Les avis du CERT-Renater

Voici la liste des derniers avis du CERT-Renater en 2024 :

18 Oct 2024	STAT40
18 Oct 2024	VULN437	Drupal : Drupal core - Moderately critical - Improper error handling - SA-CORE-2024-002	Systems running Drupal core versions prior to 10.2.10, 10.3.
18 Oct 2024	VULN438	VMware : VMware HCX addresses an authenticated SQL injection vulnerability (CVE-2024-38814)	Systems running VMware HCX versions prior to 3.3.3, 3.2.4, 3.1.8, 3.0.16, 1.1.1zb, 1.0.2zl.
17 Oct 2024	VULN436	OpenSSL : OpenSSL Security Advisory [16th October 2024]	Systems running OpenSSL versions prior to 3.3.3, 3.2.4, 3.1.8, 3.0.16, 1.1.1zb, 1.0.2zl.
16 Oct 2024	VULN435	Apache : Apache CloudStack LTS Security Releases 4.18.2.4 and 4.19.1.2	Systems running Apache CloudStack versions prior to LTS 4.18.2.4, 4.19.1.2.
16 Oct 2024	VULN434	Apache : Vulnerabilities fixed in Apache Solr 9.7.0, 8.11.4	Systems running Apache Solr versions prior to 9.7.0, 8.11.4.
15 Oct 2024	VULN433	Mozilla : Security Vulnerability fixed in Firefox 131.0.3	Systems running Firefox versions prior to 131.0.3.
15 Oct 2024	VULN432	Apache : CVE-2024-46911 Apache Roller Weakness in CSRF protection allows privilege escalation	Systems running Apache Roller versions prior to 6.1.4.
15 Oct 2024	VULN431	Apache : CVE-2023-50780 Apache ActiveMQ Artemis Authenticated users could perform RCE via Jolokia MBeans	Systems running Apache ActiveMQ Artemis versions prior to 2.29.0.
15 Oct 2024	VULN430	Kubernetes : CVE-2024-9486 and CVE-2024-9594: VM images built with Kubernetes Image Builder use default credentials	Systems running Kubernetes Image Builder versions prior to 0.1.38.
15 Oct 2024	VULN429	Moodle : Multiple vulnerabilities fixed in Moodle	Systems running Moodle versions prior to 4.4.4, 4.3.8, 4.2.11, 4.1.14.
11 Oct 2024	VULN428	Zimbra : Zimbra 9.0.0 Patch 42, 10.0.10, 10.1.2 fix CSRF vulnerability	Systems running Zimbra versions prior to 9.0.0 Patch 42, 10.0.10, 10.1.2.
11 Oct 2024	VULN427	Synology : Synology-SA-24:12 GitLab	Systems running GitLab for DSM 6.2 versions prior to 13.12.2-0074.
11 Oct 2024	VULN426	Wireshark : Vulnerabilities fixed in Wireshark	Systems running Wireshark versions prior to 4.2.8, 4.4.1.
11 Oct 2024	VULN425	SonicWall : SonicWall SSL-VPN SMA1000 and Connect Tunnel Windows Client Affected By Multiple Vulnerabilities	Systems running SMA1000 Connect Tunnel Windows (32 and 64-bit) Client versions prior to 12.4.3.281, SMA1000 Appliance firmware 12.4.3-02676 and earlier versions.
11 Oct 2024	VULN424	Mozilla : Security Vulnerability fixed in Thunderbird 131.0.1, 128.3.1, 115.16.0	Systems running Thunderbird versions prior to 131.0.1, 128.3.1, 115.16.0.
11 Oct 2024	VULN423	Foxit : Security updates available in Foxit PDF Editor 12.1.8	Systems running Foxit PDF Editor versions prior to 12.1.8.
11 Oct 2024	VULN422	Firefox : Security Vulnerability fixed in Firefox 131.0.2, Firefox ESR 128.3.1, Firefox ESR 115.16.1	Systems running Firefox versions prior to 131.0.2, ESR 115.16.1, ESR 128.3.1.
11 Oct 2024	VULN421	Libarchive : Libarchive 3.7.6, bugfix and security release	Systems running Libarchive versions prior to 3.7.6.
10 Oct 2024	VULN420	GitLab : GitLab Critical Patch Release 17.4.2, 17.3.5, 17.2.9	Systems running GitLab versions prior to 17.4.2, 17.3.5, 17.2.9.
10 Oct 2024	VULN419	VMware : VMSA-2024-0020:VMware NSX updates address multiple vulnerabilities	Systems running NSX VMware Cloud Foundation (NSX) versions prior to 4.2.1.
10 Oct 2024	STAT39
9 Oct 2024	VULN418	Google : Google Chrome Stable Channel updated to 129.0.6668.100/.101	Systems running Google Chrome versions prior to 129.0.6668.100/.101.
9 Oct 2024	VULN417	Apache : [ANNOUNCE] Apache Pulsar 3.3.2 released with important security fix for CVE-2024-47561	Systems running Apache Pulsar versions prior to 3.3.2.
9 Oct 2024	VULN416	Apache : CVE-2024-28168 Apache XML Graphics FOP XML External Entity (XXE) Processing	Systems running Apache XML Graphics FOP versions prior to 2.9.
8 Oct 2024	VULN415	Apache : [ANNOUNCE] Apache Pulsar 3.3.2 released with important security fix for CVE-2024-47561	Systems running Apache Pulsar versions prior to 3.3.2.
8 Oct 2024	VULN414	Apache : [SECURITY][ANNOUNCE] Apache Subversion 1.14.4 released	Systems running Apache Subversion versions prior to 1.14.4.
8 Oct 2024	VULN413	SAP : SAP Security Patch Day =?UTF-8?Q?=E2=80=93?= October 2024	Systems running SAP products.
8 Oct 2024	VULN412	APPLE : APPLE-SA-10-03-2024-1 iOS 18.0.1 and iPadOS 18.0.1	iOS, iPadOS running versions prior to 18.0.1.
8 Oct 2024	VULN411	TYPO3 : Vulnerabilities fixed in Bookmark Toolbar and Page Tree	Systems running Bookmark Toolbar for TYPO3 CMS, Page Tree for TYPO3 CMS.
8 Oct 2024	VULN410	Rust : Security advisory for the standard library (CVE-2024-43402)	Systems running Rust prior to 1.81.0.
7 Oct 2024	VULN409	Withsecure : CVE-2024-45520 Denial-of-Service (DoS) Vulnerability	Systems running WithSecure Endpoint Protection products for Mac, WithSecure Client Security for Mac, WithSecure Elements Endpoint Protection for Mac, Linux Endpoint Protection products, WithSecure Atlant (formerly F-Secure Atlant).
7 Oct 2024	VULN408.1	Libgsf : Libgsf 1.14.53 fixes integer overflow vulnerabilities	Systems running Libgsf versions prior to 1.14.53.
7 Oct 2024	VULN408	Libgsf : Libgsf 1.14.53 fixes integer overflow vulnerabilities	Systems running OATH Toolkit Libgsf versions prior to 1.14.53.
7 Oct 2024	VULN407	Openstack : Ironic fails to verify checksums of supplied image_source URLs when configured to convert images to raw for streaming	Systems running Ironic versions prior to 21.4.4, 23.0.3, 24.1.3, 26.1.0.
4 Oct 2024	VULN406	OATH Toolkit : OATH Toolkit pam_oath usersfile ${HOME} privilege escalation (CVE-2024-47191)	Systems running OATH Toolkit pam_oath, liboath versions prior to 2.6.12.
4 Oct 2024	VULN405	Ubuntu : PAM module may allow accessing with the credentials of another user	Systems running PAM Authd versions prior to 0.3.5.
4 Oct 2024	VULN404	PowerDNS : PowerDNS Security Advisory 2024-04	Systems running PowerDNS Recursor versions prior to 4.9.9, 5.0.9, 5.1.2.
4 Oct 2024	VULN403	Apache : CVE-2024-47554 Apache Commons IO Possible denial of service attack on untrusted input to XmlStreamReader	Systems running Apache Commons IO versions 2.0 prior to 2.14.0.
4 Oct 2024	VULN402	Apache : CVE-2024-47561 Apache Avro Java SDK Arbitrary Code Execution when reading Avro Data (Java SDK)	Systems running Apache Avro Java SDK versions prior to 1.11.4.
3 Oct 2024	VULN401	PHP : Vulnerabilities fixed in PHP 8.3.12, 8.2.24, 8.1.30	Systems running PHP versions prior to 8.3.12, 8.2.24, 8.1.30.
3 Oct 2024	VULN400	TeamViewer : Improper signature verification of driver installation in TeamViewer Remote clients	Systems running TeamViewer Full Client, TeamViewer Host versions prior to 15.58.4, 14.7.48796, 13.2.36225, 12.0.259312, 11.0.259311.
3 Oct 2024	VULN399	Mozilla : Multiple security vulnerabilities fixed in Thunderbird	Systems running Thunderbird versions prior to 131, ESR 128.3.
3 Oct 2024	VULN398	Mozilla : Multiple security vulnerabilities fixed in Firefox	Systems running Firefox versions prior to ESR 115.16, ESR 128.3, 131.
3 Oct 2024	VULN397	Cisco : Cisco Security Advisories Published on October 02, 2024	Systems running Cisco products.
2 Oct 2024	VULN396	Google Chrome : Chrome Stable channel updated to 129.0.6668.89/.90	Systems running Google Chrome versions prior to 129.0.6668.89/.90.
2 Oct 2024	VULN395	Jenkins : Jenkins Security Advisory 2024-10-02	Systems running Jenkins (core), Credentials Plugin, OpenId Connect Authentication Plugin.
2 Oct 2024	VULN394	Hashicorp : HCSEC-2024-19 - Terraform =?UTF-8?Q?Enterprise=E2=80=99s?= Single Sign-On And Ruby =?UTF-8?Q?SAML=E2=80=99s?= CVE-2024-45409	Systems running Terraform Enterprise versions prior to 202409-1.
2 Oct 2024	STAT38
1 Oct 2024	VULN393	Hashicorp : HCSEC-2024-20 - Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default	Systems running Vault Community Edition versions prior to 1.17.6, Vault Enterprise versions prior to 1.17.6, 1.16.10, 1.15.15.
1 Oct 2024	VULN392	Apache : CVE-2024-45772 Apache Lucene Replicator Security Vulnerability in Lucene Replicator - Deserialization Issue	Systems running Apache Lucene Replicator versions prior to 9.12.0.
1 Oct 2024	VULN391	mantisbt : Information disclosure with user profiles	Systems running mantisbt versions prior to 2.26.4.
1 Oct 2024	VULN390	Rancher : Rancher agents can be hijacked by taking over the Rancher Server URL	Systems running Rancher versions prior to 2.7.15, 2.8.8, 2.9.2 .
26 Sep 2024	VULN389	Google Chrome : Stable Channel updated to 129.0.6668.70/.71	Systems running Google Chrome versions prior to 129.0.6668.70/.71.
26 Sep 2024	VULN388	Gradio : GitHub actions workflows untrusted code execution	Systems running Gradio.
26 Sep 2024	VULN387	WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2024-0005	Systems running WebKitGTK, WPE WebKit versions prior to 2.42.5, 2.44.3, 2.46.0.
26 Sep 2024	VULN386	Cisco : Cisco Security Advisories Published on September 25, 2024	Systems running Cisco IOS, Cisco IOS XE, Cisco Catalyst Center versions prior to 2.3.5.6, 2.3.7.5, Cisco ConfD versions prior to 7.5.10.2, 7.7.16, 8.0.13, Cisco UTD Snort IPS Engine versions prior to 17.12.4, 17.13.x.
25 Sep 2024	VULN385	Citrix : XenServer and Citrix Hypervisor Security Update for CVE-2024-45817	Systems running XenServer versions 8, Citrix Hypervisor versions 8.2 CU1 LTSR.
25 Sep 2024	VULN384	Apache : CVE-2024-40761 Apache Answer Avatar URL leaked user email addresses	Systems running Apache Answer versions prior to 1.4.0.
25 Sep 2024	VULN383	Apache : Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability	Systems running Apache Linkis versions prior to 0.1.6.0.
25 Sep 2024	VULN382	Apache : CVE-2024-23454 Apache Hadoop Temporary File Local Information Disclosure	Systems running Apache Hadoop versions prior to 3.4.0.
25 Sep 2024	STAT37
24 Sep 2024	VULN381	Apache : CVE-2024-42323 Apache HertzBeat RCE by snakeYaml deser load malicious xml	Systems running Apache HertzBeat versions prior to 0.1.6.0.
24 Sep 2024	VULN380	Xen : x86 Deadlock in vlapic_error()	Systems running Xen.
24 Sep 2024	VULN379	Apache : Vulnerabilities fixed in Apache Tomcat and Apache mod_jk	Systems running Apache Tomcat versions prior to 11.0.0-M21, 10.1.25, 9.0.90, Apache mod_jk versions prior to 1.2.50.
20 Sep 2024	VULN378	Grafana : Information Leakage in grafana-plugin-sdk-go	Systems running Grafana plugin SDK versions prior to 0.249.0.
18 Sep 2024	VULN377	mindsdb : Bypass SSRF Protection with DNS Rebinding	Systems running mindsdb versions prior to 23.12.4.3.
18 Sep 2024	VULN376	Python : Python 3.13.0RC2, 3.12.6, 3.11.10, 3.10.15, 3.9.20, and 3.8.20 now available!	Systems running Python versions prior to 3.13.0RC2, 3.12.6, 3.11.10, 3.10.15, 3.9.20, and 3.8.20.
18 Sep 2024	VULN375	Apache : Vulnerabilities fixed in Druid 30.0.1	Systems running Apache Druid versions prior to 128.0.6613.137/.138.
18 Sep 2024	VULN374	Next.js : Cache Poisoning	Systems running Next.js versions prior to 13.5.7, 14.2.10.
18 Sep 2024	VULN373	VMware : VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813)	Systems running VMware vCenter Server versions prior to 8.0 U3b, 7.0 U3s, VMware Cloud Foundation versions prior to 8.0 U3b, 7.0 U3s.
16 Sep 2024	VULN372	GitLab : GitLab Critical Patch Release: 17.3.2, 17.2.5, 17.1.7	Systems running GitLab versions prior to 17.3.2, 17.2.5, 17.1.7.
13 Sep 2024	STAT36
13 Sep 2024	VULN371	Google : Stable channel updated to 128.0.6613.137/.138	Systems running Google Chrome versions prior to 128.0.6613.137/.138.
13 Sep 2024	VULN370	Spring : CVE-2024-38816 Path traversal vulnerability in functional web frameworks	Systems running Spring Framework versions prior to 5.3.40, 6.0.24, 6.1.13.
13 Sep 2024	VULN369	Ruby-saml : SAML authentication bypass via Incorrect XPath selector	Systems running omniauth-saml versions prior to 2.2.0, ruby-saml versions prior to 1.17.0, 1.12.3.
12 Sep 2024	VULN368	Airflow : Apache Airflow vulnerabilities fixed in 2.10.1	Systems running Apache Airflow versions prior to 2.10.1.
12 Sep 2024	VULN367	Twig : Possible sandbox bypass	Systems running Twig versions prior to 1.44.8, 2.16.1, 3.14.0.
11 Sep 2024	VULN366	Cisco : Cisco Security Advisories Published on September 11, 2024	Cisco IOS XR Software, Multiple Cisco Products Web-Based Management Interface, Cisco Routed Passive Optical Network Controller.
11 Sep 2024	VULN365	SonicWall : SonicOS Improper Access Control Vulnerability	SonicOS running on SOHO (Gen 5), Gen6 Firewalls, Gen7 Firewalls.
11 Sep 2024	VULN364	Moodle : Multiple Security vulnerabilities fixed in Moodle	Systems running Moodle versions prior to 4.4.3, 4.3.7, 4.2.10, 4.1.13.
11 Sep 2024	VULN363	Zoom : Zoom Workplace Apps - Business Logic Error	Systems running Zoom Workplace Desktop App, Zoom Meeting SDK, Zoom Rooms App, Zoom Rooms Controller versions prior to 6.1.0.
11 Sep 2024	VULN362	Project curl : OCSP stapling bypass with GnuTLS	Systems running curl versions prior to 8.10.0.
9 Sep 2024	VULN361	Elastic : Kibana 8.15.1 Security Update (ESA-2024-27, ESA-2024-28)	Systems running Kibana versions prior to 8.15.1.
6 Sep 2024	STAT35
6 Sep 2024	VULN360	Veeam : Veeam Security Bulletin (September 2024)	Systems running Veeam Backup & Replication, Veeam ONE, Veeam Service Provider Console Veeam Agent for Linux Veeam Backup for Nutanix AHV Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization.
5 Sep 2024	VULN359	CPython : Regular-expression DoS when parsing TarFile headers	Systems running CPython.
5 Sep 2024	VULN358	Cisco : Cisco Security Advisories Published on September 04, 2024	Systems running Cisco Smart Licensing Utility, Cisco Meraki Systems Manager Agent for Windows, Cisco Duo Epic for Hyperdrive, Cisco Identity Services Engine, Cisco Expressway Edge.
5 Sep 2024	VULN357	Openstack : Unvalidated image data passed to qemu-img	Systems running Ironic versions prior to 21.4.3, 23.0.2, 24.1.2, 26.0.1 and 22.x.x, 25.x.x, Ironic-python-agent versions prior to 9.4.2, 9.7.1, 9.11.1, 9.13.1 and 9.5.x, 9.8.x, 9.12.x.
5 Sep 2024	VULN356	Openstack : Incomplete file access fix and regression for QCOW2 backing files and VMDK flat descriptors	Systems running Nova versions prior to 27.4.1, 28.2.1, 29.1.1.
5 Sep 2024	VULN355	Rust : Security advisory for the standard library (CVE-2024-24576)	Systems running Rust versions prior to 1.77.2.
4 Sep 2024	VULN354	Apache : CVE-2024-41909 Apache MINA SSHD integrity check bypass	Systems running Apache MINA versions prior to 2.12.0.
4 Sep 2024	VULN353	Apache : CVE-2024-36268 Apache InLong TubeMQ Client Remote Code Execution vulnerability	Apache running Apache InLong versions prior to 1.13.0.
4 Sep 2024	VULN352	Apache : Vulnerabilities fixed in Apache OFBiz	Systems running Apache OFBiz versions prior to 18.12.16.
4 Sep 2024	VULN351	OpenSSL : Possible denial of service in X.509 name checks (CVE-2024-6119)	Systems running OpenSSL versions prior to 3.3.2, 3.2.3, 3.1.7, 3.0.15.
4 Sep 2024	VULN350	Django : Django security releases issued: 5.1.1, 5.0.9, and 4.2.16	Systems running Django versions prior to 5.1.1, 5.0.9, 4.2.16.
4 Sep 2024	VULN349	Google Chrome : Stable Channel updated to 128.0.6613.119/.120	Systems running Google Chrome versions prior to 128.0.6613.119/.120.
3 Sep 2024	VULN348	VMware : VMware Fusion update addresses a code execution vulnerability (CVE-2024-38811)	MacOS running VMware Fusion versions prior to 13.6.
3 Sep 2024	VULN347	Runc : CVE-2024-45310 runc can be tricked into creating empty files/directories on host	Systems running runc versions prior to 1.1.14, 1.2.0-rc.3.
2 Sep 2024	VULN346	JupyterLab : HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering	Systems running JupyterLab versions prior to 3.6.8, 4.2.5, Jupyter Notebook versions prior to 7.2.2.
2 Sep 2024	VULN345	Kirby : Insufficient permission checks in the language settings	Systems running Kirby versions prior to 3.6.6.6, 3.7.5.5, 3.8.4.4, 3.9.8.2, 3.10.1.1, 4.3.1.
29 Aug 2024	VULN344	Wireshark : wnpa-sec-2024-11 =?UTF-8?Q?=C2=B7?= NTLMSSP dissector crash	Systems running Wireshark versions prior to 4.2.7, 4.0.17.
29 Aug 2024	VULN343	Google : Google Chrome has been updated to 128.0.6613.113/.114	Systems running Google Chrome versions prior to 128.0.6613.113/.114 for Windows, Mac, 128.0.6613.113 for Linux .
28 Aug 2024	VULN342	Cisco : Cisco Security Advisories Published on August 28, 2024	Systems running Cisco NX-OS, Cisco Application Policy Infrastructure Controller.
26 Aug 2024	VULN341	Apache : CVE-2024-43202 Apache DolphinScheduler Remote Code Execution Vulnerability	Systems running Apache DolphinScheduler versions prior to 3.2.2.
26 Aug 2024	VULN340	Xen : Multiple vulnerabilities fixed in Xen	Systems running Xen.
26 Aug 2024	VULN339	Apache : CVE-2024-41937 Apache Airflow Stored XSS Vulnerability on provider link	Systems running Apache Airflow versions prior to 2.10.0.
26 Aug 2024	VULN338	Apache : CVE-2023-49198 Apache SeaTunnel Web Arbitrary file read vulnerability	Systems running Apache SeaTunnel versions prior to 1.0.1.
26 Aug 2024	VULN337	Apache : CVE-2024-36522 Apache Wicket Remote code execution via XSLT injection	Systems running Apache Wicket versions prior to 10.1.0, 9.18.0, 8.16.0.
23 Aug 2024	VULN336	Dovecot : Denial of Service vulnerabilities fixed in Dovecot	Systems running Dovecot versions prior to 2.3.21.1.
23 Aug 2024	VULN335	Spring : CVE-2024-38810 Missing Authorization When Using @AuthorizeReturnObject	Systems running Spring Security versions 6.3.x prior to 6.3.2.
23 Aug 2024	VULN334	Moodle : Multiple security vulnerabilities fixed in Moodle	Systems running Jenkins versions prior to weekly 2.471, LTS 2.452.4, 2.462.1.
23 Aug 2024	VULN333	Roundcube : Security updates 1.6.8 and 1.5.8 released	Systems running Roundcube versions prior to 1.6.8, 1.5.8.
23 Aug 2024	VULN332	Joomla! : Multiple Security Vulnerabilities in Joomla!	Systems running Joomla! versions prior to 4.4.7, 5.1.3.
22 Aug 2024	VULN331	Jenkins : Jenkins Security Advisory 2024-08-07	Systems running Jenkins versions prior to weekly 2.471, LTS 2.452.4, 2.462.1.
22 Aug 2024	VULN330	PostgreSQL : PostgreSQL relation replacement during pg_dump executes arbitrary SQL	Systems running PostgreSQL versions prior to 16.4, 15.8, 14.13, 13.16, 12.20.
22 Aug 2024	VULN329	Django : Django security releases issued 5.0.8 and 4.2.15	Systems running Django versions prior to 5.0.8, 4.2.15.
22 Aug 2024	VULN328	Grafana : Grafana security release Medium severity security fix for CVE-2024-6837	Systems running Grafana versions prior to 11.1.4, 11.0.3, 10.4.7.
22 Aug 2024	VULN327	SPIP : Mise à jour critique de sécurité sortie de SPIP 4.3.2, SPIP 4.2.16, SPIP 4.1.18	Systems running SPIP versions prior to 4.3.2, 4.2.16, 4.1.18.
22 Aug 2024	VULN326	WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2024-0004	Systems running WebKitGTK, WPE WebKit versions prior to 2.44.3.
22 Aug 2024	VULN325	Gitlab : GitLab Patch Release 17.3.1, 17.2.4, 17.1.6	Systems running Gitlab versions prior to 17.3.1, 17.2.4, 17.1.6.
24 Jul 2024	STAT29
19 Jul 2024	STAT28
11 Jul 2024	STAT27
11 Jul 2024	VULN324	Vmware : VMSA-2024-0017 VMware Aria Automation updates address SQL-injection vulnerability (CVE-2024-22280)	Systems running VMware Aria Automation.
10 Jul 2024	VULN323	Mozilla : Multiple vulnerabilities fixed in Firefox 128, ESR 115.13	Systems running Firefox versions prior to 128, ESR 115.13.
10 Jul 2024	VULN322	Node.js : Monday, July 8, 2024 Security Releases	Systems running Node.js versions prior to 18.20.4, 20.15.1, 22.4.1.
10 Jul 2024	VULN321	Citrix : NetScaler Console, Agent and SVM Security Bulletin for CVE-2024-6235 and CVE-2024-6236	Systems running NetScaler Console, NetScaler SVM, NetScaler Agent versions prior to 14.1-25.53, 13.1-53.22, 13.0-92.31.
10 Jul 2024	VULN320	Citrix : NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-5491 and CVE-2024-5492	Systems running NetScaler ADC and NetScaler Gateway versions prior to 14.1-25.53, 13.1-53.17, 13.0-92.31, NetScaler ADC versions prior to 13.1-FIPS 13.1-37.183, 12.1-FIPS 12.1-55.304, 12.1-NDcPP 12.1-55.304.
10 Jul 2024	VULN319	Joomla! : Multiple vulnerabilities fixed in Joomla! 4.4.6,, 5.1.2, 3.10.16-elts	Systems running Joomla! versions prior to 4.4.6, 5.1.2, 3.10.16-elts.
10 Jul 2024	VULN318	Django : Django security releases issued: 5.0.7 and 4.2.14	Systems running Django versions prior to 5.0.7, 4.2.14.
10 Jul 2024	VULN317	Apache : Apache CloudStack LTS Security Releases 4.18.2.1 and 4.19.0.2	Systems running Apache CloudStack LTS versions prior to 4.18.2.1, 4.19.0.2.
4 Jul 2024	VULN316	Elastic : Elastic Cloud Enterprise 3.7.2 Security Update (ESA-2024-18)	Systems running Elastic Cloud Enterprise versions from 3.0.0 and prior to 3.7.2.
4 Jul 2024	VULN315	Apache : CVE-2024-34750 Apache Tomcat - Denial of Service	Systems running Apache Tomcat versions prior to 11.0.0-M21, 10.1.25, 9.0.89.
4 Jul 2024	VULN314	VMware : VMware Cloud Director Availability addresses an HTML injection vulnerability	Systems running VMware Cloud Director Availability versions prior to 4.7.2.
4 Jul 2024	STAT26
3 Jul 2024	VULN313	Cisco : Cisco NX-OS Software CLI Command Injection Vulnerability	Cisco NX-OS Software.
3 Jul 2024	VULN312	Openstack : Arbitrary file access through custom QCOW2 external data	Systems running Cinder versions <22.1.3, >=23.0.0 <23.1.1, ==24.0.0; Glance versions <26.0.1, ==27.0.0, >=28.0.0 <28.0.2; Nova versions <27.3.1, >=28.0.0 <28.1.1, >=29.0.0 <29.0.3.
3 Jul 2024	VULN311	Cisco : Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion): July 2024	Cisco Systems running OpenSSH Server.
1 Jul 2024	VULN310	Apache : Apache version 2.4.60 fixes multiple vulnerabilities	Systems running Apache HTTP Server versions prior to 2.4.60.
1 Jul 2024	VULN309	MIT Kerberos : MIT Kerberos 5 Release 1.21.3 fixes vulnerabilities in GSS message token handling	Systems running Kerberos 5 versions prior to 1.21.3.
1 Jul 2024	VULN308	OpenSSH : Critical vulnerability fixed in OpenSSH 9.8	Systems running OpenSSH version prior to 9.8.
27 Jun 2024	VULN307	VMware : VMware Cloud Director addresses an improper privilege management vulnerability (CVE-2024-22272)	Systems running VMware Cloud Director.
27 Jun 2024	VULN306	OpenSSL : SSL_select_next_proto buffer overread (CVE-2024-5535)	Systems running OpenSSL versions prior to 3.3.2, 3.2.3, 3.1.7, 3.0.15, 1.1.1za, 1.0.2zk.
27 Jun 2024	VULN305	GitLab : GitLab Critical Patch Release: 17.1.1, 17.0.3, 16.11.5	Systems running GitLab versions prior to 17.1.1, 17.0.3, 16.11.5.
27 Jun 2024	VULN304	Jenkins : Jenkins Security Advisory 2024-06-26	Systems running Bitbucket Branch Source Plugin for Jenkins versions prior to 887.va_d359b_3d2d8d, Plain Credentials Plugin for Jenkins versions prior to 183.va_de8f1dd5a_2b_, Structs Plugin for Jenkins versions prior to 338.v848422169819.
27 Jun 2024	STAT25
27 Jun 2024	VULN303	Progress : MOVEit Transfer Critical Security Alert Bulletin - June 2024	Systems running MOVEit Transfer versions prior to 2023.0.11, 2023.1.6, 2024.0.2.
27 Jun 2024	VULN302	Progress : MOVEit Gateway Critical Security Alert Bulletin - June 2024	Systems running MOVEit Gateway versions prior to 2024.0.0.
26 Jun 2024	VULN301	Google Crome : Stable channel has been updated to 126.0.6478.126/127	Systems running Google Crome versions prior to 126.0.6478.126.
26 Jun 2024	VULN300	HashiCorp : Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims	Systems running HashiCorp Vault, Vault Enterprise versions prior to 1.17.0, 1.16.3, 1.15.9.
26 Jun 2024	VULN299	HashiCorp : HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation Security	Systems running libreoffice versions prior to 24.2.4.
26 Jun 2024	VULN298	LibreOffice : CVE-2024-5261 TLS certificate are not properly verified when utilizing LibreOfficeKit	Systems running libreoffice versions prior to 24.2.4.
26 Jun 2024	VULN297	WordPress : WordPress 6.5.5 fix XSS and path traversal vulnerabilities	Systems running WordPress versions prior to 6.5.5.
25 Jun 2024	VULN296	Org mode : Emergency bugfix release: Org mode 9.7.5	Systems running Org mode versions prior to 9.7.5.
25 Jun 2024	VULN295	Emacs : Emacs 29.4 emergency bugfix release fix a security vulnerability	Systems running Emacs versions prior to 29.4.
25 Jun 2024	VULN294	VMware : VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2024-37085, CVE-2024-37086, CVE-2024-37087)	Systems running VMware ESXi, vCenter Server, VMware Cloud Foundation.
24 Jun 2024	VULN292	rancher : Multiple vulnerabilities fixed in rancher	Systems running rancher versions prior to 2.7.14, 2.8.5.
24 Jun 2024	VULN291	Apache : CVE-2024-34693 Apache Superset: Server arbitrary file read	Systems running Apache Superset versions prior to 4.0.1, 3.1.3.
21 Jun 2024	STAT24
19 Jun 2024	VULN290	Mozilla : Security Vulnerabilities fixed in Firefox for iOS 127 and ESR 115.12	Systems running Firefox versions prior to for iOS 127, ESR 115.12.
19 Jun 2024	VULN289	Moodle : Multiple security vulneravilities fixed in 4.4.1, 4.3.5, 4.2.8 and 4.1.11	Systems running Moodle versions prior to 4.4.1, 4.3.5, 4.2.8, 4.1.11.
19 Jun 2024	VULN288	Veeam : Veeam Recovery Orchestrator Vulnerability (CVE-2024-29855)	Systems running Veeam Recovery Orchestrator versions prior to 7.1.0.230, 7.0.0.379.
19 Jun 2024	VULN287	Jupyter Server Proxy : Reflected XSS issue in host parameter	Systems running jupyter_server_proxy versions prior to 3.2.4, 4.2.0.
19 Jun 2024	VULN286	VMware: VMSA-2024-0012:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities	Systems running VMware Cloud Foundation, VMware vCenter Server versions prior to 8.0 U2d, 8.0 U1e, 7.0 U3r.
14 Jun 2024	VULN285	Elastic : Elasticsearch 8.14.0 Security Update (ESA-2024-14)	Systems running Elasticsearch versions prior to 8.14.0.
14 Jun 2024	VULN284	cupsd : Cupsd Listen arbitrary chmod 0140777	Systems running cupsd.
14 Jun 2024	STAT23
11 Jun 2024	VULN283	composer : Command injections via malicious git/hg branch names	Systems running composer versions prior to 2.2.24, 2.7.7.
7 Jun 2024	VULN282	PHP : New versions of PHP fix Vulnerabilities	Systems running PHP versions prior to 8.3.8, 8.2.20, 8.1.29.
6 Jun 2024	STAT22
6 Jun 2024	VULN281	Cisco : Cisco Finesse Web-Based Management Interface Vulnerabilities	Systems running Cisco Finesse versions prior to 12.6(2) ES03.
6 Jun 2024	VULN280	Libarchive : Libarchive 3.7.4 fix Out of Bound (OOB) access vulnerability CVE-2024-26256	Systems running Libarchive versions prior to 3.7.4.
6 Jun 2024	VULN279	Apache : CVE-2024-32113 Apache OFBiz: Path traversal leading to RCE	Systems running Apache OFBiz versions prior to 18.12.13.
6 Jun 2024	VULN278	Go : [security] Go 1.22.4 and Go 1.21.11 are released	Systems running Go versions prior to 1.22.4, 1.21.11.
6 Jun 2024	VULN277	Zyxel : Zyxel security advisory for multiple vulnerabilities in NAS products	NAS326 running software versions prior to V5.21(AAZF.17)C0, NAS542 running software versions prior to V5.21(ABAG.14)C0.
6 Jun 2024	VULN276	Rubyonrails : Vulnerabilities fixed in Ruby on Rails	Systems running Ruby on Rails versions prior to 6.1.7.8, 7.0.8.4, 7.1.3.4.
6 Jun 2024	VULN275	SolarWinds : SolarWinds Platform Stored XSS Vulnerability (CVE-2024-29004)	Systems running SolarWinds Platform versions prior to 2024.2.
31 May 2024	VULN274	Spring : CVE-2024-22263 Arbitrary File Write Vulnerability in Spring Cloud Data Flow	Systems running Spring Cloud Skipper versions prior to 2.11.3.
31 May 2024	VULN273	Citrix : Citrix Workspace app for Mac Security Bulletin for CVE-2024-5027	Systems running Citrix Workspace App for Mac versions prior to 2402.10.
31 May 2024	VULN272	Check Point : Check Point VPN Information Disclosure (CVE-2024-24919)	Systems running Check Point Quantum Gateway and CloudGuard Network versionsR81.20, R81.10, R81, R80.40, Check Point Spark versions R81.10, R80.20.
31 May 2024	VULN271	Atlassian : Multiple vulnerabilities fixed in Confluence Data Center and Server	Systems running Confluence Data Center versions prior to 8.9.1, 8.5.9 LTS, 7.19.22 LTS, Confluence Server versions prior to 8.5.9 LTS, 7.19.22 LTS.
31 May 2024	VULN270	nginx : nginx security advisory (CVE-2024-31079, CVE-2024-32760, CVE-2024-34161, CVE-2024-35200)	Systems running nginx versions prior to 1.27.0, 1.26.1.
31 May 2024	VULN269	Google : Google Chrome Stable Channel Updated to 125.0.6422.141/.142	Systems running Google Chrome versions prior to 125.0.6422.141/.142.
31 May 2024	VULN268	SPIP : Mise à jour critique de sécurité sortie de SPIP 4.3.0-alpha2, SPIP 4.2.13, SPIP 4.1.16	Systems running SPIP versions prior to SPIP 4.3.0-alpha2, SPIP 4.2.13, SPIP 4.1.16.
31 May 2024	STAT21
29 May 2024	VULN267	OpenSSL : Use After Free with SSL_free_buffers (CVE-2024-4741)	Systems running OpenSSL versions prior to 3.3.1, 3.2.2, 3.1.6, 3.0.14, 1.1.1y.
27 May 2024	VULN266	Atlassian : Multiple vulnerabilities fixed in Jira Software Data Center and Server	Systems running Jira Software Data Center and Server versions prior to 9.12.7 LTS, 9.4.19 LTS, 9.15.2 Data Center Only.
27 May 2024	VULN265	Jenkins : Vulnerabilities fixed in multiple Jenkins pluguins	Systems running OpenText Application Automation Tools Plugin for Jenkins, Report Info Plugin for Jenkins, Team Concert Git Plugin for Jenkins, Git server Plugin for Jenkins, Script Security Plugin for Jenkins, Subversion Partial Release Manager Plugin for Jenkins, Telegram Bot Plugin for Jenkins.
27 May 2024	VULN264	Cacti : Cacti 1.2.27 fix critical RCE vulnerability among others	Systems running Cacti versions prior to 1.2.27.
24 May 2024	VULN263	Google Chrome : Google Chrome Stable Channel Updated to 125.0.6422.112/.113	Systems running Google Chrome versions prior to 125.0.6422.112/.113.
24 May 2024	VULN262	Ruby on Rails : XSS Vulnerabilities in Trix Editor	Systems running Ruby on Rails embeding the Trix editor versions prior to 7.1.3.3, 7.0.8.2.
24 May 2024	VULN261	Asterisk : res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests	Systems running asterisk versions prior to 18.23.1, 20.8.1, 21.3.1.
24 May 2024	VULN260	WebKit : Security Vulnerabilities fixed in WebKitGTK, WPE WebKit 2.44.2	Systems running WebKitGTK, WPE WebKit prior to 2.44.2.
24 May 2024	VULN259	Vmware : VMware ESXi, Workstation, Fusion and vCenter Server updates address multiple security vulnerabilities (CVE-2024-22273, CVE-2024-22274, CVE-2024-22275)	Systems running VMware ESXi, VMware Workstation, VMware Fusion, VMware vCenter Server.
24 May 2024	VULN258	GitLab : GitLab Patch Release: 17.0.1, 16.11.3, 16.10.6	Systems running GitLab versions prior to 17.0.1, 16.11.3, 16.10.6.
24 May 2024	VULN257	Roundcube : Security updates 1.6.7 and 1.5.7 released	Systems running Roundcube versions prior to 1.6.7, 1.5.7.
24 May 2024	VULN256	Cisco : Cisco Security Advisories Published on May 22, 2024	Systems running Cisco Firepower Management Center Software, Cisco products running Snort IPS rule engine, Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software.
24 May 2024	STAT20
17 May 2024	VULN255	Fortinet : SSL-VPN user IP spoofing	FortiOS versions prior to 7.4.2, 7.2.8, 7.0.13, FortiProxy versions prior to 7.4.2, 7.2.8, 7.0.14.
17 May 2024	VULN254	Fortinet : Format String Bug in cli command	Systems running FortiOS versions prior to 7.4.1, 7.2.6, FortiProxy, FortiPAM versions prior to 1.1.1, FortiSwitchManager.
17 May 2024	VULN253	Fortinet : Multiple vulnerabilities fixed in FortiOS	FortiOS versions prior to 7.4.2, 7.2.8.
17 May 2024	VULN252	SAP : SAP Security Patch Day - May 2024	Systems running SAP products.
17 May 2024	VULN251	strongSwan : strongSwan Vulnerability (CVE-2022-4967)	Systems running strongSwan versions < 5.9.2, > 5.9.5.
17 May 2024	VULN250	LibreOffice : CVE-2024-3044: Graphic on-click binding allows unchecked script execution	Systems running LibreOffice versions prior to 7.6.7/24.2.3.
17 May 2024	VULN249	OpenSSL : Excessive time spent checking DSA keys and parameters (CVE-2024-4603)	Systems running OpenSSL versions 3.
16 May 2024	VULN248	Cisco : Cisco Security Advisories Published on May 15, 2024	Systems running Cisco Crosswork Network Services Orchestrator, Cisco Secure Client for Windows, Cisco Secure Email Gateway, Cisco ConfD, Cisco AppDynamics Network Visibility Service, Cisco Secure Email and Web Manager, Cisco Secure Web Appliance.
16 May 2024	VULN247	Mozilla : Security Vulnerabilities fixed in Thunderbird 115.11	Systems running Thunderbird versions prior to 115.11.
16 May 2024	VULN246	Mozilla : Security Vulnerabilities fixed in Firefox ESR 115.11, 126	Systems runnning versions prior to 126, ESR 115.11.
16 May 2024	VULN245	Drupal : RESTful Web Services and REST Views Vulnerabilities fixed	Systems running RESTful Web Services for Drupal versions prior to 7.x-2.10, REST Views for Drupal versions prior to 3.0.1.
16 May 2024	VULN244	Git : Multiple security vulnerabilities fixed in Git	Systems running git versions prior to v2.45.1,
16 May 2024	VULN243	TYPO3 : Vulnerabilities fixed in TYPO3 CMS Subcomponents	Systems running TYPO3 CMS with Frontend Rendering, Form Framework.
15 May 2024	STAT19
14 May 2024	VULN242	APPLE : iOS and iPadOS 16.7.8, 17.5	iOS versions prior to 17.5, 16.7.8.
14 May 2024	VULN241	APPLE : macOS Sonoma 14.5, Ventura 13.6.7, Monterey 12.7.5	macOS versions prior to Sonoma 14.5, Ventura 13.6.7, Monterey 12.7.5.
14 May 2024	VULN240	APPLE : APPLE-SA-05-13-2024-1 Safari 17.5	Systems running Safari versions prior to 17.5.
14 May 2024	VULN239	Werkzeug : Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain	Systems running Werkzeug versions prior to 3.0.3.
14 May 2024	VULN238	Apache : CVE-2024-32077 Apache Airflow XSS vulnerability in Task Instance Log/Log Details	Systems running Apache Airflow versions 2.9 prior to 2.9.1.
14 May 2024	VULN237	GitLab : GitLab Patch Release 16.11.2, 16.10.5, 16.9.7	Systems running GitLab versions prior to 16.11.2, 16.10.5, 16.9.7.
14 May 2024	VULN236	VMware : VMware Workstation and Fusion updates address multiple security vulnerabilities	Systems running VMware Workstation versions prior to 17.5.2, VMware Fusion versions prior to 13.5.2.
14 May 2024	VULN235	Moodle : Multiple Vulnerabilities fixed in Moodle	Systems running Moodle versions prior to 4.3.4, 4.2.7, 4.1.10.
14 May 2024	VULN234	Google : Google Chrome Stable Channel Updated to 124.0.6367.207/.208	Systems running Google Chrome versions prior to 124.0.6367.207/.208.
13 May 2024	VULN233	Next.js : Next.js Server-Side Request Forgery and HTTP Request Smuggling Vulnerabilities	Systems running Next.js versions prior to 14.1.1.
13 May 2024	VULN232	Xen : Linux/xen-netfront Memory leak due to missing cleanup function	Systems running Xen with guests running Linux 5.9 and later with Xen PV network devices.
13 May 2024	VULN231	Apache : CVE-2024-32113 Apache OFBiz: Path traversal leading to RCE	Systems running Apache OFBiz versions prior to 18.12.13.
13 May 2024	VULN230	Apache : CVE-2024-26579 Apache Inlong JDBC Vulnerability	Systems running Apache InLong versions prior to 1.12.0.
13 May 2024	VULN229	PowerDNS : PowerDNS Recursor Security Advisory 2024-02	Systems running PowerDNS versions prior to 4.8.8, 4.9.5, 5.0.4.
13 May 2024	VULN228	VMware : VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities	Systems running VMware ESXi, VMware Workstation, VMware Fusion.
7 May 2024	VULN227	Cisco : Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Vulnerabilities	Systems running Cisco IP Phone 6800, 7800, 8800 Series SOFTWARE with Multiplatform Firmware.
7 May 2024	VULN226	CERT.org : R Programming Language implementations are vulnerable to arbitrary code execution	Systems running R Programming Language implementations.
7 May 2024	VULN225	GLPI : SQL injection and Account takeover via SQL Injection vulnerabilities	Systems running GLPI versions prior to 10.0.15.
7 May 2024	STAT18
3 May 2024	STAT17
26 Apr 2024	VULN224	SolarWinds : SolarWinds Platform XSS and SWQL Injection vulnerabilities	Systems running SolarWinds Platform versions prior to 2024.1 SR 1.
26 Apr 2024	VULN223	Palo Alto : Proof of Concept (PoC) Bypasses Protection Modules in Cortex XDR Agent	Windows running Cortex XDR Agent with content update versions CU-1320 and later.
26 Apr 2024	VULN222	GitLab : GitLab Patch Release 16.11.1, 16.10.4, 16.9.6	Systems running GitLab versions prior to 16.11.1, 16.10.4, 16.9.6.
26 Apr 2024	VULN221	Apache : Solr-Operator liveness and readiness probes may leak basic auth credentials	Systems running Solr Operator versions prior to 0.8.1.
25 Apr 2024	VULN220	Google : Google Chrome Stable Channel Updated to 124.0.6367.78/.79	Systems running Google Chrome versions prior to 124.0.6367.78/.79.
25 Apr 2024	VULN219	Nagios : Vulnerabilities fixed in Nagios XI 2024R1.1.2	Systems running Nagios XI versions prior to 2024R1.1.2.
25 Apr 2024	VULN218	Ruby : CVE-2024-27282 Arbitrary memory address read vulnerability with Regex search	Systems running Ruby versions prior to 3.0.7, 3.1.5, 3.2.4, 3.3.1.
25 Apr 2024	STAT16
25 Apr 2024	VULN217	SolarWinds : SolarWinds Serv-U Directory Traversal Remote Code Execution Vulnerability (CVE-2024-28073)	Systems running SolarWinds Serv-U versions prior to 15.4.2.
25 Apr 2024	VULN216	Citrix : Citrix uberAgent Security Bulletin for CVE-2024-3902	Systems running Citrix uberAgent versions prior to 22.0.
25 Apr 2024	VULN215	PowerDNS : PowerDNS Recursor Security Advisory 2024-02	Systems running PowerDNS versions prior to 4.8.8, 4.9.5, 5.0.4.
25 Apr 2024	VULN214	Cisco : Cisco Security Advisories Published on April 24, 2024	Cisco ASA Software, CISCO FTD Software.
19 Apr 2024	VULN213	Gunicorn : Gunicorn 22.0 fix CVE-2024-1135 Request smuggling leading to endpoint restriction bypass	Systems running Gunicorn versions prior to 22.0.
19 Apr 2024	VULN212	Apache : CVE-2024-29217 Apache Answer XSS vulnerability when changing personal website	Systems running Apache Answer versions prior to 1.3.0.
19 Apr 2024	VULN211	Flatpak : CVE-2024-32462 Sandbox escape via RequestBackground portal and CWE-88	Systems running Flatpak versions prior to 1.15.8, 1.10.9, 1.12.9, 1.14.6.
19 Apr 2024	VULN210	GNU C Library : GNU C Library Security Advisory Format	Systems running GNU C Library.
18 Apr 2024	STAT15
18 Apr 2024	VULN209	Xen : x86 Native Branch History Injection	Systems running Xen.
18 Apr 2024	VULN208	Jenkins : Jenkins Security Advisory 2024-04-17	Systems running Jenkins (core) versions prior to weekly 2.452, LTS 2.440.3.
18 Apr 2024	VULN207	Cisco : Cisco Security Advisories Published on April 17, 2024	Systems running Cisco Integrated Management, Controller, Cisco IOS, Cisco IOS XE Software.
17 Apr 2024	VULN206	Mozilla : Security Vulnerabilities fixed in Firefox 125, ESR 115.10	Systems running Firefox versions prior to 125, ESR 115.10.
17 Apr 2024	VULN205	Google : Chrome Stable channel updated to 124.0.6367.60/.61	Systems running Google Chrome versions prior to 124.0.6367.60/.61.
17 Apr 2024	VULN204	PuTTY : PuTTY vulnerability vuln-p521-bias	Systems running PuTTY versions prior to 0.81.
17 Apr 2024	VULN203	Oracle : April 2024 Critical Patch Update Released	Systems running Oracle products.
17 Apr 2024	VULN202	Atlassian : Security Bulletin - April 16 2024	Systems running Bamboo Data Center and Server, Confluence Data Center and Server, Jira Software Data Center and Server, Jira Service Management Data Center and Server.
17 Apr 2024	VULN201	Palo Alto : CVE-2024-3400 PAN-OS OS Command Injection Vulnerability in GlobalProtect	PAN-OS versions prior to 11.1.0-h3, 11.1.1-h1, 11.1.2-h3, 11.0.2-h4, 11.0.3-h10, 11.0.4-h1, 10.2.5-h6, 10.2.6-h3, 10.2.7-h8, 10.2.8-h3, 10.2.9-h1.
16 Apr 2024	VULN200	Citrix : XenServer and Citrix Hypervisor Security Update for CVE-2023-46842, CVE-2024-2201 and CVE-2024-31142	Systems running XenServer, Citrix Hypervisor.
16 Apr 2024	VULN199	Argo CD : Argo CD's API server does not enforce project sourceNamespaces	Systems running Argo CD versions prior to 2.8.16, 2.9.12, 2.10.7.
15 Apr 2024	VULN198	Apache : Apache CloudStack Security Releases 4.18.1.1 and 4.19.0.1	Systems running Apache CloudStack versions prior to 4.18.1.1, 4.19.0.1.
15 Apr 2024	VULN197	Apache : CVE-2024-31309 Apache Traffic Server HTTP/2 CONTINUATION frames can be utilized for DoS attack	Systems running Apache Traffic Server versions prior to 8.1.10, 9.2.4.
15 Apr 2024	VULN196	Apache : CVE-2024-27309 Apache Kafka Potential incorrect access control during migration from ZK mode to KRaft mode	Systems running Apache Kafka versions 3.5.0, 3.5.1, 3.5.2, 3.6.0, 3.6.1.
15 Apr 2024	VULN195	Haskell : process command injection via argument list on Windows	Windows running process library versions prior to 1.6.19.0.
15 Apr 2024	VULN194	PHP : PHP 8.3.6, 8.2.18, 8.1.28	Systems running PHP versions prior to 8.3.6, 8.2.18, 8.1.28.
12 Apr 2024	VULN193	Gitlab : GitLab Patch Release: 16.10.2, 16.9.4, 16.8.6	Systems running GitLab versions prior to 16.10.2, 16.9.4, 16.8.6.
12 Apr 2024	VULN192	Apache : CVE-2024-31391 Apache Solr Operator Solr-Operator liveness and readiness probes may leak basic auth credentials	Systems running Apache Solr versions prior to 0.8.1.
12 Apr 2024	VULN191	Palo Alto : CVE-2024-3400 PAN-OS OS Command Injection Vulnerability in GlobalProtect Gateway	PAN-OS versions prior to 11.1.2-h3, 11.0.4-h1, 10.2.9-h1.
11 Apr 2024	VULN190	Fortinet : FortiClientMac - Lack of configuration file validation	MacOS running FortiClientMac versions prior to 7.2.4, 7.0.11.
11 Apr 2024	VULN189	Fortinet : FortiClient Linux Remote Code Execution due to dangerous nodejs configuration	Linux running FortiClient versions prior to 7.2.1, 7.0.11.
11 Apr 2024	VULN188	Google : Chrome Stable channel updated to 123.0.6312.122/.123	Systems running Google chrome versions prior to 123.0.6312.122/.123.
11 Apr 2024	VULN187	CERT/CC : Multiple programming languages fail to escape arguments properly in Microsoft Windows	Windows.
11 Apr 2024	VULN186	Xen : x86 Incorrect logic for BTC/SRSO mitigations	Systems running Xen versions prior to 4.18.2, 4.17.4, 4.16.6, 4.15.6.
11 Apr 2024	VULN185	WordPress : WordPress 6.5.2 Maintenance and Security Release	Systems running WordPress versions prior to 6.5.2.
11 Apr 2024	VULN184	Rust : Security advisory for the standard library (CVE-2024-24576)	Systems running Rust versions prior to 1.77.2.
11 Apr 2024	STAT14
9 Apr 2024	VULN183	Apache : Multiple vulnerabilities fixed in Apache Zeppelin	Systems running Apache Zeppelin versions prior to 0.11.0.
9 Apr 2024	VULN182	Xen : x86 HVM hypercalls may trigger Xen bug check	Systems running Xen versions from at least 3.2 onwards.
9 Apr 2024	VULN181	SAP : SAP Security Patch Day - April 2024	Systems running SAP products.
9 Apr 2024	VULN180	Envoy Proxy : CPU and memory exhaustion due to CONTINUATION frame flood	Systems running Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, 1.26.8.
9 Apr 2024	VULN179	OpenSSL : Unbounded memory growth with session handling in TLSv1.3 (CVE-2024-2511)	Systems running OpenSSL versions prior to 3.2.2, 3.1.6, 3.0.14, 1.1.1y.
8 Apr 2024	VULN178	Go : Go 1.22.2 and Go 1.21.9 are released	Systems running Go versions prior to 1.22.2, 1.21.9.
5 Apr 2024	VULN177	Mozilla: Security Vulnerabilities fixed in Firefox for iOS 124	iOS running Firefox for iOS versions prior to 124.
5 Apr 2024	VULN176	pgAdmin 4 : 2024-04-04 - pgAdmin 4 v8.5 Released	Systems running pgAdmin 4 versions prior to 8.5.
5 Apr 2024	VULN175	Apache : CVE-2024-29834 Apache Pulsar Improper Authorization For Namespace and Topic Management Endpoints	Systems running Apache Pulsar versions prior to 3.0.4, 3.2.2.
5 Apr 2024	VULN174	Yubico: Security Advisory YSA-2024-01 YubiKey Manager Privilege Escalation	Systems running YubiKey Manager GUI versions prior to 1.2.6.
5 Apr 2024	VULN173	Apache : HTTP response splitting and HTTP/2 DoS vulnerabilities fixed	Systems running Apache versions prior to 2.4.59.
5 Apr 2024	VULN172	X.Org: Issues in X.Org X server prior to 21.1.12 and Xwayland prior to 23.2.5	Systems running X.Org X server versions prior to 21.1.12, Xwayland versions prior to 23.2.5.
5 Apr 2024	VULN171	CERT/CC: CERT/CC VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks	Systems implementing HTTP/2.
4 Apr 2024	VULN170	Ivanti : New CVE-2024-21894 (Heap Overflow), CVE-2024-22052 (Null Pointer Dereference), CVE-2024-22053 (Heap Overflow) and CVE-2024-22023 (XML entity expansion or XXE) for Ivanti Connect Secure and Ivanti Policy Secure Gateways	Systems running Ivanti Connect Secure versions prior to 22.1R6.2, 22.2R4.2, 22.3R1.2, 22.4R1.2, 22.4R2.4, 22.5R1.3, 22.5R2.4, 22.6R2.3, 9.1R14.6, 9.1R15.4, 9.1R16.4, 9.1R17.4, 9.1R18.5, Ivanti Policy Secure versions prior to 22.4R1.2, 22.5R1.3, 22.6R1.2, 9.1R16.4, 9.1R17.4, 9.1R18.5.
4 Apr 2024	VULN169	Cisco : Cisco Security Advisories Published on April 03, 2024	Systems running Cisco products.
3 Apr 2024	VULN168	Node.js : Wednesday, April 3, 2024 Security Releases	Systems running Node.js versions prior to 20.12.1, 21.7.11, 18.20.1.
3 Apr 2024	VULN167	VMware : VMware SD-WAN Edge and SD-WAN Orchestrator updates address multiple security vulnerabilities	Systems running VMware SD-WAN (Edge) versions prior to 5.0.1+, 4.5.1+, VMware SD-WAN (Orchestrator) versions prior to 5.0.1+.
3 Apr 2024	STAT13
29 Mar 2024	VULN166	Splunk : Multiple vulnerabilities fixed in Splunk	Systems running Splunk Enterprise versions prior to 9.2.1, 9.1.4, 9.0.9, Splunk Cloud Platform.
29 Mar 2024	VULN165	Wireshark : wnpa-sec-2024-06 - T.38 dissector crash	Systems running Wireshark versions prior to 4.2.4, 4.0.14.
29 Mar 2024	VULN164	Gitlab : GitLab Security Release: 16.10.1, 16.9.3, 16.8.5	Systems running GitLab versions prior to 16.10.1, 16.9.3, 16.8.5.
29 Mar 2024	VULN163	Buildah : CVE-2024-1753 container escape at build time	Systems running buildah versions prior to 1.35.1, 1.34.3, 1.33.7.
29 Mar 2024	VULN162	Serverpod : Client accepts any certificate and Improved security for stored password hashes	Systems running serverpod_client versions prior to 1.2.6, serverpod_auth_server (Dart) versions prior to 1.2.6.
29 Mar 2024	VULN161	Jupyterhub : XSS in JupyterHub via Self-XSS leveraged by Cookie Tossing	Systems running jupyterhub (pip) versions prior to 4.1.0.
29 Mar 2024	VULN160	Podman : CVE-2024-1753 container escape at build time	Systems running Podman versions prior to 4.9.4, 5.0.1.
28 Mar 2024	VULN159	APPLE : APPLE-SA-03-25-2024-1 Safari 17.4.1	Systems running Safari versions prior to 17.4.1.
28 Mar 2024	VULN158	APPLE : APPLE-SA-03-25-2024 macOS Ventura 13.6.6 and Sonoma 14.4.1	macOS versions prior to 13.6.6, 14.4.1.
28 Mar 2024	VULN157	APPLE : APPLE-SA-03-25-2024 iOS and iPadOS 16.7.7 and 17.4.1	iOS, iPadOS versions prior to 16.7.7, 17.4.1.
28 Mar 2024	VULN156	Cilium : Intermittent HTTP policy bypass	Systems running Cilium versions prior to 1.13.13, 1.14.8, 1.15.2.
28 Mar 2024	VULN155	Elastic : Elasticsearch 8.13.0 and 7.17.19 Security Updates	Systems running Elasticsearch versions prior to 8.13.0, 7.17.19.
27 Mar 2024	VULN154	Cisco : Cisco Security Advisories Published on March 27, 2024	Systems running Cisco IOS XE, Cisco IOS, Cisco Access Point Software, Cisco Aironet Access Point Software, Cisco Catalyst Center Software.
27 Mar 2024	VULN153	Nagios XI : Nagios XI 2024R1.1 fix XSS issue	Systems running Nagios XI versions prior to 2024R1.1.
27 Mar 2024	VULN152	Red Hat : Red Hat OpenShift GitOps 1.10.2 and 1.9.4 security update	Systems running Red Hat OpenShift GitOps versions prior to 1.10.2, 1.9.4.
27 Mar 2024	STAT12
27 Mar 2024	VULN151	Google : Chrome Stable channel updated to 123.0.6312.86/.87	Systems running Chrome versions prior to 123.0.6312.86/.87.
27 Mar 2024	VULN150	TinyMCE : TinyMCE Cross-Site Scripting (XSS) vulnerabilities fixed	Systems running TinyMCE versions prior to 7.0.0.
27 Mar 2024	VULN149	Grafana : Users outside an organization can delete a snapshot with its key	Systems running Grafana versions prior to 9.5.18, 10.0.13, 10.1.9, 10.2.6, 10.3.5.
27 Mar 2024	VULN148	Apache : CVE-2024-29735 Apache Airflow Potentially harmful permission changing by log task handler	Systems running Apache Airflow versions prior to 2.8.4.
27 Mar 2024	VULN147	curl : Multiple vulnerabilities fixed in curl 8.7.0	Systems running curl versions prior to 8.7.0.
26 Mar 2024	VULN146	Shibboleth : CAS service URL handling vulnerable to Server-Side Request Forgery	Systems running Shibboleth Identity Provider versions prior to 5.1.1, 4.3.2.
26 Mar 2024	VULN145	Tenable : Stand-alone Security Patch Available for Tenable Security Center versions 5.23.1, 6.1.1, 6.2.0 and 6.2.1	Systems running Tenable Security Center versions prior to 5.23.1, 6.1.1, 6.2.0, 6.2.1.
26 Mar 2024	VULN144	Ruby : Security Vulnerabilities fixed in Firefox ESR 115.9.1, 124.0.1	Systems running RDoc gem versions prior to 6.3.4.1, 6.4.1.1, 6.5.1.1, 6.6.3.1.
26 Mar 2024	VULN143	Ruby : CVE-2024-27280 Buffer overread vulnerability in StringIO	Systems running StringIO gem versions prior to 3.0.3.
26 Mar 2024	VULN142	WebKit : Security Vulnerabilities fixed in WebKitGTK, WPE WebKit 2.44.0	Systems running WebKitGTK, WPE WebKit versions prior to 2.44.0.
25 Mar 2024	VULN141	Mozilla : Security Vulnerabilities fixed in Firefox ESR 115.9.1, 124.0.1	Systems running Firefox versions prior to ESR 115.9.1, 124.0.1.
25 Mar 2024	VULN140	Spring : CVE-2024-22258 PKCE Downgrade in Spring Authorization Server	Systems running jupyter-server-proxy (pip) versions prior to 4.1.1, 3.2.3.
22 Mar 2024	VULN139	jupyter-server : Unauthenticated Websocket Proxying with jupyter-server-proxy	Systems running jupyter-server-proxy (pip) versions prior to 4.1.1, 3.2.3.
22 Mar 2024	VULN138	Apache : CVE-2024-27438 Apache Doris remote command execution and Possible race condition	Systems running Apache Doris versions prior to 2.0.5, 2.1.x.
22 Mar 2024	VULN137	Apache : CVE-2024-27439 Apache Wicket Possible bypass of CSRF protection	Systems running Apache Wicket versions prior to 9.17.0, 10.0.0.
21 Mar 2024	VULN136	Apache : Apache Archiva Vulnerabilities	Systems running Apache Archiva.
21 Mar 2024	VULN135	Apache : CVE-2024-28752 Apache CXF SSRF Vulnerability using the Aegis databinding	Systems running Apache CXF versions prior to 4.0.4, 3.6.3, 3.5.8.
21 Mar 2024	VULN134	Apache : Apache Commons Configuration vulnerabilities fixed	Systems running Apache Commons Configuration versions prior to 2.10.1.
21 Mar 2024	VULN133	Python : Vulnerabilities fixed in Python 3.10.14, 3.9.19, 3.8.19	Systems running Python versions prior to 3.10.14, 3.9.19, 3.8.19.
21 Mar 2024	VULN132	Apache : CVE-2024-23944 Apache ZooKeeper Information disclosure in persistent watcher handling	Systems running Jenkins weekly versions prior to 2.444, Jenkins LTS versions prior to 2.440.1.
21 Mar 2024	VULN131	glpi : Multiple vulnerabilities fixed in glpi 10.0.13	Systems running glpi versions prior to 10.0.13.
20 Mar 2024	STAT11
15 Mar 2024	VULN130	Apache : CVE-2024-23944 Apache ZooKeeper Information disclosure in persistent watcher handling	Systems running Apache ZooKeeper versions prior to 3.9.2, 3.8.4.
15 Mar 2024	VULN129	Palo Alto : CVE-2024-2433 PAN-OS Improper Privilege Management Vulnerability in Panorama Software	Panorama on PAN-OS versions prior to 9.0.17-h4, 9.1.18, 10.1.12, 10.2.11, 11.0.4.
15 Mar 2024	VULN128	Palo Alto : CVE-2024-2432 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability	Systems running GlobalProtect App versions prior to 6.2.1, 6.1.2, 6.0.8, 5.1.12.
15 Mar 2024	VULN127	Apache : Multiple Vulnerabilities fixed in Apache Pulsar	Systems running Apache Pulsar versions prior to 2.10.6, 2.11.4, 3.0.3, 3.1.3, 3.2.1.
15 Mar 2024	VULN126	Apache : Vulnerability in custom, long deprecated OpenID (NOT OIDC) authentication method in Flask AppBuilder	Systems running Apache Airflow versions prior to 2.8.2.
14 Mar 2024	VULN125	Apache : Vulnerability in custom, long deprecated OpenID (NOT OIDC) authentication method in Flask AppBuilder	Systems running Apache Airflow versions prior to 2.8.2.
14 Mar 2024	VULN124	Apache : Apache Tomcat - Denial of Service Vulnerabilities	Systems running Apache Tomcat versions prior to 11.0.0-M17, 10.1.19, 9.0.86, 8.5.99.
14 Mar 2024	VULN123	Cisco : Cisco Security Advisories Published on March 13, 2024	Cisco IOS XR Software versions prior to 7.9.2, 7.10.1.
14 Mar 2024	VULN122	Directus : URL Redirection to Untrusted Site and Session Token in URL	Systems running directus versions prior to 10.10.0.
13 Mar 2024	VULN121	Fortinet : FortiWLM MEA for FortiManager - improper access control in backup and restore features	Systems running FortiWLM MEA for FortiManager versions prior to 7.4.1,7.2.4, 7.0.11, 6.4.14.
13 Mar 2024	VULN120	Xen : Register File Data Sampling and GhostRace: Speculative Race Conditions	Systems running Xen.
13 Mar 2024	VULN119	Fortinet : Vulnerabilities fixed in FortiClientEMS	Systems running FortiClientEMS versions prior to 7.2.3, 7.0.11.
13 Mar 2024	VULN118	Fortinet : Multiple vulnerabilities fixed in FortiOS & FortiProxy	FortiOS versions prior to 7.4.2, 7.2.7, 7.0.13, 6.4.15, 6.2.16, FortiProxy versions prior to 7.4.3, 7.2.9, 7.0.15, 2.0.14.
13 Mar 2024	VULN117	Google : Chrome Stable channel updated to 122.0.6261.128/.129	Systems running Google Chrome versions prior to 122.0.6261.128/.129.
13 Mar 2024	VULN116	Citrix : Citrix SDWAN Security Bulletin for CVE-2024-2049	Systems running Citrix SDWAN.
13 Mar 2024	VULN115	Citrix : Citrix Hypervisor Security Update for CVE-2023-39368 and CVE-2023-38575	Systems running Citrix Hypervisor.
12 Mar 2024	VULN114	OpenStack : Unresolved Vulnerability in OpenStack Murano	Systems running OpenStack Murano.
12 Mar 2024	VULN113	Go : Go 1.22.1 and Go 1.21.8 are released	Systems running Go versions prior to 1.22.1, 1.21.8.
12 Mar 2024	VULN112	Rancher API Server: XSS Vulnerability in API Server	Systems running Rancher API Server versions prior to 4fd7d82 (master), 69b3c2b (release/v2.8), a3b9e37 (release/v2.8.s3), 4e102cf (release/v2.7), 97a10a3 (release/v2.7.s3), 4df268e (release/v2.6).
12 Mar 2024	VULN111	Rancher : Multiple vulnerabilities fixed in Rancher 2.6.14, 2.7.10 and 2.8.2	Systems running Rancher versions prior to 2.6.14, 2.7.10, 2.8.2.
12 Mar 2024	VULN110	TYPO3 : Multiple vulnerabilities fixed in TYPO3	Systems running TYPO3 CMS versions prior to 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1.
12 Mar 2024	VULN109	Moodle : Multiple vulnerabilities fixed in Moodle 4.3.3, 4.2.6, 4.1.9	Systems running Moodle versions prior to 4.3.3, 4.2.6, 4.1.9).
12 Mar 2024	VULN108	Grafana : User with permissions to create a data source can CRUD all data sources	Systems running Grafana versions prior to 9.5.7, 10.0.12, 10.1.8, 10.2.5, 10.3.4.
11 Mar 2024	VULN107	APPLE : APPLE-SA-03-07-2024-6 tvOS 17.4	tvOS versions prior to 17.4.
11 Mar 2024	VULN106	APPLE : APPLE-SA-03-07-2024-5 watchOS 10.4	Systems running watchOS versions prior to 10.4.
11 Mar 2024	VULN105	APPLE : APPLE-SA-03-07-2024-1 Safari 17.4	Systems running Safari versions prior to 17.4.
11 Mar 2024	VULN104	APPLE : Multiple vulnerabilities fixed in macOS Monterey, Ventura, Sonoma	Systems running macOS versions prior to Monterey 12.7.4, Ventura 13.6.5, Sonoma 14.4
11 Mar 2024	VULN103	TeamCity : Additional Critical Security Issues Affecting TeamCity On-Premises (CVE-2024-27198 and CVE-2024-27199)	Systems running TeamCity On-Premises versions prior to 2023.11.4.
10 Mar 2023	STAT10
8 Mar 2024	VULN102	Nagios XI : Multiple vulnerabilities fixed in 2024R1.0.2	Systems running Nagios XI versions prior to 2024R1.0.2.
8 Mar 2024	VULN101	Apache : Apache Camel issue on ExchangeCreatedEvent and Camel-SQL, Camel-CassandraQL Unsafe Deserialization	Systems running Apache Camel versions prior to 3.21.4, 3.22.1, 4.0.4, 4.4.0.
8 Mar 2024	VULN100	GitLab : GitLab Security Release 16.9.2, 16.8.4, 16.7.7	Systems running GitLab versions prior to 16.9.2, 16.8.4, 16.7.7.
8 Mar 2024	VULN099	Joomla! : Multiple security vulnerabilities fixed in Joomla! 4.4.3, 5.0.3, 3.7.0-3.10.14-elts	Systems running Joomla! versions prior to 3.10.15-elts, 4.4.3, 5.0.3.
8 Mar 2024	VULN098	PostgreSQL : PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 Released!	Systems running PostgreSQL versions prior to 16.2, 15.6, 14.11, 13.14, 12.18.
8 Mar 2024	VULN097	PostgreSQL JDBC Driver : SQL Injection via line comment generation	Systems running PostgreSQL JDBC Driver versions prior to 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, 42.2.28, 42.2.28.jre7.
8 Mar 2024	VULN096	Node.js : Multiple vulnerabilities fixed in Node.js	Systems running Node.js.
8 Mar 2024	VULN095	BuildKit : Multiple vulnerabilities fixed in BuildKit 0.12.5	Systems running BuildKit versions prior to 0.12.5.
8 Mar 2024	VULN094	Django : Django security releases issued: 5.0.3, 4.2.11, and 3.2.25	Systems running Django versions prior to 5.0.3, 4.2.11, 3.2.25.
8 Mar 2024	VULN093	Mozilla : Security Vulnerabilities fixed in Thunderbird 115.8.1	Systems running Thunderbird versions prior to 115.8.1.
8 Mar 2024	VULN092	Google : Stable Channel for Desktop Updated to 122.0.6261.111/.112	Systems running Google Chrome versions prior to 122.0.6261.111/.112.
7 Mar 2024	VULN091	Vmware : VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities	Systems running VMware ESXi, VMware Workstation, VMware Fusion, VMware Cloud Foundation.
7 Mar 2024	VULN090	Jenkins : Jenkins Security Advisory 2024-03-06	Systems running Jenkins plugins.
7 Mar 2024	VULN089	APPLE : iOS 17.4, 16.7.6 and iPadOS 17.4, 16.7.6	iOS, iPadOS versions prior to 17.4, 16.7.6.
3 Mar 2023	STAT09
28 Feb 2024	STAT08
23 Feb 2024	VULN088	: ConnectWise ScreenConnect Authentication Bypass and remote code execution	Systems running ScreenConnect 23.9.7 and prior
23 Feb 2024	VULN087	: Microsoft Exchange Server Elevation of Privilege Vulnerability	Systems running Microsoft Exchange Server 2019 Cumulative Update 14, Microsoft Exchange Server 2019 Cumulative Update 13 and Microsoft Exchange Server 2016 Cumulative Update 23
23 Feb 2024	VULN086	: Microsoft Outlook Remote Code Execution Vulnerability	Systems running Microsoft Office 2016, Microsoft Office 2019, Microsoft Office LTSC 2021 and Microsoft Office LTSC 2021
21 Feb 2024	STAT07
17 Feb 2023	VULN085	(graphql-mesh : Unwanted access to	Systems running graphql-mesh/cli versions prior to 0.82.22, graphql-mesh/http versions prior to 0.3.19.
15 Feb 2024	STAT06
9 Feb 2024	VULN084	FortiOS - Out-of-bound Write in sslvpnd	FortiOS - Out-of-bound Write in sslvpnd
9 Feb 2024	VULN083	: FortiOS - Format String Bug in fgfmd	FortiOS - Format String Bug in fgfmd
9 Feb 2024	VULN082	Ivanti : CVE-2024-22024 (XXE) for Ivanti Connect Secure and Ivanti Policy Secure Gateways	Systems running Ivanti Connect Secure (ICS), Ivanti Policy Secure gateways, Ivanti Neurons for ZTA gateways.
17 Feb 2023	VULN081	(TimescaleDB : TimescaleDB 2.8.0	Systems running TimescaleDB versions prior to 2.9.3.
8 Feb 2024	VULN080	Cisco : Cisco Critical and High Security Advisories Published on February 07, 2024	Cisco Systems running Cisco Expressway Series, ClamAV.
8 Feb 2024	STAT05
2 Feb 2024	VULN079	Splunk : Security Updates in Splunk Add-on Builder	Systems running Splunk Add-on Builder versions prior to 4.1.4.
2 Feb 2024	VULN078	glpi : LDAP Injection during authentication and Reflected XSS in reports pages	Systems running glpi versions prior to 10.0.12.
2 Feb 2024	VULN077	Moby : Classic builder cache poisoning	Systems running moby versions prior to 25.0.2, 24.0.9.
2 Feb 2024	VULN076	Mastodon : Remote user impersonation and takeover	Systems running Mastodon versions prior to 3.5.17, 4.0.13, 4.1.13, 4.2.5.
1 Feb 2024	VULN075	Google : Stable Channel for Desktop Updated to 121.0.6167.139	Systems running Google chrome versions prior to 1.1.12.
1 Feb 2024	VULN074	runc : several container breakouts due to internally leaked fds	Systems running runc versions prior to 1.1.12.
1 Feb 2024	STAT04
31 Jan 2024	VULN073	ESET : Unquoted path privilege vulnerability in ESET products for Windows fixed	Systems running ESET Endpoint Security, ESET Endpoint Antivirus versions prior to 11.0.2032.x, ESET NOD32 Antivirus, ESET Internet Security and ESET Smart Security Premium versions prior to 17.0.15.0, ESET Mail Security for Microsoft Exchange Server versions prior to 10.1.10012.0.
31 Jan 2024	VULN072	Spring : local information disclosure via temporary directory created with unsafe permissions	Systems running Spring Cloud Contract versions prior to 3.1.10, 4.0.5, 4.1.1.
31 Jan 2024	VULN071	WordPress : WordPress 6.4.3 - Maintenance and Security release	Systems running WordPress versions prior to 6.4.3.
31 Jan 2024	VULN070	CrateDB : CrateDB database has an arbitrary file read vulnerability	Systems running CrateDB versions prior to 5.3.9, 5.4.8, 5.5.4, 5.6.1.
31 Jan 2024	VULN069	Apache : CVE-2023-29055 Apache Kylin: Insufficiently protected credentials in config file	Systems running Apache Kylin versions prior to 4.0.4.
31 Jan 2024	VULN068	curl : OCSP verification bypass with TLS session reuse	Systems running curl versions 8.5.x prior to 8.6.0.
30 Jan 2024	VULN067	Xen : Unauthorized memory access and VT-d Failure to quarantine devices fixed	Systems running Xen.
26 Jan 2024	VULN066	Mozilla : Security Vulnerabilities fixed in Thunderbird 115.7	Systems running Thunderbird versions prior to 115.7.
26 Jan 2024	VULN065	Mozilla : Multiple vulnerabilities fixed in Firefox 122, ESR 115.7	Systems running Firefox versions prior to 122, ESR 115.7.
26 Jan 2024	VULN064	OpenSSL : OpenSSL Security Advisory [25th January 2024]	Systems running OpenSSL versions prior to 3.2.1, 3.1.5, 3.0.13, 1.1.1x, 1.0.2zj.
26 Jan 2024	VULN063	Google : Stable Channel 121.0.6167.85 Update for Desktop	Google Chrome versions prior to 121.0.6167.85.
25 Jan 2024	VULN062	APPLE : APPLE-SA-01-22-2024-8 watchOS 10.3	watchOS versions prior to 10.3.
25 Jan 2024	VULN061	APPLE : APPLE-SA-01-22-2024-1 Safari 17.3	Systems running Safari versions prior to 17.3.
25 Jan 2024	VULN060	APPLE : macOS Ventura 13.6.4, Monterey 12.7.3	macOS versions prior to Ventura 13.6.4, Monterey 12.7.3.
25 Jan 2024	VULN059	APPLE : APPLE-SA-01-22-2024-2 iOS 17.3, 16.7.5 and iPadOS 17.3, 16.7.5	iOS, iPadOS versions prior to 17.3, 16.7.5.
25 Jan 2024	VULN058	Apache : Apache Superset vulnerabilities fixed	Systems running Apache Superset versions prior to 3.0.3, Apache Superset Helm chart versions prior to 0.10.15.
25 Jan 2024	VULN057	Apache : Apache Airflow CNCF Kubernetes provider, Apache Airflow Kubernetes configuration file vulnerafitily	Systems running Apache Airflow versions prior to 2.6.1, Apache Airflow CNCF Kubernetes provider versions prior to 7.0.0.
25 Jan 2024	VULN056	Xen : Linux netback processing of zero-length transmit fragment	Systems running Xen.
25 Jan 2024	VULN055	SQUID : SQUID-2023:11 Denial of Service in Cache Manager	Systems running SQUID versions prior to 6.6.
25 Jan 2024	VULN054	Citrix : Citrix Hypervisor Security Bulletin for CVE-2023-46838	Systems running Citrix Hypervisor versions 8.2 CU1 LTSR .
24 Jan 2024	VULN053	Jenkins : Jenkins Security Advisory 2024-01-24	Systems running Jenkins (core), Git server Plugin, GitLab Branch Source Plugin, Log Command Plugin, Matrix Project Plugin, Qualys Policy Compliance Scanning Connector Plugin, Red Hat Dependency Analytics Plugin.
24 Jan 2024	VULN052	Cisco : Cisco Security Advisories Published on January 24, 2024	Systems running Cisco Unified Communications, Products, Cisco Small Business Series Switches firmware, Cisco Unity products.
24 Jan 2024	VULN051	Atlassian : January 2024 Security Bulletin	Systems running Confluence Data Center and Server versions prior to 7.19.18, 8.5.5, 8.7.2, Confluence Server versions prior to 7.19.18, 8.5.5, Crowd Data Center and Server versions prior to 5.2.2, Jira Service Management Data Center and Server versions prior to 4.20.30, 5.4.15, 5.12.2, Jira Data Center and Server versions prior to 9.4.13, 9.7.0, Bamboo Data Center and Server versions prior to 9.2.9, 9.3.6, 9.4, Bitbucket Server versions prior to 7.21.21, 8.9.9, 8.13.5, 8.14.4, Bitbucket Data Center versions prior to 7.21.21, 8.9.9, 8.13.5, 8.14.4, 8.15.3, 8.16.2, 8.17.0.
24 Jan 2024	STAT03
22 Jan 2024	VULN050	gnutls : gnutls 3.8.3 fix vulnerabilities	Systems running gnutls versions prior to 3.8.3.
22 Jan 2024	VULN049	Postfix : Postfix stable release 3.8.5, 3.7.10, 3.6.14, 3.5.24	Systems running Postfix versions prior to 3.8.5, 3.7.10, 3.6.14, 3.5.24.
22 Jan 2024	VULN048	Argo CD : Cross-Site Request Forgery (CSRF) in github.com/argoproj/argo-cd	Systems running Argo CD versions prior to 2.10-rc2, 2.9.4, 2.8.8, 2.7.16.
22 Jan 2024	VULN047	Jupyterlab : Potential authentication, CSRF tokens leak and SXSS in Markdown Preview	Systems running jupyterlab (pip) versions prior to 4.0.11, 3.6.7, notebook (pip) versions prior to 7.0.7.
22 Jan 2024	VULN046	Exim : Exim 4.97.1 fix SMTP smuggling vulnerability	Systems running Exim versions prior to 4.97.1.
22 Jan 2024	VULN045	Apache : CVE-2023-46589 Apache Tomcat - Information Disclosure	Systems running Apache Tomcat versions prior to 9.0.44, 8.5.64.
18 Jan 2024	VULN044	Synology : Synology-SA-24:01 DSM DiskStation Manager	DSM 7.2 versions prior to 7.2-64561, DSM 7.1, DSM 6.2, DSMUC 3.1 versions prior to 3.1.2-23068.
18 Jan 2024	VULN043	SonicWall : SFPMonitor.sys KOOB Write vulnerability	Systems running SonicWall Capture Client versions prior to 3.7.11, SonicWall NetExtender Windows Client versions prior to 10.2.338.
18 Jan 2024	VULN042	X.Org : Issues in X.Org X server prior to 21.1.11 and Xwayland prior to 23.2.4	Systems running X.Org versions prior to 21.1.11, Xwayland versions prior to 23.2.4.
18 Jan 2024	VULN041	Drupal : Drupal core - Moderately critical - Denial of Service - SA-CORE-2024-001	Systems running Drupal core versions prior to 10.2.2, 10.1.8.
17 Jan 2024	VULN040	Citrix : Citrix StoreFront Security Bulletin for CVE-2023-5914	Systems running Citrix StoreFront versions prior to 2308.1, 2311, 1912 LTSR CU8 hotfix 3.22.8001.2, 2203 LTSR CU4 Update 1.
17 Jan 2024	VULN039	Google : Google Chrome 120.0.6099.234 fix multiple vulnerabilities	Systems running Google Chrome versions prior to 120.0.6099.234.
17 Jan 2024	VULN038	Oracle : January 2024 Critical Patch Update Released	Systems running Oracleâ€™s products.
17 Jan 2024	VULN037	Vmware : VMware Aria Automation updates address a Missing Access Control vulnerability (CVE-2023-34063)	Systems running VMware Aria Automation versions prior to 8.14.1 + Patch, 8.13.1 + Patch, 8.12.2 + Patch, 8.11.2 + Patch, VMware Cloud Foundation (Aria Automation).
17 Jan 2024	VULN036	Citrix : Citrix Session Recording Security Bulletin for CVE-2023-6184	Systems running Citrix Virtual Apps and Desktops versions prior to 2311, 1912 LTSR CU8 hotfix 19.12.8100.4, 2203 LTSR CU4.
17 Jan 2024	VULN035	Citrix : NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549	Systems running Citrix NetScaler ADC and NetScaler Gateway versions prior to 14.1-12.35, 13.1-51.15, 13.0-92.21, NetScaler ADC versions prior to 13.1-FIPS 13.1-37.176, 12.1-FIPS 12.1-55.302, 12.1-NDcPP 12.1-55.302.
17 Jan 2024	STAT02
16 Jan 2024	VULN034	Apache : CVE-2023-50290 Apache Solr allows read access to host environment variables	Systems running Apache Solr versions prior to 9.3.0.
16 Jan 2024	VULN033	Apache : CVE-2023-46749 Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a path traversal attack	Systems running Apache Shiro versions prior to 1.13.0+, 2.0.0-alpha-4+.
16 Jan 2024	VULN032	OpenSSL : Excessive time spent checking invalid RSA public keys (CVE-2023-6237)	Systems running OpenSSL versions 3.0.0 to 3.0.12, 3.1.0 to 3.1.4 and 3.2.0
12 Jan 2024	VULN031	Ivanti : CVE-2023-46805 (Authentication Bypass) & CVE-2024-21887 (Command Injection) for Ivanti Connect Secure and Ivanti Policy Secure Gateways	Systems running Ivanti Connect Secure (ICS), Ivanti Policy Secure gateways, Ivanti Neurons for ZTA gateways.
12 Jan 2024	VULN030	Ivanti : SA-2023-12-19-CVE-2023-39336	Systems running Ivanti Endpoint Manager versions prior to 2022 SU5.
12 Jan 2024	VULN029	GitLab : GitLab Critical Security Release 16.7.2, 16.6.4, 16.5.6	Systems running GitLab versions prior to 16.7.2, 16.6.4, 16.5.6.
12 Jan 2024	VULN028	SPIP : Mise à jour de maintenance et sécurité sortie de SPIP 4.2.8, SPIP 4.1.14	Systems running SPIP versions prior to 4.2.8, 4.1.14.
11 Jan 2024	VULN027	GitPython : Untrusted search path under some conditions on Windows allows arbitrary code execution	Systems running GitPython versions prior to 3.1.41.
11 Jan 2024	VULN026	go-git : Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients	Systems running go-git versions prior to 5.11.
11 Jan 2024	VULN025	Cisco : Cisco Security Advisories Published on January 10, 2024	Systems running Cisco Unity Connection, Cisco WAP371 Wireless Access Point, Cisco ThousandEyes Enterprise Agent Virtual Appliance Cisco Evolved Programmable Network Manager, Cisco Prime Infrastructure, Cisco BroadWorks Application Delivery Platform, Cisco BroadWorks Xtended Services Platform, Cisco Identity Services Engine, Cisco TelePresence Management Suite.
10 Jan 2024	STAT01
10 Jan 2024	VULN024	Splunk : Splunk User Behavior Analytics (UBA) Third-Party Package Updates	Systems running Splunk User Behavior Analytics versions prior to 5.3.0, 5.2.1.
10 Jan 2024	VULN023	Splunk : Multiple Vulnerabilities fixed in Splunk Enterprise Security	Systems running Splunk Enterprise Security versions prior to 7.1.2, 7.2.0, 7.3.0.
10 Jan 2024	VULN022	OpenSSL : POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129)	Systems running OpenSSL versions prior to 1.1.1, 1.0.2.
9 Jan 2024	VULN021	QNAP : Multiple Vulnerabilities in Video Station	Systems running Video Station versions prior to 5.7.2 (2023/11/23).
9 Jan 2024	VULN020	Qnap : Vulnerability in QcalAgent	Systems running QcalAgent versions prior to 1.1.8.
9 Jan 2024	VULN019	Qnap : Multiple Vulnerabilities in QuMagie	Systems running QuMagie versions prior to 2.2.1.
8 Jan 2024	VULN018	QNAP : Multiple Vulnerabilities in Video Station	Systems running Video Station versions prior to 5.7.2 (2023/11/23).
8 Jan 2024	VULN017	Qnap : Vulnerabilities fixed in QTS, QuTS hero	Systems running QTS, QuTS hero versions prior to 5.1.3.2578 build 20231110, 5.1.4.2596 build 20231128.
8 Jan 2024	VULN016	Centreon : Security bulletin for Centreon Web available through The Watch	Systems running Centreon Web versions prior to 23.10.5, 23.04.13, 22.10.17, 22.04.19.
5 Jan 2024	VULN015	gradio : Make the `/file` secure against file traversal attacks and SSRF	Systems running gradio versions prior to 4.11.0.
5 Jan 2024	VULN014	SPIP : Mise à jour de maintenance et sécurité sortie de SPIP 4.2.7, SPIP 4.1.13	Systems running SPIP versions prior to 4.2.7, 4.1.13.
5 Jan 2024	VULN013	Asterisk : Multiple vulnerabilities fixed in Asterisk	Systems running Asterisk versions prior to 21.0.1, 18.20.1, 20.5.1, certified-asterisk versions prior to 18.9-cert6.
5 Jan 2024	VULN012	Wireshark : Multiple dissector crash vulnerabilities fixed in Wireshark	Systems running Wireshark versions prior to 4.2.1, 4.0.12, 3.6.20.
5 Jan 2024	VULN011	Google : Google Chrome 120.0.6099.199 fix multiple vulnerabilities	Systems running Google Chrome versions prior to 120.0.6099.199.
4 Jan 2024	VULN010	Apache : Apache InLong Arbitrary File Read and Remote Code Execution vulnerabilities	Systems running Apache InLong versions 1.7.0 through 1.9.0.
4 Jan 2024	VULN009	WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2023-0012	Systems running WebKitGTK, WPE WebKit versions prior to 2.42.4.
4 Jan 2024	VULN008	Apache : CVE-2023-49299: Apache DolphinScheduler Arbitrary js execute as root for authenticated users	Systems running Apache DolphinScheduler versions prior to 3.1.9.
4 Jan 2024	VULN007	containerd : RAPL accessible to a container	Systems running containerd versions prior to 1.7.11, 1.6.26.
4 Jan 2024	VULN006	Cacti : Cacti 1.2.26 fixes multiple security vulnerabilities	Systems running Cacti versions prior to 1.2.26.
4 Jan 2024	VULN005	OpenSSH : OpenSSH 9.6 addresses key vulnerabilities	Systems running OpenSSH versions prior to 9.6.
4 Jan 2024	VULN004	libssh : Multiple vulnerabilities fixed in libssh	Systems running libssh versions prior to 0.10.6, 0.9.8.
3 Jan 2024	VULN003	Moodle : Multiple vulnerabilities fixed in Moodle	Systems running Moodle versions prior to 4.3.1, 4.2.4, 4.1.7, 4.0.12, 3.11.18, 3.9.25.
3 Jan 2024	VULN002	Apache : Pre-authentication RCE, Arbitrary file properties reading and SSRF vulnerabilities fixed	Systems running Apache OFBiz versions prior to 18.12.11.
3 Jan 2024	VULN001	Apache : Apache OpenOffice 4.1.15 fixes multiple vulnerabilities	Systems running Apache OpenOffice versions prior to 4.1.15.
3 Jan 2024	STAT52
3 Jan 2024	STAT51