|
21 Sep 2023 | VULN339 | Drupal : Drupal core - Critical - Cache poisoning - SA-CORE-2023-006 | Systems running Drupal core versions prior to
|
|
21 Sep 2023 | VULN338 | HashiCorp : Vault’s Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption | Systems running Vault, Vault Enterprise versions
|
|
21 Sep 2023 | VULN337 | Jenkins : Jenkins Security Advisory 2023-09-20 | Systems running Jenkins weekly versions up to
|
|
20 Sep 2023 | VULN336 | CUPS : CUPS Heap-based buffer overflow | Systems running cups versions up to and including
|
|
20 Sep 2023 | VULN335 | Spring : CVE-2023-34047 Exposure of data and identity to wrong session in Spring for GraphQL | Systems running Spring for GraphQL versions prior
|
|
20 Sep 2023 | VULN334 | GitLab: GitLab Critical Security Release: 16.3.4 and 16.2.7 | Systems running GitLab versions prior to 16.3.4,
|
|
20 Sep 2023 | VULN333 | Xen : arm32 The cache may not be properly cleaned/invalidated | Systems running Xen on Arm 32-bit.
|
|
20 Sep 2023 | VULN332 | ISC : Vulnerabilities may cause named to terminate unexpectedly | Systems running BIND versions 9 prior to 9.16.44,
|
|
20 Sep 2023 | VULN331 | Strapi : Multiple security vulnerabilities fixed | Systems running strapi/plugin-users-permissions,
|
|
20 Sep 2023 | VULN330 | Directus : VM2 Sandbox escape and Incorrect Permission Checking for GraphQL | Systems running Directus versions prior to 10.6.0.
|
|
18 Sep 2023 | STAT37 | |
|
|
12 Sep 2023 | VULN314 | APPLE : APPLE-SA-2023-09-11-1 iOS 15.7.9 and iPadOS 15.7.9 | iOS, iPadOS versions prior to 15.7.9.
|
|
12 Sep 2023 | VULN313 | APPLE : APPLE-SA-2023-09-11-3,2 macOS Big Sur 11.7.10 and Monterey 12.6.9 | macOS versions prior to Big Sur 11.7.10,
|
|
12 Sep 2023 | VULN312 | Terraform : HCSEC-2023-27 - Terraform Allows Arbitrary File Write During Init Operation | Terraform versions prior to 1.5.7.
|
|
12 Sep 2023 | VULN311 | Argo CD : Cluster secret that might leak in cluster details page and Denial of Service fixed | Systems running Argo CD (Go) versions prior to
|
|
12 Sep 2023 | VULN310 | RKE2 : RKE2 supervisor port is vulnerable to unauthenticated remote denial-of-service (DoS) attack | Systems running rancher/rke2 (Go) versions prior
|
|
12 Sep 2023 | VULN309 | K3s : K3s apiserver port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attack | Systems running K3s versions prior to
|
|
12 Sep 2023 | VULN308 | Apache : Vulnerabilities fixed in Apache Airflow 2.7.1 | Systems running Apache Airflow versions prior
|
|
12 Sep 2023 | VULN307 | WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2023-0008 | Systems running WebKitGTK, WPE WebKit versions
|
|
11 Sep 2023 | STAT36 | |
|
|
8 Sep 2023 | VULN306 | (OpenSSL : POLY1305 MAC implementation corrupts XMM registers on Windows (CVE-2023-4807)) | Systems running OpenSSL versions 1.1.1 to 1.1.1v,
|
|
8 Sep 2023 | VULN305 | APPLE : APPLE-SA-2023-09-07-3 watchOS 9.6.2 | watchOS versions prior to 9.6.2.
|
|
8 Sep 2023 | VULN304 | APPLE : APPLE-SA-2023-09-07-1 macOS Ventura 13.5.2 | macOS versions prior to 13.5.2.
|
|
8 Sep 2023 | VULN303 | APPLE : APPLE-SA-2023-09-07-2 iOS 16.6.1 and iPadOS 16.6.1 | iOS versions prior to 16.6.1.
|
|
7 Sep 2023 | VULN302 | (SolarWinds : MFA/2FA Bypass Vulnerability in Serv-U 15.4: Serv-U 15.4 and 15.4 HF1 (CVE-2023-40060)) | Systems running Serv-U versions 15.4 prior to
|
|
7 Sep 2023 | VULN301 | Google : Security vulnerabilities fixed in Chrome 116.0.5845.179/.180 | Systems running Google Chrome versions prior to
|
|
7 Sep 2023 | VULN300 | Elastic : Elasticsearch 8.9.2 and 7.17.13 Security Update | Systems running Elasticsearch versions prior
|
|
7 Sep 2023 | VULN299 | Aruba : Multiple Vulnerabilities in 9200 and 9000 Series Controllers and Gateways running ArubaOS | ArubaOS versions prior to 10.4.0.2, 8.11.1.1,
|
|
7 Sep 2023 | VULN298 | (Electron : Security vulnerabilities fixed in Electron (npm)) | Systems running electron (npm) versions prior
|
|
7 Sep 2023 | VULN297 | Cisco : Cisco Security Advisories Published on September 06, 2023 | Systems running Cisco BroadWorks Application
|
|
6 Sep 2023 | VULN296 | Apache : Multiple security vulnerabilities fixed in Apache Superset | Systems running Apache Superset versions up to
|
|
6 Sep 2023 | VULN295 | Jenkins: Jenkins Security Advisory 2023-09-06 | Systems running Assembla Auth Plugin for Jenkins,
|
|
5 Sep 2023 | VULN294 | Apache : CVE-2023-39441 Apache Airflow SMTP Provider, Apache Airflow IMAP Provider, Apache Airflow SMTP/IMAP client components vulnerability | Systems running Apache Airflow SMTP Provider
|
|
5 Sep 2023 | VULN293 | Apache : Apache Airflow Session fixation, Exposure of sensitive connection information, DOS and SSRF vulnerabilities | Systems running Apache Airflow versions
|
|
5 Sep 2023 | VULN292 | Apache : CVE-2023-27604 Airflow Sqoop Provider RCE Vulnerability | Systems running Apache Airflow Sqoop Provider
|
|
5 Sep 2023 | VULN291 | Xen : arm32 The cache may not be properly cleaned/invalidated | Systems running Xen.
|
|
5 Sep 2023 | VULN290 | Gitpython : Untrusted search path on Windows and Blind local file inclusion vulnerabilities | Systems running gitpython (pip) versions prior
|
|
5 Sep 2023 | VULN289 | Django : Django security releases issued 4.2.5, 4.1.11, and 3.2.21 | Systems running Django versions prior to 4.2.5,
|
|
4 Sep 2023 | STAT35 | |
|
|
1 Sep 2023 | VULN288 | Synology : Synology-SA-23:10 SRM | SRM versions 1.3 prior to 1.3.1-9346-6.
|
|
1 Sep 2023 | VULN287 | (Juniper : Junos OS and Junos OS Evolved: A crafted BGP UPDATE message allows a remote attacker to de-peer (reset) BGP sessions (CVE-2023-4481)) | Junos OS versions prior to 23.4R1,
|
|
1 Sep 2023 | VULN286 | (Splunk : Vulnerabilities fixed in Splunk IT Service Intelligence (ITSI)) | Systems running Splunk IT Service Intelligence
|
|
1 Sep 2023 | VULN285 | Synology : Synology-SA-23:11 Synology Camera | Synology Camera BC500 Firmware, Synology Camera
|
|
1 Sep 2023 | VULN284 | Synology : Synology-SA-23:12 Synology SSL VPN Client | Systems running Synology SSL VPN Client
|
|
1 Sep 2023 | VULN283 | Gitlab : GitLab Security Release 16.3.1, 16.2.5, and 16.1.5 | Systems running GitLab versions prior to
|
|
31 Aug 2023 | VULN282 | Trend Micro : Trend Micro Mobile Security (Enterprise) Reflected Cross Site-Scripting Vulnerabilities | Windows running Mobile Security (Enterprise)
|
|
31 Aug 2023 | VULN281 | Ivanti : CVE-2023-38035 – API Authentication Bypass on Sentry Administrator Interface | Systems running Ivanti MobileIron Sentry Sentry
|
|
31 Aug 2023 | VULN280 | Aruba : Multiple Vulnerabilities in EdgeConnect SD-WAN Orchestrator | Systems running EdgeConnect SD-WAN Orchestrator
|
|
31 Aug 2023 | VULN279 | QNAP : Vulnerabilities in QTS and QuTS hero | QTS, versions prior to 5.1.0.2444 build 20230629,
|
|
31 Aug 2023 | VULN278 | Splunk : Multiple vulnerabilities fixed in Splunk Enterprise | Systems running Splunk Enterprise versions prior
|
|
31 Aug 2023 | VULN277 | (Vmware : VMware Tools updates address a SAML Token Signature Bypass Vulnerability (CVE-2023-20900)) | Systems running VMware Tools versions prior to
|
|
30 Aug 2023 | VULN276 | Wireshark : Multiple vulnerabilities fixed in Wireshark 4.0.8, 3.6.16 | Systems running Wireshark versions prior to 4.0.8,
|
|
30 Aug 2023 | VULN275 | Esoteric YamlBeans : Esoteric YamlBeans XML Entity Expansion and Unsafe Deserialization vulnerabilities | Systems running Esoteric YamlBeans versions up to
|
|
30 Aug 2023 | VULN274 | Aruba : ArubaOS-Switch Switches Multiple Vulnerabilities | ArubaOS-Switch.
|
|
30 Aug 2023 | VULN273 | VMware: VMware Aria Operations for Networks updates address multiple vulnerabilities | Systems running VMware Aria Operations Networks
|
|
30 Aug 2023 | VULN272 | Mozilla : Multiple Vulnerabilities fixed in Firefox and Thunderbird | Systems running Firefox versions prior to
|
|
30 Aug 2023 | VULN271 | Jupyter Server : Open Redirect and cross-site inclusion (XSSI) of files vulnerabilities | Systems running Jupyter Server versions prior
|
|
29 Aug 2023 | VULN270 | RUSTSEC : mail-internals use-after-free vulnerability in `vec_insert_bytes | Systems running mail-internals (Rust).
|
|
29 Aug 2023 | VULN269 | Apache : CVE-2023-41080 Apache Tomcat - open redirect | Systems running Apache Tomcat versions prior to
|
|
28 Aug 2023 | STAT34 | |
|
|
25 Aug 2023 | VULN268 | (Solarwinds : MFA/2FA Bypass Vulnerability in Serv-U 15.4 (CVE-2023-35179)) | Systems running Serv-U versions prior to 15.4 HF1.
|
|
25 Aug 2023 | VULN267 | Tuleap : Security vulnerabilities fixed in Tuleap | Systems running Tuleap Community Edition versions
|
|
25 Aug 2023 | VULN266 | Python : CVE-2023-40217] Bypass TLS handshake on closed sockets | Systems running Python versions prior to 3.11.5,
|
|
25 Aug 2023 | VULN265 | Cargo : Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports | Systems running cargo versions prior to 1.72.
|
|
24 Aug 2023 | VULN264 | Cisco : Cisco Security Advisories Published on August 23, 16, and 2 2023 | Systems running Cisco Products.
|
|
24 Aug 2023 | VULN263 | Spring : CVE-2023-34040 Java Deserialization vulnerability in Spring-Kafka When Improperly Configured | Systems running Spring for Apache Kafka versions
|
|
24 Aug 2023 | VULN262 | Kubernetes : CVE-2023-3893: Insufficient input sanitization on kubernetes-csi-proxy leads to privilege escalation | Systems running kubernetes-csi-proxy versions
|
|
24 Aug 2023 | VULN261 | (Amazon : Kubernetes Security Issues (CVE-2023-3676, CVE-2023-3893, CVE-2023-3955)) | Amazon EKS customers with Windows EC2 nodes in
|
|
24 Aug 2023 | VULN260 | Kubernetes : CVE-2023-3955, CVE-2023-3676 Insufficient input sanitization on Windows nodes leads to privilege escalation | Systems running kubelet versions prior to
|
|
24 Aug 2023 | VULN259 | MongoDB : Certificate validation issue in MongoDB Server running on Windows or macOS | Systems running MongoDB Server versions up
|
|
23 Aug 2023 | VULN258 | Google Chrome : Chrome Desktop Stable Update 116.0.5845.110 and.111 | Systems running Google Chrome versions prior to
|
|
23 Aug 2023 | VULN257 | Zimbra : Zimbra Security Update CVE-2023-41106 | Systems running Zimbra Collaboration Suite
|
|
23 Aug 2023 | VULN256 | Apache : CVE-2023-40272 Apache Airflow Spark Provider Arbitrary File Read via JDBC | Systems running Apache Airflow Spark Provider
|
|
23 Aug 2023 | VULN255 | WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2023-0007 | Systems running WebKitGTK, WPE WebKit versions
|
|
23 Aug 2023 | VULN254 | Apache : CVE-2022-46751 Apache Ivy XML External Entity vulnerability in Apache Ivy | Systems running Apache Ivy versions prior to 2.5.2.
|
|
22 Aug 2023 | STAT33 | |
|
|
22 Aug 2023 | VULN253 | Node.js : Wednesday August 9th 2023 Security Releases | Systems running Node.js versions prior to 16.20.2
|
|
22 Aug 2023 | VULN252 | node-saml : ValidatePostRequestAsync does not include checkTimestampsValidityError | Systems running saml.js versions prior to 4.0.5.
|
|
18 Aug 2023 | VULN251 | TYPO3 : Vulnerability in third party TYPO3 CMS extension | Systems running "hCaptcha for EXT:form" for
|
|
18 Aug 2023 | VULN250 | TYPO3 : TYPO3 12.4.4 and 11.5.30 security releases | Systems running TYPO3 versions prior to 12.4.4,
|
|
18 Aug 2023 | VULN249 | Jenkins : Multiple Security Vulnerabilities fixed in Jenkins products | Systems running Jenkins products.
|
|
16 Aug 2023 | STAT32 | |
|
|
7 Aug 2023 | STAT31 | |
|
|
7 Aug 2023 | STAT30 | |
|
|
28 Jul 2023 | VULN248 | (Ivanti Endpoint Manager Mobile (Core) ) | -
|
|
26 Jul 2023 | VULN247 | Atlassian : July 2023 Security Bulletin | Systems running
|
|
21 Jul 2023 | STAT29 | |
|
|
19 Jul 2023 | STAT28 | |
|
|
17 Jul 2023 | VULN246 | Zimbra : Security Update for Zimbra Collaboration Suite Version 8.8.15 | Systems running Zimbra versions prior to Zimbra
|
|
13 Jul 2023 | STAT27 | |
|
|
13 Jul 2023 | VULN245 | Mozilla : Security Vulnerabilities fixed in Firefox | Systems running Firefox versions prior to 115.0.2,
|
|
13 Jul 2023 | VULN244 | Citrix : Citrix Secure Access client Security Bulletins | Systems running Citrix Secure Access client for
|
|
13 Jul 2023 | VULN243 | SAP : SAP Security Patch Day – July 2023 | Systems running SAP products.
|
|
11 Jul 2023 | VULN242 | SPIP : Mise à jour de maintenance et sécurité sortie de SPIP 4.2.4, SPIP 4.1.11 | -
|
|
4 Jul 2023 | STAT26 | |
|
|
3 Jul 2023 | VULN241 | Apache : Apache Airflow ODBC, MSSQL and JDBC Providers Vulnerabilities fixed | Systems running Apache Airflow ODBC Provider
|
|
3 Jul 2023 | VULN240 | Apache : CVE-2023-35797 Apache Airflow Hive Provider Beeline RCE with Principal | Systems running Apache Airflow Hive Provider
|
|
3 Jul 2023 | VULN239 | Django : Django security releases issued: 4.2.3, 4.1.10, and 3.2.20 | Systems running Django versions prior to 4.2.3,
|
|
29 Jun 2023 | VULN238 | Google Chrome : Stable Channel Update for Desktop updated to 114.0.5735.198 and 114.0.5735.198/199 to fix vulnerabilities | Mac OS, Linux running Google Chrome versions prior
|
|
29 Jun 2023 | VULN237 | Tenable : Tenable Plugin Feed ID #202306261202 Fixes Privilege Escalation Vulnerability | Systems running Tenable.io, Nessus,
|
|
29 Jun 2023 | VULN236 | Apache : CVE-2023-31469 Apache StreamPipes Privilege escalation through non-admin user | Systems running Apache StreamPipes versions prior
|
|
29 Jun 2023 | VULN235 | WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2023-0005 | Systems running WebKitGTK, WPE WebKit versions
|
|
29 Jun 2023 | VULN234 | Grafana : Grafana vulnerable to Authentication Bypass by Spoofing | Systems running Grafana versions prior to
|
|
26 Jun 2023 | STAT25 | |
|
|
23 Jun 2023 | VULN233 | Kubernetes : Bypassing policies imposed by ServiceAccount and ImagePolicyWebhook admission plugins | Systems running kube-apiserver versions prior to
|
|
23 Jun 2023 | VULN232 | Bind : Multiple vulnerabilities fixed in BIND | Systems running BIND versions prior to 9.16.42,
|
|
23 Jun 2023 | VULN231 | kubernetes : CVE-2023-1943 Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode | Systems running kOps versions prior to 1.26.2,
|
|
23 Jun 2023 | VULN230 | Drupal : Vulnerabilities fixed in Drupal extensions | Systems runnin Album Photos for Drupal,
|
|
23 Jun 2023 | VULN229 | Apache : CVE-2023-34981 Apache Tomcat - Information disclosure | Systems running Apache Tomcat versions prior to
|
|
23 Jun 2023 | VULN228 | Node.js : Tuesday June 20 2023 Security Releases | Systems running Node.js versions prior to 16.20.1
|
|
21 Jun 2023 | STAT24 | |
|
|
21 Jun 2023 | VULN227 | Moodle : Multiple vulnerabilities fixed in Moodle | Systems running Moodle versions prior to 4.2.1,
|
|
14 Jun 2023 | VULN226 | Jenkins : Jenkins Security Advisory 2023-06-14 | Systems running Jenkins (core),
|
|
14 Jun 2023 | VULN225 | SAP : SAP Security Patch Day – June 2023 | Systems running SAP products.
|
|
14 Jun 2023 | VULN224 | Apache: DoS via OOM vulnerabilities fixed in Apache Struts | Systems running Apache Struts versions prior to
|
|
14 Jun 2023 | VULN223 | (VMware : VMware Tools update addresses Authentication Bypass vulnerability (CVE-2023-20867)) | Systems running VMware Tools versions prior to
|
|
14 Jun 2023 | VULN222 | PHP : PHP security releases 8.0.29, 8.1.20, 8.2.7 fixes stack information leak | Systems running PHP versions prior to 8.0.29,
|
|
14 Jun 2023 | VULN221 | Google Chrome: Multiple security vulnerabilities fixed in Chrome 114.0.5735.133, 114.0.5735.133/134 | Windows running Chrome versions prior to
|
|
14 Jun 2023 | VULN220 | Grafana : Broken Access Control in Alert manager Viewer can send test alerts | Systems running Grafana versions prior to 9.5.3,
|
|
13 Jun 2023 | VULN219 | Fortinet: FortiOS & FortiProxy - Heap buffer overflow in sslvpn pre-authentication | FortiOS-6K7K versions prior to 7.0.12, 6.4.13,
|
|
13 Jun 2023 | VULN218 | Snowflake Golang Driver: Snowflake Golang Driver vulnerable to Command Injection | Systems running gosnowflake versions prior to
|
|
13 Jun 2023 | VULN217 | Shibboleth : Parsing of KeyInfo elements can cause remote resource access | Windows running Service Provider software
|
|
13 Jun 2023 | VULN216 | Snowflake NodeJS driver: Snowflake NodeJS Driver Security Advisory | Systems running snowflake-connector-nodejs
|
|
13 Jun 2023 | VULN215 | Mozilla: Security Vulnerabilities fixed in Thunderbird 102.12 | Systems running Thunderbird versions prior to
|
|
12 Jun 2023 | STAT23 | |
|
|
8 Jun 2023 | VULN214 | Mozilla: Security Vulnerabilities fixed in Firefox 114, ESR 102.12 | Systems running Firefox versions prior to 114,
|
|
8 Jun 2023 | VULN213 | Apache: Apache Guacamole multiple vulnerabilities | Systems running Apache Guacamole versions prior
|
|
7 Jun 2023 | VULN212 | GitLab: GitLab Security Release 16.0.2, 15.11.7, and 15.10.8 | Systems running GitLab versions prior to 16.0.2,
|
|
7 Jun 2023 | VULN211 | Rancher: Multiple vulnerabilities fixed in Rancher | Systems running Rancher versions prior to 2.6.13,
|
|
7 Jun 2023 | VULN210 | VMware: VMware Workspace ONE Access and Identity Manager update addresses an Insecure Redirect Vulnerability | Systems running VMware Workspace ONE Access
|
|
5 Jun 2023 | STAT22 | |
|
|
1 Jun 2023 | VULN209 | GitLab: GitLab Critical Security Release 16.0.1 | Systems running GitLab versions prior to 16.0.1.
|
|
1 Jun 2023 | VULN208 | Joomla: Vulnerabilities fixed in version 4.3.2 | Systems running Joomla versions prior to 4.3.2.
|
|
1 Jun 2023 | VULN207 | SPIP: Mise à jour critique de l’écran de sécurité 1.5.3 | Systems running écran de sécurité versions prior
|
|
1 Jun 2023 | VULN206 | Kubernetes: CVE-2023-2878: secrets-store-csi-driver discloses service account tokens in logs | Systems running Kubernetes secrets-store-csi-driver
|
|
1 Jun 2023 | VULN205 | Apache: CVE-2023-33234 Apache Airflow CNCF Kubernetes Provider RCE via connection configuration | Systems running Apache Airflow CNCF Kubernetes
|
|
1 Jun 2023 | VULN204 | OpenSSL: OpenSSL Security Advisory [30th May 2023] | Systems running OpenSSL versions prior to 3.0.9,
|
|
1 Jun 2023 | VULN203 | WebKit: WebKitGTK and WPE WebKit Security Advisory WSA-2023-0004 | Systems running WebKitGTK, WPE WebKit versions
|
|
26 May 2023 | STAT21 | |
|
|
19 May 2023 | STAT20 | |
|
|
19 May 2023 | VULN202 | APPLE: APPLE-SA-2023-05-18-8 Safari 16.5 | Systems running Safari versions prior to 16.5.
|
|
19 May 2023 | VULN201 | APPLE: macOS Ventura 13.4, Monterey 12.6.6, Big Sur 11.7.7 | macOS versions prior to Ventura 13.4, Monterey
|
|
19 May 2023 | VULN200 | APPLE: iOS and iPadOS security updates | iOS, iPadOS versions prior to 16.5, 15.7.4,
|
|
19 May 2023 | VULN199 | Shibboleth: OpenID Connect OP plugin contains multiple race conditions | Systems running Connect OP plugin for Shibboleth
|
|
19 May 2023 | VULN198 | Drupal: File Chooser Field and S3 File System vulnerabilities fixed | Systems running File Chooser Field for Drupal
|
|
19 May 2023 | VULN197 | Jenkins: Jenkins Security Advisory 2023-05-16 | Systems running Jenkins plugins.
|
|
17 May 2023 | VULN196 | WordPress: WordPress 6.2.1 Maintenance & Security Release | Systems running WordPress versions prior to 6.2.1.
|
|
17 May 2023 | VULN195 | Xen: Mishandling of guest SSBD selection on AMD hardware | Systems running Xen version 4.17.
|
|
16 May 2023 | STAT19 | |
|
|
12 May 2023 | VULN194 | Vmware: VMware Aria Operations update addresses multiple Local Privilege Escalations and a Deserialization issue | Systems running VMware Aria Operations version
|
|
12 May 2023 | VULN193 | Postgresql : PostgreSQL 15.3, 14.8, 13.11, 12.15, and 11.20 fix vulnerabilities | Systems running postgresql version prior to 15.3,
|
|
12 May 2023 | VULN192 | Citrix : Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-24487, CVE-2023-24488 | Systems running Citrix ADC and Citrix Gateway
|
|
12 May 2023 | VULN191 | GitLab : GitLab Coordinated Security Release 15.11.3, 15.10.7, 15.9.8 | Systems running GitLab versions prior to 15.11.3,
|
|
10 May 2023 | STAT18 | |
|
|
5 May 2023 | VULN190 | Elastic : Kibana 8.7.1 et Elastic Stack 8.7.0, 7.17.10 Security Updates | Systems running Kibana version prior to 8.7.1,
|
|
5 May 2023 | VULN189 | GitLab : GitLab Security Release 15.11.1, 15.10.5, and 15.9.6 | Systems running GitLab versions prior to 15.11.1,
|
|
4 May 2023 | VULN188 | Rancher : Rancher Webhook is | Systems running rancher (Go) versions
|
|
4 May 2023 | VULN187 | Moodle : Minor SQL injection risk and TinyMCE loaders Arbitrary Folder Creation | Systems running Moodle versions prior to 4.1.3,
|
|
4 May 2023 | VULN186 | Engine.IO : Uncaught exception in engine.io | Systems running engine.io (npm) versions
|
|
4 May 2023 | VULN185 | Apache : CVE-2023-32007 Apache Spark: Shell command injection via Spark UI | Systems running Apache Spark versions from
|
|
4 May 2023 | VULN184 | Django : Django security releases issued: 4.2.1, 4.1.9, and 3.2.19 | Systems running Django versions prior to 4.2.1,
|
|
4 May 2023 | VULN183 | Cisco : Cisco SPA112 2-Port Phone | Cisco SPA112 2-Port Phone Adapters software.
|
|
3 May 2023 | STAT17 | |
|
|
28 Apr 2023 | VULN182 | (SolarWinds : SolarWinds Platform Exposure of Sensitive Information Vulnerability (CVE-2023-23839)) | Systems running SolarWinds Platform versions
|
|
28 Apr 2023 | VULN181 | (OpenSSL : Input buffer over-read in AES-XTS implementation on 64 bit ARM (CVE-2023-1255)) | Systems running OpenSSL versions 3.0.0 to 3.0.8,
|
|
28 Apr 2023 | VULN180 | Apache: Arbitrary javascript injection in Apache Jena | Systems running Apache Jena (Maven) versions
|
|
28 Apr 2023 | VULN179 | WebKit : WebKitGTK and WPE WebKit Security Advisory | Systems running WebKitGTK, WPE WebKit versions
|
|
28 Apr 2023 | VULN178 | Tenable : Stand-alone Security Patch Available for Tenable.sc versions 5.22.0, 5.23.1, and 6.0.0: SC-202304.1 | Systems running Tenable.sc versions 5.22.0,
|
|
26 Apr 2023 | VULN177 | Xen : x86 shadow paging arbitrary pointer dereference | Systems running Xen versions 4.17.
|
|
26 Apr 2023 | VULN176 | Git : Multiple vulnerabilities fixed in Git | Systems running Git versions prior to 2.30.9,
|
|
26 Apr 2023 | VULN175 | Vmware : VMware Workstation and Fusion updates address multiple security vulnerabilities | Systems running VMware Workstation Pro / Player
|
|
21 Apr 2023 | STAT16 | |
|
|
21 Apr 2023 | VULN174 | vm2 : vm2 Sandbox Escape vulnerability | Systems running vm2 (npm) versions prior
|
|
21 Apr 2023 | VULN173 | Vmware : VMware Aria Operations | Windows running VMware Aria Operations for Logs
|
|
20 Apr 2023 | VULN172 | Google : Chrome Stable Channel Updated to fix multiple vulnerabilities | Windows running Google Chrome versions prior
|
|
20 Apr 2023 | VULN171 | Oracle : April 2023 Critical Patch Update Released | Systems running Oracle Products.
|
|
20 Apr 2023 | VULN170 | Drupal : Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005 | Systems running Drupal core versions prior
|
|
20 Apr 2023 | VULN169 | jetty-server : OutOfMemoryError for large multipart without filename and Nonstandard cookie parsing | Systems running jetty-server (Maven) versions
|
|
20 Apr 2023 | VULN168 | Kubernetes : CVE-2023-1174, CVE-2023-1944: Network port exposure and ssh access using default password | Systems running minikube versions prior
|
|
20 Apr 2023 | VULN167 | Spring : CVE-2023-20862 Empty SecurityContext Is Not Properly Saved Upon Logout | Systems running Spring Security versions prior
|
|
20 Apr 2023 | VULN166 | Cisco : Cisco Security Advisories Published on April 19, 2023 | Systems running Cisco Industrial Network
|
|
17 Apr 2023 | STAT15 | |
|
|
17 Apr 2023 | VULN165 | Apache : CVE-2023-22946 Apache Spark proxy-user privilege escalation from malicious configuration class | Systems running Apache Spark versions prior
|
|
17 Apr 2023 | VULN164 | Google Chrome : Chrome Stable Channel Updated to 112.0.5615.121 | Systems running Google Chrome versions prior
|
|
14 Apr 2023 | VULN163 | vm2 : vm2 vulnerable to sandbox escape | -
|
|
14 Apr 2023 | VULN162 | Palo Alto : CVE-2023-0006 GlobalProtect App Local File Deletion Vulnerability | Systems running GlobalProtect app versions prior
|
|
14 Apr 2023 | VULN161 | Palo Alto : Exposure of Sensitive Information and Local File Deletion Vulnerability | PAN-OS versions prior to 8.1.24, 9.0.17, 9.1.15,
|
|
14 Apr 2023 | VULN160 | Wireshark : wnpa-sec-2023-11 · GQUIC dissector crash | Systems running Wireshark versions prior to 4.0.5,
|
|
14 Apr 2023 | VULN159 | Spring : CVE-2023-20863 Spring Expression DoS Vulnerability | Systems running Spring Framework versions prior
|
|
14 Apr 2023 | VULN158 | Spring : CVE-2023-20866 Session ID can be logged to the standard output stream in Spring Session | Systems running Spring Session versions 3.0.0.
|
|
14 Apr 2023 | VULN157 | Microsoft : .NET Remote Code Execution Vulnerability | Systems running Any .NET 7.0 application running
|
|
14 Apr 2023 | VULN156 | XWiki : Multiple critical vulnerabilities fixed in XWiki | Systems running versions prior to 15.0-rc-1,
|
|
14 Apr 2023 | VULN155 | Jenkins : Jenkins Security Advisory 2023-04-12 | Systems running Azure Key Vault Plugin for
|
|
14 Apr 2023 | VULN154 | Microsoft : Mises à jour de sécurité de mars 2023 | -
|
|
11 Apr 2023 | STAT14 | |
|
|
6 Apr 2023 | VULN153 | Mitel : MiCollab Authentication Vulnerability | Systems running MiCollab versions 9.6.2.9 and
|
|
6 Apr 2023 | VULN152 | QNAP : Multiple vulnerabilities in QNAP devices | QTS versions prior to 5.0.1.2346 build 20230322,
|
|
6 Apr 2023 | VULN151 | Moby : Exposed Swarm VXLAN port and Encrypted overlay network vulnerabilities | Systems running Moby versions prior to 23.0.3,
|
|
6 Apr 2023 | VULN150 | Cisco : Cisco Security Advisories Published on April 05, 2023 | Systems running Cisco Secure Network Analytics,
|
|
6 Apr 2023 | VULN149 | Fields GLPI plugin : Unauthorized write access to additionnal fields | Systems running fields (glpi) versions prior
|
|
6 Apr 2023 | VULN148 | Order GLPI plugin : RCE from authenticated user | Systems running order for glpi versions prior
|
|
6 Apr 2023 | VULN147 | GLPI : Multiple Security Vulnerabilities fixed in versions glpi 9.5.13, 10.0.7 | Systems running GLPI versions prior to 10.0.7,
|
|
5 Apr 2023 | STAT13 | |
|
|
5 Apr 2023 | VULN146 | Sophos : Sophos Web Appliance 4.3.10.4 Resolves Security Vulnerabilities | Systems running Sophos Web Appliance (SWA)
|
|
5 Apr 2023 | VULN145 | Google Chrome: Multiple security vulnerabilities fixed in Chrome 112.0.5615.49/50 | Systems running Google Chrome versions prior to
|
|
5 Apr 2023 | VULN144 | Mastodon : Blind LDAP injection in login allows the attacker to leak arbitrary attributes from LDAP database | Systems running Mastodon versions prior to
|
|
5 Apr 2023 | VULN143 | Galaxy : Unauthorized modification of pages/visualizations due to insufficient permission check | Systems running Galaxy versions prior to
|
|
5 Apr 2023 | VULN142 | PowerDNS : Deterred spoofing attempts can,lead to authoritative servers being marked unavailable | Systems running PowerDNS Recursor versions prior
|
|
4 Apr 2023 | VULN141 | matrix-react-sdk : Prototype pollution in matrix-react-sdk | Systems running matrix-react-sdk versions prior to
|
|
4 Apr 2023 | VULN140 | Matrix JavaScript SDK : Prototype pollution in matrix-js-sdk | Systems running matrix-js-sdk versions prior to
|
|
4 Apr 2023 | VULN139 | HashiCorp : Vault’s multiple vulnerabilities fixed | Systems running HashiCorp Vault versions prior to
|
|
4 Apr 2023 | VULN138 | Ruby : CVE-2023-28755 ReDoS vulnerability in URI | Systems running uri gem versions prior to
|
|
4 Apr 2023 | VULN137 | Ruby : CVE-2023-28756 ReDoS vulnerability in Time | Systems running Ruby 2.7.7 or lower,
|
|
4 Apr 2023 | VULN136 | MediaWiki : Security and maintenance release: 1.35.10 / 1.38.6 / 1.39.3 | Systems running MediaWiki versions prior to
|
|
4 Apr 2023 | VULN135 | Cisco : Cisco Secure Web Appliance Content Encoding Filter Bypass Vulnerabilities | Cisco AsyncOS versions prior to 14.0.4,
|
|
31 Mar 2023 | VULN134 | 3CX : 3CX DesktopApp Security Alert | Windows running 3CX Desktop Electron App versions
|
|
31 Mar 2023 | VULN133 | Mattermost : High-level severity vulnerability fixed in mattermost 7.9.1, 7.8.2, 7.7.3 | Systems running Mattermost versions prior to
|
|
31 Mar 2023 | VULN132 | GitLab : GitLab Security Release: 15.10.1, 15.9.4, and 15.8.5 | Systems running GitLab versions prior to 15.10.1,
|
|
30 Mar 2023 | VULN131 | Mozilla : Security Vulnerabilities fixed in Thunderbird 102.9.1 | Systems running Thunderbird versions prior to
|
|
30 Mar 2023 | VULN130 | Samba : Multiple vulneravilities fixed in Samba | Systems running Samba versions from 4.0 prior to
|
|
30 Mar 2023 | VULN129 | runc : AppArmor/SELinux bypass and rootless `/sys/fs/cgroup` is writable | Systems running runc versions prior to 1.1.5.
|
|
30 Mar 2023 | VULN128 | Apache : CVE-2023-28935 Apache UIMA DUCC: DUCC (EOL) allows RCE | Systems running Apache UIMA.
|
|
30 Mar 2023 | VULN127 | X.Org : X.Org Server Overlay Window Use-After-Free | Systems running X.Org versions prior to 21.1.8.
|
|
30 Mar 2023 | VULN126 | Apache : CVE-2023-28158 Apache Archiva privilege escalation | Systems running Apache Archiva.
|
|
29 Mar 2023 | VULN125 | Veritas: VTS23-003 Security Advisory Impacting NetBackup Master Server | Systems running NetBackup Master Server versions
|
|
29 Mar 2023 | VULN124 | Veritas : VTS23-004 Security Advisory Impacting NetBackup Appliance | Systems running NetBackup Appliance versions
|
|
29 Mar 2023 | VULN123 | Spring : CVE-2023-20859 Insertion of Sensitive Information into Log Sourced from Failed Revocation of Tokens | Systems running Spring Vault versions prior
|
|
29 Mar 2023 | VULN122 | Spring : CVE-2023-20861 Spring Expression DoS Vulnerability | Systems running Spring Framework versions prior
|
|
29 Mar 2023 | VULN121 | Apache : CVE-2023-27296 Apache InLong JDBC Deserialization Vulnerability in InLong | Systems running Apache InLong versions 1.1.0
|
|
29 Mar 2023 | VULN120 | Cisco : Cisco Secure Network Analytics Remote Code Execution Vulnerability | Systems running Cisco Secure Network Analytics
|
|
28 Mar 2023 | VULN119 | Apache : Multiple vulnerabilities fixed in Apache OpenOffice 4.1.14 | Systems running Apache OpenOffice versions prior
|
|
28 Mar 2023 | VULN118 | Apache : CVE-2023-28326 Apache OpenMeetings: allows user impersonation | Systems running Apache OpenMeetings versions
|
|
28 Mar 2023 | VULN117 | OpenSSL : OpenSSL Security Advisory [28th March 2023] | Systems running OpenSSL versions 3.1, 3.0, 1.1.1,
|
|
28 Mar 2023 | VULN116 | Deno : Multiple vulnerabilities fixed in deno | Systems running Deno versions prior to 1.32.1,
|
|
27 Mar 2023 | STAT12 | |
|
|
23 Mar 2023 | VULN115 | ckeditor4 : Cross-site scripting (XSS) caused by the editor instance destroying process | Systems running ckeditor4 versions prior to
|
|
23 Mar 2023 | VULN114 | Grafana : Stored XSS in Graphite FunctionDescription tooltip | Systems running Grafana versions prior to
|
|
23 Mar 2023 | VULN113 | Pimcore : multiple vulnerabilities fixed in Pimcore 10.5.19 | Systems running Pimcore versions prior to 10.5.19.
|
|
23 Mar 2023 | VULN112 | (OpenSSL : Excessive Resource Usage Verifying X.509 Policy Constraints (CVE-2023-0464)) | Systems running OpenSSL versions prior to
|
|
23 Mar 2023 | VULN111 | Cisco : Cisco Security Advisories Published on March 22, 2023 | Cisco IOS XE Software, Cisco IOS Software,
|
|
22 Mar 2023 | VULN110 | Aruba : Authenticated Remote Code Execution in Aruba CX Switches | Systems running AOS-CX versions prior to
|
|
22 Mar 2023 | VULN109 | Redis : Specially crafted MSETNX command can lead to denial-of-service | Systems running Redis.
|
|
22 Mar 2023 | VULN108 | Google Chrome : Multiple vulnerabilities fixed in Chrome 111.0.5563.110 | Systems running Google Chrome versions prior to
|
|
22 Mar 2023 | VULN107 | KubeVirt : On a compromised node, the virt-handler service account can be used to modify all node specs | Systems running KubeVirt.
|
|
22 Mar 2023 | VULN106 | Silverstripe CMS GraphQL Server : DDOS attack on graphql endpoints | Systems running Silverstripe CMS GraphQL Server
|
|
22 Mar 2023 | VULN105 | Xen : Multiple vulnerabilities fixed in Xen | Systems running Xen.
|
|
22 Mar 2023 | VULN104 | curl : Multiple vulnerabilities fixed in curl | Systems running curl versions prior to 8.0.0.
|
|
22 Mar 2023 | VULN103 | Apache : CVE-2023-28708 Apache Tomcat - Information Disclosure | Systems running Apache Tomcat versions prior to
|
|
22 Mar 2023 | VULN102 | Jenkins : Jenkins Security Advisory 2023-03-21 | Systems running AbsInt a³ Plugin for Jenkins,
|
|
20 Mar 2023 | STAT11 | |
|
|
10 Mar 2023 | STAT10 | |
|
|
9 Mar 2023 | VULN101 | GitLab : GitLab Security Release: 15.9.2, 15.8.4, and 15.7.8 | Systems running GitLab versions prior to 15.9.2,
|
|
9 Mar 2023 | VULN100 | Apache : Multiple vulnerabilities fixed in 2.4.56 | Systems running Apache versions prior to 2.4.56.
|
|
9 Mar 2023 | VULN099 | Jenkins : Jenkins Security Advisory 2023-03-08 | Systems running Jenkins (core) versions prior to
|
|
3 Mar 2023 | STAT09 | |
|
|
2 Mar 2023 | VULN098 | SPIP : Mise à jour critique de sécurité sortie de SPIP 4.2.1, SPIP 4.1.8, SPIP 4.0.10 et SPIP 3.2.18 | Systems running SPIP versions prior to 4.2.1,
|
|
24 Feb 2023 | STAT08 | |
|
|
23 Feb 2023 | VULN097 | GeoTools : GeoTools OGC Filter SQL Injection Vulnerabilities | Systems running org.geotools:gt-jdbc (Maven)
|
|
23 Feb 2023 | VULN096 | Sequelize : SQL Injection via replacements and Unsafe fall-through in getWhereConditions | Systems running Sequelize versions prior to
|
|
23 Feb 2023 | VULN095 | Tenable : Stand-alone Security Patches Available for Tenable.sc versions 5.22.0 to 6.0.0 | Systems running Tenable.sc versions 5.22.0 up
|
|
23 Feb 2023 | VULN094 | Zimbra : Vulnerabilities fixed in Zimbra | Systems running Zimbra versions prior to
|
|
23 Feb 2023 | VULN093 | (VMware : VMware vRealize Orchestrator update addresses an XML External Entity (XXE) vulnerability (CVE-2023-20855)) | Systems running VMware vRealize Orchestrator
|
|
23 Feb 2023 | VULN092 | VMware : VMware Carbon Black App Control updates address an injection vulnerability | Systems running VMware Carbon Black App Control
|
|
23 Feb 2023 | VULN091 | Cisco : Cisco Security Advisories Published on February 22, 2023 | Systems running Cisco Application Policy
|
|
23 Feb 2023 | VULN090 | Apache : CVE-2023-24998 Apache Commons FileUpload - DoS with excessive parts | Systems running Apache Commons FileUpload
|
|
23 Feb 2023 | VULN089 | Apache : CVE-2023-24998 Apache Tomcat - FileUpload DoS with excessive parts | Systems running Apache Tomcat versions prior
|
|
21 Feb 2023 | STAT07 | |
|
|
17 Feb 2023 | VULN088 | Joomla! : [20230201] - Core - Improper access check in webservice endpoints | Systems running Joomla! versions 4 prior to 4.2.8.
|
|
17 Feb 2023 | VULN087 | curl : Multiple vulnerabilities fixed in curl | Systems running curl versions from 7.77.0 up to
|
|
17 Feb 2023 | VULN086 | argo-cd : Users with any cluster secret update access may update out-of-bounds cluster secrets | Systems running versions prior to 2.3.17,
|
|
17 Feb 2023 | VULN085 | graphql-mesh : Unwanted access to the entire file system vulnerability due to a missing check in `staticFiles` HTTP handler | Systems running graphql-mesh/cli versions prior
|
|
17 Feb 2023 | VULN084 | containerd : Supplementary groups and denial of service vulnerabilities | Systems running containerd versions prior to
|
|
17 Feb 2023 | VULN083 | Node.js : Thursday February 16 2023 Security Releases | Systems running Node.js versions prior to
|
|
17 Feb 2023 | VULN082 | Cisco : Cisco Security Advisories Published on February 15, 2023 | Systems running.
|
|
17 Feb 2023 | VULN081 | TimescaleDB : TimescaleDB 2.8.0 through 2.9.2 has incorrect access control | Systems running TimescaleDB versions prior to
|
|
17 Feb 2023 | VULN080 | Backstage : XSS Vulnerability in Software Catalog | Systems running Backstage versions prior to
|
|
17 Feb 2023 | VULN079 | GitLab : GitLab Critical Security Release: 15.8.2, 15.7.7 and 15.6.8 | Systems running GitLab versions prior to 15.8.2,
|
|
17 Feb 2023 | VULN078 | Kiwi TCMS : No protection against brute-force attacks and Denial of service | Systems running Kiwi TCMS versions prior to 12.0.
|
|
15 Feb 2023 | VULN077 | Jenkins : Jenkins Security Advisory 2023-02-15 | Systems running Azure Credentials for Jenkins,
|
|
15 Feb 2023 | VULN076 | WebKit : WebKitGTK and WPE WebKit Security Advisory | Systems running WebKitGTK, WPE WebKit versions
|
|
15 Feb 2023 | VULN075 | Citrix : Citrix Virtual Apps and Desktops Security Bulletin for CVE-2023-24483 | Systems running Citrix Virtual Apps and Desktops.
|
|
15 Feb 2023 | VULN074 | Citrix : Citrix Workspace app vulnerabilities | Windows, Linux running Citrix Workspace App.
|
|
15 Feb 2023 | VULN073 | Xen : x86 Cross-Thread Return Address Predictions | Systems running Xen.
|
|
15 Feb 2023 | VULN072 | Git : Git v2.39.2 fixes two security vulnerabilities | Systems running Git versions prior to 2.39.2.
|
|
15 Feb 2023 | VULN071 | Microsoft : February 2023 Security Updates | Systems running .NET and Visual Studio,
|
|
15 Feb 2023 | VULN070 | APPLE : APPLE-SA-2023-02-13-3 Safari 16.3.1 | Safari versions prior to 16.3.1.
|
|
15 Feb 2023 | VULN069 | APPLE : iOS 16.3.1 and iPadOS 16.3.1 | iOS, iPadOS versions prior to 16.3.1.
|
|
15 Feb 2023 | VULN068 | APPLE : macOS Ventura 13.2.1 | macOS versions prior to Ventura 13.2.1.
|
|
14 Feb 2023 | VULN067 | Django : Django security releases issued 4.1.7, 4.0.10, 3.2.18 | Systems running Django versions prior to 4.1.7,
|
|
14 Feb 2023 | VULN066 | Palo Alto : Cortex XDR Agent vulnerabilities | Systems running Cortex XDR Agent versions prior
|
|
14 Feb 2023 | VULN065 | Palo Alto : Cortex XSOAR Local File Disclosure Vulnerability in the Cortex XSOAR Server | Systems running Cortex XSOAR versions prior to
|
|
14 Feb 2023 | VULN064 | PostgreSQL : PostgreSQL 15.2, 14.7, 13.10, 12.14, and 11.19 Released! | Systems running PostgreSQL versions prior to
|
|
14 Feb 2023 | VULN063 | Jenkins : Jenkins Security Advisory 2023-02-09 | Systems running Jenkins Docker images.
|
|
13 Feb 2023 | STAT06 | |
|
|
10 Feb 2023 | VULN062 | Symfony : Possible CSRF token fixation and cookie headers in HttpCache vulnerabilities | Systems running Symfony versions prior to
|
|
10 Feb 2023 | VULN061 | Apache : Improper Restriction of XML External Entity References in ExtractCCDAAttributes | Systems running Apache NiFi versions prior to
|
|
10 Feb 2023 | VULN060 | Elastic : Elastic 7.17.9, 8.5.0 and 8.6.1 Security Update | Systems running Elastic versions prior to 7.17.9,
|
|
8 Feb 2023 | STAT05 | |
|
|
8 Feb 2023 | VULN059 | Phpmyadmin : XSS vulnerability in drag-and-drop upload | Systems running phpmyadmin versions prior to 5.1.2,
|
|
8 Feb 2023 | VULN058 | TYPO3 : TYPO3-CORE-SA-2023-001 Persisted Cross-Site Scripting in Frontend Rendering | Systems running TYPO3 versions prior to
|
|
8 Feb 2023 | VULN057 | Apache : Python and Golang drivers allow data manipulation and exposure due to SQL injection | Systems running Apache AGE PostgreSQL 11,
|
|
8 Feb 2023 | VULN056 | OpenSSL : Multiple vulnerabilities fixed in OpenSSL | Systems running OpenSSL versions prior to 3.0.8,
|
|
8 Feb 2023 | VULN055 | X.Org : Security issue in the X server | Systems running X.Org versions prior to 21.1.7.
|
|
8 Feb 2023 | VULN054 | Apache : Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect | Systems running Apache Kafka.
|
|
3 Feb 2023 | VULN053 | Pimcore : Missing file upload type validation in user profile | Systems running Pimcore versions prior to 10.5.16.
|
|
3 Feb 2023 | VULN052 | Trend Micro : Trend Micro Apex One File Upload Vulnerability | Systems running Trend Micro Apex One,
|
|
3 Feb 2023 | VULN051 | (Atlassian : Jira Service Management Server and Data Center Advisory (CVE-2023-22501)) | Systems running Jira Service Management Server
|
|
3 Feb 2023 | VULN050 | (VMware : VMware Workstation update addresses an arbitrary file deletion vulnerability (CVE-2023-20854)) | Systems running VMware Workstation versions
|
|
3 Feb 2023 | VULN049 | WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2023-0001 | Systems running WebKitGTK, WPE WebKit versions
|
|
3 Feb 2023 | VULN048 | OpenSSH : OpenSSH 9.2 released | Systems running OpenSSH versions prior to 9.2.
|
|
2 Feb 2023 | VULN047 | Nagios : Multiple vulnerabilities fixed in Nagios 5.9.3 | Systems running Nagios versions prior to 5.9.3.
|
|
2 Feb 2023 | VULN046 | Drupal : Vulnerabilities fixed in multiple extensions for Drupal | Systems running Apigee Edge for Drupal versions
|
|
2 Feb 2023 | VULN045 | (TYPO3 : TYPO3-EXT-SA-2023-001Broken Access Control in extension 'femanager' (femanager)) | Systems running femanager for TYPO3 versions prior
|
|
2 Feb 2023 | VULN044 | dompdf : URI validation failure on SVG parsing | Systems running dompdf versions 2.0.1.
|
|
2 Feb 2023 | VULN043 | Cisco : Cisco Security Advisories Published on February 01, 2023 | Cisco IOS XE Software with Cisco IOx feature
|
|
1 Feb 2023 | VULN042 | (VMware : VMware vRealize Operations (vROps) update addresses a CSRF bypass vulnerability (CVE-2023-20856)) | Systems running VMware vRealize Operations (vROps)
|
|
1 Feb 2023 | VULN041 | GitLab : GitLab Security Release: 15.8.1, 15.7.6, and 15.6.7 | Systems running GitLab Community Edition,
|
|
1 Feb 2023 | VULN040 | Joomla! : CSRF and Missing ACL checks Vulnerabilities | Systems running Joomla! versions 4 prior to 4.2.7.
|
|
1 Feb 2023 | VULN039 | Django : Django security releases issued 4.1.6, 4.0.9, and 3.2.17 | Systems running Django versions prior to 4.1.6,
|
|
31 Jan 2023 | VULN038 | Tenable : [R1] Tenable Plugin Feed ID #202212212055 Fixes Privilege Escalation Vulnerability | Systems running tenable.io, tenable.sc, Nessus.
|
|
31 Jan 2023 | VULN037 | Grafana : SAML privilege escalation and Stored XSS in ResourcePicker | Systems running Grafana Enterprise versions prior
|
|
31 Jan 2023 | VULN036 | Qnap : Vulnerability in QTS and QuTS hero | Systems running QTS version 5.0.1,
|
|
31 Jan 2023 | VULN035 | rancher/wrangler : Command injection in Git package and DoS) when processing Git credentials | Systems running rancher/wrangler versions prior
|
|
31 Jan 2023 | VULN034 | Apache : Apache Linkis has a Local File Read and a serialization attack Vulnerability | Systems running Apache Linkis versions prior
|
|
31 Jan 2023 | VULN033 | Google Chrome : Stable Channel Update for Desktop updated to 106.0.5249.119 | Systems running Google Chrome versions prior to
|
|
30 Jan 2023 | STAT04 | |
|
|
27 Jan 2023 | VULN032 | Glpi : Unauthorized access to inventory files and data export | Systems running Glpi versions prior to 10.0.6.
|
|
27 Jan 2023 | VULN031 | Tenable : [R1] Tenable.sc 6.0.0 Fixes Multiple Vulnerabilities | Systems running Tenable.sc versions prior to
|
|
27 Jan 2023 | VULN030 | Rancher : Multiple Vulnerabilities fixed in Rancher | Systems running rancher versions prior to 2.5.17,
|
|
27 Jan 2023 | VULN029 | Xen : Guests can cause Xenstore crash via soft reset | Systems running Xen versions 4.17.
|
|
26 Jan 2023 | VULN028 | Bind : Vulnerabilities fixed in Bind | Systems running Bind versions prior to 9.16.37,
|
|
26 Jan 2023 | VULN027 | Argo-cd : Important vulnerabilities fixed in argo-cd | Systems running argo-cd versions prior to
|
|
25 Jan 2023 | VULN026 | Openstack : OSSA-2023-002 Arbitrary file access through custom VMDK flat descriptor | Systems running Cinder versions <19.1.2,
|
|
25 Jan 2023 | VULN025 | Openstack : OSSA-2023-001 Arbitrary file access through custom S3 XML entities | Systems running Swift versions <2.28.1,
|
|
25 Jan 2023 | VULN024 | (VMware : VMware vRealize Log Insight latest updates address multiple security vulnerabilities (CVE-2022-31706, CVE-2022-31704, CVE-2022-31710, CVE-2022-31711)) | Systems running VMware vRealize Log Insight
|
|
25 Jan 2023 | VULN023 | Jenkins : Jenkins Security Advisory 2023-01-24 | -
|
|
24 Jan 2023 | VULN022 | APPLE : APPLE-SA-2023-01-23-4 macOS Ventura 13.2 | macOS Ventura versions prior to 13.2.
|
|
24 Jan 2023 | VULN021 | Moodle : Multiple security vulnerabilities fixed in Moodle 4.1.1, 4.0.6, 3.11.12, 3.9.19 | Systems running Moodle versions prior to 4.1.1,
|
|
24 Jan 2023 | VULN020 | Mozilla : Security Vulnerabilities fixed in Thunderbird 102.7 | Systems running Thunderbird versions prior to
|
|
24 Jan 2023 | VULN019 | APPLE : APPLE-SA-2023-01-23-1 iOS 16.3 and iPadOS 16.3 | iOS, iPadOS versions prior to 16.3.
|
|
24 Jan 2023 | VULN018 | APPLE : APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3 | Systems running macOS Monterey versions prior
|
|
24 Jan 2023 | VULN017 | PowerDNS : 2023-01 unbounded recursion results in program termination | Systems running PowerDNS Recursor versions 4.8.0.
|
|
24 Jan 2023 | VULN016 | Apache : CVE-2023-22884 Arbitrary file read via MySQL provider in Apache Airflow | Systems running Apache Airflow versions prior
|
|
24 Jan 2023 | VULN015 | Apple : Safari 16.3 | Systems running Safari versions prior to 16.3.
|
|
24 Jan 2023 | VULN014 | Redis : Vulnerailities fixed in Redis 6.2.9, and 7.0.8 | Systems running Redis versions prior to 6.2.9,
|
|
24 Jan 2023 | STAT03 | |
|
|
19 Jan 2023 | VULN013 | Deno : Interactive permission prompt spoofing | Systems running Deno versions prior to 1.29.3.
|
|
19 Jan 2023 | VULN012 | cakephp : Database\Query::offset() and limit() vulnerable to SQL injection | Systems running cakephp versions prior to 4.2.12,
|
|
19 Jan 2023 | VULN011 | Oracle : January 2023 Critical Patch Update Released | Systems running Oracle products.
|
|
19 Jan 2023 | VULN010 | Mozilla : Security Vulnerabilities fixed in Firefox 109, ESR 102.7 | Systems running Firefox versions prior
|
|
19 Jan 2023 | VULN009 | Drupal : Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-001 | Systems running Drupal core versions prior
|
|
19 Jan 2023 | VULN008 | Sudo : Sudoedit can edit arbitrary files | Systems running versions from 1.8.0 and prior to
|
|
18 Jan 2023 | VULN007 | Apache : Apache HTTP Server 2.4.55 fix security vulnerabilities | Systems running Apache HTTP Server versions prior
|
|
18 Jan 2023 | VULN006 | GitLab : GitLab Critical Security Release: 15.7.5, 15.6.6, and 15.5.9 | Systems running GitLab versions prior to 15.7.5,
|
|
17 Jan 2023 | VULN005 | (Rust : Security advisory for Cargo (CVE-2022-46176)) | Systems running Rust versions prior to 1.66.1.
|
|
17 Jan 2023 | VULN004 | Apache : CVE-2023-22602 Apache Shiro before 1.11.0, when used with Spring Boot 2.6+, may allow authentication bypass | Systems running Apache Shiro versions prior to
|
|
17 Jan 2023 | VULN003 | X.Org : Issues handling XPM files in libXpm prior to 3.5.15 | Systems running libXpm versions prior to 3.5.15.
|
|
16 Jan 2023 | STAT02 | |
|
|
11 Jan 2023 | VULN002 | Microsoft : January 2023 Security Updates | Systems running Microsoft products.
|
|
11 Jan 2023 | VULN001 | Apache : CVE-2022-45143 Apache Tomcat - JsonErrorReportValve injection | Systems running Apache Tomcat versions prior
|
|
11 Jan 2023 | STAT01 | |
|
|
3 Jan 2023 | STAT52 | |
|