|
19 Nov 2024 | VULN481 | Synology : Synology-SA-24:24 Synology Camera (PWN2OWN 2024) | Systems running Synology Camera Firmware versions prior to 1.2.0-0525.
|
|
19 Nov 2024 | VULN480 | Apache : Apache Kafka Clients Privilege escalation to filesystem read-access | Systems running Apache Kafka Clients versions prior to 3.8.0.
|
|
19 Nov 2024 | VULN479 | Apache : Apache OFBiz vulnerabilities fixed | Systems running Apache OFBiz versions prior to 18.12.17.
|
|
19 Nov 2024 | VULN478 | Apache : Multiple security vulnerabilities fixed in Apache HertzBeat | Systems running Apache HertzBeat versions prior to 1.6.1.
|
|
19 Nov 2024 | VULN477 | Apache : Multiple security vulnerabilities fixed in Apache Tomcat | Systems running Apache Tomcat versions prior to 11.0.0, 10.1.31, 9.0.96.
|
|
18 Nov 2024 | VULN476 | PostgreSQL : Multiple security vulnerabilities fixed in PostgreSQL | Systems running PostgreSQL versions prior to 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21.
|
|
15 Nov 2024 | VULN475 | Apache : Apache Traffic Server is vulnerable to specific user inputs | Systems running Apache Traffic Server versions prior to 9.2.6, 10.0.2.
|
|
15 Nov 2024 | VULN474 | Apache : CVE-2024-45784 Apache Airflow Sensitive configuration values are not masked in the logs by default | Systems running Apache Airflow versions prior to 2.10.3.
|
|
15 Nov 2024 | VULN473 | Jenkins : Jenkins Security Advisory 2024-11-13 | Systems running Authorize Project Plugin, IvyTrigger Plugin, OpenId Connect Authentication Plugin, Pipeline: Declarative Plugin, Pipeline: Groovy Plugin, Script Security Plugin, Shared Library Version Override Plugin.
|
|
15 Nov 2024 | VULN472 | Laravel : Environment manipulation via query string | Systems running laravel versions prior to 6.20.45,7.30.7,8.83.28,9.52.17,10.48.23,11.31.0.
|
|
15 Nov 2024 | VULN471 | SAP : SAP Security Patch Day - November 2024 | Systems running SAP products.
|
|
15 Nov 2024 | VULN470 | Citrix : XenServer and Citrix Hypervisor Security Update for CVE-2024-45818 | Systems running XenServer versions 8, Citrix Hypervisor versions 8.2 CU1 LTSR.
|
|
15 Nov 2024 | VULN469 | Apache : CVE-2024-51504 Apache ZooKeeper Authentication bypass with IP-based authentication in Admin Server | Systems running Apache ZooKeeper versions prior to 3.9.3.
|
|
15 Nov 2024 | VULN468 | Grafana : Medium severity security fix for CVE-2024-9476 | Systems running Grafana versions prior to 11.3.0+security-01, 11.2.3+security-01.
|
|
13 Nov 2024 | VULN467 | Apache : CVE-2024-51504 Apache ZooKeeper Authentication bypass with IP-based authentication in Admin Server | Systems running Apache ZooKeeper versions prior to 3.9.3.
|
|
13 Nov 2024 | VULN466 | Apache : CVE-2024-50378 Apache Airflow Secrets not masked in UI when sensitive variables are set via Airflow cli | Systems running Apache Airflow versions prior to 2.10.3.
|
|
13 Nov 2024 | VULN465 | Ivanti : November Security Update | Systems running Ivanti EPM, Ivanti Avalanche, Ivanti Connect Secure, Ivanti Policy Secure and Ivanti Security Access Client.
|
|
13 Nov 2024 | VULN464 | Apache : CVE-2024-50386: Apache CloudStack Directly downloaded templates can be used to abuse KVM-based infrastructure | Systems running Apache CloudStack versions prior to 4.18.2.4, 4.19.1.2.
|
|
13 Nov 2024 | VULN463 | Fortinet : Multiple vulnerabilities fixed in FortiOS and related Fortinet products | Systems running FortiOS versions prior to 7.4.4, 7.2.9, 7.0.15, FortiProxy versions prior to 7.4.4, 7.2.10, 7.0.17, FortiManager,FortiPortal versions prior to 6.0.15, FortiPAM, FortiSwitchManager versions prior to 7.2.4, 7.0.4.
|
|
13 Nov 2024 | VULN462 | Gitlab : GitLab Patch Release 17.5.2, 17.4.4, 17.3.7 | Systems running GitLab versions prior to 17.5.2, 17.4.4, 17.3.7.
|
|
13 Nov 2024 | VULN461 | Zoom : Multiple security vulnerabilities fixed in Zoom Apps | Systems running Zoom Apps.
|
|
13 Nov 2024 | VULN460 | Xen : deadlock and memory leak vulnerabilities fixed in Xen | Systems running Xen.
|
|
31 Oct 2024 | VULN459 | APPLE : APPLE-SA-10-29-2024-1 Safari 18.1 | Systems running Safari versions prior to 18.1.
|
|
31 Oct 2024 | VULN458 | Qnap : QSA-24-42 Vulnerability in SMB Service (PWN2OWN 2024) | Systems running Qnap SMB Service versions prior to 4.15.002, h4.15.002.
|
|
31 Oct 2024 | VULN457 | Qnap : QSA-24-41 Vulnerability in HBS 3 Hybrid Backup Sync (PWN2OWN 2024) | Systems running HBS 3 Hybrid Backup Sync versions prior to 25.1.1.673.
|
|
31 Oct 2024 | VULN456 | Apache : CVE-2024-43383 Apache Lucene.Net.Replicator Remote Code Execution in Lucene.Net.Replicator | Systems running Apache Lucene.Net.Replicator versions prior to 4.8.0-beta00017.
|
|
31 Oct 2024 | VULN455 | WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2024-0006 | Systems running WebKitGTK, WPE WebKit versions prior to 2.46.0, 2.46.3.
|
|
31 Oct 2024 | VULN454 | APPLE : APPLE-SA-10-28-2024-1 iOS 18.1 and iPadOS 18.1 | iOS, iPadOS versions prior to 18.1, 17.7.1.
|
|
30 Oct 2024 | VULN453 | APPLE : macOS Ventura 13.7.1, Sequoia 15.1, Sonoma 14.7.1 | Systems running macOS versions prior to Ventura 13.7.1, Sequoia 15.1, Sonoma 14.7.1.
|
|
30 Oct 2024 | VULN452 | Mozilla : Security Vulnerabilities fixed in Thunderbird 132 | Systems running Thunderbird versions prior to 132.
|
|
30 Oct 2024 | VULN451 | Mozilla : Multiple vulnerabilities fixed in Firefox 132, ESR 115.17, ESR 128.4 | Systems running pyload-ng versions prior to 0.5.0b3.dev87.
|
|
30 Oct 2024 | VULN450 | Mozilla : Security Vulnerabilities fixed in Focus for iOS 132 | Systems running Focus for iOS versions prior to 132.
|
|
30 Oct 2024 | VULN449 | Google : Chrome Stable Channel updated to 130.0.6723.91/.92 | Systems running Google Chrome versions prior to 130.0.6723.91/.92.
|
|
30 Oct 2024 | VULN448 | X.Org : Issues in X.Org X server prior to 21.1.14 and Xwayland prior to 24.1.4 | Systems running X.Org X server versions prior to 21.1.14, Xwayland versions prior to 24.1.4.
|
|
28 Oct 2024 | VULN447 | Pyload : Remote code execution by download to /.pyload/scripts using /flashgot API | Systems running pyload-ng versions prior to 0.5.0b3.dev87.
|
|
28 Oct 2024 | VULN446 | ZITADEL : User Registration Bypass | Systems running ZITADEL versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, 2.58.7.
|
|
28 Oct 2024 | VULN445 | Rancher : Multiple vulnerabilities fixed in Rancher | Systems running Rancher versions prior to 2.7.16, 2.8.9, 2.9.3.
|
|
25 Oct 2024 | VULN444 | Cisco : Cisco Security Advisories Published on October 23, 2024 | Systems running Cisco products.
|
|
24 Oct 2024 | VULN443 | fortiguard: Fortinet FortiManager: Missing authentication in fgfmsd | Systems running Fortinet FortiManager prior to 7.0.13, 7.2.8, 7.4.5, 6.2.13, 6.4.15, 7.0.13, 7.2.8, 7.4.5, 7.6.1
|
|
24 Oct 2024 | VULN442 | GitLab : GitLab Patch Release 17.5.1, 17.4.3, 17.3.6 | Systems running GitLab versions prior to 17.5.1, 17.4.3, 17.3.6.
|
|
24 Oct 2024 | VULN441 | Google : Chrome Stable channel updated to 130.0.6723.69/.70 | Systems running Google Chrome versions prior to 130.0.6723.69/.70.
|
|
24 Oct 2024 | VULN440 | Spring : Authorization Bypass of Static Resources in WebFlux Applications | Systems running Spring Security versions prior to 6.3.4, 6.2.7, 6.1.11, 6.0.13, 5.8.15, 5.7.13.
|
|
24 Oct 2024 | VULN439 | Apache : CVE-2024-45031: Apache Syncope Stored XSS in Console and Enduser | Systems running Apache Syncope versions prior to 3.0.9.
|
|
18 Oct 2024 | STAT40 | |
|
|
18 Oct 2024 | VULN438 | VMware : VMware HCX addresses an authenticated SQL injection vulnerability (CVE-2024-38814) | Systems running VMware HCX versions prior to 3.3.3, 3.2.4, 3.1.8, 3.0.16, 1.1.1zb, 1.0.2zl.
|
|
18 Oct 2024 | VULN437 | Drupal : Drupal core - Moderately critical - Improper error handling - SA-CORE-2024-002 | Systems running Drupal core versions prior to 10.2.10, 10.3.
|
|
17 Oct 2024 | VULN436 | OpenSSL : OpenSSL Security Advisory [16th October 2024] | Systems running OpenSSL versions prior to 3.3.3, 3.2.4, 3.1.8, 3.0.16, 1.1.1zb, 1.0.2zl.
|
|
16 Oct 2024 | VULN435 | Apache : Apache CloudStack LTS Security Releases 4.18.2.4 and 4.19.1.2 | Systems running Apache CloudStack versions prior to LTS 4.18.2.4, 4.19.1.2.
|
|
16 Oct 2024 | VULN434 | Apache : Vulnerabilities fixed in Apache Solr 9.7.0, 8.11.4 | Systems running Apache Solr versions prior to 9.7.0, 8.11.4.
|
|
15 Oct 2024 | VULN433 | Mozilla : Security Vulnerability fixed in Firefox 131.0.3 | Systems running Firefox versions prior to 131.0.3.
|
|
15 Oct 2024 | VULN432 | Apache : CVE-2024-46911 Apache Roller Weakness in CSRF protection allows privilege escalation | Systems running Apache Roller versions prior to 6.1.4.
|
|
15 Oct 2024 | VULN431 | Apache : CVE-2023-50780 Apache ActiveMQ Artemis Authenticated users could perform RCE via Jolokia MBeans | Systems running Apache ActiveMQ Artemis versions prior to 2.29.0.
|
|
15 Oct 2024 | VULN430 | Kubernetes : CVE-2024-9486 and CVE-2024-9594: VM images built with Kubernetes Image Builder use default credentials | Systems running Kubernetes Image Builder versions prior to 0.1.38.
|
|
15 Oct 2024 | VULN429 | Moodle : Multiple vulnerabilities fixed in Moodle | Systems running Moodle versions prior to 4.4.4, 4.3.8, 4.2.11, 4.1.14.
|
|
11 Oct 2024 | VULN428 | Zimbra : Zimbra 9.0.0 Patch 42, 10.0.10, 10.1.2 fix CSRF vulnerability | Systems running Zimbra versions prior to 9.0.0 Patch 42, 10.0.10, 10.1.2.
|
|
11 Oct 2024 | VULN427 | Synology : Synology-SA-24:12 GitLab | Systems running GitLab for DSM 6.2 versions prior to 13.12.2-0074.
|
|
11 Oct 2024 | VULN426 | Wireshark : Vulnerabilities fixed in Wireshark | Systems running Wireshark versions prior to 4.2.8, 4.4.1.
|
|
11 Oct 2024 | VULN425 | SonicWall : SonicWall SSL-VPN SMA1000 and Connect Tunnel Windows Client Affected By Multiple Vulnerabilities | Systems running SMA1000 Connect Tunnel Windows (32 and 64-bit) Client versions prior to 12.4.3.281, SMA1000 Appliance firmware 12.4.3-02676 and earlier versions.
|
|
11 Oct 2024 | VULN424 | Mozilla : Security Vulnerability fixed in Thunderbird 131.0.1, 128.3.1, 115.16.0 | Systems running Thunderbird versions prior to 131.0.1, 128.3.1, 115.16.0.
|
|
11 Oct 2024 | VULN423 | Foxit : Security updates available in Foxit PDF Editor 12.1.8 | Systems running Foxit PDF Editor versions prior to 12.1.8.
|
|
11 Oct 2024 | VULN422 | Firefox : Security Vulnerability fixed in Firefox 131.0.2, Firefox ESR 128.3.1, Firefox ESR 115.16.1 | Systems running Firefox versions prior to 131.0.2, ESR 115.16.1, ESR 128.3.1.
|
|
11 Oct 2024 | VULN421 | Libarchive : Libarchive 3.7.6, bugfix and security release | Systems running Libarchive versions prior to 3.7.6.
|
|
10 Oct 2024 | VULN420 | GitLab : GitLab Critical Patch Release 17.4.2, 17.3.5, 17.2.9 | Systems running GitLab versions prior to 17.4.2, 17.3.5, 17.2.9.
|
|
10 Oct 2024 | VULN419 | VMware : VMSA-2024-0020:VMware NSX updates address multiple vulnerabilities | Systems running NSX VMware Cloud Foundation (NSX) versions prior to 4.2.1.
|
|
10 Oct 2024 | STAT39 | |
|
|
9 Oct 2024 | VULN418 | Google : Google Chrome Stable Channel updated to 129.0.6668.100/.101 | Systems running Google Chrome versions prior to 129.0.6668.100/.101.
|
|
9 Oct 2024 | VULN417 | Apache : [ANNOUNCE] Apache Pulsar 3.3.2 released with important security fix for CVE-2024-47561 | Systems running Apache Pulsar versions prior to 3.3.2.
|
|
9 Oct 2024 | VULN416 | Apache : CVE-2024-28168 Apache XML Graphics FOP XML External Entity (XXE) Processing | Systems running Apache XML Graphics FOP versions prior to 2.9.
|
|
8 Oct 2024 | VULN415 | Apache : [ANNOUNCE] Apache Pulsar 3.3.2 released with important security fix for CVE-2024-47561 | Systems running Apache Pulsar versions prior to 3.3.2.
|
|
8 Oct 2024 | VULN414 | Apache : [SECURITY][ANNOUNCE] Apache Subversion 1.14.4 released | Systems running Apache Subversion versions prior to 1.14.4.
|
|
8 Oct 2024 | VULN413 | SAP : SAP Security Patch Day - October 2024 | Systems running SAP products.
|
|
8 Oct 2024 | VULN412 | APPLE : APPLE-SA-10-03-2024-1 iOS 18.0.1 and iPadOS 18.0.1 | iOS, iPadOS running versions prior to 18.0.1.
|
|
8 Oct 2024 | VULN411 | TYPO3 : Vulnerabilities fixed in Bookmark Toolbar and Page Tree | Systems running Bookmark Toolbar for TYPO3 CMS, Page Tree for TYPO3 CMS.
|
|
8 Oct 2024 | VULN410 | Rust : Security advisory for the standard library (CVE-2024-43402) | Systems running Rust prior to 1.81.0.
|
|
7 Oct 2024 | VULN409 | Withsecure : CVE-2024-45520 Denial-of-Service (DoS) Vulnerability | Systems running WithSecure Endpoint Protection products for Mac, WithSecure Client Security for Mac, WithSecure Elements Endpoint Protection for Mac, Linux Endpoint Protection products, WithSecure Atlant (formerly F-Secure Atlant).
|
|
7 Oct 2024 | VULN408 | Libgsf : Libgsf 1.14.53 fixes integer overflow vulnerabilities | Systems running Libgsf versions prior to 1.14.53.
|
|
7 Oct 2024 | VULN407 | Openstack : Ironic fails to verify checksums of supplied image_source URLs when configured to convert images to raw for streaming | Systems running Ironic versions prior to 21.4.4, 23.0.3, 24.1.3, 26.1.0.
|
|
4 Oct 2024 | VULN406 | OATH Toolkit : OATH Toolkit pam_oath usersfile ${HOME} privilege escalation (CVE-2024-47191) | Systems running OATH Toolkit pam_oath, liboath versions prior to 2.6.12.
|
|
4 Oct 2024 | VULN405 | Ubuntu : PAM module may allow accessing with the credentials of another user | Systems running PAM Authd versions prior to 0.3.5.
|
|
4 Oct 2024 | VULN404 | PowerDNS : PowerDNS Security Advisory 2024-04 | Systems running PowerDNS Recursor versions prior to 4.9.9, 5.0.9, 5.1.2.
|
|
4 Oct 2024 | VULN403 | Apache : CVE-2024-47554 Apache Commons IO Possible denial of service attack on untrusted input to XmlStreamReader | Systems running Apache Commons IO versions 2.0 prior to 2.14.0.
|
|
4 Oct 2024 | VULN402 | Apache : CVE-2024-47561 Apache Avro Java SDK Arbitrary Code Execution when reading Avro Data (Java SDK) | Systems running Apache Avro Java SDK versions prior to 1.11.4.
|
|
3 Oct 2024 | VULN401 | PHP : Vulnerabilities fixed in PHP 8.3.12, 8.2.24, 8.1.30 | Systems running PHP versions prior to 8.3.12, 8.2.24, 8.1.30.
|
|
3 Oct 2024 | VULN400 | TeamViewer : Improper signature verification of driver installation in TeamViewer Remote clients | Systems running TeamViewer Full Client, TeamViewer Host versions prior to 15.58.4, 14.7.48796, 13.2.36225, 12.0.259312, 11.0.259311.
|
|
3 Oct 2024 | VULN399 | Mozilla : Multiple security vulnerabilities fixed in Thunderbird | Systems running Thunderbird versions prior to 131, ESR 128.3.
|
|
3 Oct 2024 | VULN398 | Mozilla : Multiple security vulnerabilities fixed in Firefox | Systems running Firefox versions prior to ESR 115.16, ESR 128.3, 131.
|
|
3 Oct 2024 | VULN397 | Cisco : Cisco Security Advisories Published on October 02, 2024 | Systems running Cisco products.
|
|
2 Oct 2024 | VULN396 | Google Chrome : Chrome Stable channel updated to 129.0.6668.89/.90 | Systems running Google Chrome versions prior to 129.0.6668.89/.90.
|
|
2 Oct 2024 | VULN395 | Jenkins : Jenkins Security Advisory 2024-10-02 | Systems running Jenkins (core), Credentials Plugin, OpenId Connect Authentication Plugin.
|
|
2 Oct 2024 | VULN394 | Hashicorp : HCSEC-2024-19 - Terraform Enterprise's Single Sign-On And Ruby SAML's CVE-2024-45409 | Systems running Terraform Enterprise versions prior to 202409-1.
|
|
2 Oct 2024 | STAT38 | |
|
|
1 Oct 2024 | VULN393 | Hashicorp : HCSEC-2024-20 - Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default | Systems running Vault Community Edition versions prior to 1.17.6, Vault Enterprise versions prior to 1.17.6, 1.16.10, 1.15.15.
|
|
1 Oct 2024 | VULN392 | Apache : CVE-2024-45772 Apache Lucene Replicator Security Vulnerability in Lucene Replicator - Deserialization Issue | Systems running Apache Lucene Replicator versions prior to 9.12.0.
|
|
1 Oct 2024 | VULN391 | mantisbt : Information disclosure with user profiles | Systems running mantisbt versions prior to 2.26.4.
|
|
1 Oct 2024 | VULN390 | Rancher : Rancher agents can be hijacked by taking over the Rancher Server URL | Systems running Rancher versions prior to 2.7.15, 2.8.8, 2.9.2 .
|
|
26 Sep 2024 | VULN389 | Google Chrome : Stable Channel updated to 129.0.6668.70/.71 | Systems running Google Chrome versions prior to 129.0.6668.70/.71.
|
|
26 Sep 2024 | VULN388 | Gradio : GitHub actions workflows untrusted code execution | Systems running Gradio.
|
|
26 Sep 2024 | VULN387 | WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2024-0005 | Systems running WebKitGTK, WPE WebKit versions prior to 2.42.5, 2.44.3, 2.46.0.
|
|
26 Sep 2024 | VULN386 | Cisco : Cisco Security Advisories Published on September 25, 2024 | Systems running Cisco IOS, Cisco IOS XE, Cisco Catalyst Center versions prior to 2.3.5.6, 2.3.7.5, Cisco ConfD versions prior to 7.5.10.2, 7.7.16, 8.0.13, Cisco UTD Snort IPS Engine versions prior to 17.12.4, 17.13.x.
|
|
25 Sep 2024 | VULN385 | Citrix : XenServer and Citrix Hypervisor Security Update for CVE-2024-45817 | Systems running XenServer versions 8, Citrix Hypervisor versions 8.2 CU1 LTSR.
|
|
25 Sep 2024 | VULN384 | Apache : CVE-2024-40761 Apache Answer Avatar URL leaked user email addresses | Systems running Apache Answer versions prior to 1.4.0.
|
|
25 Sep 2024 | VULN383 | Apache : Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability | Systems running Apache Linkis versions prior to 0.1.6.0.
|
|
25 Sep 2024 | VULN382 | Apache : CVE-2024-23454 Apache Hadoop Temporary File Local Information Disclosure | Systems running Apache Hadoop versions prior to 3.4.0.
|
|
25 Sep 2024 | STAT37 | |
|
|
24 Sep 2024 | VULN381 | Apache : CVE-2024-42323 Apache HertzBeat RCE by snakeYaml deser load malicious xml | Systems running Apache HertzBeat versions prior to 0.1.6.0.
|
|
24 Sep 2024 | VULN380 | Xen : x86 Deadlock in vlapic_error() | Systems running Xen.
|
|
24 Sep 2024 | VULN379 | Apache : Vulnerabilities fixed in Apache Tomcat and Apache mod_jk | Systems running Apache Tomcat versions prior to 11.0.0-M21, 10.1.25, 9.0.90, Apache mod_jk versions prior to 1.2.50.
|
|
20 Sep 2024 | VULN378 | Grafana : Information Leakage in grafana-plugin-sdk-go | Systems running Grafana plugin SDK versions prior to 0.249.0.
|
|
18 Sep 2024 | VULN377 | mindsdb : Bypass SSRF Protection with DNS Rebinding | Systems running mindsdb versions prior to 23.12.4.3.
|
|
18 Sep 2024 | VULN376 | Python : Python 3.13.0RC2, 3.12.6, 3.11.10, 3.10.15, 3.9.20, and 3.8.20 now available! | Systems running Python versions prior to 3.13.0RC2, 3.12.6, 3.11.10, 3.10.15, 3.9.20, and 3.8.20.
|
|
18 Sep 2024 | VULN375 | Apache : Vulnerabilities fixed in Druid 30.0.1 | Systems running Apache Druid versions prior to 128.0.6613.137/.138.
|
|
18 Sep 2024 | VULN374 | Next.js : Cache Poisoning | Systems running Next.js versions prior to 13.5.7, 14.2.10.
|
|
18 Sep 2024 | VULN373 | VMware : VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813) | Systems running VMware vCenter Server versions prior to 8.0 U3b, 7.0 U3s, VMware Cloud Foundation versions prior to 8.0 U3b, 7.0 U3s.
|
|
16 Sep 2024 | VULN372 | GitLab : GitLab Critical Patch Release: 17.3.2, 17.2.5, 17.1.7 | Systems running GitLab versions prior to 17.3.2, 17.2.5, 17.1.7.
|
|
13 Sep 2024 | STAT36 | |
|
|
13 Sep 2024 | VULN371 | Google : Stable channel updated to 128.0.6613.137/.138 | Systems running Google Chrome versions prior to 128.0.6613.137/.138.
|
|
13 Sep 2024 | VULN370 | Spring : CVE-2024-38816 Path traversal vulnerability in functional web frameworks | Systems running Spring Framework versions prior to 5.3.40, 6.0.24, 6.1.13.
|
|
13 Sep 2024 | VULN369 | Ruby-saml : SAML authentication bypass via Incorrect XPath selector | Systems running omniauth-saml versions prior to 2.2.0, ruby-saml versions prior to 1.17.0, 1.12.3.
|
|
12 Sep 2024 | VULN368 | Airflow : Apache Airflow vulnerabilities fixed in 2.10.1 | Systems running Apache Airflow versions prior to 2.10.1.
|
|
12 Sep 2024 | VULN367 | Twig : Possible sandbox bypass | Systems running Twig versions prior to 1.44.8, 2.16.1, 3.14.0.
|
|
11 Sep 2024 | VULN366 | Cisco : Cisco Security Advisories Published on September 11, 2024 | Cisco IOS XR Software, Multiple Cisco Products Web-Based Management Interface, Cisco Routed Passive Optical Network Controller.
|
|
11 Sep 2024 | VULN365 | SonicWall : SonicOS Improper Access Control Vulnerability | SonicOS running on SOHO (Gen 5), Gen6 Firewalls, Gen7 Firewalls.
|
|
11 Sep 2024 | VULN364 | Moodle : Multiple Security vulnerabilities fixed in Moodle | Systems running Moodle versions prior to 4.4.3, 4.3.7, 4.2.10, 4.1.13.
|
|
11 Sep 2024 | VULN363 | Zoom : Zoom Workplace Apps - Business Logic Error | Systems running Zoom Workplace Desktop App, Zoom Meeting SDK, Zoom Rooms App, Zoom Rooms Controller versions prior to 6.1.0.
|
|
11 Sep 2024 | VULN362 | Project curl : OCSP stapling bypass with GnuTLS | Systems running curl versions prior to 8.10.0.
|
|
9 Sep 2024 | VULN361 | Elastic : Kibana 8.15.1 Security Update (ESA-2024-27, ESA-2024-28) | Systems running Kibana versions prior to 8.15.1.
|
|
6 Sep 2024 | STAT35 | |
|
|
6 Sep 2024 | VULN360 | Veeam : Veeam Security Bulletin (September 2024) | Systems running Veeam Backup & Replication, Veeam ONE, Veeam Service Provider Console Veeam Agent for Linux Veeam Backup for Nutanix AHV Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization.
|
|
5 Sep 2024 | VULN359 | CPython : Regular-expression DoS when parsing TarFile headers | Systems running CPython.
|
|
5 Sep 2024 | VULN358 | Cisco : Cisco Security Advisories Published on September 04, 2024 | Systems running Cisco Smart Licensing Utility, Cisco Meraki Systems Manager Agent for Windows, Cisco Duo Epic for Hyperdrive, Cisco Identity Services Engine, Cisco Expressway Edge.
|
|
5 Sep 2024 | VULN357 | Openstack : Unvalidated image data passed to qemu-img | Systems running Ironic versions prior to 21.4.3, 23.0.2, 24.1.2, 26.0.1 and 22.x.x, 25.x.x, Ironic-python-agent versions prior to 9.4.2, 9.7.1, 9.11.1, 9.13.1 and 9.5.x, 9.8.x, 9.12.x.
|
|
5 Sep 2024 | VULN356 | Openstack : Incomplete file access fix and regression for QCOW2 backing files and VMDK flat descriptors | Systems running Nova versions prior to 27.4.1, 28.2.1, 29.1.1.
|
|
5 Sep 2024 | VULN355 | Rust : Security advisory for the standard library (CVE-2024-24576) | Systems running Rust versions prior to 1.77.2.
|
|
4 Sep 2024 | VULN354 | Apache : CVE-2024-41909 Apache MINA SSHD integrity check bypass | Systems running Apache MINA versions prior to 2.12.0.
|
|
4 Sep 2024 | VULN353 | Apache : CVE-2024-36268 Apache InLong TubeMQ Client Remote Code Execution vulnerability | Apache running Apache InLong versions prior to 1.13.0.
|
|
4 Sep 2024 | VULN352 | Apache : Vulnerabilities fixed in Apache OFBiz | Systems running Apache OFBiz versions prior to 18.12.16.
|
|
4 Sep 2024 | VULN351 | OpenSSL : Possible denial of service in X.509 name checks (CVE-2024-6119) | Systems running OpenSSL versions prior to 3.3.2, 3.2.3, 3.1.7, 3.0.15.
|
|
4 Sep 2024 | VULN350 | Django : Django security releases issued: 5.1.1, 5.0.9, and 4.2.16 | Systems running Django versions prior to 5.1.1, 5.0.9, 4.2.16.
|
|
4 Sep 2024 | VULN349 | Google Chrome : Stable Channel updated to 128.0.6613.119/.120 | Systems running Google Chrome versions prior to 128.0.6613.119/.120.
|
|
3 Sep 2024 | VULN348 | VMware : VMware Fusion update addresses a code execution vulnerability (CVE-2024-38811) | MacOS running VMware Fusion versions prior to 13.6.
|
|
3 Sep 2024 | VULN347 | Runc : CVE-2024-45310 runc can be tricked into creating empty files/directories on host | Systems running runc versions prior to 1.1.14, 1.2.0-rc.3.
|
|
2 Sep 2024 | VULN346 | JupyterLab : HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering | Systems running JupyterLab versions prior to 3.6.8, 4.2.5, Jupyter Notebook versions prior to 7.2.2.
|
|
2 Sep 2024 | VULN345 | Kirby : Insufficient permission checks in the language settings | Systems running Kirby versions prior to 3.6.6.6, 3.7.5.5, 3.8.4.4, 3.9.8.2, 3.10.1.1, 4.3.1.
|
|
29 Aug 2024 | VULN344 | Wireshark : wnpa-sec-2024-11 · NTLMSSP dissector crash | Systems running Wireshark versions prior to 4.2.7, 4.0.17.
|
|
29 Aug 2024 | VULN343 | Google : Google Chrome has been updated to 128.0.6613.113/.114 | Systems running Google Chrome versions prior to 128.0.6613.113/.114 for Windows, Mac, 128.0.6613.113 for Linux .
|
|
28 Aug 2024 | VULN342 | Cisco : Cisco Security Advisories Published on August 28, 2024 | Systems running Cisco NX-OS, Cisco Application Policy Infrastructure Controller.
|
|
26 Aug 2024 | VULN341 | Apache : CVE-2024-43202 Apache DolphinScheduler Remote Code Execution Vulnerability | Systems running Apache DolphinScheduler versions prior to 3.2.2.
|
|
26 Aug 2024 | VULN340 | Xen : Multiple vulnerabilities fixed in Xen | Systems running Xen.
|
|
26 Aug 2024 | VULN339 | Apache : CVE-2024-41937 Apache Airflow Stored XSS Vulnerability on provider link | Systems running Apache Airflow versions prior to 2.10.0.
|
|
26 Aug 2024 | VULN338 | Apache : CVE-2023-49198 Apache SeaTunnel Web Arbitrary file read vulnerability | Systems running Apache SeaTunnel versions prior to 1.0.1.
|
|
26 Aug 2024 | VULN337 | Apache : CVE-2024-36522 Apache Wicket Remote code execution via XSLT injection | Systems running Apache Wicket versions prior to 10.1.0, 9.18.0, 8.16.0.
|
|
23 Aug 2024 | VULN336 | Dovecot : Denial of Service vulnerabilities fixed in Dovecot | Systems running Dovecot versions prior to 2.3.21.1.
|
|
23 Aug 2024 | VULN335 | Spring : CVE-2024-38810 Missing Authorization When Using @AuthorizeReturnObject | Systems running Spring Security versions 6.3.x prior to 6.3.2.
|
|
23 Aug 2024 | VULN334 | Moodle : Multiple security vulnerabilities fixed in Moodle | Systems running Jenkins versions prior to weekly 2.471, LTS 2.452.4, 2.462.1.
|
|
23 Aug 2024 | VULN333 | Roundcube : Security updates 1.6.8 and 1.5.8 released | Systems running Roundcube versions prior to 1.6.8, 1.5.8.
|
|
23 Aug 2024 | VULN332 | Joomla! : Multiple Security Vulnerabilities in Joomla! | Systems running Joomla! versions prior to 4.4.7, 5.1.3.
|
|
22 Aug 2024 | VULN331 | Jenkins : Jenkins Security Advisory 2024-08-07 | Systems running Jenkins versions prior to weekly 2.471, LTS 2.452.4, 2.462.1.
|
|
22 Aug 2024 | VULN330 | PostgreSQL : PostgreSQL relation replacement during pg_dump executes arbitrary SQL | Systems running PostgreSQL versions prior to 16.4, 15.8, 14.13, 13.16, 12.20.
|
|
22 Aug 2024 | VULN329 | Django : Django security releases issued 5.0.8 and 4.2.15 | Systems running Django versions prior to 5.0.8, 4.2.15.
|
|
22 Aug 2024 | VULN328 | Grafana : Grafana security release Medium severity security fix for CVE-2024-6837 | Systems running Grafana versions prior to 11.1.4, 11.0.3, 10.4.7.
|
|
22 Aug 2024 | VULN327 | SPIP : Mise à jour critique de sécurité sortie de SPIP 4.3.2, SPIP 4.2.16, SPIP 4.1.18 | Systems running SPIP versions prior to 4.3.2, 4.2.16, 4.1.18.
|
|
22 Aug 2024 | VULN326 | WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2024-0004 | Systems running WebKitGTK, WPE WebKit versions prior to 2.44.3.
|
|
22 Aug 2024 | VULN325 | Gitlab : GitLab Patch Release 17.3.1, 17.2.4, 17.1.6 | Systems running Gitlab versions prior to 17.3.1, 17.2.4, 17.1.6.
|
|
24 Jul 2024 | STAT29 | |
|
|
19 Jul 2024 | STAT28 | |
|
|
11 Jul 2024 | STAT27 | |
|
|
11 Jul 2024 | VULN324 | Vmware : VMSA-2024-0017 VMware Aria Automation updates address SQL-injection vulnerability (CVE-2024-22280) | Systems running VMware Aria Automation.
|
|
10 Jul 2024 | VULN323 | Mozilla : Multiple vulnerabilities fixed in Firefox 128, ESR 115.13 | Systems running Firefox versions prior to 128, ESR 115.13.
|
|
10 Jul 2024 | VULN322 | Node.js : Monday, July 8, 2024 Security Releases | Systems running Node.js versions prior to 18.20.4, 20.15.1, 22.4.1.
|
|
10 Jul 2024 | VULN321 | Citrix : NetScaler Console, Agent and SVM Security Bulletin for CVE-2024-6235 and CVE-2024-6236 | Systems running NetScaler Console, NetScaler SVM, NetScaler Agent versions prior to 14.1-25.53, 13.1-53.22, 13.0-92.31.
|
|
10 Jul 2024 | VULN320 | Citrix : NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-5491 and CVE-2024-5492 | Systems running NetScaler ADC and NetScaler Gateway versions prior to 14.1-25.53, 13.1-53.17, 13.0-92.31, NetScaler ADC versions prior to 13.1-FIPS 13.1-37.183, 12.1-FIPS 12.1-55.304, 12.1-NDcPP 12.1-55.304.
|
|
10 Jul 2024 | VULN319 | Joomla! : Multiple vulnerabilities fixed in Joomla! 4.4.6,, 5.1.2, 3.10.16-elts | Systems running Joomla! versions prior to 4.4.6, 5.1.2, 3.10.16-elts.
|
|
10 Jul 2024 | VULN318 | Django : Django security releases issued: 5.0.7 and 4.2.14 | Systems running Django versions prior to 5.0.7, 4.2.14.
|
|
10 Jul 2024 | VULN317 | Apache : Apache CloudStack LTS Security Releases 4.18.2.1 and 4.19.0.2 | Systems running Apache CloudStack LTS versions prior to 4.18.2.1, 4.19.0.2.
|
|
4 Jul 2024 | VULN316 | Elastic : Elastic Cloud Enterprise 3.7.2 Security Update (ESA-2024-18) | Systems running Elastic Cloud Enterprise versions from 3.0.0 and prior to 3.7.2.
|
|
4 Jul 2024 | VULN315 | Apache : CVE-2024-34750 Apache Tomcat - Denial of Service | Systems running Apache Tomcat versions prior to 11.0.0-M21, 10.1.25, 9.0.89.
|
|
4 Jul 2024 | VULN314 | VMware : VMware Cloud Director Availability addresses an HTML injection vulnerability | Systems running VMware Cloud Director Availability versions prior to 4.7.2.
|
|
4 Jul 2024 | STAT26 | |
|
|
3 Jul 2024 | VULN313 | Cisco : Cisco NX-OS Software CLI Command Injection Vulnerability | Cisco NX-OS Software.
|
|
3 Jul 2024 | VULN312 | Openstack : Arbitrary file access through custom QCOW2 external data | Systems running Cinder versions <22.1.3, >=23.0.0 <23.1.1, ==24.0.0; Glance versions <26.0.1, ==27.0.0, >=28.0.0 <28.0.2; Nova versions <27.3.1, >=28.0.0 <28.1.1, >=29.0.0 <29.0.3.
|
|
3 Jul 2024 | VULN311 | Cisco : Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion): July 2024 | Cisco Systems running OpenSSH Server.
|
|
1 Jul 2024 | VULN310 | Apache : Apache version 2.4.60 fixes multiple vulnerabilities | Systems running Apache HTTP Server versions prior to 2.4.60.
|
|
1 Jul 2024 | VULN309 | MIT Kerberos : MIT Kerberos 5 Release 1.21.3 fixes vulnerabilities in GSS message token handling | Systems running Kerberos 5 versions prior to 1.21.3.
|
|
1 Jul 2024 | VULN308 | OpenSSH : Critical vulnerability fixed in OpenSSH 9.8 | Systems running OpenSSH version prior to 9.8.
|
|
27 Jun 2024 | VULN307 | VMware : VMware Cloud Director addresses an improper privilege management vulnerability (CVE-2024-22272) | Systems running VMware Cloud Director.
|
|
27 Jun 2024 | VULN306 | OpenSSL : SSL_select_next_proto buffer overread (CVE-2024-5535) | Systems running OpenSSL versions prior to 3.3.2, 3.2.3, 3.1.7, 3.0.15, 1.1.1za, 1.0.2zk.
|
|
27 Jun 2024 | VULN305 | GitLab : GitLab Critical Patch Release: 17.1.1, 17.0.3, 16.11.5 | Systems running GitLab versions prior to 17.1.1, 17.0.3, 16.11.5.
|
|
27 Jun 2024 | VULN304 | Jenkins : Jenkins Security Advisory 2024-06-26 | Systems running Bitbucket Branch Source Plugin for Jenkins versions prior to 887.va_d359b_3d2d8d, Plain Credentials Plugin for Jenkins versions prior to 183.va_de8f1dd5a_2b_, Structs Plugin for Jenkins versions prior to 338.v848422169819.
|
|
27 Jun 2024 | STAT25 | |
|
|
27 Jun 2024 | VULN303 | Progress : MOVEit Transfer Critical Security Alert Bulletin - June 2024 | Systems running MOVEit Transfer versions prior to 2023.0.11, 2023.1.6, 2024.0.2.
|
|
27 Jun 2024 | VULN302 | Progress : MOVEit Gateway Critical Security Alert Bulletin - June 2024 | Systems running MOVEit Gateway versions prior to 2024.0.0.
|
|
26 Jun 2024 | VULN301 | Google Crome : Stable channel has been updated to 126.0.6478.126/127 | Systems running Google Crome versions prior to 126.0.6478.126.
|
|
26 Jun 2024 | VULN300 | HashiCorp : Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims | Systems running HashiCorp Vault, Vault Enterprise versions prior to 1.17.0, 1.16.3, 1.15.9.
|
|
26 Jun 2024 | VULN299 | HashiCorp : HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation Security | Systems running libreoffice versions prior to 24.2.4.
|
|
26 Jun 2024 | VULN298 | LibreOffice : CVE-2024-5261 TLS certificate are not properly verified when utilizing LibreOfficeKit | Systems running libreoffice versions prior to 24.2.4.
|
|
26 Jun 2024 | VULN297 | WordPress : WordPress 6.5.5 fix XSS and path traversal vulnerabilities | Systems running WordPress versions prior to 6.5.5.
|
|
25 Jun 2024 | VULN296 | Org mode : Emergency bugfix release: Org mode 9.7.5 | Systems running Org mode versions prior to 9.7.5.
|
|
25 Jun 2024 | VULN295 | Emacs : Emacs 29.4 emergency bugfix release fix a security vulnerability | Systems running Emacs versions prior to 29.4.
|
|
25 Jun 2024 | VULN294 | VMware : VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2024-37085, CVE-2024-37086, CVE-2024-37087) | Systems running VMware ESXi, vCenter Server, VMware Cloud Foundation.
|
|
24 Jun 2024 | VULN292 | rancher : Multiple vulnerabilities fixed in rancher | Systems running rancher versions prior to 2.7.14, 2.8.5.
|
|
24 Jun 2024 | VULN291 | Apache : CVE-2024-34693 Apache Superset: Server arbitrary file read | Systems running Apache Superset versions prior to 4.0.1, 3.1.3.
|
|
21 Jun 2024 | STAT24 | |
|
|
19 Jun 2024 | VULN290 | Mozilla : Security Vulnerabilities fixed in Firefox for iOS 127 and ESR 115.12 | Systems running Firefox versions prior to for iOS 127, ESR 115.12.
|
|
19 Jun 2024 | VULN289 | Moodle : Multiple security vulneravilities fixed in 4.4.1, 4.3.5, 4.2.8 and 4.1.11 | Systems running Moodle versions prior to 4.4.1, 4.3.5, 4.2.8, 4.1.11.
|
|
19 Jun 2024 | VULN288 | Veeam : Veeam Recovery Orchestrator Vulnerability (CVE-2024-29855) | Systems running Veeam Recovery Orchestrator versions prior to 7.1.0.230, 7.0.0.379.
|
|
19 Jun 2024 | VULN287 | Jupyter Server Proxy : Reflected XSS issue in host parameter | Systems running jupyter_server_proxy versions prior to 3.2.4, 4.2.0.
|
|
19 Jun 2024 | VULN286 | VMware: VMSA-2024-0012:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities | Systems running VMware Cloud Foundation, VMware vCenter Server versions prior to 8.0 U2d, 8.0 U1e, 7.0 U3r.
|
|
14 Jun 2024 | VULN285 | Elastic : Elasticsearch 8.14.0 Security Update (ESA-2024-14) | Systems running Elasticsearch versions prior to 8.14.0.
|
|
14 Jun 2024 | VULN284 | cupsd : Cupsd Listen arbitrary chmod 0140777 | Systems running cupsd.
|
|
14 Jun 2024 | STAT23 | |
|
|
11 Jun 2024 | VULN283 | composer : Command injections via malicious git/hg branch names | Systems running composer versions prior to 2.2.24, 2.7.7.
|
|
7 Jun 2024 | VULN282 | PHP : New versions of PHP fix Vulnerabilities | Systems running PHP versions prior to 8.3.8, 8.2.20, 8.1.29.
|
|
6 Jun 2024 | STAT22 | |
|
|
6 Jun 2024 | VULN281 | Cisco : Cisco Finesse Web-Based Management Interface Vulnerabilities | Systems running Cisco Finesse versions prior to 12.6(2) ES03.
|
|
6 Jun 2024 | VULN280 | Libarchive : Libarchive 3.7.4 fix Out of Bound (OOB) access vulnerability CVE-2024-26256 | Systems running Libarchive versions prior to 3.7.4.
|
|
6 Jun 2024 | VULN279 | Apache : CVE-2024-32113 Apache OFBiz: Path traversal leading to RCE | Systems running Apache OFBiz versions prior to 18.12.13.
|
|
6 Jun 2024 | VULN278 | Go : [security] Go 1.22.4 and Go 1.21.11 are released | Systems running Go versions prior to 1.22.4, 1.21.11.
|
|
6 Jun 2024 | VULN277 | Zyxel : Zyxel security advisory for multiple vulnerabilities in NAS products | NAS326 running software versions prior to V5.21(AAZF.17)C0, NAS542 running software versions prior to V5.21(ABAG.14)C0.
|
|
6 Jun 2024 | VULN276 | Rubyonrails : Vulnerabilities fixed in Ruby on Rails | Systems running Ruby on Rails versions prior to 6.1.7.8, 7.0.8.4, 7.1.3.4.
|
|
6 Jun 2024 | VULN275 | SolarWinds : SolarWinds Platform Stored XSS Vulnerability (CVE-2024-29004) | Systems running SolarWinds Platform versions prior to 2024.2.
|
|
31 May 2024 | VULN274 | Spring : CVE-2024-22263 Arbitrary File Write Vulnerability in Spring Cloud Data Flow | Systems running Spring Cloud Skipper versions prior to 2.11.3.
|
|
31 May 2024 | VULN273 | Citrix : Citrix Workspace app for Mac Security Bulletin for CVE-2024-5027 | Systems running Citrix Workspace App for Mac versions prior to 2402.10.
|
|
31 May 2024 | VULN272 | Check Point : Check Point VPN Information Disclosure (CVE-2024-24919) | Systems running Check Point Quantum Gateway and CloudGuard Network versionsR81.20, R81.10, R81, R80.40, Check Point Spark versions R81.10, R80.20.
|
|
31 May 2024 | VULN271 | Atlassian : Multiple vulnerabilities fixed in Confluence Data Center and Server | Systems running Confluence Data Center versions prior to 8.9.1, 8.5.9 LTS, 7.19.22 LTS, Confluence Server versions prior to 8.5.9 LTS, 7.19.22 LTS.
|
|
31 May 2024 | VULN270 | nginx : nginx security advisory (CVE-2024-31079, CVE-2024-32760, CVE-2024-34161, CVE-2024-35200) | Systems running nginx versions prior to 1.27.0, 1.26.1.
|
|
31 May 2024 | VULN269 | Google : Google Chrome Stable Channel Updated to 125.0.6422.141/.142 | Systems running Google Chrome versions prior to 125.0.6422.141/.142.
|
|
31 May 2024 | VULN268 | SPIP : Mise à jour critique de sécurité sortie de SPIP 4.3.0-alpha2, SPIP 4.2.13, SPIP 4.1.16 | Systems running SPIP versions prior to SPIP 4.3.0-alpha2, SPIP 4.2.13, SPIP 4.1.16.
|
|
31 May 2024 | STAT21 | |
|
|
29 May 2024 | VULN267 | OpenSSL : Use After Free with SSL_free_buffers (CVE-2024-4741) | Systems running OpenSSL versions prior to 3.3.1, 3.2.2, 3.1.6, 3.0.14, 1.1.1y.
|
|
27 May 2024 | VULN266 | Atlassian : Multiple vulnerabilities fixed in Jira Software Data Center and Server | Systems running Jira Software Data Center and Server versions prior to 9.12.7 LTS, 9.4.19 LTS, 9.15.2 Data Center Only.
|
|
27 May 2024 | VULN265 | Jenkins : Vulnerabilities fixed in multiple Jenkins pluguins | Systems running OpenText Application Automation Tools Plugin for Jenkins, Report Info Plugin for Jenkins, Team Concert Git Plugin for Jenkins, Git server Plugin for Jenkins, Script Security Plugin for Jenkins, Subversion Partial Release Manager Plugin for Jenkins, Telegram Bot Plugin for Jenkins.
|
|
27 May 2024 | VULN264 | Cacti : Cacti 1.2.27 fix critical RCE vulnerability among others | Systems running Cacti versions prior to 1.2.27.
|
|
24 May 2024 | VULN263 | Google Chrome : Google Chrome Stable Channel Updated to 125.0.6422.112/.113 | Systems running Google Chrome versions prior to 125.0.6422.112/.113.
|
|
24 May 2024 | VULN262 | Ruby on Rails : XSS Vulnerabilities in Trix Editor | Systems running Ruby on Rails embeding the Trix editor versions prior to 7.1.3.3, 7.0.8.2.
|
|
24 May 2024 | VULN261 | Asterisk : res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests | Systems running asterisk versions prior to 18.23.1, 20.8.1, 21.3.1.
|
|
24 May 2024 | VULN260 | WebKit : Security Vulnerabilities fixed in WebKitGTK, WPE WebKit 2.44.2 | Systems running WebKitGTK, WPE WebKit prior to 2.44.2.
|
|
24 May 2024 | VULN259 | Vmware : VMware ESXi, Workstation, Fusion and vCenter Server updates address multiple security vulnerabilities (CVE-2024-22273, CVE-2024-22274, CVE-2024-22275) | Systems running VMware ESXi, VMware Workstation, VMware Fusion, VMware vCenter Server.
|
|
24 May 2024 | VULN258 | GitLab : GitLab Patch Release: 17.0.1, 16.11.3, 16.10.6 | Systems running GitLab versions prior to 17.0.1, 16.11.3, 16.10.6.
|
|
24 May 2024 | VULN257 | Roundcube : Security updates 1.6.7 and 1.5.7 released | Systems running Roundcube versions prior to 1.6.7, 1.5.7.
|
|
24 May 2024 | VULN256 | Cisco : Cisco Security Advisories Published on May 22, 2024 | Systems running Cisco Firepower Management Center Software, Cisco products running Snort IPS rule engine, Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software.
|
|
24 May 2024 | STAT20 | |
|
|
17 May 2024 | VULN255 | Fortinet : SSL-VPN user IP spoofing | FortiOS versions prior to 7.4.2, 7.2.8, 7.0.13, FortiProxy versions prior to 7.4.2, 7.2.8, 7.0.14.
|
|
17 May 2024 | VULN254 | Fortinet : Format String Bug in cli command | Systems running FortiOS versions prior to 7.4.1, 7.2.6, FortiProxy, FortiPAM versions prior to 1.1.1, FortiSwitchManager.
|
|
17 May 2024 | VULN253 | Fortinet : Multiple vulnerabilities fixed in FortiOS | FortiOS versions prior to 7.4.2, 7.2.8.
|
|
17 May 2024 | VULN252 | SAP : SAP Security Patch Day - May 2024 | Systems running SAP products.
|
|
17 May 2024 | VULN251 | strongSwan : strongSwan Vulnerability (CVE-2022-4967) | Systems running strongSwan versions < 5.9.2, > 5.9.5.
|
|
17 May 2024 | VULN250 | LibreOffice : CVE-2024-3044: Graphic on-click binding allows unchecked script execution | Systems running LibreOffice versions prior to 7.6.7/24.2.3.
|
|
17 May 2024 | VULN249 | OpenSSL : Excessive time spent checking DSA keys and parameters (CVE-2024-4603) | Systems running OpenSSL versions 3.
|
|
16 May 2024 | VULN248 | Cisco : Cisco Security Advisories Published on May 15, 2024 | Systems running Cisco Crosswork Network Services Orchestrator, Cisco Secure Client for Windows, Cisco Secure Email Gateway, Cisco ConfD, Cisco AppDynamics Network Visibility Service, Cisco Secure Email and Web Manager, Cisco Secure Web Appliance.
|
|
16 May 2024 | VULN247 | Mozilla : Security Vulnerabilities fixed in Thunderbird 115.11 | Systems running Thunderbird versions prior to 115.11.
|
|
16 May 2024 | VULN246 | Mozilla : Security Vulnerabilities fixed in Firefox ESR 115.11, 126 | Systems runnning versions prior to 126, ESR 115.11.
|
|
16 May 2024 | VULN245 | Drupal : RESTful Web Services and REST Views Vulnerabilities fixed | Systems running RESTful Web Services for Drupal versions prior to 7.x-2.10, REST Views for Drupal versions prior to 3.0.1.
|
|
16 May 2024 | VULN244 | Git : Multiple security vulnerabilities fixed in Git | Systems running git versions prior to v2.45.1,
|
|
16 May 2024 | VULN243 | TYPO3 : Vulnerabilities fixed in TYPO3 CMS Subcomponents | Systems running TYPO3 CMS with Frontend Rendering, Form Framework.
|
|
15 May 2024 | STAT19 | |
|
|
14 May 2024 | VULN242 | APPLE : iOS and iPadOS 16.7.8, 17.5 | iOS versions prior to 17.5, 16.7.8.
|
|
14 May 2024 | VULN241 | APPLE : macOS Sonoma 14.5, Ventura 13.6.7, Monterey 12.7.5 | macOS versions prior to Sonoma 14.5, Ventura 13.6.7, Monterey 12.7.5.
|
|
14 May 2024 | VULN240 | APPLE : APPLE-SA-05-13-2024-1 Safari 17.5 | Systems running Safari versions prior to 17.5.
|
|
14 May 2024 | VULN239 | Werkzeug : Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain | Systems running Werkzeug versions prior to 3.0.3.
|
|
14 May 2024 | VULN238 | Apache : CVE-2024-32077 Apache Airflow XSS vulnerability in Task Instance Log/Log Details | Systems running Apache Airflow versions 2.9 prior to 2.9.1.
|
|
14 May 2024 | VULN237 | GitLab : GitLab Patch Release 16.11.2, 16.10.5, 16.9.7 | Systems running GitLab versions prior to 16.11.2, 16.10.5, 16.9.7.
|
|
14 May 2024 | VULN236 | VMware : VMware Workstation and Fusion updates address multiple security vulnerabilities | Systems running VMware Workstation versions prior to 17.5.2, VMware Fusion versions prior to 13.5.2.
|
|
14 May 2024 | VULN235 | Moodle : Multiple Vulnerabilities fixed in Moodle | Systems running Moodle versions prior to 4.3.4, 4.2.7, 4.1.10.
|
|
14 May 2024 | VULN234 | Google : Google Chrome Stable Channel Updated to 124.0.6367.207/.208 | Systems running Google Chrome versions prior to 124.0.6367.207/.208.
|
|
13 May 2024 | VULN233 | Next.js : Next.js Server-Side Request Forgery and HTTP Request Smuggling Vulnerabilities | Systems running Next.js versions prior to 14.1.1.
|
|
13 May 2024 | VULN232 | Xen : Linux/xen-netfront Memory leak due to missing cleanup function | Systems running Xen with guests running Linux 5.9 and later with Xen PV network devices.
|
|
13 May 2024 | VULN231 | Apache : CVE-2024-32113 Apache OFBiz: Path traversal leading to RCE | Systems running Apache OFBiz versions prior to 18.12.13.
|
|
13 May 2024 | VULN230 | Apache : CVE-2024-26579 Apache Inlong JDBC Vulnerability | Systems running Apache InLong versions prior to 1.12.0.
|
|
13 May 2024 | VULN229 | PowerDNS : PowerDNS Recursor Security Advisory 2024-02 | Systems running PowerDNS versions prior to 4.8.8, 4.9.5, 5.0.4.
|
|
13 May 2024 | VULN228 | VMware : VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities | Systems running VMware ESXi, VMware Workstation, VMware Fusion.
|
|
7 May 2024 | VULN227 | Cisco : Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Vulnerabilities | Systems running Cisco IP Phone 6800, 7800, 8800 Series SOFTWARE with Multiplatform Firmware.
|
|
7 May 2024 | VULN226 | CERT.org : R Programming Language implementations are vulnerable to arbitrary code execution | Systems running R Programming Language implementations.
|
|
7 May 2024 | VULN225 | GLPI : SQL injection and Account takeover via SQL Injection vulnerabilities | Systems running GLPI versions prior to 10.0.15.
|
|
7 May 2024 | STAT18 | |
|
|
3 May 2024 | STAT17 | |
|
|
26 Apr 2024 | VULN224 | SolarWinds : SolarWinds Platform XSS and SWQL Injection vulnerabilities | Systems running SolarWinds Platform versions prior to 2024.1 SR 1.
|
|
26 Apr 2024 | VULN223 | Palo Alto : Proof of Concept (PoC) Bypasses Protection Modules in Cortex XDR Agent | Windows running Cortex XDR Agent with content update versions CU-1320 and later.
|
|
26 Apr 2024 | VULN222 | GitLab : GitLab Patch Release 16.11.1, 16.10.4, 16.9.6 | Systems running GitLab versions prior to 16.11.1, 16.10.4, 16.9.6.
|
|
26 Apr 2024 | VULN221 | Apache : Solr-Operator liveness and readiness probes may leak basic auth credentials | Systems running Solr Operator versions prior to 0.8.1.
|
|
25 Apr 2024 | VULN220 | Google : Google Chrome Stable Channel Updated to 124.0.6367.78/.79 | Systems running Google Chrome versions prior to 124.0.6367.78/.79.
|
|
25 Apr 2024 | VULN219 | Nagios : Vulnerabilities fixed in Nagios XI 2024R1.1.2 | Systems running Nagios XI versions prior to 2024R1.1.2.
|
|
25 Apr 2024 | VULN218 | Ruby : CVE-2024-27282 Arbitrary memory address read vulnerability with Regex search | Systems running Ruby versions prior to 3.0.7, 3.1.5, 3.2.4, 3.3.1.
|
|
25 Apr 2024 | STAT16 | |
|
|
25 Apr 2024 | VULN217 | SolarWinds : SolarWinds Serv-U Directory Traversal Remote Code Execution Vulnerability (CVE-2024-28073) | Systems running SolarWinds Serv-U versions prior to 15.4.2.
|
|
25 Apr 2024 | VULN216 | Citrix : Citrix uberAgent Security Bulletin for CVE-2024-3902 | Systems running Citrix uberAgent versions prior to 22.0.
|
|
25 Apr 2024 | VULN215 | PowerDNS : PowerDNS Recursor Security Advisory 2024-02 | Systems running PowerDNS versions prior to 4.8.8, 4.9.5, 5.0.4.
|
|
25 Apr 2024 | VULN214 | Cisco : Cisco Security Advisories Published on April 24, 2024 | Cisco ASA Software, CISCO FTD Software.
|
|
19 Apr 2024 | VULN213 | Gunicorn : Gunicorn 22.0 fix CVE-2024-1135 Request smuggling leading to endpoint restriction bypass | Systems running Gunicorn versions prior to 22.0.
|
|
19 Apr 2024 | VULN212 | Apache : CVE-2024-29217 Apache Answer XSS vulnerability when changing personal website | Systems running Apache Answer versions prior to 1.3.0.
|
|
19 Apr 2024 | VULN211 | Flatpak : CVE-2024-32462 Sandbox escape via RequestBackground portal and CWE-88 | Systems running Flatpak versions prior to 1.15.8, 1.10.9, 1.12.9, 1.14.6.
|
|
19 Apr 2024 | VULN210 | GNU C Library : GNU C Library Security Advisory Format | Systems running GNU C Library.
|
|
18 Apr 2024 | STAT15 | |
|
|
18 Apr 2024 | VULN209 | Xen : x86 Native Branch History Injection | Systems running Xen.
|
|
18 Apr 2024 | VULN208 | Jenkins : Jenkins Security Advisory 2024-04-17 | Systems running Jenkins (core) versions prior to weekly 2.452, LTS 2.440.3.
|
|
18 Apr 2024 | VULN207 | Cisco : Cisco Security Advisories Published on April 17, 2024 | Systems running Cisco Integrated Management, Controller, Cisco IOS, Cisco IOS XE Software.
|
|
17 Apr 2024 | VULN206 | Mozilla : Security Vulnerabilities fixed in Firefox 125, ESR 115.10 | Systems running Firefox versions prior to 125, ESR 115.10.
|
|
17 Apr 2024 | VULN205 | Google : Chrome Stable channel updated to 124.0.6367.60/.61 | Systems running Google Chrome versions prior to 124.0.6367.60/.61.
|
|
17 Apr 2024 | VULN204 | PuTTY : PuTTY vulnerability vuln-p521-bias | Systems running PuTTY versions prior to 0.81.
|
|
17 Apr 2024 | VULN203 | Oracle : April 2024 Critical Patch Update Released | Systems running Oracle products.
|
|
17 Apr 2024 | VULN202 | Atlassian : Security Bulletin - April 16 2024 | Systems running Bamboo Data Center and Server, Confluence Data Center and Server, Jira Software Data Center and Server, Jira Service Management Data Center and Server.
|
|
17 Apr 2024 | VULN201 | Palo Alto : CVE-2024-3400 PAN-OS OS Command Injection Vulnerability in GlobalProtect | PAN-OS versions prior to 11.1.0-h3, 11.1.1-h1, 11.1.2-h3, 11.0.2-h4, 11.0.3-h10, 11.0.4-h1, 10.2.5-h6, 10.2.6-h3, 10.2.7-h8, 10.2.8-h3, 10.2.9-h1.
|
|
16 Apr 2024 | VULN200 | Citrix : XenServer and Citrix Hypervisor Security Update for CVE-2023-46842, CVE-2024-2201 and CVE-2024-31142 | Systems running XenServer, Citrix Hypervisor.
|
|
16 Apr 2024 | VULN199 | Argo CD : Argo CD's API server does not enforce project sourceNamespaces | Systems running Argo CD versions prior to 2.8.16, 2.9.12, 2.10.7.
|
|
15 Apr 2024 | VULN198 | Apache : Apache CloudStack Security Releases 4.18.1.1 and 4.19.0.1 | Systems running Apache CloudStack versions prior to 4.18.1.1, 4.19.0.1.
|
|
15 Apr 2024 | VULN197 | Apache : CVE-2024-31309 Apache Traffic Server HTTP/2 CONTINUATION frames can be utilized for DoS attack | Systems running Apache Traffic Server versions prior to 8.1.10, 9.2.4.
|
|
15 Apr 2024 | VULN196 | Apache : CVE-2024-27309 Apache Kafka Potential incorrect access control during migration from ZK mode to KRaft mode | Systems running Apache Kafka versions 3.5.0, 3.5.1, 3.5.2, 3.6.0, 3.6.1.
|
|
15 Apr 2024 | VULN195 | Haskell : process command injection via argument list on Windows | Windows running process library versions prior to 1.6.19.0.
|
|
15 Apr 2024 | VULN194 | PHP : PHP 8.3.6, 8.2.18, 8.1.28 | Systems running PHP versions prior to 8.3.6, 8.2.18, 8.1.28.
|
|
12 Apr 2024 | VULN193 | Gitlab : GitLab Patch Release: 16.10.2, 16.9.4, 16.8.6 | Systems running GitLab versions prior to 16.10.2, 16.9.4, 16.8.6.
|
|
12 Apr 2024 | VULN192 | Apache : CVE-2024-31391 Apache Solr Operator Solr-Operator liveness and readiness probes may leak basic auth credentials | Systems running Apache Solr versions prior to 0.8.1.
|
|
12 Apr 2024 | VULN191 | Palo Alto : CVE-2024-3400 PAN-OS OS Command Injection Vulnerability in GlobalProtect Gateway | PAN-OS versions prior to 11.1.2-h3, 11.0.4-h1, 10.2.9-h1.
|
|
11 Apr 2024 | VULN190 | Fortinet : FortiClientMac - Lack of configuration file validation | MacOS running FortiClientMac versions prior to 7.2.4, 7.0.11.
|
|
11 Apr 2024 | VULN189 | Fortinet : FortiClient Linux Remote Code Execution due to dangerous nodejs configuration | Linux running FortiClient versions prior to 7.2.1, 7.0.11.
|
|
11 Apr 2024 | VULN188 | Google : Chrome Stable channel updated to 123.0.6312.122/.123 | Systems running Google chrome versions prior to 123.0.6312.122/.123.
|
|
11 Apr 2024 | VULN187 | CERT/CC : Multiple programming languages fail to escape arguments properly in Microsoft Windows | Windows.
|
|
11 Apr 2024 | VULN186 | Xen : x86 Incorrect logic for BTC/SRSO mitigations | Systems running Xen versions prior to 4.18.2, 4.17.4, 4.16.6, 4.15.6.
|
|
11 Apr 2024 | VULN185 | WordPress : WordPress 6.5.2 Maintenance and Security Release | Systems running WordPress versions prior to 6.5.2.
|
|
11 Apr 2024 | VULN184 | Rust : Security advisory for the standard library (CVE-2024-24576) | Systems running Rust versions prior to 1.77.2.
|
|
11 Apr 2024 | STAT14 | |
|
|
9 Apr 2024 | VULN183 | Apache : Multiple vulnerabilities fixed in Apache Zeppelin | Systems running Apache Zeppelin versions prior to 0.11.0.
|
|
9 Apr 2024 | VULN182 | Xen : x86 HVM hypercalls may trigger Xen bug check | Systems running Xen versions from at least 3.2 onwards.
|
|
9 Apr 2024 | VULN181 | SAP : SAP Security Patch Day - April 2024 | Systems running SAP products.
|
|
9 Apr 2024 | VULN180 | Envoy Proxy : CPU and memory exhaustion due to CONTINUATION frame flood | Systems running Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, 1.26.8.
|
|
9 Apr 2024 | VULN179 | OpenSSL : Unbounded memory growth with session handling in TLSv1.3 (CVE-2024-2511) | Systems running OpenSSL versions prior to 3.2.2, 3.1.6, 3.0.14, 1.1.1y.
|
|
8 Apr 2024 | VULN178 | Go : Go 1.22.2 and Go 1.21.9 are released | Systems running Go versions prior to 1.22.2, 1.21.9.
|
|
5 Apr 2024 | VULN177 | Mozilla: Security Vulnerabilities fixed in Firefox for iOS 124 | iOS running Firefox for iOS versions prior to 124.
|
|
5 Apr 2024 | VULN176 | pgAdmin 4 : 2024-04-04 - pgAdmin 4 v8.5 Released | Systems running pgAdmin 4 versions prior to 8.5.
|
|
5 Apr 2024 | VULN175 | Apache : CVE-2024-29834 Apache Pulsar Improper Authorization For Namespace and Topic Management Endpoints | Systems running Apache Pulsar versions prior to 3.0.4, 3.2.2.
|
|
5 Apr 2024 | VULN174 | Yubico: Security Advisory YSA-2024-01 YubiKey Manager Privilege Escalation | Systems running YubiKey Manager GUI versions prior to 1.2.6.
|
|
5 Apr 2024 | VULN173 | Apache : HTTP response splitting and HTTP/2 DoS vulnerabilities fixed | Systems running Apache versions prior to 2.4.59.
|
|
5 Apr 2024 | VULN172 | X.Org: Issues in X.Org X server prior to 21.1.12 and Xwayland prior to 23.2.5 | Systems running X.Org X server versions prior to 21.1.12, Xwayland versions prior to 23.2.5.
|
|
5 Apr 2024 | VULN171 | CERT/CC: CERT/CC VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks | Systems implementing HTTP/2.
|
|
4 Apr 2024 | VULN170 | Ivanti : New CVE-2024-21894 (Heap Overflow), CVE-2024-22052 (Null Pointer Dereference), CVE-2024-22053 (Heap Overflow) and CVE-2024-22023 (XML entity expansion or XXE) for Ivanti Connect Secure and Ivanti Policy Secure Gateways | Systems running Ivanti Connect Secure versions prior to 22.1R6.2, 22.2R4.2, 22.3R1.2, 22.4R1.2, 22.4R2.4, 22.5R1.3, 22.5R2.4, 22.6R2.3, 9.1R14.6, 9.1R15.4, 9.1R16.4, 9.1R17.4, 9.1R18.5, Ivanti Policy Secure versions prior to 22.4R1.2, 22.5R1.3, 22.6R1.2, 9.1R16.4, 9.1R17.4, 9.1R18.5.
|
|
4 Apr 2024 | VULN169 | Cisco : Cisco Security Advisories Published on April 03, 2024 | Systems running Cisco products.
|
|
3 Apr 2024 | VULN168 | Node.js : Wednesday, April 3, 2024 Security Releases | Systems running Node.js versions prior to 20.12.1, 21.7.11, 18.20.1.
|
|
3 Apr 2024 | VULN167 | VMware : VMware SD-WAN Edge and SD-WAN Orchestrator updates address multiple security vulnerabilities | Systems running VMware SD-WAN (Edge) versions prior to 5.0.1+, 4.5.1+, VMware SD-WAN (Orchestrator) versions prior to 5.0.1+.
|
|
3 Apr 2024 | STAT13 | |
|
|
29 Mar 2024 | VULN166 | Splunk : Multiple vulnerabilities fixed in Splunk | Systems running Splunk Enterprise versions prior to 9.2.1, 9.1.4, 9.0.9, Splunk Cloud Platform.
|
|
29 Mar 2024 | VULN165 | Wireshark : wnpa-sec-2024-06 - T.38 dissector crash | Systems running Wireshark versions prior to 4.2.4, 4.0.14.
|
|
29 Mar 2024 | VULN164 | Gitlab : GitLab Security Release: 16.10.1, 16.9.3, 16.8.5 | Systems running GitLab versions prior to 16.10.1, 16.9.3, 16.8.5.
|
|
29 Mar 2024 | VULN163 | Buildah : CVE-2024-1753 container escape at build time | Systems running buildah versions prior to 1.35.1, 1.34.3, 1.33.7.
|
|
29 Mar 2024 | VULN162 | Serverpod : Client accepts any certificate and Improved security for stored password hashes | Systems running serverpod_client versions prior to 1.2.6, serverpod_auth_server (Dart) versions prior to 1.2.6.
|
|
29 Mar 2024 | VULN161 | Jupyterhub : XSS in JupyterHub via Self-XSS leveraged by Cookie Tossing | Systems running jupyterhub (pip) versions prior to 4.1.0.
|
|
29 Mar 2024 | VULN160 | Podman : CVE-2024-1753 container escape at build time | Systems running Podman versions prior to 4.9.4, 5.0.1.
|
|
28 Mar 2024 | VULN159 | APPLE : APPLE-SA-03-25-2024-1 Safari 17.4.1 | Systems running Safari versions prior to 17.4.1.
|
|
28 Mar 2024 | VULN158 | APPLE : APPLE-SA-03-25-2024 macOS Ventura 13.6.6 and Sonoma 14.4.1 | macOS versions prior to 13.6.6, 14.4.1.
|
|
28 Mar 2024 | VULN157 | APPLE : APPLE-SA-03-25-2024 iOS and iPadOS 16.7.7 and 17.4.1 | iOS, iPadOS versions prior to 16.7.7, 17.4.1.
|
|
28 Mar 2024 | VULN156 | Cilium : Intermittent HTTP policy bypass | Systems running Cilium versions prior to 1.13.13, 1.14.8, 1.15.2.
|
|
28 Mar 2024 | VULN155 | Elastic : Elasticsearch 8.13.0 and 7.17.19 Security Updates | Systems running Elasticsearch versions prior to 8.13.0, 7.17.19.
|
|
27 Mar 2024 | VULN154 | Cisco : Cisco Security Advisories Published on March 27, 2024 | Systems running Cisco IOS XE, Cisco IOS, Cisco Access Point Software, Cisco Aironet Access Point Software, Cisco Catalyst Center Software.
|
|
27 Mar 2024 | VULN153 | Nagios XI : Nagios XI 2024R1.1 fix XSS issue | Systems running Nagios XI versions prior to 2024R1.1.
|
|
27 Mar 2024 | VULN152 | Red Hat : Red Hat OpenShift GitOps 1.10.2 and 1.9.4 security update | Systems running Red Hat OpenShift GitOps versions prior to 1.10.2, 1.9.4.
|
|
27 Mar 2024 | STAT12 | |
|
|
27 Mar 2024 | VULN151 | Google : Chrome Stable channel updated to 123.0.6312.86/.87 | Systems running Chrome versions prior to 123.0.6312.86/.87.
|
|
27 Mar 2024 | VULN150 | TinyMCE : TinyMCE Cross-Site Scripting (XSS) vulnerabilities fixed | Systems running TinyMCE versions prior to 7.0.0.
|
|
27 Mar 2024 | VULN149 | Grafana : Users outside an organization can delete a snapshot with its key | Systems running Grafana versions prior to 9.5.18, 10.0.13, 10.1.9, 10.2.6, 10.3.5.
|
|
27 Mar 2024 | VULN148 | Apache : CVE-2024-29735 Apache Airflow Potentially harmful permission changing by log task handler | Systems running Apache Airflow versions prior to 2.8.4.
|
|
27 Mar 2024 | VULN147 | curl : Multiple vulnerabilities fixed in curl 8.7.0 | Systems running curl versions prior to 8.7.0.
|
|
26 Mar 2024 | VULN146 | Shibboleth : CAS service URL handling vulnerable to Server-Side Request Forgery | Systems running Shibboleth Identity Provider versions prior to 5.1.1, 4.3.2.
|
|
26 Mar 2024 | VULN145 | Tenable : Stand-alone Security Patch Available for Tenable Security Center versions 5.23.1, 6.1.1, 6.2.0 and 6.2.1 | Systems running Tenable Security Center versions prior to 5.23.1, 6.1.1, 6.2.0, 6.2.1.
|
|
26 Mar 2024 | VULN144 | Ruby : Security Vulnerabilities fixed in Firefox ESR 115.9.1, 124.0.1 | Systems running RDoc gem versions prior to 6.3.4.1, 6.4.1.1, 6.5.1.1, 6.6.3.1.
|
|
26 Mar 2024 | VULN143 | Ruby : CVE-2024-27280 Buffer overread vulnerability in StringIO | Systems running StringIO gem versions prior to 3.0.3.
|
|
26 Mar 2024 | VULN142 | WebKit : Security Vulnerabilities fixed in WebKitGTK, WPE WebKit 2.44.0 | Systems running WebKitGTK, WPE WebKit versions prior to 2.44.0.
|
|
25 Mar 2024 | VULN141 | Mozilla : Security Vulnerabilities fixed in Firefox ESR 115.9.1, 124.0.1 | Systems running Firefox versions prior to ESR 115.9.1, 124.0.1.
|
|
25 Mar 2024 | VULN140 | Spring : CVE-2024-22258 PKCE Downgrade in Spring Authorization Server | Systems running jupyter-server-proxy (pip) versions prior to 4.1.1, 3.2.3.
|
|
22 Mar 2024 | VULN139 | jupyter-server : Unauthenticated Websocket Proxying with jupyter-server-proxy | Systems running jupyter-server-proxy (pip) versions prior to 4.1.1, 3.2.3.
|
|
22 Mar 2024 | VULN138 | Apache : CVE-2024-27438 Apache Doris remote command execution and Possible race condition | Systems running Apache Doris versions prior to 2.0.5, 2.1.x.
|
|
22 Mar 2024 | VULN137 | Apache : CVE-2024-27439 Apache Wicket Possible bypass of CSRF protection | Systems running Apache Wicket versions prior to 9.17.0, 10.0.0.
|
|
21 Mar 2024 | VULN136 | Apache : Apache Archiva Vulnerabilities | Systems running Apache Archiva.
|
|
21 Mar 2024 | VULN135 | Apache : CVE-2024-28752 Apache CXF SSRF Vulnerability using the Aegis databinding | Systems running Apache CXF versions prior to 4.0.4, 3.6.3, 3.5.8.
|
|
21 Mar 2024 | VULN134 | Apache : Apache Commons Configuration vulnerabilities fixed | Systems running Apache Commons Configuration versions prior to 2.10.1.
|
|
21 Mar 2024 | VULN133 | Python : Vulnerabilities fixed in Python 3.10.14, 3.9.19, 3.8.19 | Systems running Python versions prior to 3.10.14, 3.9.19, 3.8.19.
|
|
21 Mar 2024 | VULN132 | Apache : CVE-2024-23944 Apache ZooKeeper Information disclosure in persistent watcher handling | Systems running Jenkins weekly versions prior to 2.444, Jenkins LTS versions prior to 2.440.1.
|
|
21 Mar 2024 | VULN131 | glpi : Multiple vulnerabilities fixed in glpi 10.0.13 | Systems running glpi versions prior to 10.0.13.
|
|
20 Mar 2024 | STAT11 | |
|
|
15 Mar 2024 | VULN130 | Apache : CVE-2024-23944 Apache ZooKeeper Information disclosure in persistent watcher handling | Systems running Apache ZooKeeper versions prior to 3.9.2, 3.8.4.
|
|
15 Mar 2024 | VULN129 | Palo Alto : CVE-2024-2433 PAN-OS Improper Privilege Management Vulnerability in Panorama Software | Panorama on PAN-OS versions prior to 9.0.17-h4, 9.1.18, 10.1.12, 10.2.11, 11.0.4.
|
|
15 Mar 2024 | VULN128 | Palo Alto : CVE-2024-2432 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability | Systems running GlobalProtect App versions prior to 6.2.1, 6.1.2, 6.0.8, 5.1.12.
|
|
15 Mar 2024 | VULN127 | Apache : Multiple Vulnerabilities fixed in Apache Pulsar | Systems running Apache Pulsar versions prior to 2.10.6, 2.11.4, 3.0.3, 3.1.3, 3.2.1.
|
|
15 Mar 2024 | VULN126 | Apache : Vulnerability in custom, long deprecated OpenID (NOT OIDC) authentication method in Flask AppBuilder | Systems running Apache Airflow versions prior to 2.8.2.
|
|
14 Mar 2024 | VULN125 | Apache : Vulnerability in custom, long deprecated OpenID (NOT OIDC) authentication method in Flask AppBuilder | Systems running Apache Airflow versions prior to 2.8.2.
|
|
14 Mar 2024 | VULN124 | Apache : Apache Tomcat - Denial of Service Vulnerabilities | Systems running Apache Tomcat versions prior to 11.0.0-M17, 10.1.19, 9.0.86, 8.5.99.
|
|
14 Mar 2024 | VULN123 | Cisco : Cisco Security Advisories Published on March 13, 2024 | Cisco IOS XR Software versions prior to 7.9.2, 7.10.1.
|
|
14 Mar 2024 | VULN122 | Directus : URL Redirection to Untrusted Site and Session Token in URL | Systems running directus versions prior to 10.10.0.
|
|
13 Mar 2024 | VULN121 | Fortinet : FortiWLM MEA for FortiManager - improper access control in backup and restore features | Systems running FortiWLM MEA for FortiManager versions prior to 7.4.1,7.2.4, 7.0.11, 6.4.14.
|
|
13 Mar 2024 | VULN120 | Xen : Register File Data Sampling and GhostRace: Speculative Race Conditions | Systems running Xen.
|
|
13 Mar 2024 | VULN119 | Fortinet : Vulnerabilities fixed in FortiClientEMS | Systems running FortiClientEMS versions prior to 7.2.3, 7.0.11.
|
|
13 Mar 2024 | VULN118 | Fortinet : Multiple vulnerabilities fixed in FortiOS & FortiProxy | FortiOS versions prior to 7.4.2, 7.2.7, 7.0.13, 6.4.15, 6.2.16, FortiProxy versions prior to 7.4.3, 7.2.9, 7.0.15, 2.0.14.
|
|
13 Mar 2024 | VULN117 | Google : Chrome Stable channel updated to 122.0.6261.128/.129 | Systems running Google Chrome versions prior to 122.0.6261.128/.129.
|
|
13 Mar 2024 | VULN116 | Citrix : Citrix SDWAN Security Bulletin for CVE-2024-2049 | Systems running Citrix SDWAN.
|
|
13 Mar 2024 | VULN115 | Citrix : Citrix Hypervisor Security Update for CVE-2023-39368 and CVE-2023-38575 | Systems running Citrix Hypervisor.
|
|
12 Mar 2024 | VULN114 | OpenStack : Unresolved Vulnerability in OpenStack Murano | Systems running OpenStack Murano.
|
|
12 Mar 2024 | VULN113 | Go : Go 1.22.1 and Go 1.21.8 are released | Systems running Go versions prior to 1.22.1, 1.21.8.
|
|
12 Mar 2024 | VULN112 | Rancher API Server: XSS Vulnerability in API Server | Systems running Rancher API Server versions prior to 4fd7d82 (master), 69b3c2b (release/v2.8), a3b9e37 (release/v2.8.s3), 4e102cf (release/v2.7), 97a10a3 (release/v2.7.s3), 4df268e (release/v2.6).
|
|
12 Mar 2024 | VULN111 | Rancher : Multiple vulnerabilities fixed in Rancher 2.6.14, 2.7.10 and 2.8.2 | Systems running Rancher versions prior to 2.6.14, 2.7.10, 2.8.2.
|
|
12 Mar 2024 | VULN110 | TYPO3 : Multiple vulnerabilities fixed in TYPO3 | Systems running TYPO3 CMS versions prior to 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1.
|
|
12 Mar 2024 | VULN109 | Moodle : Multiple vulnerabilities fixed in Moodle 4.3.3, 4.2.6, 4.1.9 | Systems running Moodle versions prior to 4.3.3, 4.2.6, 4.1.9).
|
|
12 Mar 2024 | VULN108 | Grafana : User with permissions to create a data source can CRUD all data sources | Systems running Grafana versions prior to 9.5.7, 10.0.12, 10.1.8, 10.2.5, 10.3.4.
|
|
11 Mar 2024 | VULN107 | APPLE : APPLE-SA-03-07-2024-6 tvOS 17.4 | tvOS versions prior to 17.4.
|
|
11 Mar 2024 | VULN106 | APPLE : APPLE-SA-03-07-2024-5 watchOS 10.4 | Systems running watchOS versions prior to 10.4.
|
|
11 Mar 2024 | VULN105 | APPLE : APPLE-SA-03-07-2024-1 Safari 17.4 | Systems running Safari versions prior to 17.4.
|
|
11 Mar 2024 | VULN104 | APPLE : Multiple vulnerabilities fixed in macOS Monterey, Ventura, Sonoma | Systems running macOS versions prior to Monterey 12.7.4, Ventura 13.6.5, Sonoma 14.4
|
|
11 Mar 2024 | VULN103 | TeamCity : Additional Critical Security Issues Affecting TeamCity On-Premises (CVE-2024-27198 and CVE-2024-27199) | Systems running TeamCity On-Premises versions prior to 2023.11.4.
|
|
10 Mar 2023 | STAT10 | |
|
|
8 Mar 2024 | VULN102 | Nagios XI : Multiple vulnerabilities fixed in 2024R1.0.2 | Systems running Nagios XI versions prior to 2024R1.0.2.
|
|
8 Mar 2024 | VULN101 | Apache : Apache Camel issue on ExchangeCreatedEvent and Camel-SQL, Camel-CassandraQL Unsafe Deserialization | Systems running Apache Camel versions prior to 3.21.4, 3.22.1, 4.0.4, 4.4.0.
|
|
8 Mar 2024 | VULN100 | GitLab : GitLab Security Release 16.9.2, 16.8.4, 16.7.7 | Systems running GitLab versions prior to 16.9.2, 16.8.4, 16.7.7.
|
|
8 Mar 2024 | VULN099 | Joomla! : Multiple security vulnerabilities fixed in Joomla! 4.4.3, 5.0.3, 3.7.0-3.10.14-elts | Systems running Joomla! versions prior to 3.10.15-elts, 4.4.3, 5.0.3.
|
|
8 Mar 2024 | VULN098 | PostgreSQL : PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 Released! | Systems running PostgreSQL versions prior to 16.2, 15.6, 14.11, 13.14, 12.18.
|
|
8 Mar 2024 | VULN097 | PostgreSQL JDBC Driver : SQL Injection via line comment generation | Systems running PostgreSQL JDBC Driver versions prior to 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, 42.2.28, 42.2.28.jre7.
|
|
8 Mar 2024 | VULN096 | Node.js : Multiple vulnerabilities fixed in Node.js | Systems running Node.js.
|
|
8 Mar 2024 | VULN095 | BuildKit : Multiple vulnerabilities fixed in BuildKit 0.12.5 | Systems running BuildKit versions prior to 0.12.5.
|
|
8 Mar 2024 | VULN094 | Django : Django security releases issued: 5.0.3, 4.2.11, and 3.2.25 | Systems running Django versions prior to 5.0.3, 4.2.11, 3.2.25.
|
|
8 Mar 2024 | VULN093 | Mozilla : Security Vulnerabilities fixed in Thunderbird 115.8.1 | Systems running Thunderbird versions prior to 115.8.1.
|
|
8 Mar 2024 | VULN092 | Google : Stable Channel for Desktop Updated to 122.0.6261.111/.112 | Systems running Google Chrome versions prior to 122.0.6261.111/.112.
|
|
7 Mar 2024 | VULN091 | Vmware : VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities | Systems running VMware ESXi, VMware Workstation, VMware Fusion, VMware Cloud Foundation.
|
|
7 Mar 2024 | VULN090 | Jenkins : Jenkins Security Advisory 2024-03-06 | Systems running Jenkins plugins.
|
|
7 Mar 2024 | VULN089 | APPLE : iOS 17.4, 16.7.6 and iPadOS 17.4, 16.7.6 | iOS, iPadOS versions prior to 17.4, 16.7.6.
|
|
3 Mar 2023 | STAT09 | |
|
|
28 Feb 2024 | STAT08 | |
|
|
23 Feb 2024 | VULN088 | : ConnectWise ScreenConnect Authentication Bypass and remote code execution | Systems running ScreenConnect 23.9.7 and prior
|
|
23 Feb 2024 | VULN087 | : Microsoft Exchange Server Elevation of Privilege Vulnerability | Systems running Microsoft Exchange Server 2019 Cumulative Update 14, Microsoft Exchange Server 2019 Cumulative Update 13 and Microsoft Exchange Server 2016 Cumulative Update 23
|
|
23 Feb 2024 | VULN086 | : Microsoft Outlook Remote Code Execution Vulnerability | Systems running Microsoft Office 2016, Microsoft Office 2019, Microsoft Office LTSC 2021 and Microsoft Office LTSC 2021
|
|
21 Feb 2024 | STAT07 | |
|
|
17 Feb 2023 | VULN085 | (graphql-mesh : Unwanted access to | Systems running graphql-mesh/cli versions prior to 0.82.22, graphql-mesh/http versions prior to 0.3.19.
|
|
15 Feb 2024 | STAT06 | |
|
|
9 Feb 2024 | VULN084 | FortiOS - Out-of-bound Write in sslvpnd | FortiOS - Out-of-bound Write in sslvpnd
|
|
9 Feb 2024 | VULN083 | : FortiOS - Format String Bug in fgfmd | FortiOS - Format String Bug in fgfmd
|
|
9 Feb 2024 | VULN082 | Ivanti : CVE-2024-22024 (XXE) for Ivanti Connect Secure and Ivanti Policy Secure Gateways | Systems running Ivanti Connect Secure (ICS), Ivanti Policy Secure gateways, Ivanti Neurons for ZTA gateways.
|
|
17 Feb 2023 | VULN081 | (TimescaleDB : TimescaleDB 2.8.0 | Systems running TimescaleDB versions prior to 2.9.3.
|
|
8 Feb 2024 | VULN080 | Cisco : Cisco Critical and High Security Advisories Published on February 07, 2024 | Cisco Systems running Cisco Expressway Series, ClamAV.
|
|
8 Feb 2024 | STAT05 | |
|
|
2 Feb 2024 | VULN079 | Splunk : Security Updates in Splunk Add-on Builder | Systems running Splunk Add-on Builder versions prior to 4.1.4.
|
|
2 Feb 2024 | VULN078 | glpi : LDAP Injection during authentication and Reflected XSS in reports pages | Systems running glpi versions prior to 10.0.12.
|
|
2 Feb 2024 | VULN077 | Moby : Classic builder cache poisoning | Systems running moby versions prior to 25.0.2, 24.0.9.
|
|
2 Feb 2024 | VULN076 | Mastodon : Remote user impersonation and takeover | Systems running Mastodon versions prior to 3.5.17, 4.0.13, 4.1.13, 4.2.5.
|
|
1 Feb 2024 | VULN075 | Google : Stable Channel for Desktop Updated to 121.0.6167.139 | Systems running Google chrome versions prior to 1.1.12.
|
|
1 Feb 2024 | VULN074 | runc : several container breakouts due to internally leaked fds | Systems running runc versions prior to 1.1.12.
|
|
1 Feb 2024 | STAT04 | |
|
|
31 Jan 2024 | VULN073 | ESET : Unquoted path privilege vulnerability in ESET products for Windows fixed | Systems running ESET Endpoint Security, ESET Endpoint Antivirus versions prior to 11.0.2032.x, ESET NOD32 Antivirus, ESET Internet Security and ESET Smart Security Premium versions prior to 17.0.15.0, ESET Mail Security for Microsoft Exchange Server versions prior to 10.1.10012.0.
|
|
31 Jan 2024 | VULN072 | Spring : local information disclosure via temporary directory created with unsafe permissions | Systems running Spring Cloud Contract versions prior to 3.1.10, 4.0.5, 4.1.1.
|
|
31 Jan 2024 | VULN071 | WordPress : WordPress 6.4.3 - Maintenance and Security release | Systems running WordPress versions prior to 6.4.3.
|
|
31 Jan 2024 | VULN070 | CrateDB : CrateDB database has an arbitrary file read vulnerability | Systems running CrateDB versions prior to 5.3.9, 5.4.8, 5.5.4, 5.6.1.
|
|
31 Jan 2024 | VULN069 | Apache : CVE-2023-29055 Apache Kylin: Insufficiently protected credentials in config file | Systems running Apache Kylin versions prior to 4.0.4.
|
|
31 Jan 2024 | VULN068 | curl : OCSP verification bypass with TLS session reuse | Systems running curl versions 8.5.x prior to 8.6.0.
|
|
30 Jan 2024 | VULN067 | Xen : Unauthorized memory access and VT-d Failure to quarantine devices fixed | Systems running Xen.
|
|
26 Jan 2024 | VULN066 | Mozilla : Security Vulnerabilities fixed in Thunderbird 115.7 | Systems running Thunderbird versions prior to 115.7.
|
|
26 Jan 2024 | VULN065 | Mozilla : Multiple vulnerabilities fixed in Firefox 122, ESR 115.7 | Systems running Firefox versions prior to 122, ESR 115.7.
|
|
26 Jan 2024 | VULN064 | OpenSSL : OpenSSL Security Advisory [25th January 2024] | Systems running OpenSSL versions prior to 3.2.1, 3.1.5, 3.0.13, 1.1.1x, 1.0.2zj.
|
|
26 Jan 2024 | VULN063 | Google : Stable Channel 121.0.6167.85 Update for Desktop | Google Chrome versions prior to 121.0.6167.85.
|
|
25 Jan 2024 | VULN062 | APPLE : APPLE-SA-01-22-2024-8 watchOS 10.3 | watchOS versions prior to 10.3.
|
|
25 Jan 2024 | VULN061 | APPLE : APPLE-SA-01-22-2024-1 Safari 17.3 | Systems running Safari versions prior to 17.3.
|
|
25 Jan 2024 | VULN060 | APPLE : macOS Ventura 13.6.4, Monterey 12.7.3 | macOS versions prior to Ventura 13.6.4, Monterey 12.7.3.
|
|
25 Jan 2024 | VULN059 | APPLE : APPLE-SA-01-22-2024-2 iOS 17.3, 16.7.5 and iPadOS 17.3, 16.7.5 | iOS, iPadOS versions prior to 17.3, 16.7.5.
|
|
25 Jan 2024 | VULN058 | Apache : Apache Superset vulnerabilities fixed | Systems running Apache Superset versions prior to 3.0.3, Apache Superset Helm chart versions prior to 0.10.15.
|
|
25 Jan 2024 | VULN057 | Apache : Apache Airflow CNCF Kubernetes provider, Apache Airflow Kubernetes configuration file vulnerafitily | Systems running Apache Airflow versions prior to 2.6.1, Apache Airflow CNCF Kubernetes provider versions prior to 7.0.0.
|
|
25 Jan 2024 | VULN056 | Xen : Linux netback processing of zero-length transmit fragment | Systems running Xen.
|
|
25 Jan 2024 | VULN055 | SQUID : SQUID-2023:11 Denial of Service in Cache Manager | Systems running SQUID versions prior to 6.6.
|
|
25 Jan 2024 | VULN054 | Citrix : Citrix Hypervisor Security Bulletin for CVE-2023-46838 | Systems running Citrix Hypervisor versions 8.2 CU1 LTSR .
|
|
24 Jan 2024 | VULN053 | Jenkins : Jenkins Security Advisory 2024-01-24 | Systems running Jenkins (core), Git server Plugin, GitLab Branch Source Plugin, Log Command Plugin, Matrix Project Plugin, Qualys Policy Compliance Scanning Connector Plugin, Red Hat Dependency Analytics Plugin.
|
|
24 Jan 2024 | VULN052 | Cisco : Cisco Security Advisories Published on January 24, 2024 | Systems running Cisco Unified Communications, Products, Cisco Small Business Series Switches firmware, Cisco Unity products.
|
|
24 Jan 2024 | VULN051 | Atlassian : January 2024 Security Bulletin | Systems running Confluence Data Center and Server versions prior to 7.19.18, 8.5.5, 8.7.2, Confluence Server versions prior to 7.19.18, 8.5.5, Crowd Data Center and Server versions prior to 5.2.2, Jira Service Management Data Center and Server versions prior to 4.20.30, 5.4.15, 5.12.2, Jira Data Center and Server versions prior to 9.4.13, 9.7.0, Bamboo Data Center and Server versions prior to 9.2.9, 9.3.6, 9.4, Bitbucket Server versions prior to 7.21.21, 8.9.9, 8.13.5, 8.14.4, Bitbucket Data Center versions prior to 7.21.21, 8.9.9, 8.13.5, 8.14.4, 8.15.3, 8.16.2, 8.17.0.
|
|
24 Jan 2024 | STAT03 | |
|
|
22 Jan 2024 | VULN050 | gnutls : gnutls 3.8.3 fix vulnerabilities | Systems running gnutls versions prior to 3.8.3.
|
|
22 Jan 2024 | VULN049 | Postfix : Postfix stable release 3.8.5, 3.7.10, 3.6.14, 3.5.24 | Systems running Postfix versions prior to 3.8.5, 3.7.10, 3.6.14, 3.5.24.
|
|
22 Jan 2024 | VULN048 | Argo CD : Cross-Site Request Forgery (CSRF) in github.com/argoproj/argo-cd | Systems running Argo CD versions prior to 2.10-rc2, 2.9.4, 2.8.8, 2.7.16.
|
|
22 Jan 2024 | VULN047 | Jupyterlab : Potential authentication, CSRF tokens leak and SXSS in Markdown Preview | Systems running jupyterlab (pip) versions prior to 4.0.11, 3.6.7, notebook (pip) versions prior to 7.0.7.
|
|
22 Jan 2024 | VULN046 | Exim : Exim 4.97.1 fix SMTP smuggling vulnerability | Systems running Exim versions prior to 4.97.1.
|
|
22 Jan 2024 | VULN045 | Apache : CVE-2023-46589 Apache Tomcat - Information Disclosure | Systems running Apache Tomcat versions prior to 9.0.44, 8.5.64.
|
|
18 Jan 2024 | VULN044 | Synology : Synology-SA-24:01 DSM DiskStation Manager | DSM 7.2 versions prior to 7.2-64561, DSM 7.1, DSM 6.2, DSMUC 3.1 versions prior to 3.1.2-23068.
|
|
18 Jan 2024 | VULN043 | SonicWall : SFPMonitor.sys KOOB Write vulnerability | Systems running SonicWall Capture Client versions prior to 3.7.11, SonicWall NetExtender Windows Client versions prior to 10.2.338.
|
|
18 Jan 2024 | VULN042 | X.Org : Issues in X.Org X server prior to 21.1.11 and Xwayland prior to 23.2.4 | Systems running X.Org versions prior to 21.1.11, Xwayland versions prior to 23.2.4.
|
|
18 Jan 2024 | VULN041 | Drupal : Drupal core - Moderately critical - Denial of Service - SA-CORE-2024-001 | Systems running Drupal core versions prior to 10.2.2, 10.1.8.
|
|
17 Jan 2024 | VULN040 | Citrix : Citrix StoreFront Security Bulletin for CVE-2023-5914 | Systems running Citrix StoreFront versions prior to 2308.1, 2311, 1912 LTSR CU8 hotfix 3.22.8001.2, 2203 LTSR CU4 Update 1.
|
|
17 Jan 2024 | VULN039 | Google : Google Chrome 120.0.6099.234 fix multiple vulnerabilities | Systems running Google Chrome versions prior to 120.0.6099.234.
|
|
17 Jan 2024 | VULN038 | Oracle : January 2024 Critical Patch Update Released | Systems running Oracle’s products.
|
|
17 Jan 2024 | VULN037 | Vmware : VMware Aria Automation updates address a Missing Access Control vulnerability (CVE-2023-34063) | Systems running VMware Aria Automation versions prior to 8.14.1 + Patch, 8.13.1 + Patch, 8.12.2 + Patch, 8.11.2 + Patch, VMware Cloud Foundation (Aria Automation).
|
|
17 Jan 2024 | VULN036 | Citrix : Citrix Session Recording Security Bulletin for CVE-2023-6184 | Systems running Citrix Virtual Apps and Desktops versions prior to 2311, 1912 LTSR CU8 hotfix 19.12.8100.4, 2203 LTSR CU4.
|
|
17 Jan 2024 | VULN035 | Citrix : NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549 | Systems running Citrix NetScaler ADC and NetScaler Gateway versions prior to 14.1-12.35, 13.1-51.15, 13.0-92.21, NetScaler ADC versions prior to 13.1-FIPS 13.1-37.176, 12.1-FIPS 12.1-55.302, 12.1-NDcPP 12.1-55.302.
|
|
17 Jan 2024 | STAT02 | |
|
|
16 Jan 2024 | VULN034 | Apache : CVE-2023-50290 Apache Solr allows read access to host environment variables | Systems running Apache Solr versions prior to 9.3.0.
|
|
16 Jan 2024 | VULN033 | Apache : CVE-2023-46749 Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a path traversal attack | Systems running Apache Shiro versions prior to 1.13.0+, 2.0.0-alpha-4+.
|
|
16 Jan 2024 | VULN032 | OpenSSL : Excessive time spent checking invalid RSA public keys (CVE-2023-6237) | Systems running OpenSSL versions 3.0.0 to 3.0.12, 3.1.0 to 3.1.4 and 3.2.0
|
|
12 Jan 2024 | VULN031 | Ivanti : CVE-2023-46805 (Authentication Bypass) & CVE-2024-21887 (Command Injection) for Ivanti Connect Secure and Ivanti Policy Secure Gateways | Systems running Ivanti Connect Secure (ICS), Ivanti Policy Secure gateways, Ivanti Neurons for ZTA gateways.
|
|
12 Jan 2024 | VULN030 | Ivanti : SA-2023-12-19-CVE-2023-39336 | Systems running Ivanti Endpoint Manager versions prior to 2022 SU5.
|
|
12 Jan 2024 | VULN029 | GitLab : GitLab Critical Security Release 16.7.2, 16.6.4, 16.5.6 | Systems running GitLab versions prior to 16.7.2, 16.6.4, 16.5.6.
|
|
12 Jan 2024 | VULN028 | SPIP : Mise à jour de maintenance et sécurité sortie de SPIP 4.2.8, SPIP 4.1.14 | Systems running SPIP versions prior to 4.2.8, 4.1.14.
|
|
11 Jan 2024 | VULN027 | GitPython : Untrusted search path under some conditions on Windows allows arbitrary code execution | Systems running GitPython versions prior to 3.1.41.
|
|
11 Jan 2024 | VULN026 | go-git : Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients | Systems running go-git versions prior to 5.11.
|
|
11 Jan 2024 | VULN025 | Cisco : Cisco Security Advisories Published on January 10, 2024 | Systems running Cisco Unity Connection, Cisco WAP371 Wireless Access Point, Cisco ThousandEyes Enterprise Agent Virtual Appliance Cisco Evolved Programmable Network Manager, Cisco Prime Infrastructure, Cisco BroadWorks Application Delivery Platform, Cisco BroadWorks Xtended Services Platform, Cisco Identity Services Engine, Cisco TelePresence Management Suite.
|
|
10 Jan 2024 | STAT01 | |
|
|
10 Jan 2024 | VULN024 | Splunk : Splunk User Behavior Analytics (UBA) Third-Party Package Updates | Systems running Splunk User Behavior Analytics versions prior to 5.3.0, 5.2.1.
|
|
10 Jan 2024 | VULN023 | Splunk : Multiple Vulnerabilities fixed in Splunk Enterprise Security | Systems running Splunk Enterprise Security versions prior to 7.1.2, 7.2.0, 7.3.0.
|
|
10 Jan 2024 | VULN022 | OpenSSL : POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129) | Systems running OpenSSL versions prior to 1.1.1, 1.0.2.
|
|
9 Jan 2024 | VULN021 | QNAP : Multiple Vulnerabilities in Video Station | Systems running Video Station versions prior to 5.7.2 (2023/11/23).
|
|
9 Jan 2024 | VULN020 | Qnap : Vulnerability in QcalAgent | Systems running QcalAgent versions prior to 1.1.8.
|
|
9 Jan 2024 | VULN019 | Qnap : Multiple Vulnerabilities in QuMagie | Systems running QuMagie versions prior to 2.2.1.
|
|
8 Jan 2024 | VULN018 | QNAP : Multiple Vulnerabilities in Video Station | Systems running Video Station versions prior to 5.7.2 (2023/11/23).
|
|
8 Jan 2024 | VULN017 | Qnap : Vulnerabilities fixed in QTS, QuTS hero | Systems running QTS, QuTS hero versions prior to 5.1.3.2578 build 20231110, 5.1.4.2596 build 20231128.
|
|
8 Jan 2024 | VULN016 | Centreon : Security bulletin for Centreon Web available through The Watch | Systems running Centreon Web versions prior to 23.10.5, 23.04.13, 22.10.17, 22.04.19.
|
|
5 Jan 2024 | VULN015 | gradio : Make the `/file` secure against file traversal attacks and SSRF | Systems running gradio versions prior to 4.11.0.
|
|
5 Jan 2024 | VULN014 | SPIP : Mise à jour de maintenance et sécurité sortie de SPIP 4.2.7, SPIP 4.1.13 | Systems running SPIP versions prior to 4.2.7, 4.1.13.
|
|
5 Jan 2024 | VULN013 | Asterisk : Multiple vulnerabilities fixed in Asterisk | Systems running Asterisk versions prior to 21.0.1, 18.20.1, 20.5.1, certified-asterisk versions prior to 18.9-cert6.
|
|
5 Jan 2024 | VULN012 | Wireshark : Multiple dissector crash vulnerabilities fixed in Wireshark | Systems running Wireshark versions prior to 4.2.1, 4.0.12, 3.6.20.
|
|
5 Jan 2024 | VULN011 | Google : Google Chrome 120.0.6099.199 fix multiple vulnerabilities | Systems running Google Chrome versions prior to 120.0.6099.199.
|
|
4 Jan 2024 | VULN010 | Apache : Apache InLong Arbitrary File Read and Remote Code Execution vulnerabilities | Systems running Apache InLong versions 1.7.0 through 1.9.0.
|
|
4 Jan 2024 | VULN009 | WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2023-0012 | Systems running WebKitGTK, WPE WebKit versions prior to 2.42.4.
|
|
4 Jan 2024 | VULN008 | Apache : CVE-2023-49299: Apache DolphinScheduler Arbitrary js execute as root for authenticated users | Systems running Apache DolphinScheduler versions prior to 3.1.9.
|
|
4 Jan 2024 | VULN007 | containerd : RAPL accessible to a container | Systems running containerd versions prior to 1.7.11, 1.6.26.
|
|
4 Jan 2024 | VULN006 | Cacti : Cacti 1.2.26 fixes multiple security vulnerabilities | Systems running Cacti versions prior to 1.2.26.
|
|
4 Jan 2024 | VULN005 | OpenSSH : OpenSSH 9.6 addresses key vulnerabilities | Systems running OpenSSH versions prior to 9.6.
|
|
4 Jan 2024 | VULN004 | libssh : Multiple vulnerabilities fixed in libssh | Systems running libssh versions prior to 0.10.6, 0.9.8.
|
|
3 Jan 2024 | VULN003 | Moodle : Multiple vulnerabilities fixed in Moodle | Systems running Moodle versions prior to 4.3.1, 4.2.4, 4.1.7, 4.0.12, 3.11.18, 3.9.25.
|
|
3 Jan 2024 | VULN002 | Apache : Pre-authentication RCE, Arbitrary file properties reading and SSRF vulnerabilities fixed | Systems running Apache OFBiz versions prior to 18.12.11.
|
|
3 Jan 2024 | VULN001 | Apache : Apache OpenOffice 4.1.15 fixes multiple vulnerabilities | Systems running Apache OpenOffice versions prior to 4.1.15.
|
|
3 Jan 2024 | STAT52 | |
|
|
3 Jan 2024 | STAT51 | |
|