|
21 Dec 2023 | STAT50 | |
|
|
14 Dec 2023 | VULN546 | Cisco : Apache Struts Vulnerability Affecting Cisco Products: December 2023 | Systems running CISCO products running Apache Struts.
|
|
14 Dec 2023 | VULN545 | Elastic : Enterprise Search 8.11.2 / 7.17.16 Security Update (ESA-2023-31) | Systems running Enterprise Search versions prior to 8.11.2, 7.17.16.
|
|
14 Dec 2023 | VULN544 | Elastic : Elasticsearch 8.11.2, 7.17.16 Security Update (ESA-2023-29) | Systems running Elasticsearch versions prior to 7.17.16, 8.11.2.
|
|
14 Dec 2023 | VULN543 | Elastic : Beats and Elastic Agent 8.11.3 / 7.17.16 Security Update (ESA-2023-30) | Systems running Beats and Elastic Agent versions prior to 8.11.3, 7.17.16.
|
|
14 Dec 2023 | VULN542 | Apache : Apache Shiro URL Redirection to Untrusted Site ('Open Redirect') vulnerability | Systems running Apache Shiro versions prior to 1.13.0+, 2.0.0-alpha-4+.
|
|
14 Dec 2023 | VULN541 | Jenkins : Jenkins Security Advisory 2023-12-13 | Systems running Analysis Model API Plugin for Jenkins, Deployment Dashboard Plugin for Jenkins, Dingding JSON Pusher Plugin for Jenkins, HTMLResource Plugin for Jenkins, Nexus Platform Plugin for Jenkins, OpenId Connect Authentication Plugin for Jenkins, PaaSLane Estimate Plugin for Jenkins, Scriptler Plugin for Jenkins.
|
|
13 Dec 2023 | VULN540 | Mozilla : Timing side-channel in PKCS#1 v1.5 decryption depadding code | Systems runninf NSS versions prior to 3.61.
|
|
13 Dec 2023 | VULN539 | Apache : CVE-2023-45725 Apache CouchDB, IBM Cloudant: Privilege Escalation Using _design Documents | Systems running Apache CouchDB versionsup to and including 3.3.2, IBM Cloudant versions prior to 8413.
|
|
13 Dec 2023 | VULN538 | X.Org : Issues in X.Org X server prior to 21.1.10 and Xwayland prior to 23.2.3 | Systems running X.Org versions prior to 21.1.10, 23.2.3.
|
|
13 Dec 2023 | VULN537 | Google : Stable Channel for Desktop Updated to 120.0.6099.109 | Systems running Google Chrome versions prior to 120.0.6099.109.
|
|
13 Dec 2023 | VULN536 | Atlassian : Security Bulletin - December 12 2023 | Systems running Bamboo Data Center and Server, Jira Service Management Data Center and Server, Crowd Data Center and Server, Confluence Data Center and Server, Bitbucket Data Center and Server.
|
|
13 Dec 2023 | VULN535 | Vmware : VMware Workspace ONE Launcher updates addresses privilege escalation vulnerability | Systems running VMware Workspace ONE Launcher versions prior to 23.11.
|
|
13 Dec 2023 | VULN534 | Nagios XI : QSA-23-20 Vulnerabilities fixed in version 2024R1 | Systems running Nagios XI versions prior to 2024R1.
|
|
13 Dec 2023 | STAT49 | |
|
|
12 Dec 2023 | VULN533 | Qnap : QSA-23-20 Vulnerabilities in Samba | QTS, QuTS hero versions prior to 5.1.3.2578 build 20231110.
|
|
12 Dec 2023 | VULN532 | Qnap : Vulnerability Affecting Legacy VioStor NVR | QVR Firmware versions 5.x.
|
|
12 Dec 2023 | VULN531 | (Qnap : Multiple Vulnerabilities in QTS and QuTS hero | Systems running QTS versions prior to 5.1.0.2444 build 20230629, 5.0.1.2425 build 20230609, 4.5.4.2467 build 20230718, 5.1.2.2533 build 20230926, 5.0.1.2514 build 20230906, QuTS hero versions prior to 5.1.2.2534 build 20230927, 5.0.1.2515 build 20230907, 5.1.0.2424 build 20230609, 4.5.4.2476 build 20230728.
|
|
12 Dec 2023 | VULN530 | APPLE : APPLE-SA-12-11-2023-6 macOS Monterey 12.7.2 | macOS Monterey versions prior to 12.7.2.
|
|
12 Dec 2023 | VULN529 | APPLE : APPLE-SA-12-11-2023-5 macOS Ventura 13.6.3 | macOS Ventura versions prior to 13.6.3.
|
|
12 Dec 2023 | VULN527 | APPLE : APPLE-SA-12-11-2023-3 iOS 16.7.3 and iPadOS 16.7.3 | iOS, iPadOS versions prior to 16.7.3.
|
|
12 Dec 2023 | VULN526 | APPLE : APPLE-SA-12-11-2023-2 iOS 17.2 and iPadOS 17.2 | iOS, iPadOS versions prior to 17.2.
|
|
12 Dec 2023 | VULN525 | APPLE : APPLE-SA-12-11-2023-1 Safari 17.2 | Systems running Safari versions prior to 17.2.
|
|
12 Dec 2023 | VULN524 | Xen : arm32: The cache may not be properly cleaned/invalidated (take two) | Systems running Xen on Arm 32-bit.
|
|
12 Dec 2023 | VULN523 | LibreOffice : Arbitrary script execution and Improper input validation fixed | Systems running LibreOffice versions prior to 7.5.9, 7.6.4.
|
|
8 Dec 2023 | VULN522 | Apache : Apache Struts 6.3.0.2 & 2.5.33 | Systems running Apache Struts versions prior to 6.3.0.2, 2.5.33.
|
|
8 Dec 2023 | VULN521 | Atlassian : CVE-2022-1471 - SnakeYAML library RCE Vulnerability impacts Multiple Products | Systems running Automation for Jira (A4J), Marketplace App, Automation for Jira (A4J) - Server Lite Marketplace App, Bitbucket Data Center and Server, Confluence Data Center and Server, Confluence Cloud Migration App (CCMA), Jira Core Data Center and Server, Jira Software Data Center and Server, Jira Service Management Data Center and Server.
|
|
8 Dec 2023 | VULN520 | Atlassian : CVE-2023-22523 - RCE Vulnerability in Assets Discovery | Systems running Assets Discovery versions prior to 3.2.0-cloud for Jira Service Management Cloud, Assets Discovery versions prior to 6.2.0 for Jira Service Management Data Center and Server.
|
|
8 Dec 2023 | VULN519 | WordPress : WordPress 6.4.2 Maintenance & Security Release | Systems running WordPress versions prior to 6.4.2.
|
|
7 Dec 2023 | VULN518 | tj-actions : Improper Sanitization of Branch Name Leads to Arbitrary Code Injection | Systems running tj-actions/branch-name (GitHub Actions), tj-actions/branch-names (GitHub Actions) versions prior to 7.0.7, 7.
|
|
7 Dec 2023 | VULN517 | Atlassian : CVE-2023-22522 - RCE Vulnerability In Confluence Data Center and Confluence Server | Systems running Confluence Data Center and Server versions prior to 7.19.17 (LTS), 8.4.5, 8.5.4 (LTS), Confluence Data Center versions prior to 8.6.2, 8.7.1.
|
|
6 Dec 2023 | VULN516 | curl : Vulnerabilities fixed in curl 8.5 | Systems running curl versions 7.84.0 up to and including 8.4.0.
|
|
6 Dec 2023 | VULN515 | Go : [security] Go 1.21.5 and Go 1.20.12 are released | Systems running Go versions prior to 1.21.5, 1.20.12.
|
|
6 Dec 2023 | VULN514 | WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2023-0011 | Systems running WebKitGTK, WPE WebKit versions prior to 2.42.3.
|
|
6 Dec 2023 | VULN513 | Cisco : Cisco Security Advisories Published on December 05, 2023 | Systems running Cisco Adaptive Security Appliance and Firepower Threat Defense Software.
|
|
5 Dec 2023 | STAT48 | |
|
|
5 Dec 2023 | VULN512 | Apache : CVE-2023-49070 Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present | Systems running Apache Ofbiz versions prior to 18.12.10.
|
|
5 Dec 2023 | VULN511 | Android : Android Security Bulletin-December 2023 | Android Open Source Project (AOSP) versions prior to 11, 12, 12L, 13, 14.
|
|
5 Dec 2023 | VULN510 | Videolan : VLC 3.0.20 fixes potential security issue (OOB Write)) | Systems running VLC versions prior to 3.0.20.
|
|
4 Dec 2023 | VULN509 | APPLE : APPLE-SA-11-30-2023-2 iOS 17.1.2 and iPadOS 17.1.2 | iOS, iPadOS versions prior to 17.1.2.
|
|
4 Dec 2023 | VULN508 | Electron : ASAR Integrity bypass via filetype confusion | Systems running electron (npm) versions prior to 22.3.24, 24.8.3, 25.8.1, 26.2.1, 27.0.0-alpha.7.
|
|
4 Dec 2023 | VULN507 | OpenSearch : OpenSearch StackOverflow vulnerability | Systems running OpenSearch (Docker) versions prior to 1.3.14.0, 2.11.1.0, org.opensearch:opensearch (Maven) versions prior to 1.3.14.0, 2.11.1.0.
|
|
4 Dec 2023 | VULN506 | SQUID : Multiple Denial of Service Vulnerabilities fixed in SQUID | Systems running squid versions prior to 6.5, 6.0.1.
|
|
1 Dec 2023 | VULN505 | Apache : CVE-2023-49735 Apache Tiles Unvalidated input may lead to path traversal and XXE | Systems running Apache Tiles.
|
|
1 Dec 2023 | VULN504 | SolarWinds : SQL Injection Remote Code Execution Vulnerability (CVE-2023-40056) | Systems running SolarWinds Platform versions prior to 2023.4.2.
|
|
1 Dec 2023 | VULN503 | Gitlab : GitLab Security Release: 16.6.1, 16.5.3, 16.4.3 | Systems running GitLab versions prior to 16.6.1, 16.5.3, 16.4.3.
|
|
1 Dec 2023 | VULN502 | Apache : SQL injection and XXE injection fixed | Systems running Apache Cocoon versions prior to 2.3.0.
|
|
1 Dec 2023 | VULN501 | GStreamer : MXF demuxer use-after-free and AV1 codec parser buffer overflow | Systems running GStreamer versions prior to 1.22.7.
|
|
1 Dec 2023 | VULN500 | Perl : Perl v5.38.1 fixes buffer overflow and binary hijacking vulnerabilities | Systems running Perl versions prior to 5.38.1.
|
|
1 Dec 2023 | VULN499 | APPLE : APPLE-SA-11-30-2023-1 Safari 17.1.2 | Systems running Safari versions prior to 17.1.2.
|
|
1 Dec 2023 | VULN498 | APPLE : APPLE-SA-11-30-2023-3 macOS Sonoma 14.1.2 | macOS Sonoma versions prior to 14.1.2.
|
|
30 Nov 2023 | VULN497 | Elastic : Elasticsearch 7.17.14 / 8.10.3 Security Update (ESA-2023-24) | Systems running Elasticsearch versions prior to 7.17.14, 8.10.3.
|
|
30 Nov 2023 | VULN496 | Tenable : [R1] Nessus Network Monitor 6.3.1 Fixes Multiple Vulnerabilities | Systems running Nessus Network Monitor versions prior to 6.3.1.
|
|
30 Nov 2023 | VULN495 | pyca/cryptography : NULL-dereference when loading PKCS7 certificates | Systems running pyca/cryptography versions prior to 41.0.6.
|
|
29 Nov 2023 | VULN494 | Apache : CVE-2022-45875 Apache DolphinScheduler: Remote command execution Vulnerability in script alert plugin | Systems running Apache DolphinScheduler versions 3.0.1 and prior versions.
|
|
29 Nov 2023 | VULN493 | Apache : Multiple Vulnerabilities fixed in Apache Superset | Systems running Apache Superset versions prior to 3.0.0.
|
|
29 Nov 2023 | VULN492 | Apache : Apache ActiveMQ Deserialization vulnerability on Jolokia that allows authenticated users to perform RCE | Systems running Apache ActiveMQ versions prior to 5.16.6, 5.17.4, 5.18.0, 6.0.0.
|
|
29 Nov 2023 | VULN491 | Google : Stable Channel for Desktop Updated to 119.0.6045.199 | Systems running Google Chrome versions prior to 119.0.6045.199.
|
|
29 Nov 2023 | VULN490 | Joomla! : Core - Open Redirects and XSS within the mfa selection | Systems running Joomla! versions prior to 4.3.2.
|
|
29 Nov 2023 | VULN489 | Apache : CVE-2023-46589 Apache Tomcat - Request Smuggling | Systems running Apache Tomcat versions prior to 11.0.0-M11, 10.1.16, 9.0.83, 8.5.96.
|
|
29 Nov 2023 | VULN488 | Jenkins : Jenkins Security Advisory 2023-11-29 | Systems running Google Compute Engine Plugin for Jenkins, Jira Plugin for Jenkins, MATLAB Plugin for Jenkins, NeuVector Vulnerability Scanner Plugin for Jenkins.
|
|
29 Nov 2023 | STAT47 | |
|
|
27 Nov 2023 | VULN487 | Spring : CVE-2023-34054 Reactor Netty HTTP Server Metrics DoS Vulnerability | Systems running Reactor Netty versions prior to 1.1.13, 1.0.39.
|
|
27 Nov 2023 | VULN486 | Spring : CVE-2023-34055 Spring Boot server Web Observations DoS Vulnerability | Systems running Spring Boot versions prior to 3.0.13, 3.1.6.
|
|
27 Nov 2023 | VULN485 | Spring : CVE-2023-34053 Spring Framework server Web Observations DoS Vulnerability | Systems running Spring Framework versions prior to 6.0.14.
|
|
27 Nov 2023 | VULN484 | PyLoad : Download to arbitrary folder can lead to RCE | Systems running pyLoad versions prior to 0.5.0b3.dev75.
|
|
27 Nov 2023 | VULN483 | Apache : SQL injection and unsafe deserialization fixed in Apache Submarine | Systems running Apache Submarine versions prior to 0.8.0.
|
|
27 Nov 2023 | VULN482 | Apache : Vulnerabilities fixed in Apache Superset | Systems running Apache Superset versions prior to 2.1.2.
|
|
27 Nov 2023 | VULN481 | Owncloud : Vulnerabilities in Owncloud core and apps | Systems running Owncloud core, Owncloud graphapi, Owncloud oauth2.
|
|
20 Nov 2023 | STAT46 | |
|
|
20 Nov 2023 | VULN480 | Splunk : Vulnerabilities fixed in multiple Splunk products | Systems running Splunk products.
|
|
16 Nov 2023 | VULN479 | _(Intel:_2023.4_IPU_Out-of-Ba?= =?Windows-1252?Q?nd_(OOB)_-_Intel=AE_Processor_Advisory)?= | Intel® Processor Microcode.
|
|
16 Nov 2023 | VULN478 | Cisco : Cisco Security Advisories Published on November 15, 2023 | Systems running Cisco Identity Services Engine, Cisco AppDynamics PHP Agent, Cisco Secure Client Software, Cisco IP Phone, Cisco Secure Endpoint for Windows.
|
|
16 Nov 2023 | VULN477 | WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2023-0010 | Systems running WebKitGTK, WPE WebKit versions prior to 2.38.4., 2.42.0
|
|
16 Nov 2023 | VULN476 | Fortinet : curl and libcurl CVE-2023-38545 and CVE-2023-38546 vulnerabilities | FGT_VM64_KVM versions prior to 7.4.2, 7.2.7.
|
|
16 Nov 2023 | VULN475 | Citrix : Citrix Hypervisor Security Bulletin for CVE-2023-23583 and CVE-2023-46835 | Systems running Citrix Hypervisor, XenServer.
|
|
16 Nov 2023 | VULN474 | Fortinet : FortiWAN - Guessable static JSON web token secret and Path traversal vulnerability | Systems running FortiWAN versions 5.2.0 through 5.2.1, 5.1.1 through 5.1.2.
|
|
16 Nov 2023 | VULN473 | Fortinet : Vulnerabilities in FortiSIEM | Systems running FortiSIEM versions prior to 7.1.0, 7.0.1, 6.7.6, 6.6.4 , 6.5.2, 6.4.3.
|
|
16 Nov 2023 | VULN472 | Fortinet : FortiWLM Unauthenticated SQL Injection and Unauthenticated arbitrary file read Vulnerability | Systems running FortiWLM versions prior to 8.6.6, 8.5.5.
|
|
15 Nov 2023 | STAT45 | |
|
|
15 Nov 2023 | VULN471 | Vmware : VMware Cloud Director Appliance contains an authentication bypass vulnerability (CVE-2023-34060 | Systems running VMware Cloud Director Appliance.
|
|
15 Nov 2023 | VULN470 | Google: Stable Channel for Desktop Updated to 119.0.6045.159 | Systems running Google Chrome versions prior to 119.0.6045.159.
|
|
15 Nov 2023 | VULN469 | Kubernetes : CVE-2023-5528 Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes | Systems running kubelet versions prior to 1.28.4, 1.27.8, 1.26.11, 1.25.16.
|
|
15 Nov 2023 | VULN468 | Xen: mismatch in IOMMU quarantine page table and BTC/SRSO fixes not fully effective | Systems running Xen.
|
|
15 Nov 2023 | VULN467 | PostgreSQL : PostgreSQL 16.1, 15.5, 14.10, 13.13, 12.17, and 11.22 Released! | Systems running PostgreSQL versions prior to 16.1, 15.5, 14.10, 13.13, 12.17, 11.22.
|
|
15 Nov 2023 | VULN466 | Symfony : Multiple vulnerabilities fixed in Symfony | Systems running symfony/security-http versions prior to 5.4.31, 6.3.8, symfony/symfony versions prior to 4.4.51, 5.4.31, 6.3.8, symfony/webhook versions prior to 6.3.8, symfony/twig-bridge symfony/twig-bridge.
|
|
15 Nov 2023 | VULN465 | PyArrow : CVE-2023-47248 Arbitrary code execution when loading a malicious data file | Systems running PyArrow versions prior to 14.0.1.
|
|
15 Nov 2023 | VULN463.1 | TYPO3 : Multiple vulnerabilities fixed in TYPO3 | Systems running TYPO3 versions prior to 8.7.55 ELTS, 9.5.44 ELTS, 10.4.41 ELTS, 11.5.33, 12.4.8.
|
|
8 Nov 2023 | VULN463 | OpenSSL : Cisco Security Advisories Published on November 01, 2023 | Systems running OpenSSL.
|
|
8 Nov 2023 | VULN462 | Drupal : Paragraphs admin - Moderately critical - - SA-CONTRIB-2023-049 | Systems running Paragraphs admin versions 5.3.x, 5.1.x, 4.8.x prior to 5.3.23, 5.1.16, 4.8.11.
|
|
8 Nov 2023 | VULN461 | Google : Stable Channel for Desktop Updated to 119.0.6045.123 | Systems running Google Chrome versions prior to 119.0.6045.123.
|
|
8 Nov 2023 | VULN460 | Apache : CVE-2023-46819:Apache OFBiz Execution of Solr plugin queries without authentication | Systems running Apache OFBiz versions prior to 18.12.09.
|
|
8 Nov 2023 | VULN459 | Apache : CVE-2023-46851 Apache Allura sensitive information exposure via import | Systems running Apache Allura versions prior to 1.16.0.
|
|
8 Nov 2023 | VULN458 | Roundcube : Security updates 1.6.5 and 1.5.6 released | Systems running Roundcube Webmail versions prior to 1.6.5, 1.5.6.
|
|
7 Nov 2023 | STAT44 | |
|
|
6 Nov 2023 | VULN457 | Qnap : QSA-23-61 Vulnerability in Music Station | Systems running Music Station versions 5.3.x, 5.1.x, 4.8.x prior to 5.3.23, 5.1.16, 4.8.11.
|
|
6 Nov 2023 | VULN456 | Qnap : QSA-23-35 Vulnerability in QTS, Multimedia Console, and Media Streaming add-on | Systems running QTS versions 5.1.x, 4.3.6, 4.3.4, 4.3.3, 4.2.x; Multimedia Console versions 2.1.x, 1.4.x; Media Streaming add-on versions 500.1.x, 500.0.x.
|
|
6 Nov 2023 | VULN455 | Qnap : Critical and Medium Vulnerabilities fixed in QTS, QuTS hero, and QuTScloud | Systems running QTS versions 5.1.x, 5.0.x, 4.5.x; QuTS hero versions h5.1.x, h5.0.x, h4.5.x; QuTScloud versions c5.0.1, c5.x.
|
|
6 Nov 2023 | VULN454 | Cisco : Cisco Security Advisories Published on November 01, 2023 | Systems running Cisco products.
|
|
6 Nov 2023 | VULN453 | Nagios XI : Multiple security vulnerabilities fixed in Nagios XI | Systems running Nagios XI versions prior to 5.11.3.
|
|
6 Nov 2023 | VULN452 | SQUID : SQUID-2023:4 Denial of Service in SSL Certificate validation | Systems running Squid versions prior to 6.4.
|
|
6 Nov 2023 | VULN451 | GitLab : GitLab Security Release: 16.5.1, 16.4.2, 16.3.6 | Systems running GitLab versions prior to 16.5.1, 16.4.2, 16.3.6.
|
|
6 Nov 2023 | VULN450 | Kubernetes : Insufficient input sanitization on Windows nodes leads to privilege escalation | Systems running kubelet versions prior to 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17.
|
|
6 Nov 2023 | VULN449 | Django : Django security releases issued: 4.2.7, 4.1.13, and 3.2.23 | Systems running Django versions prior to 4.2.7, 4.1.13, 3.2.23.
|
|
30 Oct 2023 | VULN448 | Apache : Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend | Systems running Apache Airflow Celery provider versions prior to 3.4.1, Apache Airflow versions prior to 2.7.0.
|
|
30 Oct 2023 | VULN447 | Apache : Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack | Systems running Apache ActiveMQ versions prior to 5.15.16, 5.16.7, 5.17.6, 5.18.3.
|
|
30 Oct 2023 | VULN446 | VMware : VMware Tools updates address Local Privilege Escalation and SAML Token Signature Bypass vulnerabilities | Systems running VMware Tools versions prior to 12.1.1, 12.3.5.
|
|
27 Oct 2023 | STAT43 | |
|
|
27 Oct 2023 | VULN445 | F5 : K000137353: BIG-IP Configuration utility unauthenticated remote code execution vulnerability CVE-2023-46747 | Systems running BIG-IP (all modules).
|
|
26 Oct 2023 | VULN443 | Kubernetes : Ingress-nginx vulnerabilities fixed | Systems running ingress-nginx versions prior to 1.9.0.
|
|
26 Oct 2023 | VULN442 | Jenkins : Multiple vulnerabilities in Jenkins plugins | Systems running CloudBees CD Plugin for Jenkins, Edgewall Trac Plugin for Jenkins, GitHub Plugin for Jenkins, Gogs Plugin for Jenkins, lambdatest-automation Plugin for Jenkins, lambdatest-automation Plugin for Jenkins, MSTeams Webhook Trigger Plugin for Jenkins, Multibranch Scan Webhook Trigger Plugin for Jenkins, Warnings Plugin for Jenkins, Zanata Plugin versions prior to for Jenkins.
|
|
26 Oct 2023 | VULN441 | Mozilla : Security Vulnerabilities fixed in Thunderbird 115.4.1 | Systems running Thunderbird versions prior to 115.4.1.
|
|
26 Oct 2023 | VULN440 | Mozilla : Security Vulnerabilities fixed in Firefox 119, for iOS 119, ESR 115.4 | Systems running Firefox versions prior to 119, for iOS 119, ESR 115.4.
|
|
26 Oct 2023 | VULN439 | APPLE : APPLE-SA-10-25-2023-7 tvOS 17.1 | tvOS versions prior to 17.1.
|
|
26 Oct 2023 | VULN438 | APPLE : APPLE-SA-10-25-2023-8 watchOS 10.1 | watchOS versions prior to 10.1.
|
|
26 Oct 2023 | VULN437 | APPLE : APPLE-SA-10-25-2023-9 Safari 17.1 | Systems running Safari versions prior to 17.1.
|
|
26 Oct 2023 | VULN436 | APPLE : macOS Sonoma 14.1, Ventura 13.6.1, Monterey 12.7.1 | macOS versions prior to Sonoma 14.1, Ventura 13.6.1, Monterey 12.7.1.
|
|
26 Oct 2023 | VULN435 | APPLE : iOS 16.7.2, 15.8 and iPadOS 16.7.2, 15.8 | 16.7.2, 15.8 versions prior to 16.7.2, 15.8.
|
|
25 Oct 2023 | VULN434 | Google : Stable Channel for Desktop Updated to118.0.5993.117 | Systems running Google Chrome versions prior to 118.0.5993.117.
|
|
25 Oct 2023 | VULN433 | Aruba : ClearPass Policy Manager Multiple Vulnerabilities | Systems running ClearPass Policy Manager versions prior to 6.11.5, 6.10.8 Hotfix Q4 2023 for Security issues, 6.9.13 Hotfix Q4 2023 for Security issues.
|
|
25 Oct 2023 | VULN432 | Nautobot : Exposure of hashed user passwords via REST API | Systems running nautobot versions prior to 2.0.3.
|
|
25 Oct 2023 | VULN431 | VMware : VMware vCenter Server updates address Critical out-of-bounds write and information disclosure vulnerabilities | Systems running VMware vCenter Server versions prior to 8.0U2, 8.0U1d, 7.0U3o, VMware Cloud Foundation (VMware vCenter Server).
|
|
25 Oct 2023 | VULN430 | X.Org : Issues in X.Org X server prior to 21.1.9 and Xwayland prior to 23.2.2 | Systems running X.Org X server versions prior to 21.1.9, Xwayland versions prior to 23.2.2.
|
|
24 Oct 2023 | VULN429 | SQUID : Request/Response smuggling and Denial of Service vulnerabilities fixed | Systems running squid versions prior to 6.4.
|
|
24 Oct 2023 | VULN428 | OpenSSL : OpenSSL Security Advisory [24th October 2023] | Systems running OpenSSL versions 3.x prior to 3.0.12, 3.1.4.
|
|
23 Oct 2023 | STAT42 | |
|
|
20 Oct 2023 | VULN427 | Vmware : VMware Aria Operations for Logs updates address multiple vulnerabilities | Systems running VMware Aria Operations for Logs versions prior to 8.14, VMware Cloud Foundation (VMware Aria Operations for Logs).
|
|
20 Oct 2023 | VULN426 | VMware : VMware Fusion and Workstation updates address privilege escalation and information disclosure vulnerabilities | Systems running Workstation versions prior to 17.5, VMware Fusion versions prior to 13.5.
|
|
20 Oct 2023 | VULN425 | Redis : Redis Unix-domain socket may be exposed with the wrong permissions for a short time window | Systems running redis-server versions prior to 7.2.2, 7.0.14, 6.2.14.
|
|
20 Oct 2023 | VULN424 | Spring : CVE-2023-34050 Spring AMQP Deserialization Vulnerability | Systems running Spring AMQP versions prior to 2.4.17, 3.0.12, 3.1.5, 3.2.0.
|
|
20 Oct 2023 | VULN423 | Apache : CVE-2023-44483 Apache Santuario: Private Key disclosure in debug-log output | Systems running Apache Santuario versions prior to 2.2.6, 2.3.4, 3.0.3.
|
|
20 Oct 2023 | VULN422 | Atlassian : October 2023 Security Bulletin | Systems running Confluence Server and Data Center versions prior to 8.3.3, 8.4.3, 8.5.2, Jira Service Management Data Center and Server versions prior to 4.20.27, 5.4.11, Bitbucket Data Center and Server versions prior to 7.21.16, 8.9.4, 8.10.4, 8.11.3,8.12.1, 8.13.1, Bamboo Data Center and Server versions prior to 9.2.5, 9.3.1, 9.3.3, Sourcetree for Windows versions prior to 3.4.15, Sourcetree for Mac versions prior to 4.2.5.
|
|
19 Oct 2023 | VULN421 | Zimbra : Patch for Zimbra Daffodil 10.0.5, 9.0.0 Patch-37 & 8.8.15 Patch-44 | Systems running Zimbra versions prior to 10.0.5, 9.0.0 Patch-37, 8.8.15 Patch-44.
|
|
19 Oct 2023 | VULN420 | Apache : HTTP/2 and buffer over-read vulnerabilities fixed | Systems running Apache HTTP Server versions prior to 2.4.58.
|
|
19 Oct 2023 | VULN419 | Cisco : Cisco Catalyst SD-WAN Manager Local File Inclusion Vulnerability | Systems running Cisco Catalyst SD-WAN software versions prior to 20.6.6.
|
|
19 Oct 2023 | VULN418 | Google : Stable Channel for Desktop Updated to118.0.5993.88 | Systems running Google Chrome versions prior to 118.0.5993.88.
|
|
19 Oct 2023 | VULN417 | Fortinet : Multiple Vulnerabilities fixed in FortiSandbox | Systems running FortiSandbox versions prior to 4.4.2, 4.0.4.
|
|
19 Oct 2023 | VULN416 | Jenkins : Jenkins Security Advisory 2023-10-18 | Systems running Jenkins weekly versions prior to 2.428, Jenkins LTS versions prior to 2.414.2.
|
|
18 Oct 2023 | VULN415 | Qnap : Vulnerability in Container Station | Systems running Container Station versions prior to 2.6.7.44.
|
|
18 Oct 2023 | VULN414 | Qnap : Vulnerabilities in QTS, QuTS hero, and QuTScloud | QTS versions prior to 5.1.0.2444 build 20230629, 5.0.1.2425 build 20230609, 4.5.4.2467 build 20230718, QuTS hero versions prior to h5.1.0.2424 build 20230609, h5.0.1.2515 build 20230907, h4.5.4.2476 build 20230728, QuTScloud versions prior to c5.1.0.2498.
|
|
18 Oct 2023 | VULN413 | Qnap : Vulnerabilities in Video Station | Systems running Qnap versions prior to 5.7.0 (2023/07/27).
|
|
18 Oct 2023 | VULN412 | Moodle : Multiple security vulnerabilities fixed in Moodle | Systems running Moodle versions prior to 4.2.3, 4.1.6, 4.0.11, 3.11.17, 3.9.24.
|
|
18 Oct 2023 | VULN411 | Oracle : October 2023 Critical Patch Update Released | Systems running Oracle products.
|
|
18 Oct 2023 | VULN410 | Roundcube : Security updates 1.5.5, 1.4.15 and 1.6.4 released | Systems running Roundcube Webmail versions prior to 1.6.4, 1.5.5, 1.4.15.
|
|
18 Oct 2023 | VULN409 | Cisco : Critical Cisco IOS XE Software Web UI Privilege Escalation Vulnerability | Cisco IOS XE Software.
|
|
18 Oct 2023 | VULN408 | Apache : Multiple vulnerabilities fixed in Apache Airflow | Systems running Apache Airflow versions 2.7 prior to 2.7.2.
|
|
18 Oct 2023 | VULN407 | Apache : Multiple vulnerabilities fixed in Apache InLong | Systems running Apache InLong versions prior to 1.9.0.
|
|
16 Oct 2023 | STAT41 | |
|
|
16 Oct 2023 | VULN406 | Babel : Arbitrary code execution when compiling specifically crafted malicious code | Systems running babel/traverse (npm) versions prior to 7.23.2, 8.0.0-alpha.4.
|
|
16 Oct 2023 | VULN405 | Cisco : cURL and libcurl Vulnerability Affecting Cisco Products: October 2023 | Cisco Systems running cURL, libcurl.
|
|
16 Oct 2023 | VULN404 | Grafana : Out-of-bounds array access in track_set_index | Systems running Grafana versions prior to 10.1.5, 10.0.9, 9.5.13, 9.4.17.
|
|
16 Oct 2023 | VULN403 | Node.js : Friday October 13 2023 Security Releases | Systems running Node.js versions prior to 20.8.1, 18.18.2 (LTS).
|
|
16 Oct 2023 | VULN402 | _(WordPress_:_WordPress_6.3.2?= =?windows-1250?Q?_=96_Maintenance_and_Security_release)?= | Systems running WordPress versions prior to 6.3.2.
|
|
12 Oct 2023 | VULN401 | libcue : Out-of-bounds array access in track_set_index | Systems running libcue versions prior to 2.3.0.
|
|
12 Oct 2023 | VULN400 | Fortinet : FortiMail - Email account takeover in same web domain | Systems running FortiMail versions prior to 7.4.0, 7.2.3, 7.0.6, 6.4.8.
|
|
12 Oct 2023 | VULN399 | Fortinet : Path traversal and Arbitrary file deletion fixed | Systems running FortiManager, FortiAnalyzer versions prior to 7.4.1, 7.2.4, 7.0.9, 6.4.13, 6.2.12.
|
|
12 Oct 2023 | VULN398 | Fortinet : FortiWLM - Authenticated command injection vulnerability | Systems running FortiWLM versions prior to 8.6.6, 8.5.5.
|
|
12 Oct 2023 | VULN397 | Fortinet : FortiSIEM - multiple path traversal vulnerabilities | Systems running FortiSIEM versions prior to 7.0.1, 6.7.4, 6.6.4, 6.5.2, 6.4.3.
|
|
12 Oct 2023 | VULN396 | Citrix : Citrix Hypervisor Multiple Security Updates | Systems running Citrix Hypervisor versions 8.2 CU1 LTSR.
|
|
12 Oct 2023 | VULN395 | Samba : Multiple vulnerabilities fixed in Samba | Systems running Samba versions prior to 4.19.1, 4.18.8, 4.17.12.
|
|
11 Oct 2023 | VULN394 | Harbor : Timing attack risk in Harbor | Systems running Harbor versions prior to 2.8.3, 2.7.3, 1.10.18.
|
|
11 Oct 2023 | VULN393 | APPLE : APPLE-SA-10-10-2023-1 iOS 16.7.1 and iPadOS 16.7.1 | iOS, iPadOS versions prior to 16.7.1.
|
|
11 Oct 2023 | VULN392 | Google : Stable Channel for Desktop updated to 118.0.5993.70 | Systems running Google Chrome versions prior to 118.0.5993.70.
|
|
11 Oct 2023 | VULN391 | Apache : CVE-2023-44981 Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication | Systems running Apache ZooKeeper versions prior to 3.9.1, 3.8.3, 3.7.2.
|
|
11 Oct 2023 | VULN390 | Curl : SOCKS5 heap buffer overflow and cookie injection fixed | Systems running libcurl versions prior to 8.4.0.
|
|
11 Oct 2023 | VULN389 | Apache : Multiple Vulnerabilities fixed in Apache Tomcat | Systems running Apache Tomcat versions prior to 11.0.0-M12, 10.1.14, 9.0.81, 8.5.94.
|
|
10 Oct 2023 | STAT40 | |
|
|
10 Oct 2023 | VULN388 | Qnap : Vulnerabilities in Music Station | Systems running Music Station versions prior to 5.3.22.
|
|
10 Oct 2023 | VULN387 | Qnap : Vulnerabilities in ClamAV | QTS, QuTS hero running ClamAV versions prior to 5.0.1.2376 build 20230421, QuTScloud versions prior to c5.0.1.2374.
|
|
10 Oct 2023 | VULN386 | Qnap : Vulnerabilities in QVPN Device Client for Windows | Windows running QVPN Device Client versions prior to 2.1.0.0518, 2.2.0.0823.
|
|
10 Oct 2023 | VULN385 | Qnap : Vulnerability in QTS, QuTS hero, and QuTScloud | Systems running QTS versions prior to 5.0.1.2425 build 20230609, 5.1.0.2444 build 20230629, 5.4.2467 build 20230718, QuTS hero versions prior to h5.0.1.2515 build 20230907, h5.1.0.2424 build 20230609, h5.1.0.2424 build 20230609, QuTScloud versions prior to c5.1.0.2498.
|
|
10 Oct 2023 | VULN384 | Xen : Multiple vulnerabilities fixed in Xen | Systems running Xen.
|
|
10 Oct 2023 | VULN383 | Neuvector : JWT token compromise can allow malicious actions including Remote Code Execution (RCE) | Systems running neuvector versions prior to 5.2.2.
|
|
6 Oct 2023 | VULN382 | _(Gentoo_:_glibc_Multiple_vul?= =?Windows-1252?Q?nerabilities_=97_GLSA_202310-03)?= | Gentoo linux running glibc versions prior to 2.37-r7.
|
|
6 Oct 2023 | VULN381 | _(Debian_:_DSA-5514-1_glibc_--_?= =?iso-8859-1?Q?Mise_=E0_jour_de_s=E9curit=E9)?= | Debian linux running glibc versions prior to 2.31-13+deb11u7, 2.36-9+deb12u3.
|
|
6 Oct 2023 | VULN380 | Red Hat : CVE-2023-4911 buffer overflow in the dynamic loader ld.so can lead to privilege escalation | linux running glibc 2.34 and later.
|
|
6 Oct 2023 | VULN379 | Atlassian : CVE-2023-22515 - Broken Access Control Vulnerability in Confluence Data Center and Server | Systems running Atlassian Confluence Data Center and Server versions prior to 8.3.3, 8.4.3, 8.5.2.
|
|
6 Oct 2023 | VULN378 | _(Wireshark_:_wnpa-sec-2023-27_?= =?iso-8859-1?Q?=B7_RTPS_dissector_memory_leak)?= | Systems running Wireshark versions prior to 4.0.9, 3.6.17.
|
|
6 Oct 2023 | VULN377 | Zope : Stored cross site scripting via the title property in the Zope management interface | Systems running Zope versions prior to 4.8.11, 5.8.6.
|
|
6 Oct 2023 | VULN376 | Gradle : Incorrect permission assignment for symlinked files used in copy or archiving operations | Systems running gradle versions prior to 7.6.3, 8.4.
|
|
5 Oct 2023 | VULN375 | TYPO3 : Broken Access Control in extension "femanager" | Systems running femanager for TYPO3 versions prior to 7.2.2.
|
|
5 Oct 2023 | VULN374 | Django : Django security releases issued 4.2.5, 4.1.11, and 3.2.21 | Systems running Django versions prior to 4.2.5, 4.1.11, 3.2.21.
|
|
5 Oct 2023 | VULN373 | APPLE : APPLE-SA-2023-10-04-1 iOS 17.0.3 and iPadOS 17.0.3 | iOS, iPadOS versions prior to 17.0.3.
|
|
5 Oct 2023 | VULN372 | Cisco : Cisco Security Advisories Published on October 04, 2023 | Systems running Cisco Emergency Responder software, Cisco Unified Communications Products software, ConfD CLI Secure Shell Server software, Cisco Network Services Orchestrator software, Cisco IOx Application Hosting Environment.
|
|
4 Oct 2023 | VULN371 | Google : CVE-2023-5346 Type Confusion in V8 fixed | Systems running Google Chrome versions prior to 117.0.5938.149.
|
|
4 Oct 2023 | VULN370 | Composer : Remote Code Execution via web-accessible composer.phar | Systems running Composer versions prior to 2.6.4, 2.2.21, 1.10.27.
|
|
4 Oct 2023 | VULN369 | TorchServe : Critical Pre-auth RCE vulnerability and SSRF fixed | Systems running torchserve versions prior to 0.8.2.
|
|
4 Oct 2023 | VULN368 | X.Org : Issues in libX11 prior to 1.8.7 & libXpm prior to 3.5.17 | Systems running libX11 versions prior to 1.8.7, libXpm versions prior to 3.5.17.
|
|
4 Oct 2023 | VULN367 | Apache : CVE-2023-39410 Apache Avro Java SDK Memory when deserializing untrusted data in Avro Java SDK | Systems running Apache Avro versions prior to 1.11.3.
|
|
3 Oct 2023 | STAT39 | |
|
|
3 Oct 2023 | VULN366 | Exim : Exim fix three 0day vulnerabilities, 3 more pending | Systems running Exim versions prior to 4.96.1, 4.97.
|
|
29 Sep 2023 | VULN365 | APPLE : APPLE-SA-09-26-2023-9 tvOS 17 | tvOS versions prior to 17.
|
|
29 Sep 2023 | VULN364 | WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2023-0009 | Systems running WebKitGTK, WebKit versions prior to 2.42.1, 2.40.5.
|
|
29 Sep 2023 | VULN363 | GitLab : GitLab Security Release: 16.4.1, 16.3.5, and 16.2.8 | Systems running GitLab versions prior to 16.4.1, 16.3.5, 16.2.8
|
|
29 Sep 2023 | VULN362 | Google : Stable Channel Update for Desktop updated to 117.0.5938.132 | Systems running Google Chrome versions prior to 117.0.5938.132.
|
|
28 Sep 2023 | VULN361 | Mozilla : Security Vulnerabilities fixed in Thunderbird 115.3 | Systems running Thunderbird versions prior to 115.3.
|
|
28 Sep 2023 | VULN360 | Mozilla : Security Vulnerabilities fixed in Firefox 118 and ESR 115.3 | Systems running Firefox versions prior to 118, ESR 115.3.
|
|
28 Sep 2023 | VULN359 | APPLE : APPLE-SA-09-26-2023-8 watchOS 10 | watchOS versions prior to 10.
|
|
28 Sep 2023 | VULN358 | Cisco : Cisco Security Advisories Published on September 27, 2023 | Systems running Cisco IOS XE, Cisco IOS, Cisco Catalyst SD-WAN Manager software, Cisco DNA Center API software, Cisco Wireless LAN Controller AireOS Software, Cisco Catalyst 9100 Access Points software, Cisco Access Point Software.
|
|
28 Sep 2023 | VULN357 | APPLE : APPLE-SA-09-26-2023-6 Xcode 15 | Systems running Xcode versions prior to 15.
|
|
28 Sep 2023 | VULN356 | APPLE : iOS and iPadOS 17 and Additional information for versions 16.7 | iOS, iPadOS versions prior to 17.
|
|
28 Sep 2023 | VULN355 | APPLE : macOS Sonoma 14 Additional information for macOS 13.6 and 12.7 | macOS versions prior to 14.
|
|
28 Sep 2023 | VULN354 | APPLE : APPLE-SA-09-26-2023-1 Safari 17 | Systems running Safari versions prior to 17.
|
|
28 Sep 2023 | VULN353 | libwebp : libwebp 1.3.2 includes important security fix for lossless decoding CVE-2023-4863 | Systems running libwebp versions prior to 1.3.2.
|
|
27 Sep 2023 | VULN352 | Cilium : Vulnerabilities fixed in Cilium | Systems running Cilium versions prior to 1.14.2, 1.13.7, 1.12.14.
|
|
27 Sep 2023 | VULN351 | VMware : VMware Aria Operations updates address local privilege escalation | Systems running VMware Aria Operations.
|
|
26 Sep 2023 | VULN350 | Xen : x86/AMD Divide speculative information leak | Systems running Xen.
|
|
26 Sep 2023 | VULN349 | Atlassian : Third-Party Dependency Vulnerability in Jira Service Management Data Center and Server | Systems running Jira Service Management Data Center and Server versions prior to 4.20.25, 5.4.9, git 5.9.2, 5.11.0, 5.10.1.
|
|
26 Sep 2023 | VULN348 | Atlassian : DoS (Denial of Service) in Confluence Data Center and Server | Systems running Confluence Data Center and Server versions prior to 7.19.14, 8.5.1.
|
|
26 Sep 2023 | VULN347 | Atlassian : Third-Party Dependency in Bamboo Data Center and Server | Systems running Bamboo Data Center and Server versions prior to 9.3.1, 9.2.4.
|
|
26 Sep 2023 | VULN346 | Atlassian : RCE (Remote Code Execution) in Bitbucket Data Center and Server | Systems running Bitbucket Data Center and Server versions prior to 8.9.5, 8.10.5, 8.11.4, 8.12.2, 8.13.1, 8.14.0.
|
|
26 Sep 2023 | VULN345 | Roundcube : Security updates 1.6.3, 1.5.4, 1.4.14 released | Systems running Roundcube Webmail versions prior to 1.6.3, 1.5.4, 1.4.14.
|
|
25 Sep 2023 | STAT38 | |
|
|
22 Sep 2023 | VULN344 | APPLE : watchOS 9.6.3 and 10.0.1 fix vulnerabilities that may have been actively exploited | watchOS versions prior to 10.0.1, 9.6.3.
|
|
22 Sep 2023 | VULN343 | APPLE : macOS 13.6 and 12.7 fix vulnerabilities that may have been actively exploited | macOS versions prior to 13.6, 12.7.
|
|
22 Sep 2023 | VULN342 | APPLE : APPLE-SA-2023-09-21-1 Safari 16.6.1 | Systems running Safari versions prior to 16.6.1.
|
|
22 Sep 2023 | VULN341 | Plone : Plone security advisory 2023/09/21 | Systems running Plone versions prior to 5.2.14, 6.0.7.
|
|
22 Sep 2023 | VULN340 | Zope Foundation : Vulnerabilities fixed in Zope and AccessControl | Systems running Zope versions prior to 4.8.10, 5.8.5, AccessControl versions prior to 4.4, 5.8, 6.2.
|
|
21 Sep 2023 | VULN339 | Drupal : Drupal core - Critical - Cache poisoning - SA-CORE-2023-006 | Systems running Drupal core versions prior to
|
|
21 Sep 2023 | VULN338 | HashiCorp : Vault’s Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption | Systems running Vault, Vault Enterprise versions
|
|
21 Sep 2023 | VULN337 | Jenkins : Jenkins Security Advisory 2023-09-20 | Systems running Jenkins weekly versions up to
|
|
20 Sep 2023 | VULN336 | CUPS : CUPS Heap-based buffer overflow | Systems running cups versions up to and including
|
|
20 Sep 2023 | VULN335 | Spring : CVE-2023-34047 Exposure of data and identity to wrong session in Spring for GraphQL | Systems running Spring for GraphQL versions prior
|
|
20 Sep 2023 | VULN334 | GitLab: GitLab Critical Security Release: 16.3.4 and 16.2.7 | Systems running GitLab versions prior to 16.3.4,
|
|
20 Sep 2023 | VULN333 | Xen : arm32 The cache may not be properly cleaned/invalidated | Systems running Xen on Arm 32-bit.
|
|
20 Sep 2023 | VULN332 | ISC : Vulnerabilities may cause named to terminate unexpectedly | Systems running BIND versions 9 prior to 9.16.44,
|
|
20 Sep 2023 | VULN331 | Strapi : Multiple security vulnerabilities fixed | Systems running strapi/plugin-users-permissions,
|
|
20 Sep 2023 | VULN330 | Directus : VM2 Sandbox escape and Incorrect Permission Checking for GraphQL | Systems running Directus versions prior to 10.6.0.
|
|
18 Sep 2023 | STAT37 | |
|
|
14 Sep 2023 | VULN329 | Fortinet : FortiAP-U - Arbitrary file listing and deletion through the CLI | Systems running FortiAP-U versions prior to 7.0.1, 6.2.6.
|
|
14 Sep 2023 | VULN328 | Fortinet : FortiTester - Authenticated command injection in FortiGuard explicit proxy setting | Systems running FortiTester versions prior to 7.3.0.
|
|
14 Sep 2023 | VULN327 | Fortinet : FortiWeb - Insufficient protections against XSS and CSRF | Systems running FortiWeb versions prior to 7.2.2, 7.0.7.
|
|
14 Sep 2023 | VULN326 | Fortinet : FortiOS & FortiProxy - Stored XSS in guest management page | Systems running FortiOS versions prior to 7.4.0, 7.2.5, 7.0.12, 6.4.13, 6.2.15, FortiProxy versions prior to 7.2.5, 7.0.11.
|
|
14 Sep 2023 | VULN325 | Fortinet : FortiADC - Command injection in Automation/Webhook module | Systems running FortiADC versions prior to 7.1.2, 7.0.4, 6.2.6.
|
|
14 Sep 2023 | VULN324 | Palo Alto Networks : CVE-2023-3280 Cortex XDR Agent: Local Windows User Can Disable the Agent | Systems running Cortex XDR agent versions prior to 8.0.2, 7.9.101-CE, 7.9.3.
|
|
14 Sep 2023 | VULN323 | DRUPAL : Mail Login - Critical - Access bypass - SA-CONTRIB-2023-045 | Systems running mail_login module for Drupal versions prior to 8.x-2.8.
|
|
14 Sep 2023 | VULN322 | _(SAP_:_SAP_Security_Patch_Da?= =?Windows-1252?Q?y_=96_September_2023)?= | Systems running SAP products.
|
|
14 Sep 2023 | VULN321 | Apache : Apache Commons Compress Denial of service via CPU consumption for malformed TAR file | Systems running Apache Commons Compress versions prior to 1.24.0.
|
|
14 Sep 2023 | VULN320 | Cisco : Cisco Security Advisories Published on September 13, 2023 | Cisco IOS XR Software versions prior to 7.10.1, 7.3.5, 7.5.4, 7.6.3, 7.7.21, 7.8.2, 7.9.2.
|
|
13 Sep 2023 | VULN319 | Adobe : Security update available for Adobe Acrobat and Reader APSB23-34 | Systems running Adobe Acrobat and Reader versions prior to 23.006.20320, Acrobat 2020, Acrobat Reader 2020 versions prior to 20.005.30524.
|
|
13 Sep 2023 | VULN318 | Mozilla : Security Vulnerability fixed in Firefox 117.0.1, ESR 115.2.1, ESR 102.15.1, Thunderbird 102.15.1, and 115.2.2 | Systems running Firefox versions prior to 117.0.1, ESR 102.15.1, ESR 115.2.1, Thunderbird versions prior to 102.15.1, 115.2.2.
|
|
13 Sep 2023 | VULN317 | Google : Stable Channel Update for Desktop updated to 116.0.5845.187/.188 | Systems running Google Chrome versions prior to 116.0.5845.187/.188.
|
|
13 Sep 2023 | VULN316 | curl : CVE-2023-38039 HTTP headers eat all memory | Systems running libcurl versions prior to 8.3.0.
|
|
13 Sep 2023 | VULN315 | Apache : CVE-2023-41081 Apache Tomcat Connectors (mod_jk) Information Disclosure | Systems running Apache Tomcat Connectors mod_jk Connector versions prior to 1.2.49.
|
|
12 Sep 2023 | VULN314 | APPLE : APPLE-SA-2023-09-11-1 iOS 15.7.9 and iPadOS 15.7.9 | iOS, iPadOS versions prior to 15.7.9.
|
|
12 Sep 2023 | VULN313 | APPLE : APPLE-SA-2023-09-11-3,2 macOS Big Sur 11.7.10 and Monterey 12.6.9 | macOS versions prior to Big Sur 11.7.10,
|
|
12 Sep 2023 | VULN312 | Terraform : HCSEC-2023-27 - Terraform Allows Arbitrary File Write During Init Operation | Terraform versions prior to 1.5.7.
|
|
12 Sep 2023 | VULN311 | Argo CD : Cluster secret that might leak in cluster details page and Denial of Service fixed | Systems running Argo CD (Go) versions prior to
|
|
12 Sep 2023 | VULN310 | RKE2 : RKE2 supervisor port is vulnerable to unauthenticated remote denial-of-service (DoS) attack | Systems running rancher/rke2 (Go) versions prior
|
|
12 Sep 2023 | VULN309 | K3s : K3s apiserver port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attack | Systems running K3s versions prior to
|
|
12 Sep 2023 | VULN308 | Apache : Vulnerabilities fixed in Apache Airflow 2.7.1 | Systems running Apache Airflow versions prior
|
|
12 Sep 2023 | VULN307 | WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2023-0008 | Systems running WebKitGTK, WPE WebKit versions
|
|
11 Sep 2023 | STAT36 | |
|
|
8 Sep 2023 | VULN306 | (OpenSSL : POLY1305 MAC implementation corrupts XMM registers on Windows (CVE-2023-4807)) | Systems running OpenSSL versions 1.1.1 to 1.1.1v,
|
|
8 Sep 2023 | VULN305 | APPLE : APPLE-SA-2023-09-07-3 watchOS 9.6.2 | watchOS versions prior to 9.6.2.
|
|
8 Sep 2023 | VULN304 | APPLE : APPLE-SA-2023-09-07-1 macOS Ventura 13.5.2 | macOS versions prior to 13.5.2.
|
|
8 Sep 2023 | VULN303 | APPLE : APPLE-SA-2023-09-07-2 iOS 16.6.1 and iPadOS 16.6.1 | iOS versions prior to 16.6.1.
|
|
7 Sep 2023 | VULN302 | (SolarWinds : MFA/2FA Bypass Vulnerability in Serv-U 15.4: Serv-U 15.4 and 15.4 HF1 (CVE-2023-40060)) | Systems running Serv-U versions 15.4 prior to
|
|
7 Sep 2023 | VULN301 | Google : Security vulnerabilities fixed in Chrome 116.0.5845.179/.180 | Systems running Google Chrome versions prior to
|
|
7 Sep 2023 | VULN300 | Elastic : Elasticsearch 8.9.2 and 7.17.13 Security Update | Systems running Elasticsearch versions prior
|
|
7 Sep 2023 | VULN299 | Aruba : Multiple Vulnerabilities in 9200 and 9000 Series Controllers and Gateways running ArubaOS | ArubaOS versions prior to 10.4.0.2, 8.11.1.1,
|
|
7 Sep 2023 | VULN298 | (Electron : Security vulnerabilities fixed in Electron (npm)) | Systems running electron (npm) versions prior
|
|
7 Sep 2023 | VULN297 | Cisco : Cisco Security Advisories Published on September 06, 2023 | Systems running Cisco BroadWorks Application
|
|
6 Sep 2023 | VULN296 | Apache : Multiple security vulnerabilities fixed in Apache Superset | Systems running Apache Superset versions up to
|
|
6 Sep 2023 | VULN295 | Jenkins: Jenkins Security Advisory 2023-09-06 | Systems running Assembla Auth Plugin for Jenkins,
|
|
5 Sep 2023 | VULN294 | Apache : CVE-2023-39441 Apache Airflow SMTP Provider, Apache Airflow IMAP Provider, Apache Airflow SMTP/IMAP client components vulnerability | Systems running Apache Airflow SMTP Provider
|
|
5 Sep 2023 | VULN293 | Apache : Apache Airflow Session fixation, Exposure of sensitive connection information, DOS and SSRF vulnerabilities | Systems running Apache Airflow versions
|
|
5 Sep 2023 | VULN292 | Apache : CVE-2023-27604 Airflow Sqoop Provider RCE Vulnerability | Systems running Apache Airflow Sqoop Provider
|
|
5 Sep 2023 | VULN291 | Xen : arm32 The cache may not be properly cleaned/invalidated | Systems running Xen.
|
|
5 Sep 2023 | VULN290 | Gitpython : Untrusted search path on Windows and Blind local file inclusion vulnerabilities | Systems running gitpython (pip) versions prior
|
|
5 Sep 2023 | VULN289 | Django : Django security releases issued 4.2.5, 4.1.11, and 3.2.21 | Systems running Django versions prior to 4.2.5,
|
|
4 Sep 2023 | STAT35 | |
|
|
1 Sep 2023 | VULN288 | Synology : Synology-SA-23:10 SRM | SRM versions 1.3 prior to 1.3.1-9346-6.
|
|
1 Sep 2023 | VULN287 | (Juniper : Junos OS and Junos OS Evolved: A crafted BGP UPDATE message allows a remote attacker to de-peer (reset) BGP sessions (CVE-2023-4481)) | Junos OS versions prior to 23.4R1,
|
|
1 Sep 2023 | VULN286 | (Splunk : Vulnerabilities fixed in Splunk IT Service Intelligence (ITSI)) | Systems running Splunk IT Service Intelligence
|
|
1 Sep 2023 | VULN285 | Synology : Synology-SA-23:11 Synology Camera | Synology Camera BC500 Firmware, Synology Camera
|
|
1 Sep 2023 | VULN284 | Synology : Synology-SA-23:12 Synology SSL VPN Client | Systems running Synology SSL VPN Client
|
|
1 Sep 2023 | VULN283 | Gitlab : GitLab Security Release 16.3.1, 16.2.5, and 16.1.5 | Systems running GitLab versions prior to
|
|
31 Aug 2023 | VULN282 | Trend Micro : Trend Micro Mobile Security (Enterprise) Reflected Cross Site-Scripting Vulnerabilities | Windows running Mobile Security (Enterprise)
|
|
31 Aug 2023 | VULN281 | Ivanti : CVE-2023-38035 – API Authentication Bypass on Sentry Administrator Interface | Systems running Ivanti MobileIron Sentry Sentry
|
|
31 Aug 2023 | VULN280 | Aruba : Multiple Vulnerabilities in EdgeConnect SD-WAN Orchestrator | Systems running EdgeConnect SD-WAN Orchestrator
|
|
31 Aug 2023 | VULN279 | QNAP : Vulnerabilities in QTS and QuTS hero | QTS, versions prior to 5.1.0.2444 build 20230629,
|
|
31 Aug 2023 | VULN278 | Splunk : Multiple vulnerabilities fixed in Splunk Enterprise | Systems running Splunk Enterprise versions prior
|
|
31 Aug 2023 | VULN277 | (Vmware : VMware Tools updates address a SAML Token Signature Bypass Vulnerability (CVE-2023-20900)) | Systems running VMware Tools versions prior to
|
|
30 Aug 2023 | VULN276 | Wireshark : Multiple vulnerabilities fixed in Wireshark 4.0.8, 3.6.16 | Systems running Wireshark versions prior to 4.0.8,
|
|
30 Aug 2023 | VULN275 | Esoteric YamlBeans : Esoteric YamlBeans XML Entity Expansion and Unsafe Deserialization vulnerabilities | Systems running Esoteric YamlBeans versions up to
|
|
30 Aug 2023 | VULN274 | Aruba : ArubaOS-Switch Switches Multiple Vulnerabilities | ArubaOS-Switch.
|
|
30 Aug 2023 | VULN273 | VMware: VMware Aria Operations for Networks updates address multiple vulnerabilities | Systems running VMware Aria Operations Networks
|
|
30 Aug 2023 | VULN272 | Mozilla : Multiple Vulnerabilities fixed in Firefox and Thunderbird | Systems running Firefox versions prior to
|
|
30 Aug 2023 | VULN271 | Jupyter Server : Open Redirect and cross-site inclusion (XSSI) of files vulnerabilities | Systems running Jupyter Server versions prior
|
|
29 Aug 2023 | VULN270 | RUSTSEC : mail-internals use-after-free vulnerability in `vec_insert_bytes | Systems running mail-internals (Rust).
|
|
29 Aug 2023 | VULN269 | Apache : CVE-2023-41080 Apache Tomcat - open redirect | Systems running Apache Tomcat versions prior to
|
|
28 Aug 2023 | STAT34 | |
|
|
25 Aug 2023 | VULN268 | (Solarwinds : MFA/2FA Bypass Vulnerability in Serv-U 15.4 (CVE-2023-35179)) | Systems running Serv-U versions prior to 15.4 HF1.
|
|
25 Aug 2023 | VULN267 | Tuleap : Security vulnerabilities fixed in Tuleap | Systems running Tuleap Community Edition versions
|
|
25 Aug 2023 | VULN266 | Python : CVE-2023-40217] Bypass TLS handshake on closed sockets | Systems running Python versions prior to 3.11.5,
|
|
25 Aug 2023 | VULN265 | Cargo : Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports | Systems running cargo versions prior to 1.72.
|
|
24 Aug 2023 | VULN264 | Cisco : Cisco Security Advisories Published on August 23, 16, and 2 2023 | Systems running Cisco Products.
|
|
24 Aug 2023 | VULN263 | Spring : CVE-2023-34040 Java Deserialization vulnerability in Spring-Kafka When Improperly Configured | Systems running Spring for Apache Kafka versions
|
|
24 Aug 2023 | VULN262 | Kubernetes : CVE-2023-3893: Insufficient input sanitization on kubernetes-csi-proxy leads to privilege escalation | Systems running kubernetes-csi-proxy versions
|
|
24 Aug 2023 | VULN261 | (Amazon : Kubernetes Security Issues (CVE-2023-3676, CVE-2023-3893, CVE-2023-3955)) | Amazon EKS customers with Windows EC2 nodes in
|
|
24 Aug 2023 | VULN260 | Kubernetes : CVE-2023-3955, CVE-2023-3676 Insufficient input sanitization on Windows nodes leads to privilege escalation | Systems running kubelet versions prior to
|
|
24 Aug 2023 | VULN259 | MongoDB : Certificate validation issue in MongoDB Server running on Windows or macOS | Systems running MongoDB Server versions up
|
|
23 Aug 2023 | VULN258 | Google Chrome : Chrome Desktop Stable Update 116.0.5845.110 and.111 | Systems running Google Chrome versions prior to
|
|
23 Aug 2023 | VULN257 | Zimbra : Zimbra Security Update CVE-2023-41106 | Systems running Zimbra Collaboration Suite
|
|
23 Aug 2023 | VULN256 | Apache : CVE-2023-40272 Apache Airflow Spark Provider Arbitrary File Read via JDBC | Systems running Apache Airflow Spark Provider
|
|
23 Aug 2023 | VULN255 | WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2023-0007 | Systems running WebKitGTK, WPE WebKit versions
|
|
23 Aug 2023 | VULN254 | Apache : CVE-2022-46751 Apache Ivy XML External Entity vulnerability in Apache Ivy | Systems running Apache Ivy versions prior to 2.5.2.
|
|
22 Aug 2023 | STAT33 | |
|
|
22 Aug 2023 | VULN253 | Node.js : Wednesday August 9th 2023 Security Releases | Systems running Node.js versions prior to 16.20.2
|
|
22 Aug 2023 | VULN252 | node-saml : ValidatePostRequestAsync does not include checkTimestampsValidityError | Systems running saml.js versions prior to 4.0.5.
|
|
18 Aug 2023 | VULN251 | TYPO3 : Vulnerability in third party TYPO3 CMS extension | Systems running "hCaptcha for EXT:form" for
|
|
18 Aug 2023 | VULN250 | TYPO3 : TYPO3 12.4.4 and 11.5.30 security releases | Systems running TYPO3 versions prior to 12.4.4,
|
|
18 Aug 2023 | VULN249 | Jenkins : Multiple Security Vulnerabilities fixed in Jenkins products | Systems running Jenkins products.
|
|
16 Aug 2023 | STAT32 | |
|
|
7 Aug 2023 | STAT31 | |
|
|
7 Aug 2023 | STAT30 | |
|
|
28 Jul 2023 | VULN248 | (Ivanti Endpoint Manager Mobile (Core) ) | -
|
|
26 Jul 2023 | VULN247 | Atlassian : July 2023 Security Bulletin | Systems running
|
|
21 Jul 2023 | STAT29 | |
|
|
19 Jul 2023 | STAT28 | |
|
|
17 Jul 2023 | VULN246 | Zimbra : Security Update for Zimbra Collaboration Suite Version 8.8.15 | Systems running Zimbra versions prior to Zimbra
|
|
13 Jul 2023 | STAT27 | |
|
|
13 Jul 2023 | VULN245 | Mozilla : Security Vulnerabilities fixed in Firefox | Systems running Firefox versions prior to 115.0.2,
|
|
13 Jul 2023 | VULN244 | Citrix : Citrix Secure Access client Security Bulletins | Systems running Citrix Secure Access client for
|
|
13 Jul 2023 | VULN243 | SAP : SAP Security Patch Day – July 2023 | Systems running SAP products.
|
|
11 Jul 2023 | VULN242 | SPIP : Mise à jour de maintenance et sécurité sortie de SPIP 4.2.4, SPIP 4.1.11 | -
|
|
4 Jul 2023 | STAT26 | |
|
|
3 Jul 2023 | VULN241 | Apache : Apache Airflow ODBC, MSSQL and JDBC Providers Vulnerabilities fixed | Systems running Apache Airflow ODBC Provider
|
|
3 Jul 2023 | VULN240 | Apache : CVE-2023-35797 Apache Airflow Hive Provider Beeline RCE with Principal | Systems running Apache Airflow Hive Provider
|
|
3 Jul 2023 | VULN239 | Django : Django security releases issued: 4.2.3, 4.1.10, and 3.2.20 | Systems running Django versions prior to 4.2.3,
|
|
29 Jun 2023 | VULN238 | Google Chrome : Stable Channel Update for Desktop updated to 114.0.5735.198 and 114.0.5735.198/199 to fix vulnerabilities | Mac OS, Linux running Google Chrome versions prior
|
|
29 Jun 2023 | VULN237 | Tenable : Tenable Plugin Feed ID #202306261202 Fixes Privilege Escalation Vulnerability | Systems running Tenable.io, Nessus,
|
|
29 Jun 2023 | VULN236 | Apache : CVE-2023-31469 Apache StreamPipes Privilege escalation through non-admin user | Systems running Apache StreamPipes versions prior
|
|
29 Jun 2023 | VULN235 | WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2023-0005 | Systems running WebKitGTK, WPE WebKit versions
|
|
29 Jun 2023 | VULN234 | Grafana : Grafana vulnerable to Authentication Bypass by Spoofing | Systems running Grafana versions prior to
|
|
26 Jun 2023 | STAT25 | |
|
|
23 Jun 2023 | VULN233 | Kubernetes : Bypassing policies imposed by ServiceAccount and ImagePolicyWebhook admission plugins | Systems running kube-apiserver versions prior to
|
|
23 Jun 2023 | VULN232 | Bind : Multiple vulnerabilities fixed in BIND | Systems running BIND versions prior to 9.16.42,
|
|
23 Jun 2023 | VULN231 | kubernetes : CVE-2023-1943 Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode | Systems running kOps versions prior to 1.26.2,
|
|
23 Jun 2023 | VULN230 | Drupal : Vulnerabilities fixed in Drupal extensions | Systems runnin Album Photos for Drupal,
|
|
23 Jun 2023 | VULN229 | Apache : CVE-2023-34981 Apache Tomcat - Information disclosure | Systems running Apache Tomcat versions prior to
|
|
23 Jun 2023 | VULN228 | Node.js : Tuesday June 20 2023 Security Releases | Systems running Node.js versions prior to 16.20.1
|
|
21 Jun 2023 | STAT24 | |
|
|
21 Jun 2023 | VULN227 | Moodle : Multiple vulnerabilities fixed in Moodle | Systems running Moodle versions prior to 4.2.1,
|
|
14 Jun 2023 | VULN226 | Jenkins : Jenkins Security Advisory 2023-06-14 | Systems running Jenkins (core),
|
|
14 Jun 2023 | VULN225 | SAP : SAP Security Patch Day – June 2023 | Systems running SAP products.
|
|
14 Jun 2023 | VULN224 | Apache: DoS via OOM vulnerabilities fixed in Apache Struts | Systems running Apache Struts versions prior to
|
|
14 Jun 2023 | VULN223 | (VMware : VMware Tools update addresses Authentication Bypass vulnerability (CVE-2023-20867)) | Systems running VMware Tools versions prior to
|
|
14 Jun 2023 | VULN222 | PHP : PHP security releases 8.0.29, 8.1.20, 8.2.7 fixes stack information leak | Systems running PHP versions prior to 8.0.29,
|
|
14 Jun 2023 | VULN221 | Google Chrome: Multiple security vulnerabilities fixed in Chrome 114.0.5735.133, 114.0.5735.133/134 | Windows running Chrome versions prior to
|
|
14 Jun 2023 | VULN220 | Grafana : Broken Access Control in Alert manager Viewer can send test alerts | Systems running Grafana versions prior to 9.5.3,
|
|
13 Jun 2023 | VULN219 | Fortinet: FortiOS & FortiProxy - Heap buffer overflow in sslvpn pre-authentication | FortiOS-6K7K versions prior to 7.0.12, 6.4.13,
|
|
13 Jun 2023 | VULN218 | Snowflake Golang Driver: Snowflake Golang Driver vulnerable to Command Injection | Systems running gosnowflake versions prior to
|
|
13 Jun 2023 | VULN217 | Shibboleth : Parsing of KeyInfo elements can cause remote resource access | Windows running Service Provider software
|
|
13 Jun 2023 | VULN216 | Snowflake NodeJS driver: Snowflake NodeJS Driver Security Advisory | Systems running snowflake-connector-nodejs
|
|
13 Jun 2023 | VULN215 | Mozilla: Security Vulnerabilities fixed in Thunderbird 102.12 | Systems running Thunderbird versions prior to
|
|
12 Jun 2023 | STAT23 | |
|
|
8 Jun 2023 | VULN214 | Mozilla: Security Vulnerabilities fixed in Firefox 114, ESR 102.12 | Systems running Firefox versions prior to 114,
|
|
8 Jun 2023 | VULN213 | Apache: Apache Guacamole multiple vulnerabilities | Systems running Apache Guacamole versions prior
|
|
7 Jun 2023 | VULN212 | GitLab: GitLab Security Release 16.0.2, 15.11.7, and 15.10.8 | Systems running GitLab versions prior to 16.0.2,
|
|
7 Jun 2023 | VULN211 | Rancher: Multiple vulnerabilities fixed in Rancher | Systems running Rancher versions prior to 2.6.13,
|
|
7 Jun 2023 | VULN210 | VMware: VMware Workspace ONE Access and Identity Manager update addresses an Insecure Redirect Vulnerability | Systems running VMware Workspace ONE Access
|
|
5 Jun 2023 | STAT22 | |
|
|
1 Jun 2023 | VULN209 | GitLab: GitLab Critical Security Release 16.0.1 | Systems running GitLab versions prior to 16.0.1.
|
|
1 Jun 2023 | VULN208 | Joomla: Vulnerabilities fixed in version 4.3.2 | Systems running Joomla versions prior to 4.3.2.
|
|
1 Jun 2023 | VULN207 | SPIP: Mise à jour critique de l’écran de sécurité 1.5.3 | Systems running écran de sécurité versions prior
|
|
1 Jun 2023 | VULN206 | Kubernetes: CVE-2023-2878: secrets-store-csi-driver discloses service account tokens in logs | Systems running Kubernetes secrets-store-csi-driver
|
|
1 Jun 2023 | VULN205 | Apache: CVE-2023-33234 Apache Airflow CNCF Kubernetes Provider RCE via connection configuration | Systems running Apache Airflow CNCF Kubernetes
|
|
1 Jun 2023 | VULN204 | OpenSSL: OpenSSL Security Advisory [30th May 2023] | Systems running OpenSSL versions prior to 3.0.9,
|
|
1 Jun 2023 | VULN203 | WebKit: WebKitGTK and WPE WebKit Security Advisory WSA-2023-0004 | Systems running WebKitGTK, WPE WebKit versions
|
|
26 May 2023 | STAT21 | |
|
|
19 May 2023 | STAT20 | |
|
|
19 May 2023 | VULN202 | APPLE: APPLE-SA-2023-05-18-8 Safari 16.5 | Systems running Safari versions prior to 16.5.
|
|
19 May 2023 | VULN201 | APPLE: macOS Ventura 13.4, Monterey 12.6.6, Big Sur 11.7.7 | macOS versions prior to Ventura 13.4, Monterey
|
|
19 May 2023 | VULN200 | APPLE: iOS and iPadOS security updates | iOS, iPadOS versions prior to 16.5, 15.7.4,
|
|
19 May 2023 | VULN199 | Shibboleth: OpenID Connect OP plugin contains multiple race conditions | Systems running Connect OP plugin for Shibboleth
|
|
19 May 2023 | VULN198 | Drupal: File Chooser Field and S3 File System vulnerabilities fixed | Systems running File Chooser Field for Drupal
|
|
19 May 2023 | VULN197 | Jenkins: Jenkins Security Advisory 2023-05-16 | Systems running Jenkins plugins.
|
|
17 May 2023 | VULN196 | WordPress: WordPress 6.2.1 Maintenance & Security Release | Systems running WordPress versions prior to 6.2.1.
|
|
17 May 2023 | VULN195 | Xen: Mishandling of guest SSBD selection on AMD hardware | Systems running Xen version 4.17.
|
|
16 May 2023 | STAT19 | |
|
|
12 May 2023 | VULN194 | Vmware: VMware Aria Operations update addresses multiple Local Privilege Escalations and a Deserialization issue | Systems running VMware Aria Operations version
|
|
12 May 2023 | VULN193 | Postgresql : PostgreSQL 15.3, 14.8, 13.11, 12.15, and 11.20 fix vulnerabilities | Systems running postgresql version prior to 15.3,
|
|
12 May 2023 | VULN192 | Citrix : Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-24487, CVE-2023-24488 | Systems running Citrix ADC and Citrix Gateway
|
|
12 May 2023 | VULN191 | GitLab : GitLab Coordinated Security Release 15.11.3, 15.10.7, 15.9.8 | Systems running GitLab versions prior to 15.11.3,
|
|
10 May 2023 | STAT18 | |
|
|
5 May 2023 | VULN190 | Elastic : Kibana 8.7.1 et Elastic Stack 8.7.0, 7.17.10 Security Updates | Systems running Kibana version prior to 8.7.1,
|
|
5 May 2023 | VULN189 | GitLab : GitLab Security Release 15.11.1, 15.10.5, and 15.9.6 | Systems running GitLab versions prior to 15.11.1,
|
|
4 May 2023 | VULN188 | Rancher : Rancher Webhook is | Systems running rancher (Go) versions
|
|
4 May 2023 | VULN187 | Moodle : Minor SQL injection risk and TinyMCE loaders Arbitrary Folder Creation | Systems running Moodle versions prior to 4.1.3,
|
|
4 May 2023 | VULN186 | Engine.IO : Uncaught exception in engine.io | Systems running engine.io (npm) versions
|
|
4 May 2023 | VULN185 | Apache : CVE-2023-32007 Apache Spark: Shell command injection via Spark UI | Systems running Apache Spark versions from
|
|
4 May 2023 | VULN184 | Django : Django security releases issued: 4.2.1, 4.1.9, and 3.2.19 | Systems running Django versions prior to 4.2.1,
|
|
4 May 2023 | VULN183 | Cisco : Cisco SPA112 2-Port Phone | Cisco SPA112 2-Port Phone Adapters software.
|
|
3 May 2023 | STAT17 | |
|
|
28 Apr 2023 | VULN182 | (SolarWinds : SolarWinds Platform Exposure of Sensitive Information Vulnerability (CVE-2023-23839)) | Systems running SolarWinds Platform versions
|
|
28 Apr 2023 | VULN181 | (OpenSSL : Input buffer over-read in AES-XTS implementation on 64 bit ARM (CVE-2023-1255)) | Systems running OpenSSL versions 3.0.0 to 3.0.8,
|
|
28 Apr 2023 | VULN180 | Apache: Arbitrary javascript injection in Apache Jena | Systems running Apache Jena (Maven) versions
|
|
28 Apr 2023 | VULN179 | WebKit : WebKitGTK and WPE WebKit Security Advisory | Systems running WebKitGTK, WPE WebKit versions
|
|
28 Apr 2023 | VULN178 | Tenable : Stand-alone Security Patch Available for Tenable.sc versions 5.22.0, 5.23.1, and 6.0.0: SC-202304.1 | Systems running Tenable.sc versions 5.22.0,
|
|
26 Apr 2023 | VULN177 | Xen : x86 shadow paging arbitrary pointer dereference | Systems running Xen versions 4.17.
|
|
26 Apr 2023 | VULN176 | Git : Multiple vulnerabilities fixed in Git | Systems running Git versions prior to 2.30.9,
|
|
26 Apr 2023 | VULN175 | Vmware : VMware Workstation and Fusion updates address multiple security vulnerabilities | Systems running VMware Workstation Pro / Player
|
|
21 Apr 2023 | STAT16 | |
|
|
21 Apr 2023 | VULN174 | vm2 : vm2 Sandbox Escape vulnerability | Systems running vm2 (npm) versions prior
|
|
21 Apr 2023 | VULN173 | Vmware : VMware Aria Operations | Windows running VMware Aria Operations for Logs
|
|
20 Apr 2023 | VULN172 | Google : Chrome Stable Channel Updated to fix multiple vulnerabilities | Windows running Google Chrome versions prior
|
|
20 Apr 2023 | VULN171 | Oracle : April 2023 Critical Patch Update Released | Systems running Oracle Products.
|
|
20 Apr 2023 | VULN170 | Drupal : Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005 | Systems running Drupal core versions prior
|
|
20 Apr 2023 | VULN169 | jetty-server : OutOfMemoryError for large multipart without filename and Nonstandard cookie parsing | Systems running jetty-server (Maven) versions
|
|
20 Apr 2023 | VULN168 | Kubernetes : CVE-2023-1174, CVE-2023-1944: Network port exposure and ssh access using default password | Systems running minikube versions prior
|
|
20 Apr 2023 | VULN167 | Spring : CVE-2023-20862 Empty SecurityContext Is Not Properly Saved Upon Logout | Systems running Spring Security versions prior
|
|
20 Apr 2023 | VULN166 | Cisco : Cisco Security Advisories Published on April 19, 2023 | Systems running Cisco Industrial Network
|
|
17 Apr 2023 | STAT15 | |
|
|
17 Apr 2023 | VULN165 | Apache : CVE-2023-22946 Apache Spark proxy-user privilege escalation from malicious configuration class | Systems running Apache Spark versions prior
|
|
17 Apr 2023 | VULN164 | Google Chrome : Chrome Stable Channel Updated to 112.0.5615.121 | Systems running Google Chrome versions prior
|
|
14 Apr 2023 | VULN163 | vm2 : vm2 vulnerable to sandbox escape | -
|
|
14 Apr 2023 | VULN162 | Palo Alto : CVE-2023-0006 GlobalProtect App Local File Deletion Vulnerability | Systems running GlobalProtect app versions prior
|
|
14 Apr 2023 | VULN161 | Palo Alto : Exposure of Sensitive Information and Local File Deletion Vulnerability | PAN-OS versions prior to 8.1.24, 9.0.17, 9.1.15,
|
|
14 Apr 2023 | VULN160 | Wireshark : wnpa-sec-2023-11 · GQUIC dissector crash | Systems running Wireshark versions prior to 4.0.5,
|
|
14 Apr 2023 | VULN159 | Spring : CVE-2023-20863 Spring Expression DoS Vulnerability | Systems running Spring Framework versions prior
|
|
14 Apr 2023 | VULN158 | Spring : CVE-2023-20866 Session ID can be logged to the standard output stream in Spring Session | Systems running Spring Session versions 3.0.0.
|
|
14 Apr 2023 | VULN157 | Microsoft : .NET Remote Code Execution Vulnerability | Systems running Any .NET 7.0 application running
|
|
14 Apr 2023 | VULN156 | XWiki : Multiple critical vulnerabilities fixed in XWiki | Systems running versions prior to 15.0-rc-1,
|
|
14 Apr 2023 | VULN155 | Jenkins : Jenkins Security Advisory 2023-04-12 | Systems running Azure Key Vault Plugin for
|
|
14 Apr 2023 | VULN154 | Microsoft : Mises à jour de sécurité de mars 2023 | -
|
|
11 Apr 2023 | STAT14 | |
|
|
6 Apr 2023 | VULN153 | Mitel : MiCollab Authentication Vulnerability | Systems running MiCollab versions 9.6.2.9 and
|
|
6 Apr 2023 | VULN152 | QNAP : Multiple vulnerabilities in QNAP devices | QTS versions prior to 5.0.1.2346 build 20230322,
|
|
6 Apr 2023 | VULN151 | Moby : Exposed Swarm VXLAN port and Encrypted overlay network vulnerabilities | Systems running Moby versions prior to 23.0.3,
|
|
6 Apr 2023 | VULN150 | Cisco : Cisco Security Advisories Published on April 05, 2023 | Systems running Cisco Secure Network Analytics,
|
|
6 Apr 2023 | VULN149 | Fields GLPI plugin : Unauthorized write access to additionnal fields | Systems running fields (glpi) versions prior
|
|
6 Apr 2023 | VULN148 | Order GLPI plugin : RCE from authenticated user | Systems running order for glpi versions prior
|
|
6 Apr 2023 | VULN147 | GLPI : Multiple Security Vulnerabilities fixed in versions glpi 9.5.13, 10.0.7 | Systems running GLPI versions prior to 10.0.7,
|
|
5 Apr 2023 | STAT13 | |
|
|
5 Apr 2023 | VULN146 | Sophos : Sophos Web Appliance 4.3.10.4 Resolves Security Vulnerabilities | Systems running Sophos Web Appliance (SWA)
|
|
5 Apr 2023 | VULN145 | Google Chrome: Multiple security vulnerabilities fixed in Chrome 112.0.5615.49/50 | Systems running Google Chrome versions prior to
|
|
5 Apr 2023 | VULN144 | Mastodon : Blind LDAP injection in login allows the attacker to leak arbitrary attributes from LDAP database | Systems running Mastodon versions prior to
|
|
5 Apr 2023 | VULN143 | Galaxy : Unauthorized modification of pages/visualizations due to insufficient permission check | Systems running Galaxy versions prior to
|
|
5 Apr 2023 | VULN142 | PowerDNS : Deterred spoofing attempts can,lead to authoritative servers being marked unavailable | Systems running PowerDNS Recursor versions prior
|
|
4 Apr 2023 | VULN141 | matrix-react-sdk : Prototype pollution in matrix-react-sdk | Systems running matrix-react-sdk versions prior to
|
|
4 Apr 2023 | VULN140 | Matrix JavaScript SDK : Prototype pollution in matrix-js-sdk | Systems running matrix-js-sdk versions prior to
|
|
4 Apr 2023 | VULN139 | HashiCorp : Vault’s multiple vulnerabilities fixed | Systems running HashiCorp Vault versions prior to
|
|
4 Apr 2023 | VULN138 | Ruby : CVE-2023-28755 ReDoS vulnerability in URI | Systems running uri gem versions prior to
|
|
4 Apr 2023 | VULN137 | Ruby : CVE-2023-28756 ReDoS vulnerability in Time | Systems running Ruby 2.7.7 or lower,
|
|
4 Apr 2023 | VULN136 | MediaWiki : Security and maintenance release: 1.35.10 / 1.38.6 / 1.39.3 | Systems running MediaWiki versions prior to
|
|
4 Apr 2023 | VULN135 | Cisco : Cisco Secure Web Appliance Content Encoding Filter Bypass Vulnerabilities | Cisco AsyncOS versions prior to 14.0.4,
|
|
31 Mar 2023 | VULN134 | 3CX : 3CX DesktopApp Security Alert | Windows running 3CX Desktop Electron App versions
|
|
31 Mar 2023 | VULN133 | Mattermost : High-level severity vulnerability fixed in mattermost 7.9.1, 7.8.2, 7.7.3 | Systems running Mattermost versions prior to
|
|
31 Mar 2023 | VULN132 | GitLab : GitLab Security Release: 15.10.1, 15.9.4, and 15.8.5 | Systems running GitLab versions prior to 15.10.1,
|
|
30 Mar 2023 | VULN131 | Mozilla : Security Vulnerabilities fixed in Thunderbird 102.9.1 | Systems running Thunderbird versions prior to
|
|
30 Mar 2023 | VULN130 | Samba : Multiple vulneravilities fixed in Samba | Systems running Samba versions from 4.0 prior to
|
|
30 Mar 2023 | VULN129 | runc : AppArmor/SELinux bypass and rootless `/sys/fs/cgroup` is writable | Systems running runc versions prior to 1.1.5.
|
|
30 Mar 2023 | VULN128 | Apache : CVE-2023-28935 Apache UIMA DUCC: DUCC (EOL) allows RCE | Systems running Apache UIMA.
|
|
30 Mar 2023 | VULN127 | X.Org : X.Org Server Overlay Window Use-After-Free | Systems running X.Org versions prior to 21.1.8.
|
|
30 Mar 2023 | VULN126 | Apache : CVE-2023-28158 Apache Archiva privilege escalation | Systems running Apache Archiva.
|
|
29 Mar 2023 | VULN125 | Veritas: VTS23-003 Security Advisory Impacting NetBackup Master Server | Systems running NetBackup Master Server versions
|
|
29 Mar 2023 | VULN124 | Veritas : VTS23-004 Security Advisory Impacting NetBackup Appliance | Systems running NetBackup Appliance versions
|
|
29 Mar 2023 | VULN123 | Spring : CVE-2023-20859 Insertion of Sensitive Information into Log Sourced from Failed Revocation of Tokens | Systems running Spring Vault versions prior
|
|
29 Mar 2023 | VULN122 | Spring : CVE-2023-20861 Spring Expression DoS Vulnerability | Systems running Spring Framework versions prior
|
|
29 Mar 2023 | VULN121 | Apache : CVE-2023-27296 Apache InLong JDBC Deserialization Vulnerability in InLong | Systems running Apache InLong versions 1.1.0
|
|
29 Mar 2023 | VULN120 | Cisco : Cisco Secure Network Analytics Remote Code Execution Vulnerability | Systems running Cisco Secure Network Analytics
|
|
28 Mar 2023 | VULN119 | Apache : Multiple vulnerabilities fixed in Apache OpenOffice 4.1.14 | Systems running Apache OpenOffice versions prior
|
|
28 Mar 2023 | VULN118 | Apache : CVE-2023-28326 Apache OpenMeetings: allows user impersonation | Systems running Apache OpenMeetings versions
|
|
28 Mar 2023 | VULN117 | OpenSSL : OpenSSL Security Advisory [28th March 2023] | Systems running OpenSSL versions 3.1, 3.0, 1.1.1,
|
|
28 Mar 2023 | VULN116 | Deno : Multiple vulnerabilities fixed in deno | Systems running Deno versions prior to 1.32.1,
|
|
27 Mar 2023 | STAT12 | |
|
|
23 Mar 2023 | VULN115 | ckeditor4 : Cross-site scripting (XSS) caused by the editor instance destroying process | Systems running ckeditor4 versions prior to
|
|
23 Mar 2023 | VULN114 | Grafana : Stored XSS in Graphite FunctionDescription tooltip | Systems running Grafana versions prior to
|
|
23 Mar 2023 | VULN113 | Pimcore : multiple vulnerabilities fixed in Pimcore 10.5.19 | Systems running Pimcore versions prior to 10.5.19.
|
|
23 Mar 2023 | VULN112 | (OpenSSL : Excessive Resource Usage Verifying X.509 Policy Constraints (CVE-2023-0464)) | Systems running OpenSSL versions prior to
|
|
23 Mar 2023 | VULN111 | Cisco : Cisco Security Advisories Published on March 22, 2023 | Cisco IOS XE Software, Cisco IOS Software,
|
|
22 Mar 2023 | VULN110 | Aruba : Authenticated Remote Code Execution in Aruba CX Switches | Systems running AOS-CX versions prior to
|
|
22 Mar 2023 | VULN109 | Redis : Specially crafted MSETNX command can lead to denial-of-service | Systems running Redis.
|
|
22 Mar 2023 | VULN108 | Google Chrome : Multiple vulnerabilities fixed in Chrome 111.0.5563.110 | Systems running Google Chrome versions prior to
|
|
22 Mar 2023 | VULN107 | KubeVirt : On a compromised node, the virt-handler service account can be used to modify all node specs | Systems running KubeVirt.
|
|
22 Mar 2023 | VULN106 | Silverstripe CMS GraphQL Server : DDOS attack on graphql endpoints | Systems running Silverstripe CMS GraphQL Server
|
|
22 Mar 2023 | VULN105 | Xen : Multiple vulnerabilities fixed in Xen | Systems running Xen.
|
|
22 Mar 2023 | VULN104 | curl : Multiple vulnerabilities fixed in curl | Systems running curl versions prior to 8.0.0.
|
|
22 Mar 2023 | VULN103 | Apache : CVE-2023-28708 Apache Tomcat - Information Disclosure | Systems running Apache Tomcat versions prior to
|
|
22 Mar 2023 | VULN102 | Jenkins : Jenkins Security Advisory 2023-03-21 | Systems running AbsInt a³ Plugin for Jenkins,
|
|
20 Mar 2023 | STAT11 | |
|
|
10 Mar 2023 | STAT10 | |
|
|
9 Mar 2023 | VULN101 | GitLab : GitLab Security Release: 15.9.2, 15.8.4, and 15.7.8 | Systems running GitLab versions prior to 15.9.2,
|
|
9 Mar 2023 | VULN100 | Apache : Multiple vulnerabilities fixed in 2.4.56 | Systems running Apache versions prior to 2.4.56.
|
|
9 Mar 2023 | VULN099 | Jenkins : Jenkins Security Advisory 2023-03-08 | Systems running Jenkins (core) versions prior to
|
|
3 Mar 2023 | STAT09 | |
|
|
2 Mar 2023 | VULN098 | SPIP : Mise à jour critique de sécurité sortie de SPIP 4.2.1, SPIP 4.1.8, SPIP 4.0.10 et SPIP 3.2.18 | Systems running SPIP versions prior to 4.2.1,
|
|
24 Feb 2023 | STAT08 | |
|
|
23 Feb 2023 | VULN097 | GeoTools : GeoTools OGC Filter SQL Injection Vulnerabilities | Systems running org.geotools:gt-jdbc (Maven)
|
|
23 Feb 2023 | VULN096 | Sequelize : SQL Injection via replacements and Unsafe fall-through in getWhereConditions | Systems running Sequelize versions prior to
|
|
23 Feb 2023 | VULN095 | Tenable : Stand-alone Security Patches Available for Tenable.sc versions 5.22.0 to 6.0.0 | Systems running Tenable.sc versions 5.22.0 up
|
|
23 Feb 2023 | VULN094 | Zimbra : Vulnerabilities fixed in Zimbra | Systems running Zimbra versions prior to
|
|
23 Feb 2023 | VULN093 | (VMware : VMware vRealize Orchestrator update addresses an XML External Entity (XXE) vulnerability (CVE-2023-20855)) | Systems running VMware vRealize Orchestrator
|
|
23 Feb 2023 | VULN092 | VMware : VMware Carbon Black App Control updates address an injection vulnerability | Systems running VMware Carbon Black App Control
|
|
23 Feb 2023 | VULN091 | Cisco : Cisco Security Advisories Published on February 22, 2023 | Systems running Cisco Application Policy
|
|
23 Feb 2023 | VULN090 | Apache : CVE-2023-24998 Apache Commons FileUpload - DoS with excessive parts | Systems running Apache Commons FileUpload
|
|
23 Feb 2023 | VULN089 | Apache : CVE-2023-24998 Apache Tomcat - FileUpload DoS with excessive parts | Systems running Apache Tomcat versions prior
|
|
21 Feb 2023 | STAT07 | |
|
|
17 Feb 2023 | VULN088 | Joomla! : [20230201] - Core - Improper access check in webservice endpoints | Systems running Joomla! versions 4 prior to 4.2.8.
|
|
17 Feb 2023 | VULN087 | curl : Multiple vulnerabilities fixed in curl | Systems running curl versions from 7.77.0 up to
|
|
17 Feb 2023 | VULN086 | argo-cd : Users with any cluster secret update access may update out-of-bounds cluster secrets | Systems running versions prior to 2.3.17,
|
|
17 Feb 2023 | VULN085 | graphql-mesh : Unwanted access to the entire file system vulnerability due to a missing check in `staticFiles` HTTP handler | Systems running graphql-mesh/cli versions prior
|
|
17 Feb 2023 | VULN084 | containerd : Supplementary groups and denial of service vulnerabilities | Systems running containerd versions prior to
|
|
17 Feb 2023 | VULN083 | Node.js : Thursday February 16 2023 Security Releases | Systems running Node.js versions prior to
|
|
17 Feb 2023 | VULN082 | Cisco : Cisco Security Advisories Published on February 15, 2023 | Systems running.
|
|
17 Feb 2023 | VULN081 | TimescaleDB : TimescaleDB 2.8.0 through 2.9.2 has incorrect access control | Systems running TimescaleDB versions prior to
|
|
17 Feb 2023 | VULN080 | Backstage : XSS Vulnerability in Software Catalog | Systems running Backstage versions prior to
|
|
17 Feb 2023 | VULN079 | GitLab : GitLab Critical Security Release: 15.8.2, 15.7.7 and 15.6.8 | Systems running GitLab versions prior to 15.8.2,
|
|
17 Feb 2023 | VULN078 | Kiwi TCMS : No protection against brute-force attacks and Denial of service | Systems running Kiwi TCMS versions prior to 12.0.
|
|
15 Feb 2023 | VULN077 | Jenkins : Jenkins Security Advisory 2023-02-15 | Systems running Azure Credentials for Jenkins,
|
|
15 Feb 2023 | VULN076 | WebKit : WebKitGTK and WPE WebKit Security Advisory | Systems running WebKitGTK, WPE WebKit versions
|
|
15 Feb 2023 | VULN075 | Citrix : Citrix Virtual Apps and Desktops Security Bulletin for CVE-2023-24483 | Systems running Citrix Virtual Apps and Desktops.
|
|
15 Feb 2023 | VULN074 | Citrix : Citrix Workspace app vulnerabilities | Windows, Linux running Citrix Workspace App.
|
|
15 Feb 2023 | VULN073 | Xen : x86 Cross-Thread Return Address Predictions | Systems running Xen.
|
|
15 Feb 2023 | VULN072 | Git : Git v2.39.2 fixes two security vulnerabilities | Systems running Git versions prior to 2.39.2.
|
|
15 Feb 2023 | VULN071 | Microsoft : February 2023 Security Updates | Systems running .NET and Visual Studio,
|
|
15 Feb 2023 | VULN070 | APPLE : APPLE-SA-2023-02-13-3 Safari 16.3.1 | Safari versions prior to 16.3.1.
|
|
15 Feb 2023 | VULN069 | APPLE : iOS 16.3.1 and iPadOS 16.3.1 | iOS, iPadOS versions prior to 16.3.1.
|
|
15 Feb 2023 | VULN068 | APPLE : macOS Ventura 13.2.1 | macOS versions prior to Ventura 13.2.1.
|
|
14 Feb 2023 | VULN067 | Django : Django security releases issued 4.1.7, 4.0.10, 3.2.18 | Systems running Django versions prior to 4.1.7,
|
|
14 Feb 2023 | VULN066 | Palo Alto : Cortex XDR Agent vulnerabilities | Systems running Cortex XDR Agent versions prior
|
|
14 Feb 2023 | VULN065 | Palo Alto : Cortex XSOAR Local File Disclosure Vulnerability in the Cortex XSOAR Server | Systems running Cortex XSOAR versions prior to
|
|
14 Feb 2023 | VULN064 | PostgreSQL : PostgreSQL 15.2, 14.7, 13.10, 12.14, and 11.19 Released! | Systems running PostgreSQL versions prior to
|
|
14 Feb 2023 | VULN063 | Jenkins : Jenkins Security Advisory 2023-02-09 | Systems running Jenkins Docker images.
|
|
13 Feb 2023 | STAT06 | |
|
|
10 Feb 2023 | VULN062 | Symfony : Possible CSRF token fixation and cookie headers in HttpCache vulnerabilities | Systems running Symfony versions prior to
|
|
10 Feb 2023 | VULN061 | Apache : Improper Restriction of XML External Entity References in ExtractCCDAAttributes | Systems running Apache NiFi versions prior to
|
|
10 Feb 2023 | VULN060 | Elastic : Elastic 7.17.9, 8.5.0 and 8.6.1 Security Update | Systems running Elastic versions prior to 7.17.9,
|
|
8 Feb 2023 | STAT05 | |
|
|
8 Feb 2023 | VULN059 | Phpmyadmin : XSS vulnerability in drag-and-drop upload | Systems running phpmyadmin versions prior to 5.1.2,
|
|
8 Feb 2023 | VULN058 | TYPO3 : TYPO3-CORE-SA-2023-001 Persisted Cross-Site Scripting in Frontend Rendering | Systems running TYPO3 versions prior to
|
|
8 Feb 2023 | VULN057 | Apache : Python and Golang drivers allow data manipulation and exposure due to SQL injection | Systems running Apache AGE PostgreSQL 11,
|
|
8 Feb 2023 | VULN056 | OpenSSL : Multiple vulnerabilities fixed in OpenSSL | Systems running OpenSSL versions prior to 3.0.8,
|
|
8 Feb 2023 | VULN055 | X.Org : Security issue in the X server | Systems running X.Org versions prior to 21.1.7.
|
|
8 Feb 2023 | VULN054 | Apache : Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect | Systems running Apache Kafka.
|
|
3 Feb 2023 | VULN053 | Pimcore : Missing file upload type validation in user profile | Systems running Pimcore versions prior to 10.5.16.
|
|
3 Feb 2023 | VULN052 | Trend Micro : Trend Micro Apex One File Upload Vulnerability | Systems running Trend Micro Apex One,
|
|
3 Feb 2023 | VULN051 | (Atlassian : Jira Service Management Server and Data Center Advisory (CVE-2023-22501)) | Systems running Jira Service Management Server
|
|
3 Feb 2023 | VULN050 | (VMware : VMware Workstation update addresses an arbitrary file deletion vulnerability (CVE-2023-20854)) | Systems running VMware Workstation versions
|
|
3 Feb 2023 | VULN049 | WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2023-0001 | Systems running WebKitGTK, WPE WebKit versions
|
|
3 Feb 2023 | VULN048 | OpenSSH : OpenSSH 9.2 released | Systems running OpenSSH versions prior to 9.2.
|
|
2 Feb 2023 | VULN047 | Nagios : Multiple vulnerabilities fixed in Nagios 5.9.3 | Systems running Nagios versions prior to 5.9.3.
|
|
2 Feb 2023 | VULN046 | Drupal : Vulnerabilities fixed in multiple extensions for Drupal | Systems running Apigee Edge for Drupal versions
|
|
2 Feb 2023 | VULN045 | (TYPO3 : TYPO3-EXT-SA-2023-001Broken Access Control in extension 'femanager' (femanager)) | Systems running femanager for TYPO3 versions prior
|
|
2 Feb 2023 | VULN044 | dompdf : URI validation failure on SVG parsing | Systems running dompdf versions 2.0.1.
|
|
2 Feb 2023 | VULN043 | Cisco : Cisco Security Advisories Published on February 01, 2023 | Cisco IOS XE Software with Cisco IOx feature
|
|
1 Feb 2023 | VULN042 | (VMware : VMware vRealize Operations (vROps) update addresses a CSRF bypass vulnerability (CVE-2023-20856)) | Systems running VMware vRealize Operations (vROps)
|
|
1 Feb 2023 | VULN041 | GitLab : GitLab Security Release: 15.8.1, 15.7.6, and 15.6.7 | Systems running GitLab Community Edition,
|
|
1 Feb 2023 | VULN040 | Joomla! : CSRF and Missing ACL checks Vulnerabilities | Systems running Joomla! versions 4 prior to 4.2.7.
|
|
1 Feb 2023 | VULN039 | Django : Django security releases issued 4.1.6, 4.0.9, and 3.2.17 | Systems running Django versions prior to 4.1.6,
|
|
31 Jan 2023 | VULN038 | Tenable : [R1] Tenable Plugin Feed ID #202212212055 Fixes Privilege Escalation Vulnerability | Systems running tenable.io, tenable.sc, Nessus.
|
|
31 Jan 2023 | VULN037 | Grafana : SAML privilege escalation and Stored XSS in ResourcePicker | Systems running Grafana Enterprise versions prior
|
|
31 Jan 2023 | VULN036 | Qnap : Vulnerability in QTS and QuTS hero | Systems running QTS version 5.0.1,
|
|
31 Jan 2023 | VULN035 | rancher/wrangler : Command injection in Git package and DoS) when processing Git credentials | Systems running rancher/wrangler versions prior
|
|
31 Jan 2023 | VULN034 | Apache : Apache Linkis has a Local File Read and a serialization attack Vulnerability | Systems running Apache Linkis versions prior
|
|
31 Jan 2023 | VULN033 | Google Chrome : Stable Channel Update for Desktop updated to 106.0.5249.119 | Systems running Google Chrome versions prior to
|
|
30 Jan 2023 | STAT04 | |
|
|
27 Jan 2023 | VULN032 | Glpi : Unauthorized access to inventory files and data export | Systems running Glpi versions prior to 10.0.6.
|
|
27 Jan 2023 | VULN031 | Tenable : [R1] Tenable.sc 6.0.0 Fixes Multiple Vulnerabilities | Systems running Tenable.sc versions prior to
|
|
27 Jan 2023 | VULN030 | Rancher : Multiple Vulnerabilities fixed in Rancher | Systems running rancher versions prior to 2.5.17,
|
|
27 Jan 2023 | VULN029 | Xen : Guests can cause Xenstore crash via soft reset | Systems running Xen versions 4.17.
|
|
26 Jan 2023 | VULN028 | Bind : Vulnerabilities fixed in Bind | Systems running Bind versions prior to 9.16.37,
|
|
26 Jan 2023 | VULN027 | Argo-cd : Important vulnerabilities fixed in argo-cd | Systems running argo-cd versions prior to
|
|
25 Jan 2023 | VULN026 | Openstack : OSSA-2023-002 Arbitrary file access through custom VMDK flat descriptor | Systems running Cinder versions <19.1.2,
|
|
25 Jan 2023 | VULN025 | Openstack : OSSA-2023-001 Arbitrary file access through custom S3 XML entities | Systems running Swift versions <2.28.1,
|
|
25 Jan 2023 | VULN024 | (VMware : VMware vRealize Log Insight latest updates address multiple security vulnerabilities (CVE-2022-31706, CVE-2022-31704, CVE-2022-31710, CVE-2022-31711)) | Systems running VMware vRealize Log Insight
|
|
25 Jan 2023 | VULN023 | Jenkins : Jenkins Security Advisory 2023-01-24 | -
|
|
24 Jan 2023 | VULN022 | APPLE : APPLE-SA-2023-01-23-4 macOS Ventura 13.2 | macOS Ventura versions prior to 13.2.
|
|
24 Jan 2023 | VULN021 | Moodle : Multiple security vulnerabilities fixed in Moodle 4.1.1, 4.0.6, 3.11.12, 3.9.19 | Systems running Moodle versions prior to 4.1.1,
|
|
24 Jan 2023 | VULN020 | Mozilla : Security Vulnerabilities fixed in Thunderbird 102.7 | Systems running Thunderbird versions prior to
|
|
24 Jan 2023 | VULN019 | APPLE : APPLE-SA-2023-01-23-1 iOS 16.3 and iPadOS 16.3 | iOS, iPadOS versions prior to 16.3.
|
|
24 Jan 2023 | VULN018 | APPLE : APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3 | Systems running macOS Monterey versions prior
|
|
24 Jan 2023 | VULN017 | PowerDNS : 2023-01 unbounded recursion results in program termination | Systems running PowerDNS Recursor versions 4.8.0.
|
|
24 Jan 2023 | VULN016 | Apache : CVE-2023-22884 Arbitrary file read via MySQL provider in Apache Airflow | Systems running Apache Airflow versions prior
|
|
24 Jan 2023 | VULN015 | Apple : Safari 16.3 | Systems running Safari versions prior to 16.3.
|
|
24 Jan 2023 | VULN014 | Redis : Vulnerailities fixed in Redis 6.2.9, and 7.0.8 | Systems running Redis versions prior to 6.2.9,
|
|
24 Jan 2023 | STAT03 | |
|
|
19 Jan 2023 | VULN013 | Deno : Interactive permission prompt spoofing | Systems running Deno versions prior to 1.29.3.
|
|
19 Jan 2023 | VULN012 | cakephp : Database\Query::offset() and limit() vulnerable to SQL injection | Systems running cakephp versions prior to 4.2.12,
|
|
19 Jan 2023 | VULN011 | Oracle : January 2023 Critical Patch Update Released | Systems running Oracle products.
|
|
19 Jan 2023 | VULN010 | Mozilla : Security Vulnerabilities fixed in Firefox 109, ESR 102.7 | Systems running Firefox versions prior
|
|
19 Jan 2023 | VULN009 | Drupal : Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-001 | Systems running Drupal core versions prior
|
|
19 Jan 2023 | VULN008 | Sudo : Sudoedit can edit arbitrary files | Systems running versions from 1.8.0 and prior to
|
|
18 Jan 2023 | VULN007 | Apache : Apache HTTP Server 2.4.55 fix security vulnerabilities | Systems running Apache HTTP Server versions prior
|
|
18 Jan 2023 | VULN006 | GitLab : GitLab Critical Security Release: 15.7.5, 15.6.6, and 15.5.9 | Systems running GitLab versions prior to 15.7.5,
|
|
17 Jan 2023 | VULN005 | (Rust : Security advisory for Cargo (CVE-2022-46176)) | Systems running Rust versions prior to 1.66.1.
|
|
17 Jan 2023 | VULN004 | Apache : CVE-2023-22602 Apache Shiro before 1.11.0, when used with Spring Boot 2.6+, may allow authentication bypass | Systems running Apache Shiro versions prior to
|
|
17 Jan 2023 | VULN003 | X.Org : Issues handling XPM files in libXpm prior to 3.5.15 | Systems running libXpm versions prior to 3.5.15.
|
|
16 Jan 2023 | STAT02 | |
|
|
11 Jan 2023 | VULN002 | Microsoft : January 2023 Security Updates | Systems running Microsoft products.
|
|
11 Jan 2023 | VULN001 | Apache : CVE-2022-45143 Apache Tomcat - JsonErrorReportValve injection | Systems running Apache Tomcat versions prior
|
|
11 Jan 2023 | STAT01 | |
|
|
3 Jan 2023 | STAT52 | |
|