prior to 2.6.9,
24 Nov 2021VULN624Symfony : Multiple vulnerabilities fixed in SymfonySystems running Symfony.
24 Nov 2021VULN623Aim UI : Arbitrary file reading vulnerabilitySystems running aim (pip) versions prior to 3.1.0.
24 Nov 2021VULN622containerd : Ambiguous OCI manifest parsingSystems running containerd (go) versions prior to
24 Nov 2021VULN621Xen : Multiple vulnerabilities fixed in Xen-
24 Nov 2021VULN620Apache : Apache JSPWiki Arbitrary file deletion and XSS vulnerabilities-
24 Nov 2021VULN619 (VMware : VMware vCenter Server updates address arbitrary file read and SSRF vulnerabilities (CVE-2021-21980, CVE-2021-22049))-
24 Nov 2021VULN618opencontainers : Clarify Content-Type and `mediaType` handlingSystems running OCI Distribution Specification
22 Nov 2021VULN617Apache : Multiple vulnerabilities fixed in Apache Ozone-
22 Nov 2021VULN616Xen : certain VT-d IOMMUs may not work in shared page table mode-
19 Nov 2021STAT46
18 Nov 2021VULN615Apache : CVE-2021-42250 Apache Superset: Possible log injection-
18 Nov 2021VULN614Google Chrome : Multiple vulnerabilities fixed in Chrome 96.0.4664.45Systems running Chrome versions prior to
18 Nov 2021VULN613Drupal : Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2021-011Systems running Drupal core versions prior to
18 Nov 2021VULN612CKEditor 4 : Vulnerabilities allowing to execute arbitrary JavaScript code-
18 Nov 2021VULN611Cisco : Multiple vulnerabilities fixed in Cisco Common Services Platform-
16 Nov 2021VULN610Grafana : Fine-grained access control enables organization admins to create/modify/delete user roles in other organizationSystems running Grafana versions versions prior to
16 Nov 2021VULN609rails_multisite : Secure/signed cookies share secrets between sites in a multi-site application-
16 Nov 2021VULN608Moodle : CVE-2021-26558: Multiple vulnerabilities fixed in Moodle 3.11.4, 3.10.8 and 3.9.11-
16 Nov 2021VULN607Ruby : CVE-2021-41817 Regular Expression Denial of Service Vunlerability of Date,Parsing Methods-
12 Nov 2021VULN606Apache : CVE-2021-26558: Apache ShardingSphere-UI Deserialization of Untrusted DataSystems running Apache ShardingSphere-UI versions 4.1.1 and later, versions prior to 5.0.0.
12 Nov 2021VULN605TYPO3 : Vulnerabilities fixed in multiple TYPO3 extensionsSystems running jobfair for TYPO3 versions prior to 1.0.13, 2.0.2, "pixx.io...
12 Nov 2021VULN604Jenkins : Jenkins Security Advisory 2021-11-12Systems running Active Choices Plugin; OWASP Dependency-Check Plugin...
12 Nov 2021VULN603Apache : CVE-2021-43350 Apache Traffic Control: LDAP filter injection ,vulnerability in Traffic OpsSystems running Apache Traffic Control versions prior to 6.0.1, 5.1.4.
12 Nov 2021VULN602Apache : CVE-2021-4197 Apache Superset Credentials leakSystems running Apache Superset versions prior to 1.3.2.
12 Nov 2021VULN601FreeRDP : Vulnerabiities in FreeRDP allow out of bounds write to memorySystems running FreeRDP versions prior to 2.4.1.
12 Nov 2021VULN600VMware : VMware Tanzu Application Service for VMs updates address a ,denial-of-service vulnerability (CVE-2021-22101)Systems running VMware Tanzu Application Service for VMs versions prior to 2.12.1, 2.11.8, 2.10.20, 2.9.28, 2.7.40.
10 Nov 2021VULN599 (VMware : VMware vCenter Server updates address a privilege escalation vulnerability (CVE-2021-22048))-
10 Nov 2021VULN598Citrix : Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security UpdateSystems running Citrix ADC and Citrix Gateway
10 Nov 2021VULN597Samba : Multiple Security Vulnerabilities fixed in Samba 4.15.2, 4.14.10 and 4.13.14-
10 Nov 2021VULN596Adobe : Security Update Available for Adobe InCopy APSB21-110Windows, macOS running Adobe InCopy versions prior
10 Nov 2021VULN595Adobe : Security hotfix available for RoboHelp Server  APSB21-87Systems running Adobe RoboHelp Server versions
10 Nov 2021VULN594Microsoft : Microsoft Security Update Summary for November 9, 2021Systems running Microsoft 3D Viewer,
5 Nov 2021STAT44
5 Nov 2021VULN593Nagios XI : Multiple Security Vulnerabilities fixed in 5.8.7Systems running Nagios XI versions prior to 5.8.7.
5 Nov 2021VULN592Jenkins : Jenkins Security Advisory 2021-11-04Systems running Jenkins (core) versions prior to
4 Nov 2021VULN591Jupyter : Stored XSS in Jupyter nbdimeSystems running Jupyter nbdime versions prior to
4 Nov 2021VULN590Grafana : XSS vulnerability allowing arbitrary JavaScript executionSystems running Grafana versions prior to 8.2.3.
4 Nov 2021VULN589Mozilla : Security Vulnerabilities fixed in Thunderbird 91.3Systems running Thunderbird versions prior to 91.3,
4 Nov 2021VULN588Atlassian : Multiple Products Security Advisory - Unrendered unicode bidirectional override characters - CVE-2021-42574Systems running Bamboo Server and Data Center
4 Nov 2021VULN587Cisco : Cisco Security Advisories Published on November 03, 2021Systems running Cisco Policy Suite,
3 Nov 2021VULN586TinyMCE : Cross-site scripting vulnerability in TinyMCE pluginsSystems running tinymce versions prior to 5.10.0.
3 Nov 2021VULN585Mozilla : Security Vulnerabilities fixed in Firefox ESR 91.3 and 94Systems running Firefox versions prior to ESR 91.3,
3 Nov 2021VULN584Apache : Apache Traffic Server is vulnerable to various smuggle, DOS, and validation attacksSystems running Apache Traffic Server versions
3 Nov 2021VULN583Apache : CVE-2021-27644: Apache DolphinScheduler DolphinScheduler mysql jdbc connector parameters deserialize remote code executionSystems running Apache DolphinScheduler versions
3 Nov 2021VULN582Apache : CVE-2021-41973 Apache MINA HTTP listener DOSSystems running Apache MINA versions prior to
29 Oct 2021STAT43
29 Oct 2021VULN581Lakefs : Improper Access Control in S3 copy-object, and API restore-refs,dump-refs, get-range, get-metarangeSystems running Lakefs versions prior to 0.53.1.
29 Oct 2021VULN580JupyterHub : Improper Access Control in jupyterhub-firstuseauthenticatorSystems running jupyterhub-firstuseauthenticator
29 Oct 2021VULN579GitLab : GitLab Security Release:14.4.1, 14.3.4, and 14.2.6Systems running GitLab versions prior to 14.4.1,
29 Oct 2021VULN578 (Uyuni : Security bugfix for CVE-2021-40348 (Uyuni Server))Systems running Uyuni versions prior to 2021.11.
29 Oct 2021VULN577Google : Chrome 95.0.4638.69 fix currently exploited Zero-Day vulnerabilitiesSystems running Google Chrome versions prior to
28 Oct 2021VULN576Cisco : Multiple vulnerabilities fixed in Cisco ASA, FTD, FMC and UTD SoftwareSystems running Cisco ASA Software,
28 Oct 2021VULN575BIND : CVE-2021-25219 Lame cache can be abused to severely degrade resolver performanceSystems running BIND versions prior to 9.11.36,
28 Oct 2021VULN574Dask : Remote code execution in DaskSystems running Dask (python-dask) versions
27 Oct 2021VULN573Adobe : Security Updates Available for Adobe XMP Toolkit SDK APSB21-108Systems running Adobe XMP Toolkit SDK versions
27 Oct 2021VULN572Adobe : Security Updates Available for Adobe Premiere Pro APSB21-100Systems running Adobe Premiere Pro versions
27 Oct 2021VULN571Adobe : Security Updates Available for Adobe Character Animator APSB21-95Systems running Adobe Character Animator versions
27 Oct 2021VULN570Adobe : Security Updates Available for Adobe Prelude APSB21-96Systems running Adobe Prelude versions prior to
27 Oct 2021VULN569Adobe : Security Updates Available for Adobe Bridge | APSB21-94Systems running Security Updates Available for
27 Oct 2021VULN568Adobe : Security updates available for Adobe Premiere Elements  APSB21-106Systems running Adobe Premiere Elements versions
27 Oct 2021VULN567Adobe : Security Update Available for Adobe InDesign APSB21-107Systems running Adobe InDesign versions prior to
27 Oct 2021VULN566Adobe : Security updates available for Adobe Photoshop APSB21-109Systems running Adobe Photoshop versions prior to
27 Oct 2021VULN565Adobe : Security Updates Available for Adobe Illustrator APSB21-98Systems running Adobe Illustrator versions prior to
27 Oct 2021VULN564APPLE : APPLE-SA-2021-10-26-7 tvOS 15.1tvOS versions prior to 15.1.
27 Oct 2021VULN563APPLE : APPLE-SA-2021-10-26-6 watchOS 8.1watchOS versions prior to 8.1.
27 Oct 2021VULN562APPLE : APPLE-SA-2021-10-26-5 Security Update 2021-007 CatalinamacOS Catalina.
27 Oct 2021VULN561APPLE : macOS Monterey 12.0.1 and Big Sur 11.6.1macOS versions prior to 12.0.1, 11.6.1.
27 Oct 2021VULN560APPLE: iOS and iPadOS 15.1 and 14.8.1iOS, iPadOS versions prior to 15.1, 14.8.1.
27 Oct 2021VULN559WebKit : WebKitGTK and WPE WebKit Security AdvisorySystems running WebKitGTK, WPE WebKit versions
27 Oct 2021VULN558jquery-ui : Multiple XSS vulnerabilities fixedSystems running Redmine versions prior to 1.13.0.
26 Oct 2021VULN557 (Redmine : Redmine 4.2.3 and 4.1.5 released (security fix))Systems running Redmine versions prior to 4.2.3,
26 Oct 2021VULN556TinyMCE : Cross-site scripting vulnerability in TinyMCESystems running TinyMCE versions prior to 5.9.0.
26 Oct 2021VULN555ua-parser-js (npm) : Embedded malware in ua-parser-jsSystems running ua-parser-js for NPM versions
26 Oct 2021VULN554Docker CLI : Docker CLI leaks private registry credentials to registry-1.docker.ioSystems running Docker CLI versions prior to
22 Oct 2021STAT42
22 Oct 2021VULN553Kubernetes : CVE-2021-25742 Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespacesSystems running ingress-nginx versions prior to
22 Oct 2021VULN552Apache : CVE-2021-38294 Apache Storm Shell Command Injection and Unsafe Pre-Authentication Deserialization VulnerabilitySystems running Apache Storm versions prior to
21 Oct 2021VULN551shell-quote : shell-quote package for Node.js vulnerability allows command injectionSystems running shell-quote for Node.js versions
21 Oct 2021VULN550Cisco : Cisco Security Advisories Published on October 20, 2021Standalone IOS XE SD-WAN Software,
21 Oct 2021VULN549Discourse : RCE via malicious SNS subscription payloadSystems running Discourse versions prior to 2.7.9,
21 Oct 2021VULN548Mailman : Mailman 2.1 security releaseSystems running Mailman versions prior to 2.1.
20 Oct 2021VULN547Tenable : Stand-alone Security Patch Available for Tenable.sc versions 5.16.0 to 5.19.1: Patch 202110.1Systems running Tenable.sc versions up to and
20 Oct 2021VULN546Google : Google Chrome 95.0.4638.54 fixes multiple vulnerabilitiesSystems running Google Chrome versions prior to
20 Oct 2021VULN545 (VMware : VMware vRealize Operations Tenant App update addresses Information Disclosure Vulnerability (CVE-2021-22034))Systems running VMware vRealize Operations Tenant
20 Oct 2021VULN544October : October 2021 Critical Patch Update ReleasedSystems running Oracle Database Server,
19 Oct 2021VULN543Go : Go 1.17.2 and Go 1.16.9 are releasedSystems running Go versions prior to 1.17.2,
19 Oct 2021VULN542strongSwan : Denial-of-service vulnerabilities fixed in StrongSwanSystems running StrongSwan versions prior to
18 Oct 2021VULN541Apache : Apache Superset Possible SQL Injection and XSS vulnerabilitiesSystems running Apache Superset versions prior to
18 Oct 2021VULN540LibreOffice : Multiple vulnerabilities fixed in LibreOfficeSystems running LibreOffice versions prior to
18 Oct 2021STAT41
15 Oct 2021VULN539IBM : Kernel as used by IBM QRadar Network Packet Capture contains multiple vulnerabilitiesSystems running IBM QRadar Network Packet Capture
15 Oct 2021VULN538Palo Alto : CVE-2020-1968 PAN-OS Impact of the Raccoon Attack Vulnerability CVE-2020-1968PAN-OS versions 8.1, 9.0, 9.1.
15 Oct 2021VULN537Palo Alto : Security update for Adobe Acrobat and Reader APSB21-104Windows, Universal Windows Platform running
15 Oct 2021VULN536Apache : CVE-2021-42340 Denial of Service in Apache TomcatSystems running Apache Tomcat versions prior to
13 Oct 2021VULN535Adobe : Security update for Adobe Acrobat and Reader APSB21-104Systems running Adobe Acrobat, Adobe Reader
13 Oct 2021VULN534SAP : SAP Security Patch Day – October 2021Systems running SAP Business Client,
13 Oct 2021VULN533Microsoft : Microsoft Security Update Summary for October 12, 2021Systems running .NET Core, Visual Studio,
13 Oct 2021VULN532 (VMware : VMware vRealize Log Insight updates address CSV injection vulnerability (CVE-2021-22035))Systems running VMware vRealize Log Insight
13 Oct 2021VULN531 (VMware : VMware vRealize Orchestrator update addresses open redirect vulnerability (CVE-2021-22036))Systems running VMware vRealize Orchestrator
13 Oct 2021VULN530 (VMware : VMware vRealize Operations update addresses SSRF Vulnerability (CVE-2021-22033))Systems running vRealize Operations versions prior
13 Oct 2021VULN529Flatpak : CVE-2021-41133 Sandbox bypass via recent VFS-manipulating syscallsSystems running Flatpak versions prior to 1.10.5,
12 Oct 2021VULN528Apache : CVE-2021-38295: Apache CouchDB Privilege EscalationSystems running Apache CouchDB versions prior to
12 Oct 2021VULN527APPLE : APPLE-SA-2021-10-11-1 iOS 15.0.2 and iPadOS 15.0.2iOS, iPadOS versions prior to 15.0.2.
8 Oct 2021STAT40
8 Oct 2021VULN526Google : Google Chrome versions 94.0.4606.81 fix multiple vulnerabilitiesSystems running Google Chrome versions prior to
8 Oct 2021VULN525 (Apache : CVE-2021-42013 Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773))Systems running Apache HTTP Server versions 2.4.49,
8 Oct 2021VULN524Apache : Apache OpenOffice 4.1.11 fix multiple vulnerabilitiesSystems running Apache OpenOffice versions pprior
7 Oct 2021VULN523Cisco : Cisco Security Advisories Published on October 06, 2021Systems running Cisco AsyncOS for Cisco WSA,
7 Oct 2021VULN522Jenkins : Jenkins Security Advisory 2021-10-06Systems running Jenkins (core) versions prior to
6 Oct 2021VULN521Fortinet : FortiSDNConnector - Credential leakSystems running FortiSDNConnector versions prior to
6 Oct 2021VULN520Fortinet : FortiSandbox - Buffer overflow due to use of size of source buffer in libc safe functionsSystems running FortiSandbox versions prior to
6 Oct 2021VULN519Fortinet : FortiWebManager - Injection vulnerabilitiesSystems running FortiWebManager versions prior to
6 Oct 2021VULN518Fortinet : Session cookie does not expire after logout and Directory Traversal vulnerabilitySystems running FortiClientEMS versions prior to
6 Oct 2021VULN517Fortinet : FortiAnalyzer & FortiManager vulnerabilities fixedSystems running FortiAnalyzer versions prior to
6 Oct 2021VULN516Squid : Out-Of-Bounds memory access in WCCPv2 and Improper Certificate Validation in TLSSystems running Squid versions prior to 4.17, 5.2.
6 Oct 2021VULN515Node.js : October 12th 2021 Security ReleasesSystems running Node.js.
6 Oct 2021VULN514Xen : PCI devices with RMRRs not deassigned correctlySystems running Xen versions from 4.4 onward.
6 Oct 2021VULN513Grafana : Snapshot authentication bypassSystems running Grafana versions prior to 7.5.11,
5 Oct 2021VULN512OpenSSH :OpenSSH 8.8 fix security vulnerabilitiesSystems running OpenSSH versions prior to 8.8.
5 Oct 2021VULN511Mozilla : Security Vulnerabilities fixed in Firefox ESR 91.2, ESR 78.15, 93Systems running Firefox versions ESR 91.2,
5 Oct 2021VULN510Apache : Apache HTTP Server Path traversal, file disclosure vulnerability and null pointer dereferenceSystems running Apache HTTP Server versions up to
5 Oct 2021VULN509TYPO3 : HTTP Host Header Injection and Cross-Site-Request-Forgery fixedSystems running TYPO3 CMS versions prior to 11.5.0.
5 Oct 2021VULN508Containerd : Insufficiently restricted permissions on container root and plugin directoriesSystems running containerd versions prior to
5 Oct 2021VULN507Moby : Vulnerabilities fixed in Moby (Docker Engine) 20.10.9Systems running Moby (Docker Engine) versions prior
4 Oct 2021VULN506Google Chrome : Chrome 94.0.4606.71 addresses multiple security vulnerabilitiesSystems running Chrome versions prior to
4 Oct 2021VULN505GitLab : GitLab Security Release 14.3.1, 14.2.5, and 14.1.7Systems running GitLab versions prior to 14.3.1,
4 Oct 2021VULN504MediaWiki : Security and maintenance release: 1.31.16 / 1.35.4 / 1.36.2Systems running MediaWiki versions prior to
1 Oct 2021STAT39
30 Sep 2021VULN503Apache : CVE-2021-41616 Apache ddlutils 1.0 readobject vulnerabilitySystems running Apache ddlutils versions 1.0.
27 Sep 2021STAT38
23 Sep 2021VULN502Cisco : Cisco Security Advisories Published on September 22, 2021Cisco IOS XE, Cisco IOS, Cisco IOS XR,
22 Sep 2021VULN501Google : Chrome 94.0.4606.54 addresses multiple security vulnerabilitiesSystems running Chrome versions prior to
22 Sep 2021VULN500Apache : CVE-2021-38153 Timing Attack Vulnerability for Apache Kafka Connect and ClientsSystems running Apache Kafka versions 2 prior to
22 Sep 2021VULN499VMware : VMware vCenter Server updates address multiple security vulnerabilitiesSystems running vCenter Server,
21 Sep 2021VULN498Moodle : Multiple vulnerabilities fixed in Moodle 3.11.3, 3.10.7 and 3.9.10Systems running Moodle versions prior to 3.11.3,
21 Sep 2021VULN497APPLE : APPLE-SA-2021-09-20-3 tvOS 15tvOS running versions prior to 15.
21 Sep 2021VULN496APPLE : APPLE-SA-2021-09-20-2 watchOS 8watchOS versions prior to 8.
21 Sep 2021VULN495APPLE : APPLE-SA-2021-09-20-4 Xcode 13Systems running Xcode versions prior to 13.
21 Sep 2021VULN494APPLE : APPLE-SA-2021-09-20-10 iTunes 12.12 for WindowsWindows running iTunes versions prior to 12.12,
21 Sep 2021VULN493APPLE : APPLE-SA-2021-09-20-5 Safari 15Systems running Safari versions prior to 15.
21 Sep 2021VULN492APPLE : APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15iOS, iPadOS versions prior to 15.
20 Sep 2021VULN491WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2021-0005Systems running WebKitGTK, WPE WebKit versions
17 Sep 2021VULN490Apache : Apache HTTPd 2.4.49 fix multiple vulbnerabilitiesSystems running Apache HTTPd versions prior to
17 Sep 2021VULN489 (Apache : [CVE-2021-40690] - Apache Santuario - Bypass of the secureValidation property (CVE-2021-40690))Systems running Apache Santuario versions prior to
20 Sep 2021STAT37
17 Sep 2021VULN488Apache : CVE-2021-39239 Apache Jena: XML External Entity (XXE) vulnerabilitySystems running Apache Jena versions prior to
17 Sep 2021VULN487Apache : Apache Shiro specially crafted HTTP request may cause an authentication bypassSystems running Apache Shiro versions prior to
17 Sep 2021VULN486GLPI : GLPI 9.5.6 fixes multiple security vulnerabilitiesSystems running GLPI versions prior to 9.5.6.
16 Sep 2021VULN485Drupal : Entity Embed - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2021-028Systems running Entity Embed for Drupal versions
16 Sep 2021VULN484Drupal : GraphQL - Moderately critical - Access bypass - SA-CONTRIB-2021-029Systems running GraphQL for Drupal versions 8.x-4.x
16 Sep 2021VULN483Drupal : Drupal core multiple Security VulnerabilitiesSystems running Drupal core versions prior to
16 Sep 2021VULN482Kubernetes : Security Vulnerabilities in Kubernetes and kube-apiserverSystems running Kubernetes versions prior to
16 Sep 2021VULN481Apache : CVE-2021-41079 Apache Tomcat DoSSystems running Apache Tomcat versions prior to
15 Sep 2021VULN480Adobe : Security Updates Available for Adobe Genuine Service APSB21-81Windows, macOS running Adobe Genuine Service
15 Sep 2021VULN479Adobe : Security updates available for Adobe Premiere Elements APSB21-78Windows, macOS running Adobe Premiere Elements
15 Sep 2021VULN478Adobe : Security Updates Available for Adobe SVG-Native-Viewer APSB21-72Linux running Adobe SVG-Native-Viewer.
15 Sep 2021VULN477Adobe : Security Updates Available for Adobe XMP Toolkit SDK APSB21-85Systems running Adobe XMP Toolkit SDK versions
15 Sep 2021VULN476Adobe : Security updates available for Adobe Photoshop Elements  APSB21-77Windows, macOS running Adobe Photoshop Elements
15 Sep 2021VULN475Adobe : Security updates available for Adobe Experience Manager APSB21-82Systems running Adobe Experience Manager versions
15 Sep 2021VULN474Adobe : Security Updates Available for Adobe Digital Editions APSB21-80MacOS running Adobe Digital Editions versions prior
15 Sep 2021VULN473Adobe : Security Updates Available for Adobe Framemaker | APSB21-74Windows running Adobe Framemaker versions prior to
15 Sep 2021VULN472Adobe : Security Updates Available for Adobe Premiere Pro APSB21-67Windows, macOS running Adobe Premiere Pro versions
15 Sep 2021VULN471Adobe : Security update available for Adobe Creative Cloud Desktop Application APSB21-76-
15 Sep 2021VULN470Adobe : Security Update Available for Adobe InCopy APSB21-71Windows, macOS running Adobe InCopy versions prior
15 Sep 2021VULN469Adobe : Security updates available for Adobe Photoshop APSB21-84Systems running Adobe Photoshop versions prior to
15 Sep 2021VULN468SAP : SAP Security Patch Day – September 2021Systems running SAP Business Client,
15 Sep 2021VULN467Adobe : Security update available for Adobe Acrobat and Reader APSB21-55Systems running Adobe Acrobat, Adobe Reader
15 Sep 2021VULN466Adobe : Security updates available for Adobe ColdFusion APSB21-75Systems running Adobe ColdFusion versions prior to
15 Sep 2021VULN465Citrix : Citrix ShareFile Storage Zones Controller Security UpdateSystems running Citrix ShareFile storage zones
15 Sep 2021VULN464curl : Multiple vulnerabilities fixed in curlSystems running curl versions from 7.20.0 and prior
15 Sep 2021VULN463Microsoft : Microsoft Security Update Summary for September 14, 2021Systems running Azure Sphere,
14 Sep 2021VULN462Google : Google Chrome 93.0.4577.82 fix multiple vulnerabilitiesSystems running Google Chrome versions prior to
14 Sep 2021VULN461Apache : (RCE) and (XXE) injection vulnerabilitiesSystems running Apache Any23 versions prior to 2.5.
14 Sep 2021VULN460APPLE : watchOS 7.6.2Systems running watchOS versions prior to 7.6.2.
14 Sep 2021VULN459APPLE : iOS 14.8 and iPadOS 14.8iOS, iPadOS versions prior to 14.8.
14 Sep 2021VULN458APPLE : Safari 14.1.2*Systems running Safari versions prior to
14 Sep 2021VULN457APPLE : macOS Big Sur 11.6 and Security Update 2021-005 CatalinamacOS Big Sur versions prior to 11.6,
10 Sep 2021STAT36
9 Sep 2021VULN456Apache Airflow : CVE-2021-38540 Apache Airflow Variable Import endpoint missed authentication checkSystems running Apache Airflow versions 2 prior to
9 Sep 2021VULN455Openstack : OSSA-2021-006 Routes middleware memory leak for nonexistent controllersSystems running Openstack Neutron versions prior to
9 Sep 2021VULN454WordPress : WordPress 5.8.1 Security and Maintenance ReleaseSystems running WordPress versions prior to 5.8.1.
9 Sep 2021VULN453Citrix : CTX325319,Citrix Hypervisor Security UpdateSystems running Citrix Hypervisor.
9 Sep 2021VULN452Cisco : Cisco Security Advisories Published on September 08, 2021Cisco IOS XR,
8 Sep 2021VULN451Mozilla : Security Vulnerabilities fixed in Thunderbird 91.1 and 78.14Systems running Thunderbird versions prior to 91.1,
8 Sep 2021VULN450Fortinet : FortiAuthenticator - Command injection in CLISystems running FortiAuthenticator versions prior
8 Sep 2021VULN449Fortinet : FortiClient Linux - Command injection vulnerabilityFortiClient Linux versions prior to 6.2.9, 6.4.3.
8 Sep 2021VULN448Fortinet : FortiManager Arbitrary Code Execution and improper authentication vulnerabilities fixedSystems running FortiManager versions prior to
8 Sep 2021VULN447Fortinet : FortiSandbox Denial of Service and Information Disclosure VulnerabilitiesSystems running FortiSandbox versions prior to
8 Sep 2021VULN446Fortinet : Multiple Vulnerabilities fixed in FortiOSFortiOS versions prior to 7.0.1, 6.4.7, 6.2.3,
8 Sep 2021VULN445Fortinet : OS command injections and stack-based buffer overflow vulnerabilities fixedSystems running FortiWeb versions prior to 6.4.0,
8 Sep 2021VULN444Xen : Another race in XENMAPSPACE_grant_table handlingSystems running Xen.
7 Sep 2021VULN443Cisco : Cisco Identity Services Engine Cross-Site Scripting VulnerabilitySystems running Cisco Identity Services Engine
7 Sep 2021VULN442Cisco : Cisco Prime Collaboration Provisioning Cross-Site Scripting VulnerabilitySystems running Cisco Prime Collaboration
7 Sep 2021VULN441Cisco : Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Information Disclosure VulnerabilitySystems running Cisco Prime Infrastructure versions
7 Sep 2021VULN440Cisco : Cisco Enterprise NFV Infrastructure Software Authentication Bypass VulnerabilitySystems running Cisco Enterprise NFVIS versions
7 Sep 2021VULN439Google Chrome : Google Chrome versions 93.0.4577.63 fixes multiple security vulnerabilitiesSystems running Google Chrome versions prior to
7 Sep 2021VULN438Aruba : Multiple vulnerabilities fixed in Aruba productsArubaOS versions prior to 6.4.4.25, 6.5.4.20,
7 Sep 2021VULN437GitLab : GitLab Security Release 14.2.2, 14.1.4, and 14.0.9Systems running GitLab versions prior to 14.2.2,
7 Sep 2021VULN436OTRS : OTRS Security Advisory 2021-18Systems running OTRS versions prior to 7.0.29.
7 Sep 2021VULN435Mozilla : Multiple vulnerabilities in Firefox ESR 91.1, 78.14, 92Systems running Mozilla Firefox versions prior to
7 Sep 2021VULN434Node.js : August 31 2021 Security ReleasesSystems running Node.js versions prior to
7 Sep 2021VULN433Apache : Apache Zeppelin Command injection, permissions bypass and XSS vulnerabilities fixedSystems running Apache Zeppelin versions prior to
7 Sep 2021VULN432Openstack : OSSA-2021-005 Arbitrary dnsmasq reconfiguration via extra_dhcp_optsSystems running Openstack Neutron versions prior to
7 Sep 2021VULN431Jenkins : Jenkins Security Advisory 2021-08-31Systems running Jenkins (core),
3 Sep 2021STAT35
27 Aug 2021STAT34
27 Aug 2021VULN430libssh : Possible heap-buffer overflow when rekeyingSystems running libssh versions prior to 0.9.6.
27 Aug 2021VULN429Node.js : August 31 2021 Security ReleasesSystems running Node.js.
27 Aug 2021VULN428fetchmail : fetchmail-SA-2021-02 STARTTLS session encryption bypassingSystems running fetchmail versions prior to 6.4.22,
26 Aug 2021VULN427Nbgitpuller : Code injection in nbgitpullerSystems running nbgitpuller (pip) versions prior
26 Aug 2021VULN426Binderhub : remote code execution via git repo providerSystems running binderhub (helm) versions prior
26 Aug 2021VULN425 (VMware : VMware vRealize Log Insight updates address Cross Site Scripting (XSS) vulnerability (CVE-2021-22021))Systems running VMware vRealize Log Insight,
26 Aug 2021VULN424Cisco : Cisco Security Advisories Published on August 25, 2021Systems running Cisco Application Policy
25 Aug 2021VULN423OpenSSL : SM2 Decryption Buffer Overflow and Read buffer overruns vulnerabilities fixedSystems running OpenSSL versions prior to 1.1.1l,
25 Aug 2021VULN422Apache : CVE-2021-33191 Apache NiFi - MiNiFi C++: MiNiFi CPP arbitrary script execution is possible on the agent's host machine through the c2 protocolSystems running Apache NiFi MiNiFi C++ versions
25 Aug 2021VULN421Joomla! : Core - Insufficient access control for com_media deletion endpointSystems running Joomla! versions prior to 4.0.1.
25 Aug 2021VULN420Xen : Multiple security vulnerabilities fixed in XenSystems running Xen.
25 Aug 2021VULN419VMware : VMware vRealize Operations updates address multiple security vulnerabilitiesSystems running VMware vRealize Operations,
20 Aug 2021STAT33
20 Aug 2021VULN418Citrix : Citrix ShareFile storage zonescontroller security updateSstems running Citrix ShareFile storage zones
20 Aug 2021VULN417 (VMware : Important Severity - VMSA-2021-0016 - VMware Workspace One Access, Identity Manager and vRealize Automation address multiple vulnerabilities (CVE-2021-22002, CVE-2021-22003))Systems running VMware Workspace ONE Access
20 Aug 2021VULN416F5 : K43346111: Linux kernel eBPF vulnerability CVE-2021-3490 Security AdvisoryBIG-IP software, BIG-IQ Centralized Management
20 Aug 2021VULN415IBM : Multiple vulnerabilities in IBMJava SDK affects WebSphere Application Server July 2021 CPU that is bundledwith IBM WebSphere Application Server PatternsAIX, Linux running WebSphere Application Server
20 Aug 2021VULN414 (VMware : VMware Workspace ONE UEMconsole patches address a denial of service vulnerability (CVE-2021-22029))Systems running VMware Workspace ONE UEM console
20 Aug 2021VULN413Adobe : Security Updates Available forAdobe Bridge APSB21-69Windows, macOS running Adobe Bridge versions prior
19 Aug 2021VULN412Fortinet : FortiWeb - OS command injection vulnerabilitySystems running FortiWeb versions prior to 6.3.15,
19 Aug 2021VULN411Adobe : Security Updates Available for Adobe Commerce APSB21-64Systems running Adobe Commerce versions prior to
19 Aug 2021VULN410Adobe : Security update available for Adobe Captivate APSB21-60Systems running Adobe Captivate 2019 versions up to
19 Aug 2021VULN409Apache : CVE-2021-37578 Apache jUDDI Remote code executionSystems running Apache jUDDI versions prior to
19 Aug 2021VULN408Apache : CVE-2021-21501 Apache ServiceComb ServiceComb ServiceCenter Directory TraversalSystems running Apache ServiceComb ServiceCenter
19 Aug 2021VULN407OpenStack : OSSA-2021-002 Open Redirect in noVNC proxySystems running OpenStack Nova versions prior
19 Aug 2021VULN406Openstack : OSSA-2021-003 Account name and UUID oracles in account lockingSystems running Openstack Keystone versions from
19 Aug 2021VULN405OpenStack : OSSA-2021-004: Linuxbridge ARP filter bypass on Netfilter platformsSystems running OpenStack Neutron versions prior
19 Aug 2021VULN404Apache : CVE-2021-33580 Apache Roller regex injection leading to DoSSystems running Apache Roller versions prior to
19 Aug 2021VULN403Cisco : Cisco Security Advisories Published on August 18, 2021Cisco products running BlackBerry QNX,
19 Aug 2021VULN402ISC : CVE-2021-25218 A too-strict assertion check could be triggered when responses in BIND 9.16.19 and 9.17.16 require UDP fragmentation if RRL is in useSystems running BIND versions prior to
18 Aug 2021VULN401Drupal core : Drupal core - Moderately critical - Third-party libraries - SA-CORE-2021-005Systems running Drupal core versions prior to
18 Aug 2021VULN400CKEditor : CKEditor 4.16.2 with browser improvements and security fixesSystems running CKEditor versions prior to 4.16.2.
18 Aug 2021VULN399fetchmail : fetchmail denial of service or information disclosure when logging long messagesSystems running fetchmail versions prior to 6.4.21.
18 Aug 2021VULN398Node.js : August 2021 Security ReleasesSystems running Node.js versions prior to
18 Aug 2021VULN397Google Chrome : Google Chrome versions 92.0.4515.159 fixes multiple security vulnerabilitiesSystems running Google Chrome versions prior to
18 Aug 2021VULN396Adobe : Security Updates Available for Adobe Media Encoder APSB21-70Windows, macOS running Adobe Media Encoder versions
18 Aug 2021VULN395Adobe : Security updates available for Adobe Photoshop APSB21-68Windows, macOS running Adobe Photoshop versions
18 Aug 2021VULN394Mozilla : Security Vulnerabilities fixed in Firefox and Thunderbird prior to 91.0.1Systems running Firefox, Thunderbird versions prior
18 Aug 2021VULN393Apache : CVE-2021-35936 Apache Airflow No Authentication on Logging ServerSystems running Apache Airflow versions prior to
18 Aug 2021VULN392Apache : [CVE-2021-37608] Arbitrary file upload vulnerability in OFBizSstems running Apache OFBiz versions prior to
13 Aug 2021STAT32
11 Aug 2021VULN391Microsoft : Microsoft Security Update Summary for August 10, 2021Systèmes utisnt .NET Core et Visual Studio;
10 Aug 2021VULN390TYPO3 : Cross-Site Scripting via Rich-Text ContentAll systems using TYPO3
6 Aug 2021STAT31
30 Jul 2021STAT30
28 Jul 2021VULN389APPLE : About the security content of macOS Big Sur 11.5.1macOS Big Sur versions prior to 11.5.1.
28 Jul 2021VULN388APPLE : About the security content of iOS 14.7.1 and iPadOS 14.7.1iOS versions prior to 14.7.1.
23 Jul 2021VULN387APPLE : APPLE-SA-2021-07-21-6 tvOS 14.7tvOS versions prior to 14.7.
23 Jul 2021VULN386APPLE : APPLE-SA-2021-07-21-5 watchOS 7.6watchOS versions prior to 7.6.
23 Jul 2021VULN385Apache : CVE-2021-28131 Apache Impala: Impala logs contain secretsSystems running Apache Impala versions prior to
23 Jul 2021VULN384WebKit : WebKitGTK and WPE WebKit Security AdvisorySystems running WebKitGTK, WPE WebKit versions
23 Jul 2021VULN383Tenable : [R1] Tenable.sc 5.19.0 Fixes Multiple Third-party VulnerabilitiesSystems running Tenable.sc versions prior to
22 Jul 2021VULN382Drupal : Drupal core - Critical - Drupal core - Critical - Third-party libraries - SA-CORE-2021-004Systems running Drupal core versions prior to
23 Jul 2021STAT29
22 Jul 2021VULN381APPLE : APPLE-SA-2021-07-21-7 Safari 14.1.2Systems running Safari versions prior to 14.1.2.
22 Jul 2021VULN380APPLE : APPLE-SA-2021-07-21-4 Security Update 2021-005 MojavemacOS Mojave.
22 Jul 2021VULN379APPLE : APPLE-SA-2021-07-21-3 Security Update 2021-004 CatalinamacOS Catalina.
22 Jul 2021VULN378APPLE : APPLE-SA-2021-07-21-2 macOS Big Sur 11.5macOS versions prior to Big Sur 11.5.
22 Jul 2021VULN377APPLE : APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7iOS, iPadOS versions prior to 14.7.
22 Jul 2021VULN376Adobe : Security Updates Available for Adobe PreludeSystems running Adobe Prelude versions prior to
22 Jul 2021VULN375Adobe : Security Updates Available for Adobe After EffectsSystems running Adobe After Effects versions prior
22 Jul 2021VULN374Adobe : Security Updates Available for Adobe IllustratorSystems running Adobe Illustrator versions prior to
22 Jul 2021VULN373Adobe : Security updates available for Adobe PhotoshopSystems running Photoshop versions prior to
21 Jul 2021VULN372Cisco : Cisco Security Advisories Published on July 21, 2021Cisco Intersight Virtual Appliance versions prior
21 Jul 2021VULN371 (Red Hat : RHSB-2021-006 Long path name in mountpoint flaws in the kernel and systemd (CVE-2021-33909, CVE-2021-33910))Red Hat Enterprise Linux versions 6, 7, 8,
21 Jul 2021VULN370Windows : Windows Elevation of Privilege VulnerabilityWindows.
21 Jul 2021VULN369Oracle : July 2021 Critical Patch Update ReleasedSystems running Oracle Database Server,
21 Jul 2021VULN368Curl : Multiple vulnerabilities fixed in curlSystems running curl versions prior to 7.78.0.
20 Jul 2021VULN367Node.js : July 2021 Security ReleasesSystems running Node.js versions prior to
20 Jul 2021VULN366Fortinet : FortiManager & FortiAnalyzer - Use after free vulnerability in fgfmsd daemonSystems running FortiManager, FortiAnalyzer
20 Jul 2021VULN365Citrix : Citrix Application Delivery Controller, Citrix Gateway and Citrix SD-WAN WANOP Edition appliance Security UpdateSystems running Citrix ADC, Citrix Gateway versions
20 Jul 2021VULN364Moodle : Multiple vulnerabilities fixed in MoodleSystems running Moodle versions prior to 3.11.1,
19 Jul 2021VULN363Citrix : Citrix Virtual Apps and Desktops Security UpdateSystems running Citrix Virtual Apps and Desktops,
19 Jul 2021VULN362Google : Chrome 91.0.4472.164 fixes multiple security vulnerabilitiesSystems running Google Chrome versions prior to
19 Jul 2021STAT28
15 Jul 2021VULN361Adobe : Security update available for Adobe Acrobat and ReaderSystems running Adobe Acrobat, Adobe Reader
15 Jul 2021VULN360SonicWall : Improper Neutralization of Special Elements used in an SQL Command leading to SQL Injection vulnerability Impacting End-Of-Life SRA AppliancesSystems running SonicWall SSLVPN SMA/SRA versions
15 Jul 2021VULN359Wireshark : wnpa-sec-2021-06 · DNP dissector crashSystems running Wireshark versions prior to
15 Jul 2021VULN358Mozilla : Security Vulnerabilities fixed in Thunderbird 78.12Systems running Thunderbird versions prior to
15 Jul 2021VULN357Apache : Apache Commons Compress denial of service vulnerabilitiesSystems running Apache Commons Compress versions
15 Jul 2021VULN356Mozilla : Security Vulnerabilities fixed in Firefox ESR 78.12 and 90Systems running Firefox versions prior to
15 Jul 2021VULN355Apache : CVE-2021-36373 Apache Ant TAR, ZIP, and ZIP based archive denial of service vulnerabilitiesSystems running Apache Ant versions prior to
15 Jul 2021VULN354Kubernetes : CVE-2021-25740 Endpoint & EndpointSlice permissions allow cross-Namespace forwardingSystems running Kubernetes.
15 Jul 2021VULN353Microsoft : Microsoft Security Update Summary for July 13, 2021Systems running Windows Common Internet File System,
15 Jul 2021VULN352 (VMware : VMware ThinApp update addresses a DLL hijacking vulnerability (CVE-2021-22000))Systems running VMware ThinApp versions 5.x prior
12 Jul 2021VULN351Ruby : StartTLS stripping and Trusting FTP PASV responses vulnerabilitiesSystems running Ruby versions prior to 2.6.7,
12 Jul 2021STAT27
8 Jul 2021VULN350GitLab : GitLab Critical Security Release: 14.0.4, 13.12.8, and 13.11.7Systems running GitLab versions prior to 14.0.4,
8 Jul 2021VULN349Cisco : Cisco Security Advisories Published on July 07, 2021Systems running Cisco Business Process Automation,
8 Jul 2021INFO1: Information sur les attaques de type Smishing
7 Jul 2021VULN348 (QNAP : Improper Access Control Vulnerability in Legacy HBS 3 (Hybrid Backup Sync))Systems running QNAP NAS running HBS 3 versions
7 Jul 2021VULN347Apache : CVE-2021-33192 Apache Jena Fuseki Display information UI XSSSystems running Apache Jena Fuseki versions prior
7 Jul 2021VULN346Joomla : Joomla 3.9.28 addresses 5 security vulnerabilitiesSystems running Joomla versions prior to 3.9.28.
2 Jul 2021STAT26
2 Jul 2021VULN345MediaWiki: Security and maintenance release: 1.31.15 / 1.35.3 / 1.36.1Systems running MediaWiki versions prior to
2 Jul 2021VULN344Apache: CVE-2021-26920 Apache Druid The HTTP inputSource allows authenticated users to read data from other sources than intendedSystems running Apache Druid versions prior to
1 Jul 2021VULN343Drupal : Vulnerabilies fixed in multiple modules for DrupalSystems running Block Content Revision UI for
1 Jul 2021VULN342Zimbra : NEW Zimbra Patches: 9.0.0 Patch 16 + 8.8.15 Patch 23Systems running Zimbra versions prior to 9.0.0 P16,
1 Jul 2021VULN341PHP : PHP versions 7.3.29 fix multiple security vulnerabilitiesSystems running PHP versions prior to 7.3.29.
1 Jul 2021VULN340Google Chrome OS: Stable channel for Chrome OS updated to 91.0.4472.147Chrome OS versions prior to 91.0.4472.147.
1 Jul 2021VULN339Django : Django security releases issued 3.2.5 and 3.1.13Systems running Django versions prior to 3.2.5,
1 Jul 2021VULN338Jenkins : Jenkins Security Advisory 2021-06-30Systems running Jenkins (core),
25 Jun 2021STAT25
23 Jun 2021VULN337Palo Alto Networks : CVE-2021-3044 Cortex XSOAR Unauthorized Usage of the REST API,047910Systems running Cortex XSOAR versions prior to
23 Jun 2021VULN336VMware : VMware Carbon Black App Control update addresses authentication bypassSystems running VMware Carbon Black App Control
23 Jun 2021VULN335 (VMware : VMware Tools, VMRC and VMware App Volumes update addresses a local privilege escalation vulnerability (CVE-2021-21999))Systems running VMware Tools for Windows versions
23 Jun 2021VULN334Apache : CVE-2021-26461 Apache NuttX(incubating) malloc, realloc and memalign implementations are vulnerable tointeger wrap-aroundsSystems running Apache NuttX versions prior to
18 Jun 2021STAT24
18 Jun 2021VULN333PHPMailer : Remote Code Execution and Code Injection vulnerabilities in PHPMailerSystems running PHPMailer versions prior to 6.5.0.
18 Jun 2021VULN332Jenkins : Vulnerabilities in Scriptler and the Generic Webhook Trigger PluginsSystems running Scriptler Plugin for Jenkins
18 Jun 2021VULN331Cisco : Cisco Security Advisories Published on June 16, 2021Cisco Small Business 220 Series Smart Switches
18 Jun 2021VULN330Google Chrome : Google Chrome 91.0.4472.114 fixes multiple security vulnerabilitiesSystems running Google Chrome versions prior to
18 Jun 2021VULN329Symfony : CVE-2021-32693 Authentication granted to all firewalls instead of just oneSystems running Symfony versions 5.3.x prior to
18 Jun 2021VULN328 (VMware : VMware Tools for Windows update addresses a denial-of-service ,vulnerability (CVE-2021-21997))Windows running VMware Tools for Windows versions
16 Jun 2021VULN327APPLE : About the security content of iOS 12.5.4iOS versions prior to 12.5.4.
16 Jun 2021VULN326Trend Micro : Trend Micro InterScan Web Security Virtual Appliance 6.5 Reflected XSS VulnerabilitySystems running Trend Micro InterScan Web Security
16 Jun 2021VULN325Mozilla : Security Vulnerabilities fixed in Firefox 89.0.1Systems running Firefox versions prior to 89.0.1.
16 Jun 2021VULN324Apache : CVE-2021-30468 Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriterSystems running Apache CXF versions prior to 3.4.4,
16 Jun 2021VULN323Apache : CVE-2020-9493 Apache Chainsaw Java deserialization in ChainsawSystems running Apache Chainsaw versions prior to
14 Jun 2021VULN322QNAP : Out-of-Bounds Read Vulnerability and Inclusion of Sensitive Information in QSSSystems running Certain QNAP Switches.
14 Jun 2021VULN321QNAP : Improper Access Control Vulnerability in HelpdeskSystems running QNAP NAS Helpdesk versions prior to
14 Jun 2021VULN320Qnap : Vulnerability in Roon ServerSystems running QNAP NAS running Roon Server
14 Jun 2021VULN319Citrix : Citrix Hypervisor Security UpdateSystems running Citrix Hypervisor.
14 Jun 2021VULN318Apache : Apache PDFBox A carefully crafted PDF file can trigger DoS while loading a fileSystems running Apache PDFBox versions prior to
14 Jun 2021VULN317Silverstripe : Vulnerabilities fixed in SilverStripe's supported modulesSystems running silverstripe/framework versions
11 Jun 2021STAT23
11 Jun 2021VULN316Nagios XI : Nagios XI 5.8.4 fixes SQL injection and XSS vulnerabilitiesSystems running Nagios XI versions prior to 5.8.4.
11 Jun 2021VULN315Google : Multiple security vulnerabilities fixed in Chrome 91.0.4472.101Systems running Google Chrome versions prior to
10 Jun 2021VULN314Xen : Multiple security vulnerabilities fixed in XenSystems running Xen.
9 Jun 2021VULN313Adobe : Security updates available for Adobe Photoshop APSB21-38Systems running Adobe Photoshop versions prior to
9 Jun 2021VULN312Citrix : CTX297155 Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security UpdateSystems running Citrix ADC, Citrix Gateway,
9 Jun 2021VULN311Adobe : Security update available for Adobe Acrobat and Reader APSB21-37Systems running Adobe Acrobat, Adobe Reader
9 Jun 2021VULN310Wireshark : DVB-S2-BB dissector infinite loopSystems running Wireshark versions prior to 3.4.6.
9 Jun 2021VULN309Microsoft : Microsoft Security Update Summary for June 8, 2021Systems running .NET Core & Visual Studio,
8 Jun 2021VULN308Apache : CVE-2021-33190 Apache APISIX Dashboard: Bypass network access controlSystems running Apache APISIX Dashboard versions
8 Jun 2021VULN307SAP : SAP Security Patch Day – June 2021Systems running SAP Commerce,
4 Jun 2021STAT22
3 Jun 2021VULN306QNAP : Command Injection Vulnerability in Video StationSystems running QNAP NAS running Video Station
3 Jun 2021VULN305QNAP : Post-Authentication Reflected XSS Vulnerability in Q'centerSystems running QNAP NAS running Q'center versions
3 Jun 2021VULN304Drupal : Multiple vulnerabilities fixed in plugins for DrupalSystems running OpenID Connect / OAuth client for
2 Jun 2021VULN303Django : Django security releases issued 3.2.4, 3.1.12, and 2.2.24Systems running Django versions prior to 3.2.4,
1 Jun 2021VULN302Mozilla : Security Vulnerabilities fixed in Firefox 89 and ESR 78.11Systems running Firefox versions prior to 89,
1 Jun 2021VULN301Cisco : Lasso SAML Implementation Vulnerability Affecting Cisco Products: June 2021Cisco ASA Software, Cisco SMA, Cisco ESA,
28 May 2021STAT21
28 May 2021VULN300APPLE : APPLE-SA-2021-05-25-2 macOS Big Sur 11.4macOS versions prior to Big Sur 11.4.
28 May 2021VULN299APPLE : APPLE-SA-2021-05-25-1 iOS 14.6 and iPadOS 14.6iOS, iPadOS versions prior to 14.6.
28 May 2021VULN298APPLE : APPLE-SA-2021-05-25-8 Boot CampSystems running Boot Camp versions prior to 6.1.14.
28 May 2021VULN297APPLE : APPLE-SA-2021-05-25-7 tvOS 14.6tvOS versions prior to 14.6.
28 May 2021VULN296APPLE : APPLE-SA-2021-05-25-6 watchOS 7.5watchOS versions prior to 7.5.
28 May 2021VULN295APPLE : APPLE-SA-2021-05-25-5 Safari 14.1.1Systems running Safari versions prior to 14.1.1.
28 May 2021VULN294Apache : CVE-2020-17514 Apache Fineract Disabled hostname verification for HTTPSSystems running Apache Fineract versions prior to
28 May 2021VULN293Apache : Authentication with JWT allows use of "none"-algorithmSystems running Apache Pulsar versions prior to
28 May 2021VULN292Apache : CVE-2021-23937 Apache Wicket DNS proxy and possible amplification attackSystems running Apache Wicket versions prior to
28 May 2021VULN291Drupal : Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2021-003Systems running Drupal core versions prior to
27 May 2021VULN290ISC : CVE-2021-25217 Buffer overrun in lease file parsing codeSystems running ISC DHCP versions prior to
27 May 2021VULN289Jenkins : Jenkins Security Advisory 2021-05-25Systems running Filesystem Trigger Plugin for
27 May 2021VULN288Joomla : Security vulnerabilities fixed in Joomla 3.9.27Systems running Joomla versions prior to 3.9.27.
27 May 2021VULN287curl : Vulnerabilities fixed in curl, libcurlSystems running curl, libcurl versions prior to
27 May 2021VULN286 bisVMware : VMware vCenter Server updates address remote code execution and authentication vulnerabilitiesSystems running VMware vCenter Server versions
21 May 2021STAT20
21 May 2021VULN286VMware :VMware Workstation and Horizon Client for Windows updates address multiple security vulnerabilitiesSystems running VMware Workstation Pro/Player
20 May 2021VULN285 (Prometheus : Prometheus v2.26.1 / v2.27.1 (Security Release))Systems running Prometheus versions prior to 2.26.1,
20 May 2021VULN284runc : mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfsSystems running runc versions prior to 1.0.0-rc95.
20 May 2021VULN283Cisco : Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Command Injection VulnerabilitySystems running Cisco Prime Infrastructure versions
20 May 2021VULN282Cisco : Cisco Modeling Labs Web UI Command Injection VulnerabilitySystems running Cisco Modeling Labs versions
19 May 2021VULN281Kubernetes : CVE-2021-25738 Code exec via yaml parsingSystems running Kubernetes Java Client versions
19 May 2021VULN280Kubernetes : CVE-2021-25737 Holes in EndpointSlice Validation Enable Host Network HijackSystems running Kubernetes versions prior to 1.21.1,
18 May 2021VULN279LibreOffice : fileloc extension added to macOS executable denylistSystems running LibreOffice versions prior to 7.0.6,
18 May 2021VULN278Wordpress : WordPress 5.7.2 Security ReleaseSystems running WordPress versions prior to 5.7.2.
18 May 2021VULN277Moodle : Multiple Security Vulnerabilities fixed in MoodleSystems running Moodle versions prior to 3.11,
18 May 2021VULN276X.Org : Missing request length checks in libX11Systems running X.Org libX11 versions prior to
17 May 2021STAT19
12 May 2021VULN275Adobe : Security Updates Available for Adobe Illustrator | APSB21-24Systems running Adobe Illustrator versions
12 May 2021VULN274Adobe : Security Update Available for Adobe InDesign APSB21-22Windows, macOS running Adobe InDesign versions prior
12 May 2021VULN273Adobe : Security update available for Adobe Acrobat and Reader APSB21-29Systems running Adobe Acrobat, Adobe Reader versions
12 May 2021VULN272Kubernetes : CVE-2021-25736 Windows kube-proxy LoadBalancer contentionSystems running Kubernetes versions prior to 1.21.0,
12 May 2021VULN271Jenkins : Jenkins Security Advisory 2021-05-11Systems running Credentials Plugin for Jenkins,
12 May 2021VULN270Microsoft : Microsoft Security Update Summary for May 11, 2021Systems running .NET Core & Visual Studio,
11 May 2021VULN269SAP : SAP Security Patch Day – May 2021Systems running SAP Business Client, SAP Commerce,
11 May 2021VULN268Google Chrome : Chrome 90.0.4430.212 fixes multiple vulnerabilitiesSystems running Google Chrome versions prior to
11 May 2021VULN267 (VMware : VMware Workspace ONE UEM console patches address a Cross-site scripting vulnerability (CVE-2021-21990))Systems running VMware Workspace ONE UEM console
11 May 2021VULN266Squid : Multiple security vulnerabilities fixed in SquidSystems running Squid versions prior to 4.15,
7 May 2021STAT18
6 May 2021VULN265 (VMware : VMware vRealize Business for Cloud updates address a remote code execution vulnerability (CVE-2021-21984))Systems running VMware vRealize Business for Cloud
6 May 2021VULN264Django : Django security releases issued 3.2.2, 3.1.10, and 2.2.22Systems running Django versions prior to 3.2.2,
5 May 2021VULN263Xen : x86 Speculative vulnerabilities with bare (non-shim) 32-bit PV guestsSystems running Xen.
5 May 2021VULN262Exim : Exim 4.94.2 - security update releasedSystems running Exim versions prior to 4.94.2.
5 May 2021VULN261APPLE : APPLE-SA-2021-05-03-3 watchOS 7.4.1watchOS versions prior to 7.4.1.
5 May 2021VULN260APPLE : APPLE-SA-2021-05-03-4 macOS Big Sur 11.3.1macOS versions prior to Big Sur 11.3.1.
5 May 2021VULN259Django : Django security releases issued 3.2.1, 3.1.9, and 2.2.21Systems running Django versions prior to 3.2.1,
5 May 2021VULN258APPLE : iOS 14.5.1 and iPadOS 14.5.1 et iOS 12.5.3 fix WebKit security vulnerabilitiesiOS, iPadOS versions prior to 14.5.1.
4 May 2021VULN257PHPMailer : Object injection in PHPMailer/PHPMailerSystems running PHPMailer versions prior to 6.4.1.
3 May 2021VULN256Ruby : CVE-2021-31799 A command injection vulnerability in RDocSystems running RDoc versions prior to 6.3.1.
30 Apr 2021STAT17
30 Apr 2021VULN255Apache : CVE-2021-30638 An Information Disclosure due to insufficient input validation exists in Apache Tapestry 5.4.0 and laterSystems running Apache Tapestry versions prior to
30 Apr 2021VULN254Samba : Negative idmap cache entries can cause incorrect group entries in the Samba file server process tokenSystems running Samba versions since 3.6.0 and
30 Apr 2021VULN253BIND : A second vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attackSystems running BIND versions prior to 9.11.31,
30 Apr 2021VULN252KDE : KMail: Deleting attachments can disclose content of encrypted messagesSystems running KMail, messagelib versions prior to
30 Apr 2021VULN251Drupal : SAML Authentication - Moderately critical - Access bypass - SA-CONTRIB-2021-006Systems running samlauth for Drupal versions prior
29 Apr 2021VULN250Cisco : Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Vulnerabilities fixedCisco ASA Software versions prior to 9.8.4.35,
28 Apr 2021VULN249Fortinet : Authentication bypass in FortiWANSystems running FortiWAN versions prior to 4.5.8,
28 Apr 2021VULN248Elastic : Kibana 7.12.1 fix DoS and XML External Entity Injection issuesSystems running Kibana versions prior to 7.12.1.
28 Apr 2021VULN247Apache : Unsafe deserialization and RCE vulnerability in Apache OFBizSystems running Apache OFBiz versions prior to
28 Apr 2021VULN246APPLE : APPLE-SA-2021-04-26-10 Xcode 12.5Systems running Xcode versions prior to 12.5.
28 Apr 2021VULN245APPLE : APPLE-SA-2021-04-26-6 tvOS 14.5tvOS versions prior to 14.5.
28 Apr 2021VULN244APPLE : APPLE-SA-2021-04-26-8 iCloud for Windows 12.3Windows running iCloud versions prior to 12.3.
28 Apr 2021VULN243APPLE : APPLE-SA-2021-04-26-9 iTunes 12.11.3 for WindowsSystems running iTunes versions prior to 12.11.3.
28 Apr 2021VULN242APPLE : APPLE-SA-2021-04-26-5 watchOS 7.4watchOS versions prior to 7.4.
27 Apr 2021VULN241Shibboleth : Shibboleth Service Provider Security Advisory [26 April 2021]Systems running Shibboleth Service Provider
27 Apr 2021VULN240Google Chrome : Google Chrome 90.0.4430.93 fix multiple vulnerabilitiesSystems running Google Chrome versions prior to
27 Apr 2021VULN239Zimbra : NEW Zimbra Patches 9.0.0 Patch 14 + 8.8.15 Patch 21Systems running Zimbra versions prior to
27 Apr 2021VULN238Apache : CVE-2020-17517 Apache Ozone Ozone S3 Gateway allows bucket and key access to non authenticated usersSystems running Apache Ozone versions prior to
27 Apr 2021VULN237Apache : CVE-2021-28125 Apache Superset Open RedirectSystems running Apache Superset versions prior to
27 Apr 2021VULN236APPLE : About the security content of Safari 14.1Systems running Safari versions prior to 14.1.
27 Apr 2021VULN235Sympa : 2021-001 Inappropriate use of the cookie parameterSystems running Sympa versions prior to 6.2.62.
27 Apr 2021VULN234TYPO3 : Vulnerabilities fixed in multiple TYPO3 extensionsSystems running "2 Clicks for External Media"
27 Apr 2021VULN233APPLE : macOS Big Sur 11.3 and Security Update for Catalina and MojavemacOS versions prior to Big Sur 11.3.
27 Apr 2021VULN232APPLE : APPLE-SA-2021-04-26-1 iOS 14.5 and iPadOS 14.5iOS, iPadOS versions prior to 14.5.
23 Apr 2021STAT16
23 Apr 2021VULN231Oracle : April 2021 Critical Patch Update ReleasedSystems running Oracle Database Server,
23 Apr 2021VULN230Wireshark : MS-WSP dissector excessive memory consumptionSystems running Wireshark versions prior to 3.4.5,
22 Apr 2021VULN229Drupal : Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002Systems running Drupal versions prior to 9.1.7,
22 Apr 2021VULN228Jenkins : Jenkins Security Advisory 2021-04-21Systems running CloudBees CD Plugin for Jenkins
20 Apr 2021VULN227Mozilla : Security Vulnerabilities fixed in Firefox 88 and 78.10Systems running Firefox versions prior to 88,
20 Apr 2021VULN226Mozilla : Security Vulnerabilities fixed in Thunderbird 78.10Systems running Thunderbird versions prior to
16 Apr 2021STAT15
16 Apr 2021VULN225WordPress : WordPress 5.7.1 Security and Maintenance ReleaseSystems running WordPress versions prior
16 Apr 2021VULN224GitLab : GitLab Critical Security Release: 13.10.3, 13.9.6, and 13.8.8Systems running GitLab versions prior to 13.10.3,
16 Apr 2021VULN223LibreOffice : Denylist of executable filename extensions possible to bypass under windowsSystems running LibreOffice versions prior
15 Apr 2021VULN222Django : SQL Injection via Select, Explain and Analyze forms of the SQLPanel for Django Debug Toolbar >= 0.10.0Systems running Django Debug Toolbar versions prior
15 Apr 2021VULN221Kubernetes : CVE-2021-25735 Validating Admission Webhook does not observe some previous fieldsSystems running kube-apiserver versions prior to
14 Apr 2021VULN220GLPI : GLPI 9.5.5 fix Stored XSS in plugins informationSystems running GLPI versions prior to 9.5.5.
14 Apr 2021VULN219Microsoft : Microsoft Security Update Summary for April 13, 2021Microsoft Windows, Windows Server
14 Apr 2021VULN218X.Org : Input validation failures in X server XInput extensionSystems running X.Org server versions prior to
14 Apr 2021VULN217Adobe : Security update available for RoboHelp APSB21-20Systems running Adobe RoboHelp versions prior to
14 Apr 2021VULN216Adobe : Security Updates Available for Adobe Bridge APSB21-23Systems running Adobe Bridge versions prior to
14 Apr 2021VULN215Adobe : Security Updates Available for Adobe Digital EditionsSystems running Adobe Digital Editions versions
14 Apr 2021VULN214Adobe : Security updates available for Adobe Photoshop APSB21-28Systems running Adobe Photoshop versions prior to
14 Apr 2021VULN213Google Chrome : Stable Channel for Desktop 89.0.4389.128 fix possible arbitrary code executionSystems running Google Chrome versions prior to
14 Apr 2021VULN212Joomla! : Escape xss in logo parameter error pages and Inadequate filters on moduleSystems running Joomla! CMS versions prior to
13 Apr 2021VULN211Apache : Multiple vulnerabilities fixed in Apache Solr 8.8.2Systems running Apache Solr versions prior to
12 Apr 2021VULN210WhatsApp : April Update fix cache configuration issue and out-of-bounds writeAndroid, iOS running WhatsApp, WhatsApp Business
12 Apr 2021VULN209Redmine : Redmine 4.1.2 and 4.0.8 fix security vulnerabilitiesSystems running Redmine versions prior to 4.1.2,
12 Apr 2021VULN208MediaWiki : Security and maintenance release 1.31.13 / 1.35.2 / 1.31.14Systems running MediaWiki versions prior to
9 Apr 2021STAT14
9 Apr 2021VULN207Ruby : Ruby 3.0.1, 2.7.3, 2.6.7, 2.5.9 fix security vulnerabilitiesSystems running Ruby versions prior to 3.0.1,
7 Apr 2021VULN206Jenkins : Jenkins Security Advisory 2021-04-07Systems running Jenkins
6 Apr 2021VULN205QNAP : QNAP QTS 4.3.6.1620-20210322 fix command injection and Apache HTTP server vulnerabilitiesSystems running QNAP QTS versions prior to
6 Apr 2021VULN204Google Android : Bulletin de sécurité Android - Avril 2021Systems running Google Android versions prior to
6 Apr 2021VULN203Django : Django security releases issued: 3.1.8, 3.0.14, and 2.2.20Systems running Django versions prior to 3.1.8,
2 Apr 2021STAT13
2 Apr 2021VULN202Apache CXF : CVE-2021-22696 Apache CXF OAuth 2 authorization service vulnerable to DDos attacksSystems running Apache CXF versions prior to 3.4.3,
2 Apr 2021VULN201Jetty : Multiple vulnerabilities fixed in JettySystems running Jetty versions prior to 9.4.39,
2 Apr 2021VULN200Netty : Possible request smuggling in HTTP/2 due missing validation of content-lengthSystems running Netty versions prior to 4.1.61.
2 Apr 2021VULN199VMware : VMware Carbon Black Cloud Workload appliance update addresses incorrect URL handling vulnerabilitySystems running VMware Carbon Black Cloud Workload
2 Apr 2021VULN198Nagios : Nagios 5.8.3 fix XSS and possible RCE vulnerabilitiesSystems running Nagios versions prior to 5.8.3.
2 Apr 2021VULN197GitLab : GitLab Security Release: 13.10.1, 13.9.5 and 13.8.7Systems running GitLab versions prior to 13.10.1,
1 Apr 2021VULN196Wordpress : Stored Authenticated XSS in WordPress Plugin Virtual Robots.txtSystems running WordPress Plugin Virtual
1 Apr 2021VULN195Zimbra : NEW Zimbra Patches 9.0.0 Patch 13 + 8.8.15 Patch 20Systems running Zimbra versions prior to 9.0.0
1 Apr 2021VULN194Google Chrome : Stable Channel Update for Desktop 89.0.4389.114 for Windows, Mac and LinuxSystems running Google Chrome versions prior to
1 Apr 2021VULN193Citrix : CTX306565 Citrix Hypervisor Security UpdateSystems running Citrix Hypervisor version up to and
1 Apr 2021VULN192Jenkins : Jenkins Security Advisory 2021-03-30Systems running Build With Parameters Plugin for
31 Mar 2021VULN191VMware : VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilitiesSystems running VMware vRealize Operations,
31 Mar 2021VULN190curl : Automatic referer leaks credentials and TLS 1.3 session ticket proxy host mixupSystems running libcurl versions prior to 7.76.0.
30 Mar 2021VULN189Apache : CVE-2021-28657 Infinite loop in Apache Tika's MP3 parserSystems running Apache Tika versions 1.26.
30 Mar 2021VULN188Xen : Linux blkback driver may leak persistent grantsAll Linux versions having the fix for XSA-365
30 Mar 2021VULN187Apache : [CVE-2021-26919] Authenticated users can execute arbitrary code from malicious MySQL database systemsSystems running Apache Druid prior to 0.20.2.
30 Mar 2021VULN186WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2021-0003Systems running WebKitGTK, WPE WebKit versions
29 Mar 2021VULN185Apple : iOS 14.4.2 and iPadOS 14.4.2 fix WebKit universal cross site scripting vulnerabilityiOS, iPadOS versions prior to 14.4.2.
29 Mar 2021VULN184Apple : watchOS 7.3.3 fixes WebKit universal cross site scripting vulnerabilitywatchOS versions prior to 7.3.3.
26 Mar 2021VULN183Adobe : Security updates available for Adobe ColdFusion APSB21-16Systems running Adobe ColdFusion versions prior to
26 Mar 2021STAT12
26 Mar 2021VULN182Elastic : Elastic Stack 7.12.0 and 6.8.15 Security UpdateSystems running Elasticsearch versions prior to
26 Mar 2021VULN181OpenSSL : CA certificate check bypass and NULL pointer dereferenceSystems running OpenSSL versions 1.1.1 prior
25 Mar 2021VULN180Apache : CVE-2020-1946 Apache SpamAssassin has an OS Command Injection vulnerabilitySystems running Apache SpamAssassin versions prior
25 Mar 2021VULN179Cisco : Cisco Security Advisories Published on March 24, 2021Systems running Cisco Jabber Desktop and Mobile
25 Mar 2021VULN178Samba : Heap corruption and Out of bounds read vulnerabilitiesSystems running Samba versions prior to
24 Mar 2021VULN177Apache : [CVE-2021-26295] RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMISystems running Apache OFBiz versions prior to
24 Mar 2021VULN176WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2021-0002Systems running WebKitGTK, WPE WebKit versions
24 Mar 2021VULN175Mozilla : Security Vulnerabilities fixed in Firefox ESR 78.9Systems running Firefox versions prior to 87,
24 Mar 2021VULN174Mozilla : Security Vulnerabilities fixed in Thunderbird 78.9Systems running Thunderbird versions prior to
24 Mar 2021VULN173MariaDB : wsrep_provider and wsrep_notify_cmd system variables are writable,ExportSystems running MariaDB Server versions prior to
23 Mar 2021VULN172Apache : Apache PDFBox multiple vulnerabilitiesSystems running Apache PDFBox versions prior to
23 Mar 2021VULN171Grafana : Grafana 6.7.6, 7.3.10, and 7.4.5 released with important security fixes for Grafana EnterpriseSystems running Grafana versions prior to 6.7.6,
22 Mar 2021VULN170Foxit : Security updates available in Foxit Reader 10.1.3 and Foxit PhantomPDF 10.1.3Systems running Foxit Reader, Foxit PhantomPDF
19 Mar 2021STAT11
18 Mar 2021VULN169Xen : Xen Security Advisory CVE-2021-28687 XSA-368 v3 HVM soft-reset crashes toolstackSystems running Xen versions 4.12 up to and
18 Mar 2021VULN168Shibboleth : Shibboleth SP's Template generation allows external parameters to override placeholdersSystems running Shibboleth Service Provider
18 Mar 2021VULN167GitLab : GitLab Critical Security Release: 13.9.4, 13.8.6, and 13.7.9Systems running GitLab versions prior to 13.9.4,
18 Mar 2021VULN166Drupal : Fast Autocomplete - Moderately critical - Access bypass -,SA-CONTRIB-2021-005Systems running Fast Autocomplete for Drupal
18 Mar 2021VULN165Jenkins : Jenkins Security Advisory 2021-03-18Systems running CloudBees AWS Credentials Plugin
18 Mar 2021VULN164Cisco : Cisco Small Business RV132W and RV134W Routers Management Interface Remote Command Execution and Denial of Service VulnerabilitySystems running RV132W ADSL2+ Wireless-N VPN
16 Mar 2021VULN163TYPO3 : Multiple vulnerabilities fixed in TYPO3-CORESystems running TYPO3-CORE versions prior to
15 Mar 2021VULN162Go: Go 1.16.1 and Go 1.15.9 are releasedSystems running Go versions prior to 1.16.1,
15 Mar 2021VULN161Moodle : Multiple security vulnerabilities fixed in MoodleSystems running Moodle versions prior to
12 Mar 2021STAT10
12 Mar 2021VULN160Adobe : Security updates available for Adobe Animate APSB21-21Systems running Adobe Animate versions prior to
12 Mar 2021VULN159Adobe : Security updates available for Adobe Photoshop APSB21-17Systems running Adobe Photoshop versions prior to
11 Mar 2021VULN158Wireshark : wnpa-sec-2021-03 Wireshark could open unsafe URLsSystems running Wireshark versions prior to 3.4.4,
11 Mar 2021VULN157Apache : Velocity Sandbox Bypass and Velocity Tools XSS VulnerabilitySystems running Apache Velocity versions prior to
11 Mar 2021VULN156Apache : CVE-2020-35451 Oozie local privilege escalationSystems running Apache Oozie versions prior to
11 Mar 2021VULN155Aruba : SAD DNS side channel attackSystems running Aruba Instant versions prior to
11 Mar 2021VULN154Aruba : Aruba Instant (IAP) Multiple VulnerabilitiesSystems running Aruba Instant versions prior to
10 Mar 2021VULN153Adobe : Security update available for Adobe Creative Cloud Desktop ApplicationSystems running Adobe Creative Cloud Desktop
10 Mar 2021VULN152Adobe : Security Updates Available for Adobe Framemaker APSB21-14Systems running Adobe Framemaker versions prior to
10 Mar 2021VULN151Adobe : Security updates available for Adobe Connect APSB21-19Systems running Adobe Connect versions prior to
10 Mar 2021VULN150Microsoft : Microsoft Security Update Summary for March 9, 2021Systems running Microsoft Office,
10 Mar 2021VULN149Git: malicious repositories can execute remote code while cloningSystems running Git versions prior to 2.30.2,
10 Mar 2021VULN148SAP : SAP Security Patch Day – March 2021Systems running SAP Solution Manager,
9 Mar 2021VULN147APPLE : APPLE-SA-2021-03-08-1 iOS 14.4.1 and iPadOS 14.4.1Systems running iOS, iPadOS versions prior to
9 Mar 2021VULN146APPLE : APPLE-SA-2021-03-08-4 watchOS 7.3.2watchOS versions prior to 7.3.2.
9 Mar 2021VULN145APPLE : APPLE-SA-2021-03-08-2 macOS Big Sur 11.2.3macOS versions prior to Big Sur 11.2.3.
9 Mar 2021VULN144APPLE : APPLE-SA-2021-03-08-3 Safari 14.0.3Systems running Safari versions prior to 14.0.3.
5 Mar 2021STAT09
5 Mar 2021VULN143Cisco : Cisco IP Phones Buffer Overflow and Denial of Service VulnerabilitiesCisco IP Phones Firmware.
5 Mar 2021VULN142Atlassian : Privilege Escalation Vulnerability in Atlassian Bitbucket on Windows - CVE-2020-36233Windows running Atlassian Bitbucket versions 6, 7
5 Mar 2021VULN141Tenable : Stand-alone Security Patches Available for Tenable.sc versions 5.13.0 to 5.17.0Systems running Tenable.sc versions 5.13.0 up to
5 Mar 2021VULN140Asterisk : AST-2021-006 Crash when negotiating T.38 with a zero portSystems running Asterisk Open Source versions prior
5 Mar 2021VULN139GitLab : GitLab Security Release 13.9.2, 13.8.5 and 13.7.8Systems running GitLab versions prior to 13.9.2,
5 Mar 2021VULN138Elastic : Elastic Stack 7.11.0 and 6.8.14 Security UpdatesSystems running Elasticsearch versions prior to
4 Mar 2021VULN137Xen : netback fails to honor grant mapping errors and special config crashSystems running Xen.
4 Mar 2021VULN136Fortinet : Multiple vulnerabilities fixed in FortiProxySystems running FortiProxy versions prior to 2.0.1,
4 Mar 2021VULN135GRUB : Multiple GRUB2 vulnerabilitiesSystems running GRUB2.
4 Mar 2021VULN134OpenSSH : OpenSSH 8.5 releasedSystems running OpenSSH versions prior to 8.5.
4 Mar 2021VULN133Microsoft : Multiple Security Updates Released for Exchange ServerSystems running Microsoft Exchange Server versions
4 Mar 2021VULN132Salt Project : Active SaltStack CVE Release 2021-FEB-25Systems running Salt versions prior to 3002.5,
4 Mar 2021VULN131Cisco : Multiple Cisco Products Snort Ethernet Frame Decoder Denial of Service VulnerabilityCisco UTD Snort IPS Engine Software for IOS XE,
4 Mar 2021VULN130GLPI : GLPI 9.5.4 fixes multiple security vulnerabilitiesSystems running GLPI versions prior to 9.5.4.
3 Mar 2021VULN129 (Apache : Apache Tomcat h2c request mix-up and Incomplete fix for CVE-2020-9484 (RCE via session persistence))Systems running Apache Tomcat versions prior to
3 Mar 2021VULN128 (VMware : VMware View Planner update addresses remote code execution vulnerability (CVE-2021-21978))Systems running VMware View Planner versions prior
3 Mar 2021VULN127Google : Google Chrome 89.0.4389.72 fixes Multiple VulnerabilitiesSystems running Google Chrome versions prior to
3 Mar 2021VULN126Joomla! : Multiple Vulnerabilities fixed in Joomla!Systems running Joomla! versions prior to 3.9.25.
26 Feb 2021STAT08
26 Feb 2021VULN125Aruba : Multiple Vulnerabilities in dnsmasqAruba Mobility Controllers,
26 Feb 2021VULN124Aruba : AirWave Management Platform Multiple VulnerabilitiesSystems running AirWave Management Platform
26 Feb 2021VULN123Apache : Apache XML Graphics Batik SSRF vulnerabilitySystems running Apache XML Graphics Batik versions
26 Feb 2021VULN122Apache : Apache XML Graphics Commons SSRF vulnerabilitySystems running Apache XML Graphics Commons
26 Feb 2021VULN121Citrix : CTX296603 Citrix Hypervisor Security UpdateSystems running Citrix Hypervisor all versions.
26 Feb 2021VULN120Cisco : Cisco Security Advisories Published on February 24, 2021Systems running Cisco Application Services Engine,
26 Feb 2021VULN119Node.js : (Update 23-Feb-2021) Security releases availableSystems running Node.js versions 15.x, 14.x, 12.x,
24 Feb 2021VULN118Apache : CVE-2021-26544 Apache Livy (Incubating) is vulnerable to cross site scriptingSystems running Apache Livy versions
24 Feb 2021VULN117 (Vmware : VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974))Systems running VMware ESXi versions prior to
23 Feb 2021VULN116Mozilla : Security Vulnerabilities fixed in Firefox 86 and ESR 78.8Systems running Mozilla Firefox versions prior to
23 Feb 2021VULN115Mozilla : Security Vulnerabilities fixed in Thunderbird 78.8Systems running Thunderbird versions prior to
23 Feb 2021VULN114Jenkins : Jenkins Security Advisory 2021-02-19Systems running Jenkins versions prior to 2.280.
23 Feb 2021VULN113Django : Django security releases issued 3.1.7, 3.0.13 and 2.2.19Systems running Django versions prior to 3.1.7,
19 Feb 2021STAT07
19 Feb 2021VULN112Google : Google Chrome 88.0.4324.182 fix SQL multiple security vulnerabilitiesSystems running Google Chrome versions prior to
19 Feb 2021VULN111LimeSurvey : LimeSurvey 4.4.9 build 210219 and 3.25.14 build 210218 fix SQL injectionsSystems running LimeSurvey versions prior to
19 Feb 2021VULN110OpenSSL : Multiple security vulnerabilities fixed in OpenSSLSystems running OpenSSL versions prior to 1.1.1j,
19 Feb 2021VULN109Horde : CVE 2021-26929 XSS vulnerability in Horde_Text_FilterSystems running Horde_Text_Filter library versions
19 Feb 2021VULN108Xen : Multiple security vulnerabilities fixedSystems running Xen.
19 Feb 2021VULN107Apache : CVE-2021-26296 Cross-Site Request Forgery (CSRF) vulnerability in Apache MyFacesSystems running Apache MyFaces versions 2.2.0 up
19 Feb 2021VULN106Apache : Privilege Escalation Attack and missed authentication check fixedSystems running Apache Airflow versions prior to
19 Feb 2021VULN105SPIP : Mise à jour CRITIQUE de sécurité sortie de SPIP 3.2.9 et SPIP 3.1.15Systems running SPIP versions prior to 3.2.9,
18 Feb 2021VULN104BIND : CVE-2020-8625 A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attackSystems running BIND versions prior to 9.11.28,
18 Feb 2021VULN103Cisco : Cisco AnyConnect Secure Mobility Client for Windows with VPN Posture (HostScan) Module DLL Hijacking VulnerabilityWindows running Cisco AnyConnect Secure Mobility
16 Feb 2021VULN102WebKitGTK and WPE WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2021-0001Systems running WebKitGTK, WebKit versions prior
12 Feb 2021STAT06
12 Feb 2021VULN101GitLab : GitLab Security Release 13.8.4, 13.7.7 and 13.6.7Systems running GitLab versions prior to 13.8.4,
12 Feb 2021VULN100Open vSwitch : CVE-2020-35498 Packet parsing vulnerabilitySystems running Open vSwitch versions prior to
12 Feb 2021VULN099PostgreSQL : PostgreSQL 13.2, 12.6, 11.11, 10.16, 9.6.21, and 9.5.25 fixes information leak and Security restrictions bypassSstems running PostgreSQL versions prior to 13.2,
12 Feb 2021VULN098Apache : CVE-2020-13949 potential DoS when processing untrusted Thrift payloadsSystems running Apache Thrift versions prior to
12 Feb 2021VULN097Ruby on Rails : [CVE-2021-22881] Possible Open Redirect in Host Authorization MiddlewareSystems running Rails versions prior to 6.1.2.1,
11 Feb 2021VULN096Cisco : Cisco IOS XR Software Slow Path Forwarding Denial of Service VulnerabilityCisco IOS XR Software.
11 Feb 2021VULN095 (VMware : vSphere Replication updates address a command injection vulnerability (CVE-2021-21976))Systems running VMware vSphere Replication
11 Feb 2021VULN094Apache : Remote unauthenticated denial-of-service in Subversion mod_authz_svnSystems running Apache Subversion mod_authz_svn.
10 Feb 2021VULN093Microsoft : Microsoft Security Update Summary for February 9, 2021Systems running Microsoft Windows,
10 Feb 2021VULN092Adobe : Security updates available for Adobe Animate APSB21-11Systems running Adobe Animate versions prior to
10 Feb 2021VULN091Adobe : Security update available for Adobe Dreamweaver APSB21-13Systems running Adobe Dreamweaver versions prior
10 Feb 2021VULN090Adobe : Security Updates Available for Adobe Illustrator APSB21-12Systems running Adobe Illustrator versions prior
10 Feb 2021VULN089Adobe : Security updates available for Adobe Photoshop APSB21-10Windows, macOS running Adobe Photoshop versions
10 Feb 2021VULN088Adobe : Security Updates Available for Magento APSB21-08Systems Adobe Magento Commerce, Adobe Magento Open
10 Feb 2021VULN087Adobe : Security update available for Adobe Acrobat and Reader APSB21-09Systems Adobe Acrobat, Adobe Reader versions prior
9 Feb 2021VULN086SAP : SAP Security Patch Day – February 2021Systems running SAP Business Client,
9 Feb 2021VULN085MISP : MISP 2.4.137 fixes XSS and Weak default password change request policy vulnerabilitiesSystems running MISP versions prior to 2.4.137.
9 Feb 2021VULN084 (MediaWiki : MediaWiki Extensions and Skins Security Release Supplement (1.31.11/1.35.1))Systems running MediaWiki Extensions and Skins.
9 Feb 2021VULN083Roundcube : Roundcube Webmail Security updatesSystems running Roundcube Webmail versions prior
9 Feb 2021VULN082Apache : CVE-2020-13947 - XSS in WebConsoleSystems running Apache ActiveMQ versions prior to
9 Feb 2021VULN081Mozilla : Security Vulnerabilities fixed in Firefox 85.0.1 and Firefox ESR 78.7.1Systems running Firefox versions prior to 85.0.1,
5 Feb 2021STAT05
5 Feb 2021VULN080Google : Google Chrome 88.0.4324.150 fixes Heap buffer overflow in V8 vulnerabilitySystems running Google Chrome versions prior to
5 Feb 2021VULN079SOLARWINDS : Serv-U File Server 15.2.2 fixes multiple new securit VulnerabilitiesSystems running Serv-U File Server versions prior
5 Feb 2021VULN078SOLARWINDS : Orion Platform 2020.2.4 fix multiple new VulnerabilitiesSystems running Orion Platform versions prior to
5 Feb 2021VULN077NPMJS : jquerry and http-proxy-middelware Malicious PackagesSystems running jquerry versions 2.0.0,
5 Feb 2021VULN076wpa_supplicant : wpa_supplicant P2P group information processing vulnerabilitySystems running wpa_supplicant versions prior to
4 Feb 2021VULN075Cisco : Cisco Webex Meetings and Cisco Webex Meetings Server Software Hyperlink Injection VulnerabilitySystems running Cisco Webex Meetings versions
4 Feb 2021VULN074IBM : IBM QRadar SIEM is vulnerable to using components ,with known vulnerabilitiesSystems running IBM QRadar SIEM versions prior to
4 Feb 2021VULN073SonicWall : Confirmed Zero-day vulnerability in the SonicWall SMA100 build version 10.xSMA 100 devices firmware versions prior to
4 Feb 2021VULN072Fortinet : Buffer overflow vulnerabilities in FortiProxy SSL VPNSystems running FortiProxy versions prior to
4 Feb 2021VULN071Fortinet : XSS vulnerability in FortiWebSystems running FortiWeb versions prior to 6.3.8,
4 Feb 2021VULN070Cisco : Cisco IOS XR Software multiple security vulnerabilitiesCisco IOS XR Software versions prior to 6.7.3,
4 Feb 2021VULN069Cisco : Cisco Small Business multiple security vulnerabilitiesCisco Small Business VPN Routers software.
3 Feb 2021VULN068Google : Google Chrome 88.0.4324.146 fixes multiple security vulnerabilitiesSystems running Google Chrome versions prior to
3 Feb 2021VULN067Open vSwitch : Open vSwitch 2.14.1, 2.13.2, 2.12.2, 2.11.5, 2.10.6, 2.9.8, 2.8.10, 2.7.12, 2.6.9 and 2.5.11 AvailableSystems running Open vSwitch versions prior to
3 Feb 2021VULN066Docker : Docker Engine fixes security vulnerabilitiesSystems running Docker Engine versions prior to
2 Feb 2021VULN065Apache : [CVE-2020-17523] Apache Shiro authentication bypassSystems running Apache Shiro versions prior to
2 Feb 2021VULN064Apache : [CVE-2020-17516] Apache Cassandra internode encryption enforcement vulnerabilitySystems running Apache Cassandra versions prior to
2 Feb 2021VULN063Foxit : Security updates available in Foxit PhantomPDF Mac 4.1.3 and Foxit Reader Mac 4.1.3Systems running Foxit versions prior to
2 Feb 2021VULN062GitLab : GitLab Security Release 13.8.2, 13.7.6 and 13.6.6Systems running GitLab versions prior to 13.8.2,
2 Feb 2021VULN061APPLE : APPLE-SA-2021-02-01-1 macOS Big Sur 11.2, Security Update 2021-001, Catalina, Security Update 2021-001 MojavemacOS running versions prior to 11.2.
1 Feb 2021VULN060Wireshark : Wireshark 3.4.3 fix USB HID dissector vulnerabilitiesSystems running Wireshark versions prior to 3.4.3.
1 Feb 2021VULN059Apache : [CVE-2021-25646] Apache Druid remote code execution vulnerabilitySystems running Apache Druid versions prior to
1 Feb 2021VULN058Apache : CVE-2020-17533 Apache Accumulo Improper Handling of Insufficient PermissionsSystems running Apache Accumulo versions prior to
1 Feb 2021VULN057Django : Django security releases issued 3.1.6, 3.0.12, and 2.2.18Systems running Django versions prior to 3.1.6,
29 Jan 2021STAT04
29 Jan 2021VULN056Go : Go 1.15.7 and Go 1.14.14 address arbitrary code execution vulnerabilitySystems running Go versions prior to 1.15.7,
27 Jan 2021VULN055Apache : CVE-2021-26118: Flaw in ActiveMQ Artemis OpenWire supportSystems running Apache ActiveMQ versions prior to
27 Jan 2021VULN054APPLE : APPLE-SA-2021-01-26-2 tvOS 14.4tvOS versions prior to 14.4.
27 Jan 2021VULN053APPLE : APPLE-SA-2021-01-26-3 watchOS 7.3watchOS versions prior to 7.3.
27 Jan 2021VULN052APPLE : APPLE-SA-2021-01-26-4 Xcode 12.4Systems running Xcode versions prior to 12.4.
27 Jan 2021VULN051APPLE : APPLE-SA-2021-01-26-1 iOS 14.4 and iPadOS 14.4iOS, iPadOS versions prior to 14.4.
27 Jan 2021VULN050Mozilla : Security Vulnerabilities fixed in Thunderbird 78.7Systems running Thunderbird versions prior to
27 Jan 2021VULN049Mozilla : Security Vulnerabilities fixed in Firefox 85 and ESR 78.7Systems running Firefox versions prior to 85,
27 Jan 2021VULN048Sudo : Buffer overflow in command line unescapingSystems running Sudo versions prior to 1.9.5p2.
26 Jan 2021VULN047Jenkins : Jenkins Security Advisory 2021-01-26Systems running Jenkins (core) versions prior to
26 Jan 2021VULN046Apache : CVE-2020-17522 Mid Tier Cache Manipulation Attack in Traffic ControlSystems running Apache Traffic Control versions
26 Jan 2021VULN045Apache : CVE-2020-9492. Apache Hadoop Potential privilege escalationSystems running Apache Hadoop versions prior to
26 Jan 2021VULN044Mutt : Mutt 2.0.5 fixes memory leaksSystems running Mutt versions prior to 2.0.5.
26 Jan 2021VULN043NPMJS : discordance, sonatype and an0n-chat-lib npm Malicious packages removedSystems running discord-fix npm package,
25 Jan 2021VULN042Moodle : Multiple security vulnerabilities fixed in Moodle 3.10.1, 3.9.4, 3.8.7, 3.5.16Systems running Moodle versions prior to 3.10.1,
25 Jan 2021VULN041SaltStack : Active SaltStack CVE Announced 2021-JAN-21Systems running Salt versions 3002 and earlier.
22 Jan 2021STAT03
22 Jan 2021VULN040VLC : Security Bulletin VLC 3.0.12Systems running VLC versions prior to 3.0.12.
21 Jan 2021VULN039PEAR : pear/Archive_Tar 1.4.12 fix Symlink out-of-path write vulnerability in Archive_TarSystems running pear/Archive_Tar versions prior to
21 Jan 2021VULN038Drupal : Drupal core - Critical - Third-party libraries - SA-CORE-2021-001Systems running Drupal core versions prior to
21 Jan 2021VULN037Xen : IRQ vector leak on x86Systems running Xen versions 4.12.3, 4.12.4,
21 Jan 2021VULN036US-CERT : Veritas Backup Exec is vulnerable to privilege escalation due to OPENSSLDIR locationSystems running Veritas Backup Exec versions prior
21 Jan 2021VULN035Cisco : Cisco Security Advisories Published on January 20, 2021Systems running Cisco SD-WAN software;
20 Jan 2021VULN034Oracle : January 2021 Critical Patch Update ReleasedSystems running Oracle Database Server,
20 Jan 2021VULN033Laminas Project : XSS and RCE vectors in laminas-api-tools/api-tools-documentation-swaggerSystems running
19 Jan 2021VULN032Cisco : Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service VulnerabilitiesCisco Small Business RV110W, RV130, RV130W,
19 Jan 2021VULN031Cisco : Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products January 2021Cisco software releases running Dnsmasq DNS
19 Jan 2021VULN030Dnsmasq : Security and release of dnsmasq-2.83 to fix multiple vulnerabilitiesSystems running Dnsmasq versions prior to 2.83.
18 Jan 2021VULN029Apache : CVE-2020-11997 Inconsistent restriction of connection history visibilitySystems running Apache Guacamole versions prior to
15 Jan 2021STAT02
14 Jan 2021VULN028Apache : CVE-2021-24122 Apache Tomcat Information DisclosureSystems running Apache Tomcat versions prior to
14 Jan 2021VULN027Apache : CVE-2021-23926 XMLBeans XML Entity ExpansionSystems running XMLBeans versions prior to 3.0.0,
14 Jan 2021VULN026Cisco : Cisco Connected Mobile Experiences Privilege Escalation VulnerabilitySystems running Cisco Connected Mobile Experiences
14 Jan 2021VULN025Cisco : Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface VulnerabilitiesCisco Small Business RV132W, RV160, RV160W Routers
14 Jan 2021VULN024Cisco : Cisco AnyConnect Secure Mobility Client for Windows DLL Injection VulnerabilityWindows running Cisco AnyConnect Secure Mobility
13 Jan 2021VULN023Aruba : AirWave Glass Multiple VulnerabilitiesSystems running AirWave Glass versions prior to
13 Jan 2021VULN022Jenkins : Jenkins Security Advisory 2021-01-13Systems running Jenkins (core) versions prior to
13 Jan 2021VULN021Microsoft : Microsoft Security Update Summary for January 12, 2021Systems running Microsoft Windows,
13 Jan 2021VULN020Node.js : January 2021 Security ReleasesSystems running Node.js versions prior to 10.23.1
13 Jan 2021VULN019SAP : SAP Security Patch Day – December 2020Systems running SAP AS ABAP(DMIS),
12 Jan 2021VULN018Fortinet : FortiDeceptor is impacted by an OS command injection vulnerabilitySystems running FortiDeceptor versions
12 Jan 2021VULN017Fortinet : FortiGate SSL VPN logs may display events of users in a different VDOMSystems running FortiGate versions prior to 6.0.11,
12 Jan 2021VULN016Fortinet : FortiWeb unauthorized Execution of code or commands and DoS vulnerabilitiesSystems running FortiWeb versions prior to 6.3.8,
12 Jan 2021VULN015Adobe : Security hotfix available for Adobe Captivate APSB21-06Windows running Adobe Captivate versions 2019 up to
12 Jan 2021VULN014Adobe : Security Update Available for Adobe InCopy APSB21-05Windows running Adobe InCopy versions prior to 16.0.
12 Jan 2021VULN013Adobe : Security Updates Available for Adobe Bridge APSB21-07Windows, macOS running Adobe Bridge versions prior
12 Jan 2021VULN012Adobe : Security updates available for Adobe Animate APSB21-03Windows, macOS running Adobe Animate versions prior
12 Jan 2021VULN011Adobe : Security Updates Available for Adobe Illustrator APSB21-02Windows, macOS running Adobe Illustrator versions
12 Jan 2021VULN010Adobe : Security updates available for Adobe Photoshop APSB21-01Windows, macOS running Adobe Photoshop versions
12 Jan 2021VULN009Kubernetes : CVE-2020-8570 Path Traversal bug in the Java Kubernetes ClientSystems running Kubernetes Java Client versions
12 Jan 2021VULN008Mozilla : Security Vulnerabilities fixed in Thunderbird 78.6.1Systems running Thunderbird versions prior to
11 Jan 2021VULN007Google : Chrome 87.0.4280.141 fixes multiple security vulnerabilitiesSystems running Chrome versions prior to
11 Jan 2021VULN006Firefox : Security Vulnerabilities fixed in Firefox 84.0.2, Firefox for Android 84.1.3, and Firefox ESR 78.6.1Systems running Firefox versions prior to 84.0.2,
11 Jan 2021VULN005QNAP : Command Injection Vulnerability in QTS and QuTS heroSystems runningQTS versions prior to 4.5.1.1456
11 Jan 2021VULN004PHP : Input validation vulnerability fixed in PHP 7.4.14, 7.3.26Systems running PHP versions prior to 7.4.14,
11 Jan 2021VULN003GitLab : GitLab Security Release: 13.7.2, 13.6.4, and 13.5.6Systems running GitLab versions prior to 13.7.2,
11 Jan 2021VULN002Dovecot : Improper Neutralization of Escape and Input Validation vulnerabilitiesSystems running Dovecot versions prior to 2.3.13.
11 Jan 2021VULN001Sudo : Symbolic link attack in SELinux-enabled sudoeditSystems running Sudo versions prior to 1.9.5.
8 Jan 2021STAT01




      
Conception & développement : D.O.S.I. - Dernière mise à jour : 31/12/2021