Voici la liste des derniers avis du CERT-Renater en 2024 :


25 Apr 2024VULN217SolarWinds : SolarWinds Serv-U Directory Traversal Remote Code Execution Vulnerability (CVE-2024-28073)Systems running SolarWinds Serv-U versions prior to 15.4.2.
25 Apr 2024VULN216Citrix : Citrix uberAgent Security Bulletin for CVE-2024-3902Systems running Citrix uberAgent versions prior to 22.0.
25 Apr 2024VULN215PowerDNS : PowerDNS Recursor Security Advisory 2024-02Systems running PowerDNS versions prior to 4.8.8, 4.9.5, 5.0.4.
25 Apr 2024VULN214Cisco : Cisco Security Advisories Published on April 24, 2024Cisco ASA Software, CISCO FTD Software.
19 Apr 2024VULN213Gunicorn : Gunicorn 22.0 fix CVE-2024-1135 Request smuggling leading to endpoint restriction bypassSystems running Gunicorn versions prior to 22.0.
19 Apr 2024VULN212Apache : CVE-2024-29217 Apache Answer XSS vulnerability when changing personal websiteSystems running Apache Answer versions prior to 1.3.0.
19 Apr 2024VULN211Flatpak : CVE-2024-32462 Sandbox escape via RequestBackground portal and CWE-88Systems running Flatpak versions prior to 1.15.8, 1.10.9, 1.12.9, 1.14.6.
19 Apr 2024VULN210GNU C Library : GNU C Library Security Advisory FormatSystems running GNU C Library.
18 Apr 2024STAT15
18 Apr 2024VULN209Xen : x86 Native Branch History InjectionSystems running Xen.
18 Apr 2024VULN208Jenkins : Jenkins Security Advisory 2024-04-17Systems running Jenkins (core) versions prior to weekly 2.452, LTS 2.440.3.
18 Apr 2024VULN207Cisco : Cisco Security Advisories Published on April 17, 2024Systems running Cisco Integrated Management, Controller, Cisco IOS, Cisco IOS XE Software.
17 Apr 2024VULN206Mozilla : Security Vulnerabilities fixed in Firefox 125, ESR 115.10Systems running Firefox versions prior to 125, ESR 115.10.
17 Apr 2024VULN205Google : Chrome Stable channel updated to 124.0.6367.60/.61Systems running Google Chrome versions prior to 124.0.6367.60/.61.
17 Apr 2024VULN204PuTTY : PuTTY vulnerability vuln-p521-biasSystems running PuTTY versions prior to 0.81.
17 Apr 2024VULN203Oracle : April 2024 Critical Patch Update ReleasedSystems running Oracle products.
17 Apr 2024VULN202Atlassian : Security Bulletin - April 16 2024Systems running Bamboo Data Center and Server, Confluence Data Center and Server, Jira Software Data Center and Server, Jira Service Management Data Center and Server.
17 Apr 2024VULN201Palo Alto : CVE-2024-3400 PAN-OS OS Command Injection Vulnerability in GlobalProtectPAN-OS versions prior to 11.1.0-h3, 11.1.1-h1, 11.1.2-h3, 11.0.2-h4, 11.0.3-h10, 11.0.4-h1, 10.2.5-h6, 10.2.6-h3, 10.2.7-h8, 10.2.8-h3, 10.2.9-h1.
16 Apr 2024VULN200Citrix : XenServer and Citrix Hypervisor Security Update for CVE-2023-46842, CVE-2024-2201 and CVE-2024-31142Systems running XenServer, Citrix Hypervisor.
16 Apr 2024VULN199Argo CD : Argo CD's API server does not enforce project sourceNamespacesSystems running Argo CD versions prior to 2.8.16, 2.9.12, 2.10.7.
15 Apr 2024VULN198Apache : Apache CloudStack Security Releases 4.18.1.1 and 4.19.0.1Systems running Apache CloudStack versions prior to 4.18.1.1, 4.19.0.1.
15 Apr 2024VULN197Apache : CVE-2024-31309 Apache Traffic Server HTTP/2 CONTINUATION frames can be utilized for DoS attackSystems running Apache Traffic Server versions prior to 8.1.10, 9.2.4.
15 Apr 2024VULN196Apache : CVE-2024-27309 Apache Kafka Potential incorrect access control during migration from ZK mode to KRaft modeSystems running Apache Kafka versions 3.5.0, 3.5.1, 3.5.2, 3.6.0, 3.6.1.
15 Apr 2024VULN195Haskell : process command injection via argument list on WindowsWindows running process library versions prior to 1.6.19.0.
15 Apr 2024VULN194PHP : PHP 8.3.6, 8.2.18, 8.1.28Systems running PHP versions prior to 8.3.6, 8.2.18, 8.1.28.
12 Apr 2024VULN193Gitlab : GitLab Patch Release: 16.10.2, 16.9.4, 16.8.6Systems running GitLab versions prior to 16.10.2, 16.9.4, 16.8.6.
12 Apr 2024VULN192Apache : CVE-2024-31391 Apache Solr Operator Solr-Operator liveness and readiness probes may leak basic auth credentialsSystems running Apache Solr versions prior to 0.8.1.
12 Apr 2024VULN191Palo Alto : CVE-2024-3400 PAN-OS OS Command Injection Vulnerability in GlobalProtect GatewayPAN-OS versions prior to 11.1.2-h3, 11.0.4-h1, 10.2.9-h1.
11 Apr 2024VULN190Fortinet : FortiClientMac - Lack of configuration file validationMacOS running FortiClientMac versions prior to 7.2.4, 7.0.11.
11 Apr 2024VULN189Fortinet : FortiClient Linux Remote Code Execution due to dangerous nodejs configurationLinux running FortiClient versions prior to 7.2.1, 7.0.11.
11 Apr 2024VULN188Google : Chrome Stable channel updated to 123.0.6312.122/.123Systems running Google chrome versions prior to 123.0.6312.122/.123.
11 Apr 2024VULN187CERT/CC : Multiple programming languages fail to escape arguments properly in Microsoft WindowsWindows.
11 Apr 2024VULN186Xen : x86 Incorrect logic for BTC/SRSO mitigationsSystems running Xen versions prior to 4.18.2, 4.17.4, 4.16.6, 4.15.6.
11 Apr 2024VULN185WordPress : WordPress 6.5.2 Maintenance and Security ReleaseSystems running WordPress versions prior to 6.5.2.
11 Apr 2024VULN184Rust : Security advisory for the standard library (CVE-2024-24576)Systems running Rust versions prior to 1.77.2.
11 Apr 2024STAT14
9 Apr 2024VULN183Apache : Multiple vulnerabilities fixed in Apache ZeppelinSystems running Apache Zeppelin versions prior to 0.11.0.
9 Apr 2024VULN182Xen : x86 HVM hypercalls may trigger Xen bug checkSystems running Xen versions from at least 3.2 onwards.
9 Apr 2024VULN181SAP : SAP Security Patch Day =?UTF-8?Q?=E2=80=93?= April 2024Systems running SAP products.
9 Apr 2024VULN180Envoy Proxy : CPU and memory exhaustion due to CONTINUATION frame floodSystems running Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, 1.26.8.
9 Apr 2024VULN179OpenSSL : Unbounded memory growth with session handling in TLSv1.3 (CVE-2024-2511)Systems running OpenSSL versions prior to 3.2.2, 3.1.6, 3.0.14, 1.1.1y.
8 Apr 2024VULN178Go : Go 1.22.2 and Go 1.21.9 are releasedSystems running Go versions prior to 1.22.2, 1.21.9.
5 Apr 2024VULN177Mozilla: Security Vulnerabilities fixed in Firefox for iOS 124iOS running Firefox for iOS versions prior to 124.
5 Apr 2024VULN176pgAdmin 4 : 2024-04-04 - pgAdmin 4 v8.5 ReleasedSystems running pgAdmin 4 versions prior to 8.5.
5 Apr 2024VULN175Apache : CVE-2024-29834 Apache Pulsar Improper Authorization For Namespace and Topic Management EndpointsSystems running Apache Pulsar versions prior to 3.0.4, 3.2.2.
5 Apr 2024VULN174Yubico: Security Advisory YSA-2024-01 YubiKey Manager Privilege EscalationSystems running YubiKey Manager GUI versions prior to 1.2.6.
5 Apr 2024VULN173Apache : HTTP response splitting and HTTP/2 DoS vulnerabilities fixedSystems running Apache versions prior to 2.4.59.
5 Apr 2024VULN172X.Org: Issues in X.Org X server prior to 21.1.12 and Xwayland prior to 23.2.5Systems running X.Org X server versions prior to 21.1.12, Xwayland versions prior to 23.2.5.
5 Apr 2024VULN171CERT/CC: CERT/CC VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacksSystems implementing HTTP/2.
4 Apr 2024VULN170Ivanti : New CVE-2024-21894 (Heap Overflow), CVE-2024-22052 (Null Pointer Dereference), CVE-2024-22053 (Heap Overflow) and CVE-2024-22023 (XML entity expansion or XXE) for Ivanti Connect Secure and Ivanti Policy Secure GatewaysSystems running Ivanti Connect Secure versions prior to 22.1R6.2, 22.2R4.2, 22.3R1.2, 22.4R1.2, 22.4R2.4, 22.5R1.3, 22.5R2.4, 22.6R2.3, 9.1R14.6, 9.1R15.4, 9.1R16.4, 9.1R17.4, 9.1R18.5, Ivanti Policy Secure versions prior to 22.4R1.2, 22.5R1.3, 22.6R1.2, 9.1R16.4, 9.1R17.4, 9.1R18.5.
4 Apr 2024VULN169Cisco : Cisco Security Advisories Published on April 03, 2024Systems running Cisco products.
3 Apr 2024VULN168Node.js : Wednesday, April 3, 2024 Security ReleasesSystems running Node.js versions prior to 20.12.1, 21.7.11, 18.20.1.
3 Apr 2024VULN167VMware : VMware SD-WAN Edge and SD-WAN Orchestrator updates address multiple security vulnerabilitiesSystems running VMware SD-WAN (Edge) versions prior to 5.0.1+, 4.5.1+, VMware SD-WAN (Orchestrator) versions prior to 5.0.1+.
3 Apr 2024STAT13
29 Mar 2024VULN166Splunk : Multiple vulnerabilities fixed in SplunkSystems running Splunk Enterprise versions prior to 9.2.1, 9.1.4, 9.0.9, Splunk Cloud Platform.
29 Mar 2024VULN165Wireshark : wnpa-sec-2024-06 =?UTF-8?Q?=C2=B7?= T.38 dissector crashSystems running Wireshark versions prior to 4.2.4, 4.0.14.
29 Mar 2024VULN164Gitlab : GitLab Security Release: 16.10.1, 16.9.3, 16.8.5Systems running GitLab versions prior to 16.10.1, 16.9.3, 16.8.5.
29 Mar 2024VULN163Buildah : CVE-2024-1753 container escape at build timeSystems running buildah versions prior to 1.35.1, 1.34.3, 1.33.7.
29 Mar 2024VULN162Serverpod : Client accepts any certificate and Improved security for stored password hashesSystems running serverpod_client versions prior to 1.2.6, serverpod_auth_server (Dart) versions prior to 1.2.6.
29 Mar 2024VULN161Jupyterhub : XSS in JupyterHub via Self-XSS leveraged by Cookie TossingSystems running jupyterhub (pip) versions prior to 4.1.0.
29 Mar 2024VULN160Podman : CVE-2024-1753 container escape at build timeSystems running Podman versions prior to 4.9.4, 5.0.1.
28 Mar 2024VULN159APPLE : APPLE-SA-03-25-2024-1 Safari 17.4.1Systems running Safari versions prior to 17.4.1.
28 Mar 2024VULN158APPLE : APPLE-SA-03-25-2024 macOS Ventura 13.6.6 and Sonoma 14.4.1macOS versions prior to 13.6.6, 14.4.1.
28 Mar 2024VULN157APPLE : APPLE-SA-03-25-2024 iOS and iPadOS 16.7.7 and 17.4.1iOS, iPadOS versions prior to 16.7.7, 17.4.1.
28 Mar 2024VULN156Cilium : Intermittent HTTP policy bypassSystems running Cilium versions prior to 1.13.13, 1.14.8, 1.15.2.
28 Mar 2024VULN155Elastic : Elasticsearch 8.13.0 and 7.17.19 Security UpdatesSystems running Elasticsearch versions prior to 8.13.0, 7.17.19.
27 Mar 2024VULN154Cisco : Cisco Security Advisories Published on March 27, 2024Systems running Cisco IOS XE, Cisco IOS, Cisco Access Point Software, Cisco Aironet Access Point Software, Cisco Catalyst Center Software.
27 Mar 2024VULN153Nagios XI : Nagios XI 2024R1.1 fix XSS issueSystems running Nagios XI versions prior to 2024R1.1.
27 Mar 2024VULN152Red Hat : Red Hat OpenShift GitOps 1.10.2 and 1.9.4 security updateSystems running Red Hat OpenShift GitOps versions prior to 1.10.2, 1.9.4.
27 Mar 2024STAT12
27 Mar 2024VULN151Google : Chrome Stable channel updated to 123.0.6312.86/.87Systems running Chrome versions prior to 123.0.6312.86/.87.
27 Mar 2024VULN150TinyMCE : TinyMCE Cross-Site Scripting (XSS) vulnerabilities fixedSystems running TinyMCE versions prior to 7.0.0.
27 Mar 2024VULN149Grafana : Users outside an organization can delete a snapshot with its keySystems running Grafana versions prior to 9.5.18, 10.0.13, 10.1.9, 10.2.6, 10.3.5.
27 Mar 2024VULN148Apache : CVE-2024-29735 Apache Airflow Potentially harmful permission changing by log task handlerSystems running Apache Airflow versions prior to 2.8.4.
27 Mar 2024VULN147curl : Multiple vulnerabilities fixed in curl 8.7.0Systems running curl versions prior to 8.7.0.
26 Mar 2024VULN146Shibboleth : CAS service URL handling vulnerable to Server-Side Request ForgerySystems running Shibboleth Identity Provider versions prior to 5.1.1, 4.3.2.
26 Mar 2024VULN145Tenable : Stand-alone Security Patch Available for Tenable Security Center versions 5.23.1, 6.1.1, 6.2.0 and 6.2.1Systems running Tenable Security Center versions prior to 5.23.1, 6.1.1, 6.2.0, 6.2.1.
26 Mar 2024VULN144Ruby : Security Vulnerabilities fixed in Firefox ESR 115.9.1, 124.0.1Systems running RDoc gem versions prior to 6.3.4.1, 6.4.1.1, 6.5.1.1, 6.6.3.1.
26 Mar 2024VULN143Ruby : CVE-2024-27280 Buffer overread vulnerability in StringIOSystems running StringIO gem versions prior to 3.0.3.
26 Mar 2024VULN142WebKit : Security Vulnerabilities fixed in WebKitGTK, WPE WebKit 2.44.0Systems running WebKitGTK, WPE WebKit versions prior to 2.44.0.
25 Mar 2024VULN141Mozilla : Security Vulnerabilities fixed in Firefox ESR 115.9.1, 124.0.1Systems running Firefox versions prior to ESR 115.9.1, 124.0.1.
25 Mar 2024VULN140Spring : CVE-2024-22258 PKCE Downgrade in Spring Authorization ServerSystems running jupyter-server-proxy (pip) versions prior to 4.1.1, 3.2.3.
22 Mar 2024VULN139jupyter-server : Unauthenticated Websocket Proxying with jupyter-server-proxySystems running jupyter-server-proxy (pip) versions prior to 4.1.1, 3.2.3.
22 Mar 2024VULN138Apache : CVE-2024-27438 Apache Doris remote command execution and Possible race conditionSystems running Apache Doris versions prior to 2.0.5, 2.1.x.
22 Mar 2024VULN137Apache : CVE-2024-27439 Apache Wicket Possible bypass of CSRF protectionSystems running Apache Wicket versions prior to 9.17.0, 10.0.0.
21 Mar 2024VULN136Apache : Apache Archiva VulnerabilitiesSystems running Apache Archiva.
21 Mar 2024VULN135Apache : CVE-2024-28752 Apache CXF SSRF Vulnerability using the Aegis databinding Systems running Apache CXF versions prior to 4.0.4, 3.6.3, 3.5.8.
21 Mar 2024VULN134Apache : Apache Commons Configuration vulnerabilities fixedSystems running Apache Commons Configuration versions prior to 2.10.1.
21 Mar 2024VULN133Python : Vulnerabilities fixed in Python 3.10.14, 3.9.19, 3.8.19Systems running Python versions prior to 3.10.14, 3.9.19, 3.8.19.
21 Mar 2024VULN132Apache : CVE-2024-23944 Apache ZooKeeper Information disclosure in persistent watcher handlingSystems running Jenkins weekly versions prior to 2.444, Jenkins LTS versions prior to 2.440.1.
21 Mar 2024VULN131glpi : Multiple vulnerabilities fixed in glpi 10.0.13Systems running glpi versions prior to 10.0.13.
20 Mar 2024STAT11
15 Mar 2024VULN130Apache : CVE-2024-23944 Apache ZooKeeper Information disclosure in persistent watcher handlingSystems running Apache ZooKeeper versions prior to 3.9.2, 3.8.4.
15 Mar 2024VULN129Palo Alto : CVE-2024-2433 PAN-OS Improper Privilege Management Vulnerability in Panorama SoftwarePanorama on PAN-OS versions prior to 9.0.17-h4, 9.1.18, 10.1.12, 10.2.11, 11.0.4.
15 Mar 2024VULN128Palo Alto : CVE-2024-2432 GlobalProtect App: Local Privilege Escalation (PE) VulnerabilitySystems running GlobalProtect App versions prior to 6.2.1, 6.1.2, 6.0.8, 5.1.12.
15 Mar 2024VULN127Apache : Multiple Vulnerabilities fixed in Apache PulsarSystems running Apache Pulsar versions prior to 2.10.6, 2.11.4, 3.0.3, 3.1.3, 3.2.1.
15 Mar 2024VULN126Apache : Vulnerability in custom, long deprecated OpenID (NOT OIDC) authentication method in Flask AppBuilderSystems running Apache Airflow versions prior to 2.8.2.
14 Mar 2024VULN125Apache : Vulnerability in custom, long deprecated OpenID (NOT OIDC) authentication method in Flask AppBuilderSystems running Apache Airflow versions prior to 2.8.2.
14 Mar 2024VULN124Apache : Apache Tomcat - Denial of Service VulnerabilitiesSystems running Apache Tomcat versions prior to 11.0.0-M17, 10.1.19, 9.0.86, 8.5.99.
14 Mar 2024VULN123Cisco : Cisco Security Advisories Published on March 13, 2024Cisco IOS XR Software versions prior to 7.9.2, 7.10.1.
14 Mar 2024VULN122Directus : URL Redirection to Untrusted Site and Session Token in URLSystems running directus versions prior to 10.10.0.
13 Mar 2024VULN121Fortinet : FortiWLM MEA for FortiManager - improper access control in backup and restore featuresSystems running FortiWLM MEA for FortiManager versions prior to 7.4.1,7.2.4, 7.0.11, 6.4.14.
13 Mar 2024VULN120Xen : Register File Data Sampling and GhostRace: Speculative Race ConditionsSystems running Xen.
13 Mar 2024VULN119Fortinet : Vulnerabilities fixed in FortiClientEMSSystems running FortiClientEMS versions prior to 7.2.3, 7.0.11.
13 Mar 2024VULN118Fortinet : Multiple vulnerabilities fixed in FortiOS & FortiProxyFortiOS versions prior to 7.4.2, 7.2.7, 7.0.13, 6.4.15, 6.2.16, FortiProxy versions prior to 7.4.3, 7.2.9, 7.0.15, 2.0.14.
13 Mar 2024VULN117Google : Chrome Stable channel updated to 122.0.6261.128/.129Systems running Google Chrome versions prior to 122.0.6261.128/.129.
13 Mar 2024VULN116Citrix : Citrix SDWAN Security Bulletin for CVE-2024-2049Systems running Citrix SDWAN.
13 Mar 2024VULN115Citrix : Citrix Hypervisor Security Update for CVE-2023-39368 and CVE-2023-38575Systems running Citrix Hypervisor.
12 Mar 2024VULN114OpenStack : Unresolved Vulnerability in OpenStack MuranoSystems running OpenStack Murano.
12 Mar 2024VULN113Go : Go 1.22.1 and Go 1.21.8 are releasedSystems running Go versions prior to 1.22.1, 1.21.8.
12 Mar 2024VULN112 Rancher API Server: XSS Vulnerability in API ServerSystems running Rancher API Server versions prior to 4fd7d82 (master), 69b3c2b (release/v2.8), a3b9e37 (release/v2.8.s3), 4e102cf (release/v2.7), 97a10a3 (release/v2.7.s3), 4df268e (release/v2.6).
12 Mar 2024VULN111Rancher : Multiple vulnerabilities fixed in Rancher 2.6.14, 2.7.10 and 2.8.2Systems running Rancher versions prior to 2.6.14, 2.7.10, 2.8.2.
12 Mar 2024VULN110TYPO3 : Multiple vulnerabilities fixed in TYPO3Systems running TYPO3 CMS versions prior to 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1.
12 Mar 2024VULN109Moodle : Multiple vulnerabilities fixed in Moodle 4.3.3, 4.2.6, 4.1.9Systems running Moodle versions prior to 4.3.3, 4.2.6, 4.1.9).
12 Mar 2024VULN108Grafana : User with permissions to create a data source can CRUD all data sourcesSystems running Grafana versions prior to 9.5.7, 10.0.12, 10.1.8, 10.2.5, 10.3.4.
11 Mar 2024VULN107APPLE : APPLE-SA-03-07-2024-6 tvOS 17.4tvOS versions prior to 17.4.
11 Mar 2024VULN106APPLE : APPLE-SA-03-07-2024-5 watchOS 10.4Systems running watchOS versions prior to 10.4.
11 Mar 2024VULN105APPLE : APPLE-SA-03-07-2024-1 Safari 17.4Systems running Safari versions prior to 17.4.
11 Mar 2024VULN104APPLE : Multiple vulnerabilities fixed in macOS Monterey, Ventura, SonomaSystems running macOS versions prior to Monterey 12.7.4, Ventura 13.6.5, Sonoma 14.4
11 Mar 2024VULN103TeamCity : Additional Critical Security Issues Affecting TeamCity On-Premises (CVE-2024-27198 and CVE-2024-27199)Systems running TeamCity On-Premises versions prior to 2023.11.4.
10 Mar 2023STAT10
8 Mar 2024VULN102Nagios XI : Multiple vulnerabilities fixed in 2024R1.0.2Systems running Nagios XI versions prior to 2024R1.0.2.
8 Mar 2024VULN101Apache : Apache Camel issue on ExchangeCreatedEvent and Camel-SQL, Camel-CassandraQL Unsafe DeserializationSystems running Apache Camel versions prior to 3.21.4, 3.22.1, 4.0.4, 4.4.0.
8 Mar 2024VULN100GitLab : GitLab Security Release 16.9.2, 16.8.4, 16.7.7Systems running GitLab versions prior to 16.9.2, 16.8.4, 16.7.7.
8 Mar 2024VULN099Joomla! : Multiple security vulnerabilities fixed in Joomla! 4.4.3, 5.0.3, 3.7.0-3.10.14-eltsSystems running Joomla! versions prior to 3.10.15-elts, 4.4.3, 5.0.3.
8 Mar 2024VULN098PostgreSQL : PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 Released!Systems running PostgreSQL versions prior to 16.2, 15.6, 14.11, 13.14, 12.18.
8 Mar 2024VULN097PostgreSQL JDBC Driver : SQL Injection via line comment generationSystems running PostgreSQL JDBC Driver versions prior to 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, 42.2.28, 42.2.28.jre7.
8 Mar 2024VULN096Node.js : Multiple vulnerabilities fixed in Node.jsSystems running Node.js.
8 Mar 2024VULN095BuildKit : Multiple vulnerabilities fixed in BuildKit 0.12.5Systems running BuildKit versions prior to 0.12.5.
8 Mar 2024VULN094Django : Django security releases issued: 5.0.3, 4.2.11, and 3.2.25Systems running Django versions prior to 5.0.3, 4.2.11, 3.2.25.
8 Mar 2024VULN093Mozilla : Security Vulnerabilities fixed in Thunderbird 115.8.1Systems running Thunderbird versions prior to 115.8.1.
8 Mar 2024VULN092Google : Stable Channel for Desktop Updated to 122.0.6261.111/.112Systems running Google Chrome versions prior to 122.0.6261.111/.112.
7 Mar 2024VULN091Vmware : VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilitiesSystems running VMware ESXi, VMware Workstation, VMware Fusion, VMware Cloud Foundation.
7 Mar 2024VULN090Jenkins : Jenkins Security Advisory 2024-03-06Systems running Jenkins plugins.
7 Mar 2024VULN089APPLE : iOS 17.4, 16.7.6 and iPadOS 17.4, 16.7.6iOS, iPadOS versions prior to 17.4, 16.7.6.
3 Mar 2023STAT09
28 Feb 2024STAT08
23 Feb 2024VULN088 : ConnectWise ScreenConnect Authentication Bypass and remote code executionSystems running ScreenConnect 23.9.7 and prior
23 Feb 2024VULN087 : Microsoft Exchange Server Elevation of Privilege VulnerabilitySystems running Microsoft Exchange Server 2019 Cumulative Update 14, Microsoft Exchange Server 2019 Cumulative Update 13 and Microsoft Exchange Server 2016 Cumulative Update 23
23 Feb 2024VULN086 : Microsoft Outlook Remote Code Execution VulnerabilitySystems running Microsoft Office 2016, Microsoft Office 2019, Microsoft Office LTSC 2021 and Microsoft Office LTSC 2021
21 Feb 2024STAT07
17 Feb 2023VULN085 (graphql-mesh : Unwanted access to Systems running graphql-mesh/cli versions prior to 0.82.22, graphql-mesh/http versions prior to 0.3.19.
15 Feb 2024STAT06
9 Feb 2024VULN084 FortiOS - Out-of-bound Write in sslvpndFortiOS - Out-of-bound Write in sslvpnd
9 Feb 2024VULN083 : FortiOS - Format String Bug in fgfmdFortiOS - Format String Bug in fgfmd
9 Feb 2024VULN082Ivanti : CVE-2024-22024 (XXE) for Ivanti Connect Secure and Ivanti Policy Secure GatewaysSystems running Ivanti Connect Secure (ICS), Ivanti Policy Secure gateways, Ivanti Neurons for ZTA gateways.
17 Feb 2023VULN081 (TimescaleDB : TimescaleDB 2.8.0 Systems running TimescaleDB versions prior to 2.9.3.
8 Feb 2024VULN080Cisco : Cisco Critical and High Security Advisories Published on February 07, 2024Cisco Systems running Cisco Expressway Series, ClamAV.
8 Feb 2024STAT05
2 Feb 2024VULN079Splunk : Security Updates in Splunk Add-on BuilderSystems running Splunk Add-on Builder versions prior to 4.1.4.
2 Feb 2024VULN078glpi : LDAP Injection during authentication and Reflected XSS in reports pagesSystems running glpi versions prior to 10.0.12.
2 Feb 2024VULN077Moby : Classic builder cache poisoningSystems running moby versions prior to 25.0.2, 24.0.9.
2 Feb 2024VULN076Mastodon : Remote user impersonation and takeoverSystems running Mastodon versions prior to 3.5.17, 4.0.13, 4.1.13, 4.2.5.
1 Feb 2024VULN075Google : Stable Channel for Desktop Updated to 121.0.6167.139Systems running Google chrome versions prior to 1.1.12.
1 Feb 2024VULN074runc : several container breakouts due to internally leaked fdsSystems running runc versions prior to 1.1.12.
1 Feb 2024STAT04
31 Jan 2024VULN073ESET : Unquoted path privilege vulnerability in ESET products for Windows fixedSystems running ESET Endpoint Security, ESET Endpoint Antivirus versions prior to 11.0.2032.x, ESET NOD32 Antivirus, ESET Internet Security and ESET Smart Security Premium versions prior to 17.0.15.0, ESET Mail Security for Microsoft Exchange Server versions prior to 10.1.10012.0.
31 Jan 2024VULN072Spring : local information disclosure via temporary directory created with unsafe permissionsSystems running Spring Cloud Contract versions prior to 3.1.10, 4.0.5, 4.1.1.
31 Jan 2024VULN071WordPress : WordPress 6.4.3 =?UTF-8?Q?=E2=80=93?= Maintenance and Security releaseSystems running WordPress versions prior to 6.4.3.
31 Jan 2024VULN070CrateDB : CrateDB database has an arbitrary file read vulnerabilitySystems running CrateDB versions prior to 5.3.9, 5.4.8, 5.5.4, 5.6.1.
31 Jan 2024VULN069Apache : CVE-2023-29055 Apache Kylin: Insufficiently protected credentials in config fileSystems running Apache Kylin versions prior to 4.0.4.
31 Jan 2024VULN068curl : OCSP verification bypass with TLS session reuseSystems running curl versions 8.5.x prior to 8.6.0.
30 Jan 2024VULN067Xen : Unauthorized memory access and VT-d Failure to quarantine devices fixedSystems running Xen.
26 Jan 2024VULN066Mozilla : Security Vulnerabilities fixed in Thunderbird 115.7Systems running Thunderbird versions prior to 115.7.
26 Jan 2024VULN065Mozilla : Multiple vulnerabilities fixed in Firefox 122, ESR 115.7Systems running Firefox versions prior to 122, ESR 115.7.
26 Jan 2024VULN064OpenSSL : OpenSSL Security Advisory [25th January 2024]Systems running OpenSSL versions prior to 3.2.1, 3.1.5, 3.0.13, 1.1.1x, 1.0.2zj.
26 Jan 2024VULN063Google : Stable Channel 121.0.6167.85 Update for DesktopGoogle Chrome versions prior to 121.0.6167.85.
25 Jan 2024VULN062APPLE : APPLE-SA-01-22-2024-8 watchOS 10.3watchOS versions prior to 10.3.
25 Jan 2024VULN061APPLE : APPLE-SA-01-22-2024-1 Safari 17.3Systems running Safari versions prior to 17.3.
25 Jan 2024VULN060APPLE : macOS Ventura 13.6.4, Monterey 12.7.3macOS versions prior to Ventura 13.6.4, Monterey 12.7.3.
25 Jan 2024VULN059APPLE : APPLE-SA-01-22-2024-2 iOS 17.3, 16.7.5 and iPadOS 17.3, 16.7.5iOS, iPadOS versions prior to 17.3, 16.7.5.
25 Jan 2024VULN058Apache : Apache Superset vulnerabilities fixedSystems running Apache Superset versions prior to 3.0.3, Apache Superset Helm chart versions prior to 0.10.15.
25 Jan 2024VULN057Apache : Apache Airflow CNCF Kubernetes provider, Apache Airflow Kubernetes configuration file vulnerafitilySystems running Apache Airflow versions prior to 2.6.1, Apache Airflow CNCF Kubernetes provider versions prior to 7.0.0.
25 Jan 2024VULN056Xen : Linux netback processing of zero-length transmit fragmentSystems running Xen.
25 Jan 2024VULN055SQUID : SQUID-2023:11 Denial of Service in Cache ManagerSystems running SQUID versions prior to 6.6.
25 Jan 2024VULN054Citrix : Citrix Hypervisor Security Bulletin for CVE-2023-46838Systems running Citrix Hypervisor versions 8.2 CU1 LTSR .
24 Jan 2024VULN053Jenkins : Jenkins Security Advisory 2024-01-24Systems running Jenkins (core), Git server Plugin, GitLab Branch Source Plugin, Log Command Plugin, Matrix Project Plugin, Qualys Policy Compliance Scanning Connector Plugin, Red Hat Dependency Analytics Plugin.
24 Jan 2024VULN052Cisco : Cisco Security Advisories Published on January 24, 2024Systems running Cisco Unified Communications, Products, Cisco Small Business Series Switches firmware, Cisco Unity products.
24 Jan 2024VULN051Atlassian : January 2024 Security BulletinSystems running Confluence Data Center and Server versions prior to 7.19.18, 8.5.5, 8.7.2, Confluence Server versions prior to 7.19.18, 8.5.5, Crowd Data Center and Server versions prior to 5.2.2, Jira Service Management Data Center and Server versions prior to 4.20.30, 5.4.15, 5.12.2, Jira Data Center and Server versions prior to 9.4.13, 9.7.0, Bamboo Data Center and Server versions prior to 9.2.9, 9.3.6, 9.4, Bitbucket Server versions prior to 7.21.21, 8.9.9, 8.13.5, 8.14.4, Bitbucket Data Center versions prior to 7.21.21, 8.9.9, 8.13.5, 8.14.4, 8.15.3, 8.16.2, 8.17.0.
24 Jan 2024STAT03
22 Jan 2024VULN050gnutls : gnutls 3.8.3 fix vulnerabilitiesSystems running gnutls versions prior to 3.8.3.
22 Jan 2024VULN049Postfix : Postfix stable release 3.8.5, 3.7.10, 3.6.14, 3.5.24Systems running Postfix versions prior to 3.8.5, 3.7.10, 3.6.14, 3.5.24.
22 Jan 2024VULN048Argo CD : Cross-Site Request Forgery (CSRF) in github.com/argoproj/argo-cdSystems running Argo CD versions prior to 2.10-rc2, 2.9.4, 2.8.8, 2.7.16.
22 Jan 2024VULN047Jupyterlab : Potential authentication, CSRF tokens leak and SXSS in Markdown PreviewSystems running jupyterlab (pip) versions prior to 4.0.11, 3.6.7, notebook (pip) versions prior to 7.0.7.
22 Jan 2024VULN046Exim : Exim 4.97.1 fix SMTP smuggling vulnerabilitySystems running Exim versions prior to 4.97.1.
22 Jan 2024VULN045Apache : CVE-2023-46589 Apache Tomcat - Information DisclosureSystems running Apache Tomcat versions prior to 9.0.44, 8.5.64.
18 Jan 2024VULN044Synology : Synology-SA-24:01 DSM DiskStation ManagerDSM 7.2 versions prior to 7.2-64561, DSM 7.1, DSM 6.2, DSMUC 3.1 versions prior to 3.1.2-23068.
18 Jan 2024VULN043SonicWall : SFPMonitor.sys KOOB Write vulnerabilitySystems running SonicWall Capture Client versions prior to 3.7.11, SonicWall NetExtender Windows Client versions prior to 10.2.338.
18 Jan 2024VULN042X.Org : Issues in X.Org X server prior to 21.1.11 and Xwayland prior to 23.2.4Systems running X.Org versions prior to 21.1.11, Xwayland versions prior to 23.2.4.
18 Jan 2024VULN041Drupal : Drupal core - Moderately critical - Denial of Service - SA-CORE-2024-001Systems running Drupal core versions prior to 10.2.2, 10.1.8.
17 Jan 2024VULN040Citrix : Citrix StoreFront Security Bulletin for CVE-2023-5914Systems running Citrix StoreFront versions prior to 2308.1, 2311, 1912 LTSR CU8 hotfix 3.22.8001.2, 2203 LTSR CU4 Update 1.
17 Jan 2024VULN039Google : Google Chrome 120.0.6099.234 fix multiple vulnerabilitiesSystems running Google Chrome versions prior to 120.0.6099.234.
17 Jan 2024VULN038Oracle : January 2024 Critical Patch Update ReleasedSystems running Oracle’s products.
17 Jan 2024VULN037Vmware : VMware Aria Automation updates address a Missing Access Control vulnerability (CVE-2023-34063)Systems running VMware Aria Automation versions prior to 8.14.1 + Patch, 8.13.1 + Patch, 8.12.2 + Patch, 8.11.2 + Patch, VMware Cloud Foundation (Aria Automation).
17 Jan 2024VULN036Citrix : Citrix Session Recording Security Bulletin for CVE-2023-6184Systems running Citrix Virtual Apps and Desktops versions prior to 2311, 1912 LTSR CU8 hotfix 19.12.8100.4, 2203 LTSR CU4.
17 Jan 2024VULN035Citrix : NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549Systems running Citrix NetScaler ADC and NetScaler Gateway versions prior to 14.1-12.35, 13.1-51.15, 13.0-92.21, NetScaler ADC versions prior to 13.1-FIPS 13.1-37.176, 12.1-FIPS 12.1-55.302, 12.1-NDcPP 12.1-55.302.
17 Jan 2024STAT02
16 Jan 2024VULN034Apache : CVE-2023-50290 Apache Solr allows read access to host environment variablesSystems running Apache Solr versions prior to 9.3.0.
16 Jan 2024VULN033Apache : CVE-2023-46749 Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a path traversal attackSystems running Apache Shiro versions prior to 1.13.0+, 2.0.0-alpha-4+.
16 Jan 2024VULN032OpenSSL : Excessive time spent checking invalid RSA public keys (CVE-2023-6237)Systems running OpenSSL versions 3.0.0 to 3.0.12, 3.1.0 to 3.1.4 and 3.2.0
12 Jan 2024VULN031Ivanti : CVE-2023-46805 (Authentication Bypass) & CVE-2024-21887 (Command Injection) for Ivanti Connect Secure and Ivanti Policy Secure GatewaysSystems running Ivanti Connect Secure (ICS), Ivanti Policy Secure gateways, Ivanti Neurons for ZTA gateways.
12 Jan 2024VULN030Ivanti : SA-2023-12-19-CVE-2023-39336Systems running Ivanti Endpoint Manager versions prior to 2022 SU5.
12 Jan 2024VULN029GitLab : GitLab Critical Security Release 16.7.2, 16.6.4, 16.5.6Systems running GitLab versions prior to 16.7.2, 16.6.4, 16.5.6.
12 Jan 2024VULN028SPIP : Mise à jour de maintenance et sécurité sortie de SPIP 4.2.8, SPIP 4.1.14Systems running SPIP versions prior to 4.2.8, 4.1.14.
11 Jan 2024VULN027GitPython : Untrusted search path under some conditions on Windows allows arbitrary code executionSystems running GitPython versions prior to 3.1.41.
11 Jan 2024VULN026go-git : Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clientsSystems running go-git versions prior to 5.11.
11 Jan 2024VULN025Cisco : Cisco Security Advisories Published on January 10, 2024Systems running Cisco Unity Connection, Cisco WAP371 Wireless Access Point, Cisco ThousandEyes Enterprise Agent Virtual Appliance Cisco Evolved Programmable Network Manager, Cisco Prime Infrastructure, Cisco BroadWorks Application Delivery Platform, Cisco BroadWorks Xtended Services Platform, Cisco Identity Services Engine, Cisco TelePresence Management Suite.
10 Jan 2024STAT01
10 Jan 2024VULN024Splunk : Splunk User Behavior Analytics (UBA) Third-Party Package UpdatesSystems running Splunk User Behavior Analytics versions prior to 5.3.0, 5.2.1.
10 Jan 2024VULN023Splunk : Multiple Vulnerabilities fixed in Splunk Enterprise SecuritySystems running Splunk Enterprise Security versions prior to 7.1.2, 7.2.0, 7.3.0.
10 Jan 2024VULN022OpenSSL : POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129)Systems running OpenSSL versions prior to 1.1.1, 1.0.2.
9 Jan 2024VULN021QNAP : Multiple Vulnerabilities in Video StationSystems running Video Station versions prior to 5.7.2 (2023/11/23).
9 Jan 2024VULN020Qnap : Vulnerability in QcalAgentSystems running QcalAgent versions prior to 1.1.8.
9 Jan 2024VULN019Qnap : Multiple Vulnerabilities in QuMagieSystems running QuMagie versions prior to 2.2.1.
8 Jan 2024VULN018QNAP : Multiple Vulnerabilities in Video StationSystems running Video Station versions prior to 5.7.2 (2023/11/23).
8 Jan 2024VULN017Qnap : Vulnerabilities fixed in QTS, QuTS heroSystems running QTS, QuTS hero versions prior to 5.1.3.2578 build 20231110, 5.1.4.2596 build 20231128.
8 Jan 2024VULN016Centreon : Security bulletin for Centreon Web available through The WatchSystems running Centreon Web versions prior to 23.10.5, 23.04.13, 22.10.17, 22.04.19.
5 Jan 2024VULN015gradio : Make the `/file` secure against file traversal attacks and SSRFSystems running gradio versions prior to 4.11.0.
5 Jan 2024VULN014SPIP : Mise à jour de maintenance et sécurité sortie de SPIP 4.2.7, SPIP 4.1.13Systems running SPIP versions prior to 4.2.7, 4.1.13.
5 Jan 2024VULN013Asterisk : Multiple vulnerabilities fixed in AsteriskSystems running Asterisk versions prior to 21.0.1, 18.20.1, 20.5.1, certified-asterisk versions prior to 18.9-cert6.
5 Jan 2024VULN012Wireshark : Multiple dissector crash vulnerabilities fixed in WiresharkSystems running Wireshark versions prior to 4.2.1, 4.0.12, 3.6.20.
5 Jan 2024VULN011Google : Google Chrome 120.0.6099.199 fix multiple vulnerabilitiesSystems running Google Chrome versions prior to 120.0.6099.199.
4 Jan 2024VULN010Apache : Apache InLong Arbitrary File Read and Remote Code Execution vulnerabilitiesSystems running Apache InLong versions 1.7.0 through 1.9.0.
4 Jan 2024VULN009WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2023-0012Systems running WebKitGTK, WPE WebKit versions prior to 2.42.4.
4 Jan 2024VULN008Apache : CVE-2023-49299: Apache DolphinScheduler Arbitrary js execute as root for authenticated usersSystems running Apache DolphinScheduler versions prior to 3.1.9.
4 Jan 2024VULN007containerd : RAPL accessible to a containerSystems running containerd versions prior to 1.7.11, 1.6.26.
4 Jan 2024VULN006Cacti : Cacti 1.2.26 fixes multiple security vulnerabilitiesSystems running Cacti versions prior to 1.2.26.
4 Jan 2024VULN005OpenSSH : OpenSSH 9.6 addresses key vulnerabilitiesSystems running OpenSSH versions prior to 9.6.
4 Jan 2024VULN004libssh : Multiple vulnerabilities fixed in libsshSystems running libssh versions prior to 0.10.6, 0.9.8.
3 Jan 2024VULN003Moodle : Multiple vulnerabilities fixed in MoodleSystems running Moodle versions prior to 4.3.1, 4.2.4, 4.1.7, 4.0.12, 3.11.18, 3.9.25.
3 Jan 2024VULN002Apache : Pre-authentication RCE, Arbitrary file properties reading and SSRF vulnerabilities fixedSystems running Apache OFBiz versions prior to 18.12.11.
3 Jan 2024VULN001Apache : Apache OpenOffice 4.1.15 fixes multiple vulnerabilitiesSystems running Apache OpenOffice versions prior to 4.1.15.
3 Jan 2024STAT52
3 Jan 2024STAT51




      
Conception & développement : DirNum - Dernière mise à jour : 25/04/2024