Voici la liste des derniers avis du CERT-Renater en 2024 :


11 Jul 2024STAT27
11 Jul 2024VULN324Vmware : VMSA-2024-0017 VMware Aria Automation updates address SQL-injection vulnerability (CVE-2024-22280)Systems running VMware Aria Automation.
10 Jul 2024VULN323Mozilla : Multiple vulnerabilities fixed in Firefox 128, ESR 115.13Systems running Firefox versions prior to 128, ESR 115.13.
10 Jul 2024VULN322Node.js : Monday, July 8, 2024 Security ReleasesSystems running Node.js versions prior to 18.20.4, 20.15.1, 22.4.1.
10 Jul 2024VULN321Citrix : NetScaler Console, Agent and SVM Security Bulletin for CVE-2024-6235 and CVE-2024-6236Systems running NetScaler Console, NetScaler SVM, NetScaler Agent versions prior to 14.1-25.53, 13.1-53.22, 13.0-92.31.
10 Jul 2024VULN320Citrix : NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-5491 and CVE-2024-5492Systems running NetScaler ADC and NetScaler Gateway versions prior to 14.1-25.53, 13.1-53.17, 13.0-92.31, NetScaler ADC versions prior to 13.1-FIPS 13.1-37.183, 12.1-FIPS 12.1-55.304, 12.1-NDcPP 12.1-55.304.
10 Jul 2024VULN319Joomla! : Multiple vulnerabilities fixed in Joomla! 4.4.6,, 5.1.2, 3.10.16-eltsSystems running Joomla! versions prior to 4.4.6, 5.1.2, 3.10.16-elts.
10 Jul 2024VULN318Django : Django security releases issued: 5.0.7 and 4.2.14Systems running Django versions prior to 5.0.7, 4.2.14.
10 Jul 2024VULN317Apache : Apache CloudStack LTS Security Releases 4.18.2.1 and 4.19.0.2Systems running Apache CloudStack LTS versions prior to 4.18.2.1, 4.19.0.2.
4 Jul 2024VULN316Elastic : Elastic Cloud Enterprise 3.7.2 Security Update (ESA-2024-18)Systems running Elastic Cloud Enterprise versions from 3.0.0 and prior to 3.7.2.
4 Jul 2024VULN315Apache : CVE-2024-34750 Apache Tomcat - Denial of ServiceSystems running Apache Tomcat versions prior to 11.0.0-M21, 10.1.25, 9.0.89.
4 Jul 2024VULN314VMware : VMware Cloud Director Availability addresses an HTML injection vulnerabilitySystems running VMware Cloud Director Availability versions prior to 4.7.2.
4 Jul 2024STAT26
3 Jul 2024VULN313Cisco : Cisco NX-OS Software CLI Command Injection VulnerabilityCisco NX-OS Software.
3 Jul 2024VULN312Openstack : Arbitrary file access through custom QCOW2 external dataSystems running Cinder versions <22.1.3, >=23.0.0 <23.1.1, ==24.0.0; Glance versions <26.0.1, ==27.0.0, >=28.0.0 <28.0.2; Nova versions <27.3.1, >=28.0.0 <28.1.1, >=29.0.0 <29.0.3.
3 Jul 2024VULN311Cisco : Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion): July 2024Cisco Systems running OpenSSH Server.
1 Jul 2024VULN310Apache : Apache version 2.4.60 fixes multiple vulnerabilitiesSystems running Apache HTTP Server versions prior to 2.4.60.
1 Jul 2024VULN309MIT Kerberos : MIT Kerberos 5 Release 1.21.3 fixes vulnerabilities in GSS message token handlingSystems running Kerberos 5 versions prior to 1.21.3.
1 Jul 2024VULN308OpenSSH : Critical vulnerability fixed in OpenSSH 9.8Systems running OpenSSH version prior to 9.8.
27 Jun 2024VULN307VMware : VMware Cloud Director addresses an improper privilege management vulnerability (CVE-2024-22272)Systems running VMware Cloud Director.
27 Jun 2024VULN306OpenSSL : SSL_select_next_proto buffer overread (CVE-2024-5535)Systems running OpenSSL versions prior to 3.3.2, 3.2.3, 3.1.7, 3.0.15, 1.1.1za, 1.0.2zk.
27 Jun 2024VULN305GitLab : GitLab Critical Patch Release: 17.1.1, 17.0.3, 16.11.5Systems running GitLab versions prior to 17.1.1, 17.0.3, 16.11.5.
27 Jun 2024VULN304Jenkins : Jenkins Security Advisory 2024-06-26Systems running Bitbucket Branch Source Plugin for Jenkins versions prior to 887.va_d359b_3d2d8d, Plain Credentials Plugin for Jenkins versions prior to 183.va_de8f1dd5a_2b_, Structs Plugin for Jenkins versions prior to 338.v848422169819.
27 Jun 2024STAT25
27 Jun 2024VULN303Progress : MOVEit Transfer Critical Security Alert Bulletin =?UTF-8?Q?=E2=80=93?= June 2024Systems running MOVEit Transfer versions prior to 2023.0.11, 2023.1.6, 2024.0.2.
27 Jun 2024VULN302Progress : MOVEit Gateway Critical Security Alert Bulletin =?UTF-8?Q?=E2=80=93?= June 2024Systems running MOVEit Gateway versions prior to 2024.0.0.
26 Jun 2024VULN301Google Crome : Stable channel has been updated to 126.0.6478.126/127Systems running Google Crome versions prior to 126.0.6478.126.
26 Jun 2024VULN300HashiCorp : Vault Incorrectly Validated JSON Web Tokens (JWT) Audience ClaimsSystems running HashiCorp Vault, Vault Enterprise versions prior to 1.17.0, 1.16.3, 1.15.9.
26 Jun 2024VULN299HashiCorp : HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation SecuritySystems running libreoffice versions prior to 24.2.4.
26 Jun 2024VULN298LibreOffice : CVE-2024-5261 TLS certificate are not properly verified when utilizing LibreOfficeKitSystems running libreoffice versions prior to 24.2.4.
26 Jun 2024VULN297WordPress : WordPress 6.5.5 fix XSS and path traversal vulnerabilitiesSystems running WordPress versions prior to 6.5.5.
25 Jun 2024VULN296Org mode : Emergency bugfix release: Org mode 9.7.5Systems running Org mode versions prior to 9.7.5.
25 Jun 2024VULN295Emacs : Emacs 29.4 emergency bugfix release fix a security vulnerabilitySystems running Emacs versions prior to 29.4.
25 Jun 2024VULN294VMware : VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2024-37085, CVE-2024-37086, CVE-2024-37087)Systems running VMware ESXi, vCenter Server, VMware Cloud Foundation.
24 Jun 2024VULN292rancher : Multiple vulnerabilities fixed in rancherSystems running rancher versions prior to 2.7.14, 2.8.5.
24 Jun 2024VULN291Apache : CVE-2024-34693 Apache Superset: Server arbitrary file readSystems running Apache Superset versions prior to 4.0.1, 3.1.3.
21 Jun 2024STAT24
19 Jun 2024VULN290Mozilla : Security Vulnerabilities fixed in Firefox for iOS 127 and ESR 115.12Systems running Firefox versions prior to for iOS 127, ESR 115.12.
19 Jun 2024VULN289Moodle : Multiple security vulneravilities fixed in 4.4.1, 4.3.5, 4.2.8 and 4.1.11Systems running Moodle versions prior to 4.4.1, 4.3.5, 4.2.8, 4.1.11.
19 Jun 2024VULN288Veeam : Veeam Recovery Orchestrator Vulnerability (CVE-2024-29855)Systems running Veeam Recovery Orchestrator versions prior to 7.1.0.230, 7.0.0.379.
19 Jun 2024VULN287Jupyter Server Proxy : Reflected XSS issue in host parameterSystems running jupyter_server_proxy versions prior to 3.2.4, 4.2.0.
19 Jun 2024VULN286VMware: VMSA-2024-0012:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilitiesSystems running VMware Cloud Foundation, VMware vCenter Server versions prior to 8.0 U2d, 8.0 U1e, 7.0 U3r.
14 Jun 2024VULN285Elastic : Elasticsearch 8.14.0 Security Update (ESA-2024-14)Systems running Elasticsearch versions prior to 8.14.0.
14 Jun 2024VULN284cupsd : Cupsd Listen arbitrary chmod 0140777Systems running cupsd.
14 Jun 2024STAT23
11 Jun 2024VULN283composer : Command injections via malicious git/hg branch namesSystems running composer versions prior to 2.2.24, 2.7.7.
7 Jun 2024VULN282PHP : New versions of PHP fix VulnerabilitiesSystems running PHP versions prior to 8.3.8, 8.2.20, 8.1.29.
6 Jun 2024STAT22
6 Jun 2024VULN281Cisco : Cisco Finesse Web-Based Management Interface VulnerabilitiesSystems running Cisco Finesse versions prior to 12.6(2) ES03.
6 Jun 2024VULN280Libarchive : Libarchive 3.7.4 fix Out of Bound (OOB) access vulnerability CVE-2024-26256Systems running Libarchive versions prior to 3.7.4.
6 Jun 2024VULN279Apache : CVE-2024-32113 Apache OFBiz: Path traversal leading to RCESystems running Apache OFBiz versions prior to 18.12.13.
6 Jun 2024VULN278Go : [security] Go 1.22.4 and Go 1.21.11 are releasedSystems running Go versions prior to 1.22.4, 1.21.11.
6 Jun 2024VULN277Zyxel : Zyxel security advisory for multiple vulnerabilities in NAS productsNAS326 running software versions prior to V5.21(AAZF.17)C0, NAS542 running software versions prior to V5.21(ABAG.14)C0.
6 Jun 2024VULN276Rubyonrails : Vulnerabilities fixed in Ruby on RailsSystems running Ruby on Rails versions prior to 6.1.7.8, 7.0.8.4, 7.1.3.4.
6 Jun 2024VULN275SolarWinds : SolarWinds Platform Stored XSS Vulnerability (CVE-2024-29004)Systems running SolarWinds Platform versions prior to 2024.2.
31 May 2024VULN274Spring : CVE-2024-22263 Arbitrary File Write Vulnerability in Spring Cloud Data FlowSystems running Spring Cloud Skipper versions prior to 2.11.3.
31 May 2024VULN273Citrix : Citrix Workspace app for Mac Security Bulletin for CVE-2024-5027Systems running Citrix Workspace App for Mac versions prior to 2402.10.
31 May 2024VULN272Check Point : Check Point VPN Information Disclosure (CVE-2024-24919) Systems running Check Point Quantum Gateway and CloudGuard Network versionsR81.20, R81.10, R81, R80.40, Check Point Spark versions R81.10, R80.20.
31 May 2024VULN271Atlassian : Multiple vulnerabilities fixed in Confluence Data Center and ServerSystems running Confluence Data Center versions prior to 8.9.1, 8.5.9 LTS, 7.19.22 LTS, Confluence Server versions prior to 8.5.9 LTS, 7.19.22 LTS.
31 May 2024VULN270nginx : nginx security advisory (CVE-2024-31079, CVE-2024-32760, CVE-2024-34161, CVE-2024-35200)Systems running nginx versions prior to 1.27.0, 1.26.1.
31 May 2024VULN269Google : Google Chrome Stable Channel Updated to 125.0.6422.141/.142Systems running Google Chrome versions prior to 125.0.6422.141/.142.
31 May 2024VULN268SPIP : Mise à jour critique de sécurité sortie de SPIP 4.3.0-alpha2, SPIP 4.2.13, SPIP 4.1.16Systems running SPIP versions prior to SPIP 4.3.0-alpha2, SPIP 4.2.13, SPIP 4.1.16.
31 May 2024STAT21
29 May 2024VULN267OpenSSL : Use After Free with SSL_free_buffers (CVE-2024-4741)Systems running OpenSSL versions prior to 3.3.1, 3.2.2, 3.1.6, 3.0.14, 1.1.1y.
27 May 2024VULN266Atlassian : Multiple vulnerabilities fixed in Jira Software Data Center and ServerSystems running Jira Software Data Center and Server versions prior to 9.12.7 LTS, 9.4.19 LTS, 9.15.2 Data Center Only.
27 May 2024VULN265Jenkins : Vulnerabilities fixed in multiple Jenkins pluguinsSystems running OpenText Application Automation Tools Plugin for Jenkins, Report Info Plugin for Jenkins, Team Concert Git Plugin for Jenkins, Git server Plugin for Jenkins, Script Security Plugin for Jenkins, Subversion Partial Release Manager Plugin for Jenkins, Telegram Bot Plugin for Jenkins.
27 May 2024VULN264Cacti : Cacti 1.2.27 fix critical RCE vulnerability among othersSystems running Cacti versions prior to 1.2.27.
24 May 2024VULN263Google Chrome : Google Chrome Stable Channel Updated to 125.0.6422.112/.113Systems running Google Chrome versions prior to 125.0.6422.112/.113.
24 May 2024VULN262Ruby on Rails : XSS Vulnerabilities in Trix EditorSystems running Ruby on Rails embeding the Trix editor versions prior to 7.1.3.3, 7.0.8.2.
24 May 2024VULN261Asterisk : res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requestsSystems running asterisk versions prior to 18.23.1, 20.8.1, 21.3.1.
24 May 2024VULN260WebKit : Security Vulnerabilities fixed in WebKitGTK, WPE WebKit 2.44.2Systems running WebKitGTK, WPE WebKit prior to 2.44.2.
24 May 2024VULN259Vmware : VMware ESXi, Workstation, Fusion and vCenter Server updates address multiple security vulnerabilities (CVE-2024-22273, CVE-2024-22274, CVE-2024-22275)Systems running VMware ESXi, VMware Workstation, VMware Fusion, VMware vCenter Server.
24 May 2024VULN258GitLab : GitLab Patch Release: 17.0.1, 16.11.3, 16.10.6Systems running GitLab versions prior to 17.0.1, 16.11.3, 16.10.6.
24 May 2024VULN257Roundcube : Security updates 1.6.7 and 1.5.7 releasedSystems running Roundcube versions prior to 1.6.7, 1.5.7.
24 May 2024VULN256Cisco : Cisco Security Advisories Published on May 22, 2024Systems running Cisco Firepower Management Center Software, Cisco products running Snort IPS rule engine, Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software.
24 May 2024STAT20
17 May 2024VULN255Fortinet : SSL-VPN user IP spoofingFortiOS versions prior to 7.4.2, 7.2.8, 7.0.13, FortiProxy versions prior to 7.4.2, 7.2.8, 7.0.14.
17 May 2024VULN254Fortinet : Format String Bug in cli commandSystems running FortiOS versions prior to 7.4.1, 7.2.6, FortiProxy, FortiPAM versions prior to 1.1.1, FortiSwitchManager.
17 May 2024VULN253Fortinet : Multiple vulnerabilities fixed in FortiOSFortiOS versions prior to 7.4.2, 7.2.8.
17 May 2024VULN252SAP : SAP Security Patch Day =?UTF-8?Q?=E2=80=93?= May 2024Systems running SAP products.
17 May 2024VULN251strongSwan : strongSwan Vulnerability (CVE-2022-4967)Systems running strongSwan versions < 5.9.2, > 5.9.5.
17 May 2024VULN250LibreOffice : CVE-2024-3044: Graphic on-click binding allows unchecked script executionSystems running LibreOffice versions prior to 7.6.7/24.2.3.
17 May 2024VULN249OpenSSL : Excessive time spent checking DSA keys and parameters (CVE-2024-4603)Systems running OpenSSL versions 3.
16 May 2024VULN248Cisco : Cisco Security Advisories Published on May 15, 2024Systems running Cisco Crosswork Network Services Orchestrator, Cisco Secure Client for Windows, Cisco Secure Email Gateway, Cisco ConfD, Cisco AppDynamics Network Visibility Service, Cisco Secure Email and Web Manager, Cisco Secure Web Appliance.
16 May 2024VULN247Mozilla : Security Vulnerabilities fixed in Thunderbird 115.11Systems running Thunderbird versions prior to 115.11.
16 May 2024VULN246Mozilla : Security Vulnerabilities fixed in Firefox ESR 115.11, 126Systems runnning versions prior to 126, ESR 115.11.
16 May 2024VULN245Drupal : RESTful Web Services and REST Views Vulnerabilities fixedSystems running RESTful Web Services for Drupal versions prior to 7.x-2.10, REST Views for Drupal versions prior to 3.0.1.
16 May 2024VULN244Git : Multiple security vulnerabilities fixed in GitSystems running git versions prior to v2.45.1,
16 May 2024VULN243TYPO3 : Vulnerabilities fixed in TYPO3 CMS SubcomponentsSystems running TYPO3 CMS with Frontend Rendering, Form Framework.
15 May 2024STAT19
14 May 2024VULN242APPLE : iOS and iPadOS 16.7.8, 17.5iOS versions prior to 17.5, 16.7.8.
14 May 2024VULN241APPLE : macOS Sonoma 14.5, Ventura 13.6.7, Monterey 12.7.5macOS versions prior to Sonoma 14.5, Ventura 13.6.7, Monterey 12.7.5.
14 May 2024VULN240APPLE : APPLE-SA-05-13-2024-1 Safari 17.5Systems running Safari versions prior to 17.5.
14 May 2024VULN239Werkzeug : Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domainSystems running Werkzeug versions prior to 3.0.3.
14 May 2024VULN238Apache : CVE-2024-32077 Apache Airflow XSS vulnerability in Task Instance Log/Log DetailsSystems running Apache Airflow versions 2.9 prior to 2.9.1.
14 May 2024VULN237GitLab : GitLab Patch Release 16.11.2, 16.10.5, 16.9.7 Systems running GitLab versions prior to 16.11.2, 16.10.5, 16.9.7.
14 May 2024VULN236VMware : VMware Workstation and Fusion updates address multiple security vulnerabilitiesSystems running VMware Workstation versions prior to 17.5.2, VMware Fusion versions prior to 13.5.2.
14 May 2024VULN235Moodle : Multiple Vulnerabilities fixed in MoodleSystems running Moodle versions prior to 4.3.4, 4.2.7, 4.1.10.
14 May 2024VULN234Google : Google Chrome Stable Channel Updated to 124.0.6367.207/.208Systems running Google Chrome versions prior to 124.0.6367.207/.208.
13 May 2024VULN233Next.js : Next.js Server-Side Request Forgery and HTTP Request Smuggling VulnerabilitiesSystems running Next.js versions prior to 14.1.1.
13 May 2024VULN232Xen : Linux/xen-netfront Memory leak due to missing cleanup functionSystems running Xen with guests running Linux 5.9 and later with Xen PV network devices.
13 May 2024VULN231Apache : CVE-2024-32113 Apache OFBiz: Path traversal leading to RCESystems running Apache OFBiz versions prior to 18.12.13.
13 May 2024VULN230Apache : CVE-2024-26579 Apache Inlong JDBC VulnerabilitySystems running Apache InLong versions prior to 1.12.0.
13 May 2024VULN229PowerDNS : PowerDNS Recursor Security Advisory 2024-02Systems running PowerDNS versions prior to 4.8.8, 4.9.5, 5.0.4.
13 May 2024VULN228VMware : VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilitiesSystems running VMware ESXi, VMware Workstation, VMware Fusion.
7 May 2024VULN227Cisco : Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware VulnerabilitiesSystems running Cisco IP Phone 6800, 7800, 8800 Series SOFTWARE with Multiplatform Firmware.
7 May 2024VULN226CERT.org : R Programming Language implementations are vulnerable to arbitrary code executionSystems running R Programming Language implementations.
7 May 2024VULN225GLPI : SQL injection and Account takeover via SQL Injection vulnerabilitiesSystems running GLPI versions prior to 10.0.15.
7 May 2024STAT18
3 May 2024STAT17
26 Apr 2024VULN224SolarWinds : SolarWinds Platform XSS and SWQL Injection vulnerabilitiesSystems running SolarWinds Platform versions prior to 2024.1 SR 1.
26 Apr 2024VULN223Palo Alto : Proof of Concept (PoC) Bypasses Protection Modules in Cortex XDR AgentWindows running Cortex XDR Agent with content update versions CU-1320 and later.
26 Apr 2024VULN222GitLab : GitLab Patch Release 16.11.1, 16.10.4, 16.9.6Systems running GitLab versions prior to 16.11.1, 16.10.4, 16.9.6.
26 Apr 2024VULN221Apache : Solr-Operator liveness and readiness probes may leak basic auth credentialsSystems running Solr Operator versions prior to 0.8.1.
25 Apr 2024VULN220Google : Google Chrome Stable Channel Updated to 124.0.6367.78/.79Systems running Google Chrome versions prior to 124.0.6367.78/.79.
25 Apr 2024VULN219Nagios : Vulnerabilities fixed in Nagios XI 2024R1.1.2Systems running Nagios XI versions prior to 2024R1.1.2.
25 Apr 2024VULN218Ruby : CVE-2024-27282 Arbitrary memory address read vulnerability with Regex searchSystems running Ruby versions prior to 3.0.7, 3.1.5, 3.2.4, 3.3.1.
25 Apr 2024STAT16
25 Apr 2024VULN217SolarWinds : SolarWinds Serv-U Directory Traversal Remote Code Execution Vulnerability (CVE-2024-28073)Systems running SolarWinds Serv-U versions prior to 15.4.2.
25 Apr 2024VULN216Citrix : Citrix uberAgent Security Bulletin for CVE-2024-3902Systems running Citrix uberAgent versions prior to 22.0.
25 Apr 2024VULN215PowerDNS : PowerDNS Recursor Security Advisory 2024-02Systems running PowerDNS versions prior to 4.8.8, 4.9.5, 5.0.4.
25 Apr 2024VULN214Cisco : Cisco Security Advisories Published on April 24, 2024Cisco ASA Software, CISCO FTD Software.
19 Apr 2024VULN213Gunicorn : Gunicorn 22.0 fix CVE-2024-1135 Request smuggling leading to endpoint restriction bypassSystems running Gunicorn versions prior to 22.0.
19 Apr 2024VULN212Apache : CVE-2024-29217 Apache Answer XSS vulnerability when changing personal websiteSystems running Apache Answer versions prior to 1.3.0.
19 Apr 2024VULN211Flatpak : CVE-2024-32462 Sandbox escape via RequestBackground portal and CWE-88Systems running Flatpak versions prior to 1.15.8, 1.10.9, 1.12.9, 1.14.6.
19 Apr 2024VULN210GNU C Library : GNU C Library Security Advisory FormatSystems running GNU C Library.
18 Apr 2024STAT15
18 Apr 2024VULN209Xen : x86 Native Branch History InjectionSystems running Xen.
18 Apr 2024VULN208Jenkins : Jenkins Security Advisory 2024-04-17Systems running Jenkins (core) versions prior to weekly 2.452, LTS 2.440.3.
18 Apr 2024VULN207Cisco : Cisco Security Advisories Published on April 17, 2024Systems running Cisco Integrated Management, Controller, Cisco IOS, Cisco IOS XE Software.
17 Apr 2024VULN206Mozilla : Security Vulnerabilities fixed in Firefox 125, ESR 115.10Systems running Firefox versions prior to 125, ESR 115.10.
17 Apr 2024VULN205Google : Chrome Stable channel updated to 124.0.6367.60/.61Systems running Google Chrome versions prior to 124.0.6367.60/.61.
17 Apr 2024VULN204PuTTY : PuTTY vulnerability vuln-p521-biasSystems running PuTTY versions prior to 0.81.
17 Apr 2024VULN203Oracle : April 2024 Critical Patch Update ReleasedSystems running Oracle products.
17 Apr 2024VULN202Atlassian : Security Bulletin - April 16 2024Systems running Bamboo Data Center and Server, Confluence Data Center and Server, Jira Software Data Center and Server, Jira Service Management Data Center and Server.
17 Apr 2024VULN201Palo Alto : CVE-2024-3400 PAN-OS OS Command Injection Vulnerability in GlobalProtectPAN-OS versions prior to 11.1.0-h3, 11.1.1-h1, 11.1.2-h3, 11.0.2-h4, 11.0.3-h10, 11.0.4-h1, 10.2.5-h6, 10.2.6-h3, 10.2.7-h8, 10.2.8-h3, 10.2.9-h1.
16 Apr 2024VULN200Citrix : XenServer and Citrix Hypervisor Security Update for CVE-2023-46842, CVE-2024-2201 and CVE-2024-31142Systems running XenServer, Citrix Hypervisor.
16 Apr 2024VULN199Argo CD : Argo CD's API server does not enforce project sourceNamespacesSystems running Argo CD versions prior to 2.8.16, 2.9.12, 2.10.7.
15 Apr 2024VULN198Apache : Apache CloudStack Security Releases 4.18.1.1 and 4.19.0.1Systems running Apache CloudStack versions prior to 4.18.1.1, 4.19.0.1.
15 Apr 2024VULN197Apache : CVE-2024-31309 Apache Traffic Server HTTP/2 CONTINUATION frames can be utilized for DoS attackSystems running Apache Traffic Server versions prior to 8.1.10, 9.2.4.
15 Apr 2024VULN196Apache : CVE-2024-27309 Apache Kafka Potential incorrect access control during migration from ZK mode to KRaft modeSystems running Apache Kafka versions 3.5.0, 3.5.1, 3.5.2, 3.6.0, 3.6.1.
15 Apr 2024VULN195Haskell : process command injection via argument list on WindowsWindows running process library versions prior to 1.6.19.0.
15 Apr 2024VULN194PHP : PHP 8.3.6, 8.2.18, 8.1.28Systems running PHP versions prior to 8.3.6, 8.2.18, 8.1.28.
12 Apr 2024VULN193Gitlab : GitLab Patch Release: 16.10.2, 16.9.4, 16.8.6Systems running GitLab versions prior to 16.10.2, 16.9.4, 16.8.6.
12 Apr 2024VULN192Apache : CVE-2024-31391 Apache Solr Operator Solr-Operator liveness and readiness probes may leak basic auth credentialsSystems running Apache Solr versions prior to 0.8.1.
12 Apr 2024VULN191Palo Alto : CVE-2024-3400 PAN-OS OS Command Injection Vulnerability in GlobalProtect GatewayPAN-OS versions prior to 11.1.2-h3, 11.0.4-h1, 10.2.9-h1.
11 Apr 2024VULN190Fortinet : FortiClientMac - Lack of configuration file validationMacOS running FortiClientMac versions prior to 7.2.4, 7.0.11.
11 Apr 2024VULN189Fortinet : FortiClient Linux Remote Code Execution due to dangerous nodejs configurationLinux running FortiClient versions prior to 7.2.1, 7.0.11.
11 Apr 2024VULN188Google : Chrome Stable channel updated to 123.0.6312.122/.123Systems running Google chrome versions prior to 123.0.6312.122/.123.
11 Apr 2024VULN187CERT/CC : Multiple programming languages fail to escape arguments properly in Microsoft WindowsWindows.
11 Apr 2024VULN186Xen : x86 Incorrect logic for BTC/SRSO mitigationsSystems running Xen versions prior to 4.18.2, 4.17.4, 4.16.6, 4.15.6.
11 Apr 2024VULN185WordPress : WordPress 6.5.2 Maintenance and Security ReleaseSystems running WordPress versions prior to 6.5.2.
11 Apr 2024VULN184Rust : Security advisory for the standard library (CVE-2024-24576)Systems running Rust versions prior to 1.77.2.
11 Apr 2024STAT14
9 Apr 2024VULN183Apache : Multiple vulnerabilities fixed in Apache ZeppelinSystems running Apache Zeppelin versions prior to 0.11.0.
9 Apr 2024VULN182Xen : x86 HVM hypercalls may trigger Xen bug checkSystems running Xen versions from at least 3.2 onwards.
9 Apr 2024VULN181SAP : SAP Security Patch Day =?UTF-8?Q?=E2=80=93?= April 2024Systems running SAP products.
9 Apr 2024VULN180Envoy Proxy : CPU and memory exhaustion due to CONTINUATION frame floodSystems running Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, 1.26.8.
9 Apr 2024VULN179OpenSSL : Unbounded memory growth with session handling in TLSv1.3 (CVE-2024-2511)Systems running OpenSSL versions prior to 3.2.2, 3.1.6, 3.0.14, 1.1.1y.
8 Apr 2024VULN178Go : Go 1.22.2 and Go 1.21.9 are releasedSystems running Go versions prior to 1.22.2, 1.21.9.
5 Apr 2024VULN177Mozilla: Security Vulnerabilities fixed in Firefox for iOS 124iOS running Firefox for iOS versions prior to 124.
5 Apr 2024VULN176pgAdmin 4 : 2024-04-04 - pgAdmin 4 v8.5 ReleasedSystems running pgAdmin 4 versions prior to 8.5.
5 Apr 2024VULN175Apache : CVE-2024-29834 Apache Pulsar Improper Authorization For Namespace and Topic Management EndpointsSystems running Apache Pulsar versions prior to 3.0.4, 3.2.2.
5 Apr 2024VULN174Yubico: Security Advisory YSA-2024-01 YubiKey Manager Privilege EscalationSystems running YubiKey Manager GUI versions prior to 1.2.6.
5 Apr 2024VULN173Apache : HTTP response splitting and HTTP/2 DoS vulnerabilities fixedSystems running Apache versions prior to 2.4.59.
5 Apr 2024VULN172X.Org: Issues in X.Org X server prior to 21.1.12 and Xwayland prior to 23.2.5Systems running X.Org X server versions prior to 21.1.12, Xwayland versions prior to 23.2.5.
5 Apr 2024VULN171CERT/CC: CERT/CC VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacksSystems implementing HTTP/2.
4 Apr 2024VULN170Ivanti : New CVE-2024-21894 (Heap Overflow), CVE-2024-22052 (Null Pointer Dereference), CVE-2024-22053 (Heap Overflow) and CVE-2024-22023 (XML entity expansion or XXE) for Ivanti Connect Secure and Ivanti Policy Secure GatewaysSystems running Ivanti Connect Secure versions prior to 22.1R6.2, 22.2R4.2, 22.3R1.2, 22.4R1.2, 22.4R2.4, 22.5R1.3, 22.5R2.4, 22.6R2.3, 9.1R14.6, 9.1R15.4, 9.1R16.4, 9.1R17.4, 9.1R18.5, Ivanti Policy Secure versions prior to 22.4R1.2, 22.5R1.3, 22.6R1.2, 9.1R16.4, 9.1R17.4, 9.1R18.5.
4 Apr 2024VULN169Cisco : Cisco Security Advisories Published on April 03, 2024Systems running Cisco products.
3 Apr 2024VULN168Node.js : Wednesday, April 3, 2024 Security ReleasesSystems running Node.js versions prior to 20.12.1, 21.7.11, 18.20.1.
3 Apr 2024VULN167VMware : VMware SD-WAN Edge and SD-WAN Orchestrator updates address multiple security vulnerabilitiesSystems running VMware SD-WAN (Edge) versions prior to 5.0.1+, 4.5.1+, VMware SD-WAN (Orchestrator) versions prior to 5.0.1+.
3 Apr 2024STAT13
29 Mar 2024VULN166Splunk : Multiple vulnerabilities fixed in SplunkSystems running Splunk Enterprise versions prior to 9.2.1, 9.1.4, 9.0.9, Splunk Cloud Platform.
29 Mar 2024VULN165Wireshark : wnpa-sec-2024-06 =?UTF-8?Q?=C2=B7?= T.38 dissector crashSystems running Wireshark versions prior to 4.2.4, 4.0.14.
29 Mar 2024VULN164Gitlab : GitLab Security Release: 16.10.1, 16.9.3, 16.8.5Systems running GitLab versions prior to 16.10.1, 16.9.3, 16.8.5.
29 Mar 2024VULN163Buildah : CVE-2024-1753 container escape at build timeSystems running buildah versions prior to 1.35.1, 1.34.3, 1.33.7.
29 Mar 2024VULN162Serverpod : Client accepts any certificate and Improved security for stored password hashesSystems running serverpod_client versions prior to 1.2.6, serverpod_auth_server (Dart) versions prior to 1.2.6.
29 Mar 2024VULN161Jupyterhub : XSS in JupyterHub via Self-XSS leveraged by Cookie TossingSystems running jupyterhub (pip) versions prior to 4.1.0.
29 Mar 2024VULN160Podman : CVE-2024-1753 container escape at build timeSystems running Podman versions prior to 4.9.4, 5.0.1.
28 Mar 2024VULN159APPLE : APPLE-SA-03-25-2024-1 Safari 17.4.1Systems running Safari versions prior to 17.4.1.
28 Mar 2024VULN158APPLE : APPLE-SA-03-25-2024 macOS Ventura 13.6.6 and Sonoma 14.4.1macOS versions prior to 13.6.6, 14.4.1.
28 Mar 2024VULN157APPLE : APPLE-SA-03-25-2024 iOS and iPadOS 16.7.7 and 17.4.1iOS, iPadOS versions prior to 16.7.7, 17.4.1.
28 Mar 2024VULN156Cilium : Intermittent HTTP policy bypassSystems running Cilium versions prior to 1.13.13, 1.14.8, 1.15.2.
28 Mar 2024VULN155Elastic : Elasticsearch 8.13.0 and 7.17.19 Security UpdatesSystems running Elasticsearch versions prior to 8.13.0, 7.17.19.
27 Mar 2024VULN154Cisco : Cisco Security Advisories Published on March 27, 2024Systems running Cisco IOS XE, Cisco IOS, Cisco Access Point Software, Cisco Aironet Access Point Software, Cisco Catalyst Center Software.
27 Mar 2024VULN153Nagios XI : Nagios XI 2024R1.1 fix XSS issueSystems running Nagios XI versions prior to 2024R1.1.
27 Mar 2024VULN152Red Hat : Red Hat OpenShift GitOps 1.10.2 and 1.9.4 security updateSystems running Red Hat OpenShift GitOps versions prior to 1.10.2, 1.9.4.
27 Mar 2024STAT12
27 Mar 2024VULN151Google : Chrome Stable channel updated to 123.0.6312.86/.87Systems running Chrome versions prior to 123.0.6312.86/.87.
27 Mar 2024VULN150TinyMCE : TinyMCE Cross-Site Scripting (XSS) vulnerabilities fixedSystems running TinyMCE versions prior to 7.0.0.
27 Mar 2024VULN149Grafana : Users outside an organization can delete a snapshot with its keySystems running Grafana versions prior to 9.5.18, 10.0.13, 10.1.9, 10.2.6, 10.3.5.
27 Mar 2024VULN148Apache : CVE-2024-29735 Apache Airflow Potentially harmful permission changing by log task handlerSystems running Apache Airflow versions prior to 2.8.4.
27 Mar 2024VULN147curl : Multiple vulnerabilities fixed in curl 8.7.0Systems running curl versions prior to 8.7.0.
26 Mar 2024VULN146Shibboleth : CAS service URL handling vulnerable to Server-Side Request ForgerySystems running Shibboleth Identity Provider versions prior to 5.1.1, 4.3.2.
26 Mar 2024VULN145Tenable : Stand-alone Security Patch Available for Tenable Security Center versions 5.23.1, 6.1.1, 6.2.0 and 6.2.1Systems running Tenable Security Center versions prior to 5.23.1, 6.1.1, 6.2.0, 6.2.1.
26 Mar 2024VULN144Ruby : Security Vulnerabilities fixed in Firefox ESR 115.9.1, 124.0.1Systems running RDoc gem versions prior to 6.3.4.1, 6.4.1.1, 6.5.1.1, 6.6.3.1.
26 Mar 2024VULN143Ruby : CVE-2024-27280 Buffer overread vulnerability in StringIOSystems running StringIO gem versions prior to 3.0.3.
26 Mar 2024VULN142WebKit : Security Vulnerabilities fixed in WebKitGTK, WPE WebKit 2.44.0Systems running WebKitGTK, WPE WebKit versions prior to 2.44.0.
25 Mar 2024VULN141Mozilla : Security Vulnerabilities fixed in Firefox ESR 115.9.1, 124.0.1Systems running Firefox versions prior to ESR 115.9.1, 124.0.1.
25 Mar 2024VULN140Spring : CVE-2024-22258 PKCE Downgrade in Spring Authorization ServerSystems running jupyter-server-proxy (pip) versions prior to 4.1.1, 3.2.3.
22 Mar 2024VULN139jupyter-server : Unauthenticated Websocket Proxying with jupyter-server-proxySystems running jupyter-server-proxy (pip) versions prior to 4.1.1, 3.2.3.
22 Mar 2024VULN138Apache : CVE-2024-27438 Apache Doris remote command execution and Possible race conditionSystems running Apache Doris versions prior to 2.0.5, 2.1.x.
22 Mar 2024VULN137Apache : CVE-2024-27439 Apache Wicket Possible bypass of CSRF protectionSystems running Apache Wicket versions prior to 9.17.0, 10.0.0.
21 Mar 2024VULN136Apache : Apache Archiva VulnerabilitiesSystems running Apache Archiva.
21 Mar 2024VULN135Apache : CVE-2024-28752 Apache CXF SSRF Vulnerability using the Aegis databinding Systems running Apache CXF versions prior to 4.0.4, 3.6.3, 3.5.8.
21 Mar 2024VULN134Apache : Apache Commons Configuration vulnerabilities fixedSystems running Apache Commons Configuration versions prior to 2.10.1.
21 Mar 2024VULN133Python : Vulnerabilities fixed in Python 3.10.14, 3.9.19, 3.8.19Systems running Python versions prior to 3.10.14, 3.9.19, 3.8.19.
21 Mar 2024VULN132Apache : CVE-2024-23944 Apache ZooKeeper Information disclosure in persistent watcher handlingSystems running Jenkins weekly versions prior to 2.444, Jenkins LTS versions prior to 2.440.1.
21 Mar 2024VULN131glpi : Multiple vulnerabilities fixed in glpi 10.0.13Systems running glpi versions prior to 10.0.13.
20 Mar 2024STAT11
15 Mar 2024VULN130Apache : CVE-2024-23944 Apache ZooKeeper Information disclosure in persistent watcher handlingSystems running Apache ZooKeeper versions prior to 3.9.2, 3.8.4.
15 Mar 2024VULN129Palo Alto : CVE-2024-2433 PAN-OS Improper Privilege Management Vulnerability in Panorama SoftwarePanorama on PAN-OS versions prior to 9.0.17-h4, 9.1.18, 10.1.12, 10.2.11, 11.0.4.
15 Mar 2024VULN128Palo Alto : CVE-2024-2432 GlobalProtect App: Local Privilege Escalation (PE) VulnerabilitySystems running GlobalProtect App versions prior to 6.2.1, 6.1.2, 6.0.8, 5.1.12.
15 Mar 2024VULN127Apache : Multiple Vulnerabilities fixed in Apache PulsarSystems running Apache Pulsar versions prior to 2.10.6, 2.11.4, 3.0.3, 3.1.3, 3.2.1.
15 Mar 2024VULN126Apache : Vulnerability in custom, long deprecated OpenID (NOT OIDC) authentication method in Flask AppBuilderSystems running Apache Airflow versions prior to 2.8.2.
14 Mar 2024VULN125Apache : Vulnerability in custom, long deprecated OpenID (NOT OIDC) authentication method in Flask AppBuilderSystems running Apache Airflow versions prior to 2.8.2.
14 Mar 2024VULN124Apache : Apache Tomcat - Denial of Service VulnerabilitiesSystems running Apache Tomcat versions prior to 11.0.0-M17, 10.1.19, 9.0.86, 8.5.99.
14 Mar 2024VULN123Cisco : Cisco Security Advisories Published on March 13, 2024Cisco IOS XR Software versions prior to 7.9.2, 7.10.1.
14 Mar 2024VULN122Directus : URL Redirection to Untrusted Site and Session Token in URLSystems running directus versions prior to 10.10.0.
13 Mar 2024VULN121Fortinet : FortiWLM MEA for FortiManager - improper access control in backup and restore featuresSystems running FortiWLM MEA for FortiManager versions prior to 7.4.1,7.2.4, 7.0.11, 6.4.14.
13 Mar 2024VULN120Xen : Register File Data Sampling and GhostRace: Speculative Race ConditionsSystems running Xen.
13 Mar 2024VULN119Fortinet : Vulnerabilities fixed in FortiClientEMSSystems running FortiClientEMS versions prior to 7.2.3, 7.0.11.
13 Mar 2024VULN118Fortinet : Multiple vulnerabilities fixed in FortiOS & FortiProxyFortiOS versions prior to 7.4.2, 7.2.7, 7.0.13, 6.4.15, 6.2.16, FortiProxy versions prior to 7.4.3, 7.2.9, 7.0.15, 2.0.14.
13 Mar 2024VULN117Google : Chrome Stable channel updated to 122.0.6261.128/.129Systems running Google Chrome versions prior to 122.0.6261.128/.129.
13 Mar 2024VULN116Citrix : Citrix SDWAN Security Bulletin for CVE-2024-2049Systems running Citrix SDWAN.
13 Mar 2024VULN115Citrix : Citrix Hypervisor Security Update for CVE-2023-39368 and CVE-2023-38575Systems running Citrix Hypervisor.
12 Mar 2024VULN114OpenStack : Unresolved Vulnerability in OpenStack MuranoSystems running OpenStack Murano.
12 Mar 2024VULN113Go : Go 1.22.1 and Go 1.21.8 are releasedSystems running Go versions prior to 1.22.1, 1.21.8.
12 Mar 2024VULN112 Rancher API Server: XSS Vulnerability in API ServerSystems running Rancher API Server versions prior to 4fd7d82 (master), 69b3c2b (release/v2.8), a3b9e37 (release/v2.8.s3), 4e102cf (release/v2.7), 97a10a3 (release/v2.7.s3), 4df268e (release/v2.6).
12 Mar 2024VULN111Rancher : Multiple vulnerabilities fixed in Rancher 2.6.14, 2.7.10 and 2.8.2Systems running Rancher versions prior to 2.6.14, 2.7.10, 2.8.2.
12 Mar 2024VULN110TYPO3 : Multiple vulnerabilities fixed in TYPO3Systems running TYPO3 CMS versions prior to 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1.
12 Mar 2024VULN109Moodle : Multiple vulnerabilities fixed in Moodle 4.3.3, 4.2.6, 4.1.9Systems running Moodle versions prior to 4.3.3, 4.2.6, 4.1.9).
12 Mar 2024VULN108Grafana : User with permissions to create a data source can CRUD all data sourcesSystems running Grafana versions prior to 9.5.7, 10.0.12, 10.1.8, 10.2.5, 10.3.4.
11 Mar 2024VULN107APPLE : APPLE-SA-03-07-2024-6 tvOS 17.4tvOS versions prior to 17.4.
11 Mar 2024VULN106APPLE : APPLE-SA-03-07-2024-5 watchOS 10.4Systems running watchOS versions prior to 10.4.
11 Mar 2024VULN105APPLE : APPLE-SA-03-07-2024-1 Safari 17.4Systems running Safari versions prior to 17.4.
11 Mar 2024VULN104APPLE : Multiple vulnerabilities fixed in macOS Monterey, Ventura, SonomaSystems running macOS versions prior to Monterey 12.7.4, Ventura 13.6.5, Sonoma 14.4
11 Mar 2024VULN103TeamCity : Additional Critical Security Issues Affecting TeamCity On-Premises (CVE-2024-27198 and CVE-2024-27199)Systems running TeamCity On-Premises versions prior to 2023.11.4.
10 Mar 2023STAT10
8 Mar 2024VULN102Nagios XI : Multiple vulnerabilities fixed in 2024R1.0.2Systems running Nagios XI versions prior to 2024R1.0.2.
8 Mar 2024VULN101Apache : Apache Camel issue on ExchangeCreatedEvent and Camel-SQL, Camel-CassandraQL Unsafe DeserializationSystems running Apache Camel versions prior to 3.21.4, 3.22.1, 4.0.4, 4.4.0.
8 Mar 2024VULN100GitLab : GitLab Security Release 16.9.2, 16.8.4, 16.7.7Systems running GitLab versions prior to 16.9.2, 16.8.4, 16.7.7.
8 Mar 2024VULN099Joomla! : Multiple security vulnerabilities fixed in Joomla! 4.4.3, 5.0.3, 3.7.0-3.10.14-eltsSystems running Joomla! versions prior to 3.10.15-elts, 4.4.3, 5.0.3.
8 Mar 2024VULN098PostgreSQL : PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 Released!Systems running PostgreSQL versions prior to 16.2, 15.6, 14.11, 13.14, 12.18.
8 Mar 2024VULN097PostgreSQL JDBC Driver : SQL Injection via line comment generationSystems running PostgreSQL JDBC Driver versions prior to 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, 42.2.28, 42.2.28.jre7.
8 Mar 2024VULN096Node.js : Multiple vulnerabilities fixed in Node.jsSystems running Node.js.
8 Mar 2024VULN095BuildKit : Multiple vulnerabilities fixed in BuildKit 0.12.5Systems running BuildKit versions prior to 0.12.5.
8 Mar 2024VULN094Django : Django security releases issued: 5.0.3, 4.2.11, and 3.2.25Systems running Django versions prior to 5.0.3, 4.2.11, 3.2.25.
8 Mar 2024VULN093Mozilla : Security Vulnerabilities fixed in Thunderbird 115.8.1Systems running Thunderbird versions prior to 115.8.1.
8 Mar 2024VULN092Google : Stable Channel for Desktop Updated to 122.0.6261.111/.112Systems running Google Chrome versions prior to 122.0.6261.111/.112.
7 Mar 2024VULN091Vmware : VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilitiesSystems running VMware ESXi, VMware Workstation, VMware Fusion, VMware Cloud Foundation.
7 Mar 2024VULN090Jenkins : Jenkins Security Advisory 2024-03-06Systems running Jenkins plugins.
7 Mar 2024VULN089APPLE : iOS 17.4, 16.7.6 and iPadOS 17.4, 16.7.6iOS, iPadOS versions prior to 17.4, 16.7.6.
3 Mar 2023STAT09
28 Feb 2024STAT08
23 Feb 2024VULN088 : ConnectWise ScreenConnect Authentication Bypass and remote code executionSystems running ScreenConnect 23.9.7 and prior
23 Feb 2024VULN087 : Microsoft Exchange Server Elevation of Privilege VulnerabilitySystems running Microsoft Exchange Server 2019 Cumulative Update 14, Microsoft Exchange Server 2019 Cumulative Update 13 and Microsoft Exchange Server 2016 Cumulative Update 23
23 Feb 2024VULN086 : Microsoft Outlook Remote Code Execution VulnerabilitySystems running Microsoft Office 2016, Microsoft Office 2019, Microsoft Office LTSC 2021 and Microsoft Office LTSC 2021
21 Feb 2024STAT07
17 Feb 2023VULN085 (graphql-mesh : Unwanted access to Systems running graphql-mesh/cli versions prior to 0.82.22, graphql-mesh/http versions prior to 0.3.19.
15 Feb 2024STAT06
9 Feb 2024VULN084 FortiOS - Out-of-bound Write in sslvpndFortiOS - Out-of-bound Write in sslvpnd
9 Feb 2024VULN083 : FortiOS - Format String Bug in fgfmdFortiOS - Format String Bug in fgfmd
9 Feb 2024VULN082Ivanti : CVE-2024-22024 (XXE) for Ivanti Connect Secure and Ivanti Policy Secure GatewaysSystems running Ivanti Connect Secure (ICS), Ivanti Policy Secure gateways, Ivanti Neurons for ZTA gateways.
17 Feb 2023VULN081 (TimescaleDB : TimescaleDB 2.8.0 Systems running TimescaleDB versions prior to 2.9.3.
8 Feb 2024VULN080Cisco : Cisco Critical and High Security Advisories Published on February 07, 2024Cisco Systems running Cisco Expressway Series, ClamAV.
8 Feb 2024STAT05
2 Feb 2024VULN079Splunk : Security Updates in Splunk Add-on BuilderSystems running Splunk Add-on Builder versions prior to 4.1.4.
2 Feb 2024VULN078glpi : LDAP Injection during authentication and Reflected XSS in reports pagesSystems running glpi versions prior to 10.0.12.
2 Feb 2024VULN077Moby : Classic builder cache poisoningSystems running moby versions prior to 25.0.2, 24.0.9.
2 Feb 2024VULN076Mastodon : Remote user impersonation and takeoverSystems running Mastodon versions prior to 3.5.17, 4.0.13, 4.1.13, 4.2.5.
1 Feb 2024VULN075Google : Stable Channel for Desktop Updated to 121.0.6167.139Systems running Google chrome versions prior to 1.1.12.
1 Feb 2024VULN074runc : several container breakouts due to internally leaked fdsSystems running runc versions prior to 1.1.12.
1 Feb 2024STAT04
31 Jan 2024VULN073ESET : Unquoted path privilege vulnerability in ESET products for Windows fixedSystems running ESET Endpoint Security, ESET Endpoint Antivirus versions prior to 11.0.2032.x, ESET NOD32 Antivirus, ESET Internet Security and ESET Smart Security Premium versions prior to 17.0.15.0, ESET Mail Security for Microsoft Exchange Server versions prior to 10.1.10012.0.
31 Jan 2024VULN072Spring : local information disclosure via temporary directory created with unsafe permissionsSystems running Spring Cloud Contract versions prior to 3.1.10, 4.0.5, 4.1.1.
31 Jan 2024VULN071WordPress : WordPress 6.4.3 =?UTF-8?Q?=E2=80=93?= Maintenance and Security releaseSystems running WordPress versions prior to 6.4.3.
31 Jan 2024VULN070CrateDB : CrateDB database has an arbitrary file read vulnerabilitySystems running CrateDB versions prior to 5.3.9, 5.4.8, 5.5.4, 5.6.1.
31 Jan 2024VULN069Apache : CVE-2023-29055 Apache Kylin: Insufficiently protected credentials in config fileSystems running Apache Kylin versions prior to 4.0.4.
31 Jan 2024VULN068curl : OCSP verification bypass with TLS session reuseSystems running curl versions 8.5.x prior to 8.6.0.
30 Jan 2024VULN067Xen : Unauthorized memory access and VT-d Failure to quarantine devices fixedSystems running Xen.
26 Jan 2024VULN066Mozilla : Security Vulnerabilities fixed in Thunderbird 115.7Systems running Thunderbird versions prior to 115.7.
26 Jan 2024VULN065Mozilla : Multiple vulnerabilities fixed in Firefox 122, ESR 115.7Systems running Firefox versions prior to 122, ESR 115.7.
26 Jan 2024VULN064OpenSSL : OpenSSL Security Advisory [25th January 2024]Systems running OpenSSL versions prior to 3.2.1, 3.1.5, 3.0.13, 1.1.1x, 1.0.2zj.
26 Jan 2024VULN063Google : Stable Channel 121.0.6167.85 Update for DesktopGoogle Chrome versions prior to 121.0.6167.85.
25 Jan 2024VULN062APPLE : APPLE-SA-01-22-2024-8 watchOS 10.3watchOS versions prior to 10.3.
25 Jan 2024VULN061APPLE : APPLE-SA-01-22-2024-1 Safari 17.3Systems running Safari versions prior to 17.3.
25 Jan 2024VULN060APPLE : macOS Ventura 13.6.4, Monterey 12.7.3macOS versions prior to Ventura 13.6.4, Monterey 12.7.3.
25 Jan 2024VULN059APPLE : APPLE-SA-01-22-2024-2 iOS 17.3, 16.7.5 and iPadOS 17.3, 16.7.5iOS, iPadOS versions prior to 17.3, 16.7.5.
25 Jan 2024VULN058Apache : Apache Superset vulnerabilities fixedSystems running Apache Superset versions prior to 3.0.3, Apache Superset Helm chart versions prior to 0.10.15.
25 Jan 2024VULN057Apache : Apache Airflow CNCF Kubernetes provider, Apache Airflow Kubernetes configuration file vulnerafitilySystems running Apache Airflow versions prior to 2.6.1, Apache Airflow CNCF Kubernetes provider versions prior to 7.0.0.
25 Jan 2024VULN056Xen : Linux netback processing of zero-length transmit fragmentSystems running Xen.
25 Jan 2024VULN055SQUID : SQUID-2023:11 Denial of Service in Cache ManagerSystems running SQUID versions prior to 6.6.
25 Jan 2024VULN054Citrix : Citrix Hypervisor Security Bulletin for CVE-2023-46838Systems running Citrix Hypervisor versions 8.2 CU1 LTSR .
24 Jan 2024VULN053Jenkins : Jenkins Security Advisory 2024-01-24Systems running Jenkins (core), Git server Plugin, GitLab Branch Source Plugin, Log Command Plugin, Matrix Project Plugin, Qualys Policy Compliance Scanning Connector Plugin, Red Hat Dependency Analytics Plugin.
24 Jan 2024VULN052Cisco : Cisco Security Advisories Published on January 24, 2024Systems running Cisco Unified Communications, Products, Cisco Small Business Series Switches firmware, Cisco Unity products.
24 Jan 2024VULN051Atlassian : January 2024 Security BulletinSystems running Confluence Data Center and Server versions prior to 7.19.18, 8.5.5, 8.7.2, Confluence Server versions prior to 7.19.18, 8.5.5, Crowd Data Center and Server versions prior to 5.2.2, Jira Service Management Data Center and Server versions prior to 4.20.30, 5.4.15, 5.12.2, Jira Data Center and Server versions prior to 9.4.13, 9.7.0, Bamboo Data Center and Server versions prior to 9.2.9, 9.3.6, 9.4, Bitbucket Server versions prior to 7.21.21, 8.9.9, 8.13.5, 8.14.4, Bitbucket Data Center versions prior to 7.21.21, 8.9.9, 8.13.5, 8.14.4, 8.15.3, 8.16.2, 8.17.0.
24 Jan 2024STAT03
22 Jan 2024VULN050gnutls : gnutls 3.8.3 fix vulnerabilitiesSystems running gnutls versions prior to 3.8.3.
22 Jan 2024VULN049Postfix : Postfix stable release 3.8.5, 3.7.10, 3.6.14, 3.5.24Systems running Postfix versions prior to 3.8.5, 3.7.10, 3.6.14, 3.5.24.
22 Jan 2024VULN048Argo CD : Cross-Site Request Forgery (CSRF) in github.com/argoproj/argo-cdSystems running Argo CD versions prior to 2.10-rc2, 2.9.4, 2.8.8, 2.7.16.
22 Jan 2024VULN047Jupyterlab : Potential authentication, CSRF tokens leak and SXSS in Markdown PreviewSystems running jupyterlab (pip) versions prior to 4.0.11, 3.6.7, notebook (pip) versions prior to 7.0.7.
22 Jan 2024VULN046Exim : Exim 4.97.1 fix SMTP smuggling vulnerabilitySystems running Exim versions prior to 4.97.1.
22 Jan 2024VULN045Apache : CVE-2023-46589 Apache Tomcat - Information DisclosureSystems running Apache Tomcat versions prior to 9.0.44, 8.5.64.
18 Jan 2024VULN044Synology : Synology-SA-24:01 DSM DiskStation ManagerDSM 7.2 versions prior to 7.2-64561, DSM 7.1, DSM 6.2, DSMUC 3.1 versions prior to 3.1.2-23068.
18 Jan 2024VULN043SonicWall : SFPMonitor.sys KOOB Write vulnerabilitySystems running SonicWall Capture Client versions prior to 3.7.11, SonicWall NetExtender Windows Client versions prior to 10.2.338.
18 Jan 2024VULN042X.Org : Issues in X.Org X server prior to 21.1.11 and Xwayland prior to 23.2.4Systems running X.Org versions prior to 21.1.11, Xwayland versions prior to 23.2.4.
18 Jan 2024VULN041Drupal : Drupal core - Moderately critical - Denial of Service - SA-CORE-2024-001Systems running Drupal core versions prior to 10.2.2, 10.1.8.
17 Jan 2024VULN040Citrix : Citrix StoreFront Security Bulletin for CVE-2023-5914Systems running Citrix StoreFront versions prior to 2308.1, 2311, 1912 LTSR CU8 hotfix 3.22.8001.2, 2203 LTSR CU4 Update 1.
17 Jan 2024VULN039Google : Google Chrome 120.0.6099.234 fix multiple vulnerabilitiesSystems running Google Chrome versions prior to 120.0.6099.234.
17 Jan 2024VULN038Oracle : January 2024 Critical Patch Update ReleasedSystems running Oracle’s products.
17 Jan 2024VULN037Vmware : VMware Aria Automation updates address a Missing Access Control vulnerability (CVE-2023-34063)Systems running VMware Aria Automation versions prior to 8.14.1 + Patch, 8.13.1 + Patch, 8.12.2 + Patch, 8.11.2 + Patch, VMware Cloud Foundation (Aria Automation).
17 Jan 2024VULN036Citrix : Citrix Session Recording Security Bulletin for CVE-2023-6184Systems running Citrix Virtual Apps and Desktops versions prior to 2311, 1912 LTSR CU8 hotfix 19.12.8100.4, 2203 LTSR CU4.
17 Jan 2024VULN035Citrix : NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549Systems running Citrix NetScaler ADC and NetScaler Gateway versions prior to 14.1-12.35, 13.1-51.15, 13.0-92.21, NetScaler ADC versions prior to 13.1-FIPS 13.1-37.176, 12.1-FIPS 12.1-55.302, 12.1-NDcPP 12.1-55.302.
17 Jan 2024STAT02
16 Jan 2024VULN034Apache : CVE-2023-50290 Apache Solr allows read access to host environment variablesSystems running Apache Solr versions prior to 9.3.0.
16 Jan 2024VULN033Apache : CVE-2023-46749 Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a path traversal attackSystems running Apache Shiro versions prior to 1.13.0+, 2.0.0-alpha-4+.
16 Jan 2024VULN032OpenSSL : Excessive time spent checking invalid RSA public keys (CVE-2023-6237)Systems running OpenSSL versions 3.0.0 to 3.0.12, 3.1.0 to 3.1.4 and 3.2.0
12 Jan 2024VULN031Ivanti : CVE-2023-46805 (Authentication Bypass) & CVE-2024-21887 (Command Injection) for Ivanti Connect Secure and Ivanti Policy Secure GatewaysSystems running Ivanti Connect Secure (ICS), Ivanti Policy Secure gateways, Ivanti Neurons for ZTA gateways.
12 Jan 2024VULN030Ivanti : SA-2023-12-19-CVE-2023-39336Systems running Ivanti Endpoint Manager versions prior to 2022 SU5.
12 Jan 2024VULN029GitLab : GitLab Critical Security Release 16.7.2, 16.6.4, 16.5.6Systems running GitLab versions prior to 16.7.2, 16.6.4, 16.5.6.
12 Jan 2024VULN028SPIP : Mise à jour de maintenance et sécurité sortie de SPIP 4.2.8, SPIP 4.1.14Systems running SPIP versions prior to 4.2.8, 4.1.14.
11 Jan 2024VULN027GitPython : Untrusted search path under some conditions on Windows allows arbitrary code executionSystems running GitPython versions prior to 3.1.41.
11 Jan 2024VULN026go-git : Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clientsSystems running go-git versions prior to 5.11.
11 Jan 2024VULN025Cisco : Cisco Security Advisories Published on January 10, 2024Systems running Cisco Unity Connection, Cisco WAP371 Wireless Access Point, Cisco ThousandEyes Enterprise Agent Virtual Appliance Cisco Evolved Programmable Network Manager, Cisco Prime Infrastructure, Cisco BroadWorks Application Delivery Platform, Cisco BroadWorks Xtended Services Platform, Cisco Identity Services Engine, Cisco TelePresence Management Suite.
10 Jan 2024STAT01
10 Jan 2024VULN024Splunk : Splunk User Behavior Analytics (UBA) Third-Party Package UpdatesSystems running Splunk User Behavior Analytics versions prior to 5.3.0, 5.2.1.
10 Jan 2024VULN023Splunk : Multiple Vulnerabilities fixed in Splunk Enterprise SecuritySystems running Splunk Enterprise Security versions prior to 7.1.2, 7.2.0, 7.3.0.
10 Jan 2024VULN022OpenSSL : POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129)Systems running OpenSSL versions prior to 1.1.1, 1.0.2.
9 Jan 2024VULN021QNAP : Multiple Vulnerabilities in Video StationSystems running Video Station versions prior to 5.7.2 (2023/11/23).
9 Jan 2024VULN020Qnap : Vulnerability in QcalAgentSystems running QcalAgent versions prior to 1.1.8.
9 Jan 2024VULN019Qnap : Multiple Vulnerabilities in QuMagieSystems running QuMagie versions prior to 2.2.1.
8 Jan 2024VULN018QNAP : Multiple Vulnerabilities in Video StationSystems running Video Station versions prior to 5.7.2 (2023/11/23).
8 Jan 2024VULN017Qnap : Vulnerabilities fixed in QTS, QuTS heroSystems running QTS, QuTS hero versions prior to 5.1.3.2578 build 20231110, 5.1.4.2596 build 20231128.
8 Jan 2024VULN016Centreon : Security bulletin for Centreon Web available through The WatchSystems running Centreon Web versions prior to 23.10.5, 23.04.13, 22.10.17, 22.04.19.
5 Jan 2024VULN015gradio : Make the `/file` secure against file traversal attacks and SSRFSystems running gradio versions prior to 4.11.0.
5 Jan 2024VULN014SPIP : Mise à jour de maintenance et sécurité sortie de SPIP 4.2.7, SPIP 4.1.13Systems running SPIP versions prior to 4.2.7, 4.1.13.
5 Jan 2024VULN013Asterisk : Multiple vulnerabilities fixed in AsteriskSystems running Asterisk versions prior to 21.0.1, 18.20.1, 20.5.1, certified-asterisk versions prior to 18.9-cert6.
5 Jan 2024VULN012Wireshark : Multiple dissector crash vulnerabilities fixed in WiresharkSystems running Wireshark versions prior to 4.2.1, 4.0.12, 3.6.20.
5 Jan 2024VULN011Google : Google Chrome 120.0.6099.199 fix multiple vulnerabilitiesSystems running Google Chrome versions prior to 120.0.6099.199.
4 Jan 2024VULN010Apache : Apache InLong Arbitrary File Read and Remote Code Execution vulnerabilitiesSystems running Apache InLong versions 1.7.0 through 1.9.0.
4 Jan 2024VULN009WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2023-0012Systems running WebKitGTK, WPE WebKit versions prior to 2.42.4.
4 Jan 2024VULN008Apache : CVE-2023-49299: Apache DolphinScheduler Arbitrary js execute as root for authenticated usersSystems running Apache DolphinScheduler versions prior to 3.1.9.
4 Jan 2024VULN007containerd : RAPL accessible to a containerSystems running containerd versions prior to 1.7.11, 1.6.26.
4 Jan 2024VULN006Cacti : Cacti 1.2.26 fixes multiple security vulnerabilitiesSystems running Cacti versions prior to 1.2.26.
4 Jan 2024VULN005OpenSSH : OpenSSH 9.6 addresses key vulnerabilitiesSystems running OpenSSH versions prior to 9.6.
4 Jan 2024VULN004libssh : Multiple vulnerabilities fixed in libsshSystems running libssh versions prior to 0.10.6, 0.9.8.
3 Jan 2024VULN003Moodle : Multiple vulnerabilities fixed in MoodleSystems running Moodle versions prior to 4.3.1, 4.2.4, 4.1.7, 4.0.12, 3.11.18, 3.9.25.
3 Jan 2024VULN002Apache : Pre-authentication RCE, Arbitrary file properties reading and SSRF vulnerabilities fixedSystems running Apache OFBiz versions prior to 18.12.11.
3 Jan 2024VULN001Apache : Apache OpenOffice 4.1.15 fixes multiple vulnerabilitiesSystems running Apache OpenOffice versions prior to 4.1.15.
3 Jan 2024STAT52
3 Jan 2024STAT51