Voici la liste des derniers avis du CERT-Renater en 2025 :


4 Apr 2025VULN205Apache : ATS is vulnerable to request smuggling via chunked messagesSystems running ATS versions prior to 9.2.10, 10.0.5.
4 Apr 2025VULN204Rockwell Automation : Lifecycle Services with Veeam Backup and Replication are Vulnerable to third-party VulnerabilitiesSystems running Industrial Data Center (IDC) with Veeam versions Generations 1 – 5, VersaVirtual™ Appliance (VVA) with Veeam versions Series A - C.
4 Apr 2025VULN202Ivanti : April Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-22457)Systems running Ivanti Connect Secure versions prior to 22.7R2.6, Pulse Connect Secure (EoS) versions prior to 22.7R2.6, Ivanti Policy Secure versions prior to 22.7R1.4, ZTA Gateways versions prior to 22.8R2.2.
4 Apr 2025VULN203IBM : IBM App Connect Enterprise is vulnerable to Remote Code Execution and improper preservation of permissionsSystems running IBM App Connect Enterprise versions 13.0.1.0 - 13.0.2.2, 12.0.1.0 - 12.0.12.11.
4 Apr 2025VULN201xz : XZ Utils Threaded decoder frees memory too earlySystems running xz versions prior to 5.8.1.
4 Apr 2025VULN200.1Canon : CP2025-003 Vulnerability Remediation for Certain Printer DriversSystems running Generic Plus PCL6 Printer Driver, Generic Plus UFR II Printer Driver, Generic Plus LIPS4 Printer Driver, Generic Plus LIPSLX Printer Driver, Generic Plus PS Printer Driver, versions prior to 3.12.
3 Apr 2025VULN200Canon : CP2025-003 Vulnerability Remediation for Certain Printer DriversSystems running Generic Plus PCL6 Printer Driver, Generic Plus UFR II Printer Driver, Generic Plus LIPS4 Printer Driver, Generic Plus LIPSLX Printer Driver, Generic Plus PS Printer Driver, versions prior to 1.4.5.
3 Apr 2025VULN199Cisco : Cisco Security Advisories Published on April 02, 2025Systems running Cisco Meraki MX and Z Serie, Cisco Enterprise Chat and Email, Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure.
3 Apr 2025VULN198OpenVPN : CVE-2025-2704 OpenVPN can reach an assertion failed state when receiving specially crafted packetsSystems running OpenVPN versions 2.6.1 up to and including 2.6.13.
3 Apr 2025VULN197Jenkins : Jenkins Security Advisory 2025-04-02Systems running Jenkins (core), AsakusaSatellite Plugin, Cadence vManager Plugin, monitor-remote-job Plugin, Simple Queue Plugin, Stack Hammer Plugin, Templating Engine Plugin.
3 Apr 2025VULN196Django : Django security releases issued 5.1.8 and 5.0.14Systems running Django versions prior to 5.1.8, 5.0.14.
2 Apr 2025STAT10.1
2 Apr 2025VULN195Apache : Camel-Undertow Message Header Injection via Improper FilteringSystems running Apache Camel versions prior to 4.10.3, 4.8.6.
2 Apr 2025VULN194Go : Go 1.24.2 and Go 1.23.8 are releasedSystems running Go versions prior to 1.24.2, 1.23.8.
1 Apr 2025VULN193Apache : Apache Answer Using externally referenced images can leak user privacySystems running Apache Answer versions prior to 1.4.5.
1 Apr 2025VULN192APPLE : APPLE-SA-03-31-2025-7 macOS Sequoia 15.4 and Sonoma 14.7.5macOS versions prior to Sequoia 15.4, Sonoma 14.7.5.
1 Apr 2025VULN191APPLE : iOS 16.7.11, 15.8.4 and iPadOS 16.7.11, 15.8.4iOS, iPadOS versions prior to 16.7.11, 15.8.4.
1 Apr 2025VULN190Broadcom : VMware Aria Operations updates address a local privilege escalation vulnerability (CVE-2025-22231)Systems running VMware Aria Operations, VMware Telco Cloud Platform, VMware Telco Cloud Infrastructure versions prior to 8.18 HF 5, VMware Cloud Foundation versions 5.x,4.x.
1 Apr 2025VULN189Apache : Apache Parquet Java Arbitrary code execution in the parquet-avro moduleSystems running Apache Parquet Java versions prior to 1.15.1.
1 Apr 2025VULN188Apache : Apache ActiveMQ Artemis Address routing-type can be updated by user without the createAddress permissionSystems running ActiveMQ Artemis versions prior to 2.40.0.
1 Apr 2025VULN187Rancher : Restricted Administrator can change Administrator's passwordsSystems running Rancher versions prior to 2.8.14, 2.9.8, 2.10.4, 2.11.0.
28 Mar 2025VULN186Stormshield : DoS on multicast routingSystems running Stormshield Network Security versions prior to 4.3.35.
28 Mar 2025VULN185Mozilla : Security Vulnerability fixed in Firefox 136.0.4, Firefox ESR 128.8.1, Firefox ESR 115.21.1Systems running Firefox versions prior to 136.0.4, Firefox ESR versions prior to 115.21.1, 128.8.1.
28 Mar 2025VULN184Vega : XSS vulnerabilities fixed in VegaSystems running Vega versions prior to 5.32.0, vega-functions versions prior to 5.17.0.
28 Mar 2025VULN183Apache : CVE-2024-56325 Apache Pinot Authentication bypass issueSystems running Apache Pinot versions prior to 1.3.
28 Mar 2025VULN182Synapse : Federation denial of service via malformed eventsSystems running Synapse versions prior to 1.127.1.
27 Mar 2025STAT10
27 Mar 2025STAT09
27 Mar 2025VULN181GitLab : GitLab Patch Release: 17.10.1, 17.9.3, 17.8.6Systems running GitLab versions prior to 17.10.1, 17.9.3, 17.8.6.
27 Mar 2025VULN180Apache : remote code execution and SSRF Vulnerabilities fixed in Apache KylinSystems running Apache Kylin versions prior to 5.0.2.
27 Mar 2025VULN179Jetbrains : TeamCity Vulnerabilities fixedSystems running TeamCity versions prior to 2025.03.
26 Mar 2025VULN178Exim : use-after-free Vulnerability in EximSystems running Exim versions prior to 4.98.2.
26 Mar 2025VULN177JetBrains : Arbitrary dynamic library execution Vulnerability fixed in JetBrains RuntimeSystems running JetBrains Runtime versions prior to 21.0.6b872.80.
26 Mar 2025VULN176Jetbrains : XXE vulnerability fixed in GolandSystems running Jetbrains Goland versions prior to 2025.1.
26 Mar 2025VULN175Moodle : Vulnerabilities exposing user data fixed in MoodleSystems running Moodle versions prior to 4.5.3, 4.4.7, 4.3.11, 4.1.17.
26 Mar 2025VULN174Google Chrome : Chrome 134.0.6998.177/.178 fixes 0day VulnerabilitySystems running Google Chrome versions prior to 134.0.6998.177/.178.
26 Mar 2025VULN173Rack : Local file inclusion in `Rack::Static`Systems running rack (RubyGems) versions prior to 2.2.13, 3.0.14, 3.1.12.
25 Mar 2025VULN172Tenable : [R1] Nessus Agent Version 10.8.3 Fixes One VulnerabilitySystems running Nessus Agent versions prior to 10.8.3.
25 Mar 2025VULN171Synology : Synology-SA-25:04 SRMSystems running SRM versions 1.3 prior to 1.3.1-9346-13.
25 Mar 2025VULN170Mercurial : Mercurial 6.9.4 tagged (CVE-2025-2361)Systems running Mercurial versions prior to 6.9.4.
25 Mar 2025VULN169Kubernetes : Multiple vulnerabilities in ingress-nginxSystems running kubernetes with ingress-nginx versions prior to 1.11.5, 1.12.1.
25 Mar 2025VULN168Apache : SQL injection and XSS vulnerabilities fixed in Apache VCLSystems running Apache VCL versions prior to 2.5.2.
25 Mar 2025VULN167VMware : VMware Tools for Windows update addresses an authentication bypass vulnerability (CVE-2025-22230)Windows running VMware Tools versions prior to 12.5.1.
24 Mar 2025VULN166Qnap : Vulnerability in NAKIVO Backup & ReplicationSystems running NAKIVO Backup & Replication versions up to and including 10.11.3.86570.
24 Mar 2025VULN165Apache : Possible path traversal and Exposure of Sensitive Information issues fixedSystems running Apache Commons VFS versions prior to 2.10.0.
21 Mar 2025VULN164Mattermost : Multiple vulnerabilities fixed in MattermostSystems running Mattermost versions prior to 10.6.0, 10.5.2, 10.4.4, 9.11.10.
21 Mar 2025VULN163Next.js : Authorization Bypass in Next.js MiddlewareSystems running Next.js versions prior to 14.2.25, 15.2.3.
21 Mar 2025VULN162HPE Aruba Networking : HPE Aruba Networking AOS-CX Multiple VulnerabilitiesSystems running HPE Aruba Networking AOS-CX versions prior to AOS-CX 10.15.1005, 10.14.1040, 10.13.1080, 10.10.1150.
21 Mar 2025VULN161nuxt : DOS via cache poisoning with payload rendering responseSystems running nuxt versions prior to 3.16.0.
21 Mar 2025VULN160Kubernetes : CVE-2024-7598 Network restriction bypass via race condition during namespace terminationSystems running kube-apiserver versions prior to 1.3.
21 Mar 2025VULN159WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2025-0002Systems running WebKitGTK, WPE WebKit versions prior to 2.48.0, WPE WebKit versions prior to 2.46.7.
21 Mar 2025STAT08
20 Mar 2025VULN158Google Chrome : Chrome 134.0.6998.117/.118 fixes vulnerabilitiesSystems running Google Chrome versions prior to 134.0.6998.117/.118.
20 Mar 2025VULN157Drupal : Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2025-004Systems running Drupal core versions prior to 10.3.14, 10.4.5, 11.0.13, 11.1.5.
20 Mar 2025VULN156Spring : Vulnerabilities fixed in Spring Security 6.4.4Systems running Spring Security versions prior to 6.4.4.
20 Mar 2025VULN155Veeam : remote code execution (RCE) vulnerability fixed in Veeam Backup & ReplicationSystems running Veeam Backup & Replication versions prior to 12.3.1 (build 12.3.1.1139).
20 Mar 2025VULN154Apache : CVE-2025-27888 Apache Druid Server-Side Request Forgery and Cross-Site ScriptingSystems running Apache Druid versions prior to 31.0.2, 32.0.1.
19 Mar 2025VULN153vllm : Remote Code Execution via Mooncake Integration and DoS vulnerability fixedSystems running vllm versions prior to 0.8.0.
19 Mar 2025VULN152Apache : CVE-2025-27018 Apache Airflow MySQL Provider SQL injection in MySQL provider core functionSystems running Apache Airflow MySQL Provider versions prior to 6.2.0.
19 Mar 2025VULN151Jenkins : Jenkins Security Advisory 2025-03-19Systems running AnchorChain Plugin for Jenkins, EDDSA API Plugin for Jenkins, Zoho QEngine Plugin for Jenkins.
19 Mar 2025VULN150glpi : Multiple vulnerabilities fixed in glpiSystems running glpi versions prior to 10.0.18.
19 Mar 2025VULN149Expat : Stack overflow vulnerability fixed in libexpat 2.7.0Systems running libexpat versions prior to 2.7.0.
19 Mar 2025VULN148tj-actions : tj-action/changed-files GitHub action compromisedSystems running tj-actions/changed-files (GitHub Actions) versions prior to 46.0.1.
18 Mar 2025VULN147PHP : Multiple vulnerabilities fixed in PHP 8.1.32, 8.2.28, 8.3.19, 8.4.5Systems running PHP versions prior to 8.1.32, 8.2.28, 8.3.19, 8.4.5.
18 Mar 2025VULN146Shibboleth : Shibboleth Service Provider Security Advisory [13 March 2025]Systems running Shibboleth SP with OpenSAML library package versions prior to 3.3.1.
14 Mar 2025VULN145Kubernetes : CVE-2025-1767 GitRepo Volume Inadvertent Local Repository AccessSystems running Kubernetes.
14 Mar 2025VULN144Apple : Webkit vulnerability fixed in Safari, iOS, iPadOS, macOS, visionOSSystems running Safari versions prior to 18.3.1, iOS, iPadOS versions prior to 18.3.2, macOS Sequoia 15.3.2 versions prior to 15.3.2, visionOS versions prior to 2.3.2.
18 Mar 2025VULN143Joomla! : [20250301] - Core - Malicious file uploads via Media ManagerSystems running Joomla! versions prior to 4.4.12, 5.2.5.
14 Mar 2025VULN142Apache : CVE-2025-27017 Apache NiFi Potential Insertion of MongoDB Password in Provenance RecordSystems running Apache NiFi versions prior to 2.3.0.
14 Mar 2025VULN141Apache : CVE-2025-29891 Apache Camel: Camel Message Header Injection through request parametersSystems running Apache Camel versions prior to 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS, 3.22.4 for 3.x releases.
14 Mar 2025VULN140Apache : CVE-2025-24813 Potential RCE and/or information disclosure and/or information corruption with partial PUTSystems running Apache Tomcat versions prior to 11.0.3, 10.1.35, 9.0.99.
14 Mar 2025VULN139graphql-ruby : Remote code execution when loading a crafted GraphQL schemaSystems running graphql versions prior to 1.11.11, 1.12.25, 1.13.24, 2.0.32, 2.1.15, 2.2.17, 2.3.21, 2.4.13.
14 Mar 2025VULN138GitLab : GitLab Critical Patch Release: 17.9.2, 17.8.5, 17.7.7Systems running GitLab versions prior to 17.9.2, 17.8.5, 17.7.7.
14 Mar 2025VULN137Elastic : Kibana 8.17.3 Security Update (ESA-2025-06)Systems running Kibana versions prior to 8.17.3.
14 Mar 2025VULN136Golang : [security] Go 1.24.1 and Go 1.23.7 are releasedSystems running Go versions prior to 1.24.1, 1.23.7.
10 Mar 2025VULN135Django : Django security releases issued: 5.1.7, 5.0.13 and 4.2.20Systems running Django versions prior to 5.1.7, 5.0.13, 4.2.20.
10 Mar 2025VULN134Xen : Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification VulnerabilitySystems running Xen.
10 Mar 2025VULN133Jenkins : Jenkins Security Advisory 2025-03-05Systems running Jenkins versions prior to weekly 2.500, LTS 2.492.1.
4 Mar 2025STAT07
3 Mar 2025VULN132MongoDB : Character injection vulnerabilities fixed in MongoDB ShellSystems running mongosh versions prior to 2.3.9.
3 Mar 2025VULN131Vim : potential code execution with tar.vim and special crafted tar filesSystems running Vim versions prior to 9.1.1164.
28 Feb 2025VULN130GitLab : GitLab Patch Release: 17.9.1, 17.8.4, 17.7.6Systems running GitLab versions prior to 17.9.1, 17.8.4, 17.7.6.
28 Feb 2025VULN129Apache : CVE-2025-27531 Apache InLong: An arbitrary file read vulnerability for JDBCSystems running Apache InLong versions prior to 2.1.0.
28 Feb 2025VULN128Xen : deadlock potential with VT-d and legacy PCI device pass-throughSystems running Xen.
28 Feb 2025VULN127Rancher : Multiple vulnerabilities fixed in RancherSystems running rancher versions prior to 2.8.13, 2.9.7, 2.10.3.
26 Feb 2025VULN126Google Chrome : Stable channel for Chrome updated to 133.0.6943.141/.142Systems running Google Chrome versions prior to 133.0.6943.141/.142.
26 Feb 2025VULN125LibreOffice : Executable hyperlink Windows path targets executed unconditionally on activationSystems running LibreOffice versions prior to 24.8.5.
26 Feb 2025VULN124Cisco : Cisco Security Advisories Published on February 26, 2025Systems running Cisco Nexus 3000 and 9000 Series Switches Health Monitoring Diagnostics, Cisco Application Policy Infrastructure Controller, Cisco Nexus 3000 and 9000 Series Switches software.
26 Feb 2025VULN123GLPI : Mulltiple security vulnerabilities fixed in GLPI 10.0.18Systems running glpi versions prior to 10.0.18.
26 Feb 2025VULN122LTI JupyterHub Authenticator : LTI JupyterHub Authenticator does not properly validate JWT SignatureSystems running jupyterhub-ltiauthenticator (pip) versions prior to 1.4.0.
26 Feb 2025VULN121X.Org : multiple security issues X.Org X server and XwaylandSystems running X.Org versions prior to 21.1.16, Xwayland versions prior to 24.1.6.
25 Feb 2025STAT06
25 Feb 2025VULN120Exiv2 : Use After Free in TiffSubIfdSystems running Exiv2 versions prior to 0.28.5.
25 Feb 2025VULN119Mattermost : Multiple security vulnerabilities fixed in MattermostSystems running Mattermost versions prior to 10.5.0, 10.4.3, 10.3.4, 9.11.9.
24 Feb 2025VULN118CERT.PL : Vulnerability in DocsGPT softwareSystems running DocsGPT versions 0.8.1 up to and including 0.12.0.
24 Feb 2025VULN117OpenH264 : OpenH264 Decoding Functions Heap Overflow VulnerabilitySystems running OpenH264 versions prior to 2.6.0.
24 Feb 2025VULN116Exim : SQL injection fixed in EximSystems running Exim versions prior to 4.98.1.
20 Feb 2025VULN115Atlassian : DoS (Denial of Service) com.google.protobuf:protobuf-java Dependency in Jira Software Data Center and ServerSystems running Jira Software Data Center and Server versions prior to 9.4.28, 9.12.15, 9.17.4, 10.1.2.
20 Feb 2025VULN114Atlassian : RCE (Remote Code Execution) org.apache.tomcat:tomcat-catalina Dependency in Confluence Data Center and ServerSystems running Confluence Data Center, Confluence Server versions prior to 9.2.1, 8.5.19.
20 Feb 2025VULN113Google Chrome : Stable channel for Chrome updated to 133.0.6943.126/.127Systems running Google Chrome versions prior to 133.0.6943.126/.127.
20 Feb 2025VULN112Wireshark : wnpa-sec-2025-01 =?UTF-8?Q?=C2=B7?= Bundle Protocol and CBOR dissector crashSystems running Wireshark.
20 Feb 2025VULN111Drupal : Security Vulnerabilities fixed in Drupal coreSystems running Drupal core versions prior to 135.0.1, 10.4.3, 11.0.12, 11.1.3.
20 Feb 2025VULN110JSONPath : JSONPath Plus allows Remote Code ExecutionSystems running JSONPath Plus versions prior to 10.3.0.
20 Feb 2025VULN109Nokogiri : Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171Systems running Nokogiri versions prior to 1.18.3.
20 Feb 2025VULN108libxml2 : stack-based buffer overflow in libxml2 before 2.12.10 and 2.13.x before 2.13.6Systems running libxml2 versions prior to 2.12.10, 2.13.6.
19 Feb 2025VULN107Mozilla : Security Vulnerabilities fixed in Firefox 135.0.1Systems running Mozilla Firefox versions prior to 135.0.1.
19 Feb 2025VULN106Citrix : Citrix Secure Access Client for Mac Security Bulletin for CVE-2025-1222 and CVE-2025-1223Systems running Citrix Secure Access Client for Mac versions prior to 25.01.2.
19 Feb 2025VULN105Citrix : NetScaler Console and NetScaler Agent Security Bulletin for CVE-2024-12284Systems running NetScaler Console, NetScaler Agent versions prior to 14.1-38.53, 13.1-56.18.
19 Feb 2025VULN104Joomla! : Core - SQL injection vulnerability in Scheduled Tasks componentSystems running Joomla! versions prior to 4.4.11, 5.2.4.
19 Feb 2025VULN103GRUB: [SECURITY PATCH 00/73] GRUB2 vulnerabilitiesSystems running GRUB2.
19 Feb 2025VULN102Vega : XSS via vlSelectionTuples functionSystems running vega (npm) versions prior to 5.26.0, vega-selections (npm) versions prior to 5.4.2.
18 Feb 2025VULN101OpenSSH: OpenSSH 9.9p2 fix MITM and DoS vulnerabilitiesSystems running OpenSSH versions prior to 9.9p2.
18 Feb 2025VULN100Moodle : Multiple vulnerabilities fixed in MoodleSystems running Moodle versions prior to 4.5.2, 4.4.6, 4.3.10, 4.1.16.
18 Feb 2025VULN099Apache : Apache EventMesh raft Hessian Deserialization Vulnerability allowing remote code executionSystems running Apache EventMesh versions prior to 1.11.0-release.
18 Feb 2025VULN098Vim : heap use-after-free in str_to_reg() in Vim prior to 9.1.1115Systems running Vim versions prior to 9.1.1115.
18 Feb 2025VULN097Apache : Apache Ignite Possible RCE when deserializing incoming messages by the server nodeSystems running Apache Ignite versions prior to 2.17.0.
18 Feb 2025STAT05
14 Feb 2025VULN096PostgreSQL : PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 Released!Systems running PostgreSQL versions prior to 17.3, 16.7, 15.11, 14.16, 13.19.
14 Feb 2025VULN095AMD : AMD =?UTF-8?Q?Ryzen=E2=84=A2?= Master Utility DLL Hijacking VulnerabilitySystems running AMD Ryzenâ„¢ Master Utility versions prior to 2.14.0.3205.
13 Feb 2025VULN094Google : Chrome Stable channel updated to 133.0.6943.98/.99Systems running Google Chrome versions prior to 133.0.6943.98/.99.
13 Feb 2025VULN093Kubernetes : CVE-2025-0426 Node Denial of Service via kubelet Checkpoint APISystems running kubelet versions prior to 1.32.2, 1.31.6, 1.30.10, 1.29.14.
13 Feb 2025VULN092koa : Inefficient Regular Expression Complexity in koaSystems running koa (npm) versions prior to 2.15.4, 3.0.0-alpha.3, 1.7.1, 0.21.2.
13 Feb 2025VULN091Apache : Apache Atlas An authenticated user can perform XSS and potentially impersonate another userSystems running Apache Atlas versions prior to 2.4.0.
13 Feb 2025VULN090elliptic : Private key extraction in ECDSA upon signing a malformed input (e.g. a string)Systems running elliptic versions prior to 6.6.1.
12 Feb 2025VULN089CERT/CC : PandasAI interactive prompt function can be exploited to run arbitrary Python code through prompt injectionSystems running PandasAI, Sinaptik AI.
12 Feb 2025VULN088Apache : CVE-2024-32838 Apache Fineract: SQL injection vulnerabilities in offices API endpointSystems running Apache Fineract versions 1.10.1.
12 Feb 2025VULN087OpenSSL : RFC7250 handshakes with unauthenticated servers don't abort as expected (CVE-2024-12797)Systems running OpenSSL versions prior to 3.4.1, 3.3.3, 3.2.4.
12 Feb 2025VULN086Gitlab : GitLab Patch Release: 17.8.2, 17.7.4, 17.6.5Systems running GitLab versions 17.8.2, 17.7.4, 17.6.5
12 Feb 2025VULN085 (SPIP : Mise =?UTF-8?Q?=C3=A0?= jour critique de =?UTF-8?Q?s=C3=A9curit=C3=A9?= pour le plugin =?UTF-8?Q?=C2=AB?= Saisies pour formulaire =?UTF-8?Q?=C2=BB=29?=Systems running « Saisies pour formulaire » pour SPIP versions 5.11.1.
12 Feb 2025VULN084Ivanti : Security Advisory Ivanti Cloud Services Application (CSA)Systems running Ivanti Cloud Services Application versions prior to 5.0.5.
12 Feb 2025VULN083Ivanti : Ivanti Connect Secure (ICS),Ivanti Policy Secure (IPS) and Ivanti Secure Access Client (ISAC) (Multiple CVEs)Systems running Ivanti Connect Secure (ICS) versions prior to 22.7R2.6, Ivanti Policy Secure (IPS) versions prior to 22.7R1.3, Ivanti Secure Access Client (ISAC) versions prior to 22.8R1.
11 Feb 2025VULN082Apache : Apache Cassandra User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only)Systems running Apache Cassandra versions 4.0.16.
11 Feb 2025VULN081SAP : SAP Security Patch Day - February 2025Systems running SAP products.
11 Feb 2025STAT04
11 Feb 2025VULN080APPLE : iOS 18.3.1, iPadOS 18.3.1 and iPadOS 17.7.5Systems running iOS, iPadOS versions prior to 18.3.1, iPadOS versions prior to 17.7.5.
10 Feb 2025VULN079Zimbra : Patch for Zimbra Classic Web Client Vulnerability =?UTF-8?Q?=E2=80=93?= Stay Secure by UpdatingSystems running Zimbra versions prior to 9.0.0 P44, Daffodil 10.1.5, 10.0.13.
10 Feb 2025VULN078WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2025-0001Systems running WebKitGTK, WPE WebKit versions prior to 2.46.6, 2.44.0.
10 Feb 2025VULN077Apache : CVE-2025-25247 Apache Felix Webconsole XSS in services consoleSystems running Apache Felix versions prior to 3.8.2, 3.7.6.
10 Feb 2025VULN076Apache : CVE-2025-25069 Apache Kvrocks Cross-Protocol Scripting VulnerabilitySystems running Apache Kvrocks versions prior to 2.11.1.
6 Feb 2025VULN075Apache : Apache James Server 3.8.2 and 3.7.6 fix DoS vulnerabilitiesSystems running Apache James versions prior to 3.8.2, 3.7.6.
6 Feb 2025VULN074nginx : nginx security advisory (CVE-2025-23419)Systems running nginx versions prior to 1.26.3, 1.27.4.
6 Feb 2025VULN073Cacti : Multiple security vulnerabilities fixed in Cacti 1.2.29Systems running Cacti versions prior to 1.2.29.
5 Feb 2025VULN072Mozilla : Multiple vulnerabilities fixed in Thunderbird 135, ESR 128.7Systems running Thunderbird versions prior to 135, ESR 128.7.
5 Feb 2025VULN071Mozilla : Multiple vulnerabilities fixed in Firefox ESR 128.7, ESR 115.20, 135Systems running Firefox versions prior to ESR 128.7, ESR 115.20, 135.
5 Feb 2025VULN070Cisco : Cisco Security Advisories Published on February 05, 2025Systems running Cisco Identity Services Engine, Cisco IOS, Cisco IOS XE, Cisco IOS XR, Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance, Cisco Expressway Series.
5 Feb 2025VULN069Veeam : CVE-2025-23114 fixed in Veeam Backup's Veeam Updater componentSystems running Veeam Backup products.
5 Feb 2025VULN068Apache : CVE-2024-48019 Apache Doris allows admin users to read arbitrary files through the REST APISystems running Apache Doris versions prior to 2.1.8, 3.0.3.
5 Feb 2025VULN067Curl : Multiple vulnerabilities fixed in Curl and libcurl 8.12.0Systems running curl versions prior to 8.12.0.
4 Feb 2025VULN066SonicWall : SonicWall NetExtender Local Privilege Escalation via Arbitrary SYSTEM File ReadWindows running SonicWall NetExtender versions prior to 10.3.1.
4 Feb 2025VULN065Python : CVE-2025-0938 URL parser allowed square brackets in domain namesSystems running CPython.
4 Feb 2025VULN064Apache : Multiple vulnerabilities fixed in Apache CassandraSystems running Apache Cassandra versions prior to 4.0.16, 4.1.8, 5.0.3.
3 Feb 2025STAT03
3 Feb 2025VULN063Grafana : Grafana Alerting VictorOps integration exposed to ViewersSystems running Grafana versions prior to 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11, 10.4.15.
31 Jan 2025VULN062TeamViewer : Improper Neutralization of Argument Delimiters in TeamViewer ClientsWindows running TeamViewer Full Client, TeamViewer Host.
31 Jan 2025VULN061Twig : Fix a security issue where escaping was missingSystems running twig (Composer) versions prior to 3.19.0.
31 Jan 2025VULN060VMware : VMware Aria Operations for Logs and VMware Aria Operations updates address multiple vulnerabilitiesSystems running VMware Aria Operations for logs, VMware Aria Operations versions prior to 8.18.3, VMware Cloud Foundation.
30 Jan 2025VULN059Snowflake Connector for Python : Multiple Vulnerabilities in Snowflake Connector for PythonSystems running Snowflake Connector for Python versions prior to 3.13.1.
30 Jan 2025VULN058Deep Java Library : Deep Java Library path traversal issueSystems running Deep Java Library versions prior to 0.31.1.
29 Jan 2025VULN057TYPO3 : Account Takeover in extension 'OpenID Connect Authentication' (oidc)Systems running "OpenID Connect Authentication" (oidc) for TYPO3.
29 Jan 2025VULN056Bind : Vulnerabilities fixed in BindSystems running BIND versions prior to 9.18.33, 9.20.5, 9.21.4, 9.18.33-S1.
29 Jan 2025VULN055VMware : VMware Avi Load Balancer addresses an unauthenticated blind SQL Injection vulnerabilitySystems running VMware Avi Load Balancer versions prior to 30.1.2-2p2, 30.2.1-2p5, 30.2.2-2p2.
29 Jan 2025VULN054codeql-action : GitHub PAT written to debug artifactsSystems running CodeQL CLI versions prior to 2.20.3, codeql-action versions prior to 3.28.3.
28 Jan 2025VULN053vllm : Malicious model to RCE by torch.load in hf_model_weights_iteratorSystems running vllm versions prior to 0.7.0.
28 Jan 2025VULN052Apache : Vulnerabilities fixed in Apache SolrSystems Apache Solr versions prior to 9.8.0.
28 Jan 2025VULN051Qnap : Multiple Vulnerabilities in RsyncSystems running HBS 3 Hybrid Backup Sync versions 25.1.x prior to 25.1.4.952.
28 Jan 2025VULN050Apache : CVE-2025-24783 Apache Cocoon continuations may not be privateSystems running Apache Cocoon.
28 Jan 2025VULN049Apache : CVE-2024-23953 Apache Hive: Timing Attack Against Signature in LLAP utilSystems running Apache Hive versions prior to 4.0.0.
28 Jan 2025VULN048APPLE : APPLE-SA-01-27-2025-4, 5 macOS Sequoia 15.3, Sonoma 14.7.3macOS versions prior to Sequoia 15.3, Sonoma 14.7.3.
28 Jan 2025VULN047APPLE : APPLE-SA-01-27-2025-2 and 3, iOS 18.3, 17.7.4 and iPadOS 18.3, 17.7.4iOS, iPadOS versions prior to 18.3, 17.7.4.
27 Jan 2025STAT02
23 Jan 2025VULN046Debian : Multiple vulnerabilities fixed in 389-ds-base LDAP serverDebian running 389-ds-base LDAP server versions prior to 1.4.4.11-2+deb11u1.
23 Jan 2025VULN045SonicWall : SMA1000 Pre-Authentication Remote Command Execution VulnerabilitySystems running SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) versions prior to 12.4.3-02854 (platform-hotfix).
23 Jan 2025VULN044GitLab : GitLab Patch Release 17.8.1, 17.7.3, 17.6.4Systems running GitLab versions prior to 17.8.1, 17.7.3, 17.6.4.
23 Jan 2025VULN043GLIBC : assert Buffer overflow when printing assertion failure messageSystems running GNU C Library.
23 Jan 2025VULN042Openvswitch : Open Virtual Network egress access control list bypassSystems running OVN (Open Virtual Network) versions prior to 22.03.8, 24.03.5, 24.09.2.
23 Jan 2025VULN041Apache : CVE-2024-53299 Apache Wicket: An attacker can intentionally trigger a memory leakSystems running Apache Wicket versions prior to 9.19.0, 10.3.0.
23 Jan 2025VULN040Oracle : January 2025 Critical Patch Update ReleasedSystems running Oracle products.
23 Jan 2025VULN039Jenkins : Jenkins Security Advisory 2025-01-22Systems running Azure Service Fabric Plugin for Jenkins, Bitbucket Server Integration Plugin for Jenkins, Eiffel Broadcaster Plugin for Jenkins, Folder-based Authorization Strategy Plugin for Jenkins, GitLab Plugin for Jenkins, OpenId Connect Authentication Plugin for Jenkins, for Jenkins, Zoom Plugin for Jenkins, Zoom Plugin for Jenkins.
23 Jan 2025VULN038Cisco : Cisco Security Advisories Published on January 22, 2025Systems running Cisco Meeting Management versions prior to 3.9.1, Cisco BroadWorks versions prior to RI.2024.11, Secure Endpoint Connector for Linux versions prior to 1.25.1, Secure Endpoint Connector for Mac versions prior to 1.24.4, Secure Endpoint Connector for Windows versions prior to 7.5.20, 8.4.3, Secure Endpoint Private Cloud versions prior to 4.2.0 with updated connectors.
23 Jan 2025VULN037phpMyAdmin : Multiple vulnerabilities fixed in phpMyAdmin 5.2.2Systems running phpMyAdmin versions prior to 5.2.2.
22 Jan 2025VULN036HashiCorp : HashiCorp go-slug Vulnerable to Zip Slip AttackSystems running HashiCorp’s go-slug library versions prior to HashiCorp’s 0.16.3.
22 Jan 2025VULN035Buildah : Build breakout using malicious Containerfiles and concurrent buildsSystems running Buildah versions prior to 1.38.1, 1.37.6, 1.35.5, 1.33.12.
22 Jan 2025VULN034Elastic : Elastic Defend 8.13.3 Security Update (ESA-2024-24)Systems running Elastic Defend versions prior to 8.13.3.
22 Jan 2025VULN033Elastic : Kibana 7.17.23 and 8.14.2 Security Update (ESA-2024-26)Systems running Kibana versions prior to 7.17.23, 8.14.2.
22 Jan 2025VULN032Elastic : Elasticsearch 7.17.21 and 8.13.3 Security Update (ESA-2024-25)Systems running Elasticsearch versions prior to 7.17.21, 8.13.3.
22 Jan 2025VULN031Apache : Apache Ambari Code Injections and XML External Entity (XXE) Vulnerabilities fixedSystems running Apache Ambari versions prior to 2.7.9.
22 Jan 2025VULN030Apache : Apache Ranger SSRF and Stored XSS fixedSystems running Apache Ranger versions prior to 2.5.0.
22 Jan 2025VULN029Node.js : Tuesday, January 21, 2025 Security ReleasesSystems running Node.js versions prior to 18.20.6, 20.18.2, 22.13.1, 23.6.1.
21 Jan 2025VULN028Palo Alto : Multiple Vulnerabilities in Expedition Migration Tool Lead to Exposure of Firewall CredentialsSystems running Palo Alto Networks Expedition migration tool versions prior to 1.2.101.
21 Jan 2025VULN027Samsung Mobile : Samsung Mobile January 2025 Security Maintenance ReleaseAndroid 12, 13, 14 devices.
21 Jan 2025VULN026Veeam : Veeam Backup for Microsoft Azure Vulnerability CVE-2025-23082Systems running Veeam Backup for Microsoft Azure versions prior to 7.1.0.59.
21 Jan 2025VULN025Apache : CVE-2025-23184 Apache CXF Denial of Service vulnerability with temporary filesSystems running Apache CXF versions prior to 3.5.10, 3.6.5, 4.0.6.
21 Jan 2025VULN024Vim : segmentation fault in win_line() in Vim < 9.1.1043Systems running Vim versions prior to 9.1.1043.
21 Jan 2025VULN023OpenSSL : Timing side-channel in ECDSA signature computation (CVE-2024-13176)Systems running OpenSSL versions prior to 3.4.1, 3.3.3, 3.2.4, 3.1.8, 3.0.16, 1.1.1zb, 1.0.2zl.
21 Jan 2025VULN022Fortinet : Path traversal in csfd daemonSystems running FortiManager versions prior to 7.6.2, 7.4.4, FortiManager Cloud versions prior to 7.4.4, FortiOS versions prior to 7.4.5, 7.2.10, 7.0.16, FortiProxy versions prior to 7.4.6, 7.2.12, 7.0.19, FortiRecorder versions prior to 7.2.2, 7.0.5, FortiVoice versions prior to 7.0.5, 6.4.10, FortiWeb versions prior to versions prior to ,7.4.5.
21 Jan 2025VULN021Fortinet : Vulnerabilities fixed in FortiAnalyzer, FortiManagerSystems running FortiAnalyzer versions prior to 7.4.4, 7.2.6, 7.0.13, FortiAnalyzer Cloud, FortiManager Cloud versions prior to 7.4.3, FortiManager versions prior to 7.4.4, 7.2.6, 7.0.13.
21 Jan 2025VULN020Fortinet : Vulnerabilities fixed in FortiSwitchSystems running FortiSwitch versions prior to 7.4.1, 7.2.6, 7.0.8, 6.4.14, 6.2.8.
20 Jan 2025VULN019Fortinet : Multiple and some critical Vulnerabilities fixed in FortiOS, FortiProxySystems running FortiOS versions prior to 7.0.17, 7.2.10, 7.4.5, 7.6.1, 6.4.16, 6.2.16, 6.0.18, FortiProxy versions prior to 7.2.13, 7.0.20.
20 Jan 2025VULN018Redis : Lua library commands may lead to remote code executionSystems running redis-server versions prior to 6.2.X, 7.2.X, 7.4.X.
20 Jan 2025VULN017Gradio : Gradio Blocked Path ACL Bypass VulnerabilitySystems running Gradio versions up to and including 5.6.0.
20 Jan 2025VULN016Mongoose : Mongoose search injection vulnerabilitySystems running Mongoose versions prior to 8.9.5, 7.8.4, 6.13.6.
20 Jan 2025VULN015Go : [security] Go 1.23.5 and Go 1.22.11 are releasedSystems running Go versions prior to 1.23.5, 1.22.11.
20 Jan 2025STAT01
17 Jan 2025VULN014Git : Vulnerabilities fixed in gitSystems running git versions prior to 2.48.1, 2.47.1, 2.46.3, 2.45.3, 2.44.3, 2.43.6, 2.42.4, 2.41.3, 2.40.4.
17 Jan 2025VULN013Joomla! : Multiple vulnerabilities fixed in Joomla! CMSSystems running Joomla! CMS versions prior to 3.10.20-elts, 4.4.10, 5.2.3.
17 Jan 2025VULN012GitLab : GitLab Patch Release 17.7.1, 17.6.3, 17.5.5Systems running GitLab versions prior to 17.7.1, 17.6.3, 17.5.5.
17 Jan 2025VULN011Google Chrome : Chrome 132.0.6834.83/84 fix multiple security vulnerabilitiesSystems running Google Chrome versions prior to 132.0.6834.83/84.
17 Jan 2025VULN010TYPO3 : Multiple security vulnerabilities fixed in TYPO3Systems running TYPO3 versions prior to 9.5.49 ELTS, 10.4.48 ELTS, 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS.
17 Jan 2025VULN009SPIP : Mise =?UTF-8?Q?=C3=A0?= jour de =?UTF-8?Q?s=C3=A9curit=C3=A9?= sortie de SPIP 4.3.6, SPIP 4.2.17, SPIP 4.1.20Systems running SPIP versions prior to 4.3.6, 4.2.17, 4.1.20.
17 Jan 2025VULN008Kubernetes : CVE-2024-9042 Command Injection affecting Windows nodes via nodes/*/logs/query APISystems running Kubelet versions prior to 1.32.1, 1.31.5, 1.30.9, 1.29.13.
16 Jan 2025VULN007git-lfs : Git LFS permits retrieval of credentials via crafted HTTP URLsSystems running git-lfs versions prior to 3.6.1.
16 Jan 2025VULN006Rancher : Stored XSS in Rancher UISystems running Rancher versions prior to 2.9.4, 2.10.0.
16 Jan 2025VULN005Apache : CVE-2024-54676: Apache OpenMeetings Deserialisation of untrusted data in cluster modeSystems running Apache OpenMeetings versions prior to 8.0.0.
16 Jan 2025VULN004Go-git: Vulnerabilities fixed in go-gitSystems running go-git versions prior to 5.13.
16 Jan 2025VULN003Next.js : Denial of Service (DoS) with Server ActionsSystems running Next.js versions prior to 15.1.2, 14.2.21, 13.5.8.
16 Jan 2025VULN001Django : Django security releases issued: 5.1.5, 5.0.11, and 4.2.18Systems running Django versions prior to 5.1.5, 5.0.11, 4.2.18.