25 Apr 2024 | VULN217 | SolarWinds : SolarWinds Serv-U Directory Traversal Remote Code Execution Vulnerability (CVE-2024-28073) | Systems running SolarWinds Serv-U versions prior to 15.4.2.
|
25 Apr 2024 | VULN216 | Citrix : Citrix uberAgent Security Bulletin for CVE-2024-3902 | Systems running Citrix uberAgent versions prior to 22.0.
|
25 Apr 2024 | VULN215 | PowerDNS : PowerDNS Recursor Security Advisory 2024-02 | Systems running PowerDNS versions prior to 4.8.8, 4.9.5, 5.0.4.
|
25 Apr 2024 | VULN214 | Cisco : Cisco Security Advisories Published on April 24, 2024 | Cisco ASA Software, CISCO FTD Software.
|
19 Apr 2024 | VULN213 | Gunicorn : Gunicorn 22.0 fix CVE-2024-1135 Request smuggling leading to endpoint restriction bypass | Systems running Gunicorn versions prior to 22.0.
|
19 Apr 2024 | VULN212 | Apache : CVE-2024-29217 Apache Answer XSS vulnerability when changing personal website | Systems running Apache Answer versions prior to 1.3.0.
|
19 Apr 2024 | VULN211 | Flatpak : CVE-2024-32462 Sandbox escape via RequestBackground portal and CWE-88 | Systems running Flatpak versions prior to 1.15.8, 1.10.9, 1.12.9, 1.14.6.
|
19 Apr 2024 | VULN210 | GNU C Library : GNU C Library Security Advisory Format | Systems running GNU C Library.
|
18 Apr 2024 | STAT15 | |
|
18 Apr 2024 | VULN209 | Xen : x86 Native Branch History Injection | Systems running Xen.
|
18 Apr 2024 | VULN208 | Jenkins : Jenkins Security Advisory 2024-04-17 | Systems running Jenkins (core) versions prior to weekly 2.452, LTS 2.440.3.
|
18 Apr 2024 | VULN207 | Cisco : Cisco Security Advisories Published on April 17, 2024 | Systems running Cisco Integrated Management, Controller, Cisco IOS, Cisco IOS XE Software.
|
17 Apr 2024 | VULN206 | Mozilla : Security Vulnerabilities fixed in Firefox 125, ESR 115.10 | Systems running Firefox versions prior to 125, ESR 115.10.
|
17 Apr 2024 | VULN205 | Google : Chrome Stable channel updated to 124.0.6367.60/.61 | Systems running Google Chrome versions prior to 124.0.6367.60/.61.
|
17 Apr 2024 | VULN204 | PuTTY : PuTTY vulnerability vuln-p521-bias | Systems running PuTTY versions prior to 0.81.
|
17 Apr 2024 | VULN203 | Oracle : April 2024 Critical Patch Update Released | Systems running Oracle products.
|
17 Apr 2024 | VULN202 | Atlassian : Security Bulletin - April 16 2024 | Systems running Bamboo Data Center and Server, Confluence Data Center and Server, Jira Software Data Center and Server, Jira Service Management Data Center and Server.
|
17 Apr 2024 | VULN201 | Palo Alto : CVE-2024-3400 PAN-OS OS Command Injection Vulnerability in GlobalProtect | PAN-OS versions prior to 11.1.0-h3, 11.1.1-h1, 11.1.2-h3, 11.0.2-h4, 11.0.3-h10, 11.0.4-h1, 10.2.5-h6, 10.2.6-h3, 10.2.7-h8, 10.2.8-h3, 10.2.9-h1.
|
16 Apr 2024 | VULN200 | Citrix : XenServer and Citrix Hypervisor Security Update for CVE-2023-46842, CVE-2024-2201 and CVE-2024-31142 | Systems running XenServer, Citrix Hypervisor.
|
16 Apr 2024 | VULN199 | Argo CD : Argo CD's API server does not enforce project sourceNamespaces | Systems running Argo CD versions prior to 2.8.16, 2.9.12, 2.10.7.
|
15 Apr 2024 | VULN198 | Apache : Apache CloudStack Security Releases 4.18.1.1 and 4.19.0.1 | Systems running Apache CloudStack versions prior to 4.18.1.1, 4.19.0.1.
|
15 Apr 2024 | VULN197 | Apache : CVE-2024-31309 Apache Traffic Server HTTP/2 CONTINUATION frames can be utilized for DoS attack | Systems running Apache Traffic Server versions prior to 8.1.10, 9.2.4.
|
15 Apr 2024 | VULN196 | Apache : CVE-2024-27309 Apache Kafka Potential incorrect access control during migration from ZK mode to KRaft mode | Systems running Apache Kafka versions 3.5.0, 3.5.1, 3.5.2, 3.6.0, 3.6.1.
|
15 Apr 2024 | VULN195 | Haskell : process command injection via argument list on Windows | Windows running process library versions prior to 1.6.19.0.
|
15 Apr 2024 | VULN194 | PHP : PHP 8.3.6, 8.2.18, 8.1.28 | Systems running PHP versions prior to 8.3.6, 8.2.18, 8.1.28.
|
12 Apr 2024 | VULN193 | Gitlab : GitLab Patch Release: 16.10.2, 16.9.4, 16.8.6 | Systems running GitLab versions prior to 16.10.2, 16.9.4, 16.8.6.
|
12 Apr 2024 | VULN192 | Apache : CVE-2024-31391 Apache Solr Operator Solr-Operator liveness and readiness probes may leak basic auth credentials | Systems running Apache Solr versions prior to 0.8.1.
|
12 Apr 2024 | VULN191 | Palo Alto : CVE-2024-3400 PAN-OS OS Command Injection Vulnerability in GlobalProtect Gateway | PAN-OS versions prior to 11.1.2-h3, 11.0.4-h1, 10.2.9-h1.
|
11 Apr 2024 | VULN190 | Fortinet : FortiClientMac - Lack of configuration file validation | MacOS running FortiClientMac versions prior to 7.2.4, 7.0.11.
|
11 Apr 2024 | VULN189 | Fortinet : FortiClient Linux Remote Code Execution due to dangerous nodejs configuration | Linux running FortiClient versions prior to 7.2.1, 7.0.11.
|
11 Apr 2024 | VULN188 | Google : Chrome Stable channel updated to 123.0.6312.122/.123 | Systems running Google chrome versions prior to 123.0.6312.122/.123.
|
11 Apr 2024 | VULN187 | CERT/CC : Multiple programming languages fail to escape arguments properly in Microsoft Windows | Windows.
|
11 Apr 2024 | VULN186 | Xen : x86 Incorrect logic for BTC/SRSO mitigations | Systems running Xen versions prior to 4.18.2, 4.17.4, 4.16.6, 4.15.6.
|
11 Apr 2024 | VULN185 | WordPress : WordPress 6.5.2 Maintenance and Security Release | Systems running WordPress versions prior to 6.5.2.
|
11 Apr 2024 | VULN184 | Rust : Security advisory for the standard library (CVE-2024-24576) | Systems running Rust versions prior to 1.77.2.
|
11 Apr 2024 | STAT14 | |
|
9 Apr 2024 | VULN183 | Apache : Multiple vulnerabilities fixed in Apache Zeppelin | Systems running Apache Zeppelin versions prior to 0.11.0.
|
9 Apr 2024 | VULN182 | Xen : x86 HVM hypercalls may trigger Xen bug check | Systems running Xen versions from at least 3.2 onwards.
|
9 Apr 2024 | VULN181 | SAP : SAP Security Patch Day =?UTF-8?Q?=E2=80=93?= April 2024 | Systems running SAP products.
|
9 Apr 2024 | VULN180 | Envoy Proxy : CPU and memory exhaustion due to CONTINUATION frame flood | Systems running Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, 1.26.8.
|
9 Apr 2024 | VULN179 | OpenSSL : Unbounded memory growth with session handling in TLSv1.3 (CVE-2024-2511) | Systems running OpenSSL versions prior to 3.2.2, 3.1.6, 3.0.14, 1.1.1y.
|
8 Apr 2024 | VULN178 | Go : Go 1.22.2 and Go 1.21.9 are released | Systems running Go versions prior to 1.22.2, 1.21.9.
|
5 Apr 2024 | VULN177 | Mozilla: Security Vulnerabilities fixed in Firefox for iOS 124 | iOS running Firefox for iOS versions prior to 124.
|
5 Apr 2024 | VULN176 | pgAdmin 4 : 2024-04-04 - pgAdmin 4 v8.5 Released | Systems running pgAdmin 4 versions prior to 8.5.
|
5 Apr 2024 | VULN175 | Apache : CVE-2024-29834 Apache Pulsar Improper Authorization For Namespace and Topic Management Endpoints | Systems running Apache Pulsar versions prior to 3.0.4, 3.2.2.
|
5 Apr 2024 | VULN174 | Yubico: Security Advisory YSA-2024-01 YubiKey Manager Privilege Escalation | Systems running YubiKey Manager GUI versions prior to 1.2.6.
|
5 Apr 2024 | VULN173 | Apache : HTTP response splitting and HTTP/2 DoS vulnerabilities fixed | Systems running Apache versions prior to 2.4.59.
|
5 Apr 2024 | VULN172 | X.Org: Issues in X.Org X server prior to 21.1.12 and Xwayland prior to 23.2.5 | Systems running X.Org X server versions prior to 21.1.12, Xwayland versions prior to 23.2.5.
|
5 Apr 2024 | VULN171 | CERT/CC: CERT/CC VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks | Systems implementing HTTP/2.
|
4 Apr 2024 | VULN170 | Ivanti : New CVE-2024-21894 (Heap Overflow), CVE-2024-22052 (Null Pointer Dereference), CVE-2024-22053 (Heap Overflow) and CVE-2024-22023 (XML entity expansion or XXE) for Ivanti Connect Secure and Ivanti Policy Secure Gateways | Systems running Ivanti Connect Secure versions prior to 22.1R6.2, 22.2R4.2, 22.3R1.2, 22.4R1.2, 22.4R2.4, 22.5R1.3, 22.5R2.4, 22.6R2.3, 9.1R14.6, 9.1R15.4, 9.1R16.4, 9.1R17.4, 9.1R18.5, Ivanti Policy Secure versions prior to 22.4R1.2, 22.5R1.3, 22.6R1.2, 9.1R16.4, 9.1R17.4, 9.1R18.5.
|
4 Apr 2024 | VULN169 | Cisco : Cisco Security Advisories Published on April 03, 2024 | Systems running Cisco products.
|
3 Apr 2024 | VULN168 | Node.js : Wednesday, April 3, 2024 Security Releases | Systems running Node.js versions prior to 20.12.1, 21.7.11, 18.20.1.
|
3 Apr 2024 | VULN167 | VMware : VMware SD-WAN Edge and SD-WAN Orchestrator updates address multiple security vulnerabilities | Systems running VMware SD-WAN (Edge) versions prior to 5.0.1+, 4.5.1+, VMware SD-WAN (Orchestrator) versions prior to 5.0.1+.
|
3 Apr 2024 | STAT13 | |
|
29 Mar 2024 | VULN166 | Splunk : Multiple vulnerabilities fixed in Splunk | Systems running Splunk Enterprise versions prior to 9.2.1, 9.1.4, 9.0.9, Splunk Cloud Platform.
|
29 Mar 2024 | VULN165 | Wireshark : wnpa-sec-2024-06 =?UTF-8?Q?=C2=B7?= T.38 dissector crash | Systems running Wireshark versions prior to 4.2.4, 4.0.14.
|
29 Mar 2024 | VULN164 | Gitlab : GitLab Security Release: 16.10.1, 16.9.3, 16.8.5 | Systems running GitLab versions prior to 16.10.1, 16.9.3, 16.8.5.
|
29 Mar 2024 | VULN163 | Buildah : CVE-2024-1753 container escape at build time | Systems running buildah versions prior to 1.35.1, 1.34.3, 1.33.7.
|
29 Mar 2024 | VULN162 | Serverpod : Client accepts any certificate and Improved security for stored password hashes | Systems running serverpod_client versions prior to 1.2.6, serverpod_auth_server (Dart) versions prior to 1.2.6.
|
29 Mar 2024 | VULN161 | Jupyterhub : XSS in JupyterHub via Self-XSS leveraged by Cookie Tossing | Systems running jupyterhub (pip) versions prior to 4.1.0.
|
29 Mar 2024 | VULN160 | Podman : CVE-2024-1753 container escape at build time | Systems running Podman versions prior to 4.9.4, 5.0.1.
|
28 Mar 2024 | VULN159 | APPLE : APPLE-SA-03-25-2024-1 Safari 17.4.1 | Systems running Safari versions prior to 17.4.1.
|
28 Mar 2024 | VULN158 | APPLE : APPLE-SA-03-25-2024 macOS Ventura 13.6.6 and Sonoma 14.4.1 | macOS versions prior to 13.6.6, 14.4.1.
|
28 Mar 2024 | VULN157 | APPLE : APPLE-SA-03-25-2024 iOS and iPadOS 16.7.7 and 17.4.1 | iOS, iPadOS versions prior to 16.7.7, 17.4.1.
|
28 Mar 2024 | VULN156 | Cilium : Intermittent HTTP policy bypass | Systems running Cilium versions prior to 1.13.13, 1.14.8, 1.15.2.
|
28 Mar 2024 | VULN155 | Elastic : Elasticsearch 8.13.0 and 7.17.19 Security Updates | Systems running Elasticsearch versions prior to 8.13.0, 7.17.19.
|
27 Mar 2024 | VULN154 | Cisco : Cisco Security Advisories Published on March 27, 2024 | Systems running Cisco IOS XE, Cisco IOS, Cisco Access Point Software, Cisco Aironet Access Point Software, Cisco Catalyst Center Software.
|
27 Mar 2024 | VULN153 | Nagios XI : Nagios XI 2024R1.1 fix XSS issue | Systems running Nagios XI versions prior to 2024R1.1.
|
27 Mar 2024 | VULN152 | Red Hat : Red Hat OpenShift GitOps 1.10.2 and 1.9.4 security update | Systems running Red Hat OpenShift GitOps versions prior to 1.10.2, 1.9.4.
|
27 Mar 2024 | STAT12 | |
|
27 Mar 2024 | VULN151 | Google : Chrome Stable channel updated to 123.0.6312.86/.87 | Systems running Chrome versions prior to 123.0.6312.86/.87.
|
27 Mar 2024 | VULN150 | TinyMCE : TinyMCE Cross-Site Scripting (XSS) vulnerabilities fixed | Systems running TinyMCE versions prior to 7.0.0.
|
27 Mar 2024 | VULN149 | Grafana : Users outside an organization can delete a snapshot with its key | Systems running Grafana versions prior to 9.5.18, 10.0.13, 10.1.9, 10.2.6, 10.3.5.
|
27 Mar 2024 | VULN148 | Apache : CVE-2024-29735 Apache Airflow Potentially harmful permission changing by log task handler | Systems running Apache Airflow versions prior to 2.8.4.
|
27 Mar 2024 | VULN147 | curl : Multiple vulnerabilities fixed in curl 8.7.0 | Systems running curl versions prior to 8.7.0.
|
26 Mar 2024 | VULN146 | Shibboleth : CAS service URL handling vulnerable to Server-Side Request Forgery | Systems running Shibboleth Identity Provider versions prior to 5.1.1, 4.3.2.
|
26 Mar 2024 | VULN145 | Tenable : Stand-alone Security Patch Available for Tenable Security Center versions 5.23.1, 6.1.1, 6.2.0 and 6.2.1 | Systems running Tenable Security Center versions prior to 5.23.1, 6.1.1, 6.2.0, 6.2.1.
|
26 Mar 2024 | VULN144 | Ruby : Security Vulnerabilities fixed in Firefox ESR 115.9.1, 124.0.1 | Systems running RDoc gem versions prior to 6.3.4.1, 6.4.1.1, 6.5.1.1, 6.6.3.1.
|
26 Mar 2024 | VULN143 | Ruby : CVE-2024-27280 Buffer overread vulnerability in StringIO | Systems running StringIO gem versions prior to 3.0.3.
|
26 Mar 2024 | VULN142 | WebKit : Security Vulnerabilities fixed in WebKitGTK, WPE WebKit 2.44.0 | Systems running WebKitGTK, WPE WebKit versions prior to 2.44.0.
|
25 Mar 2024 | VULN141 | Mozilla : Security Vulnerabilities fixed in Firefox ESR 115.9.1, 124.0.1 | Systems running Firefox versions prior to ESR 115.9.1, 124.0.1.
|
25 Mar 2024 | VULN140 | Spring : CVE-2024-22258 PKCE Downgrade in Spring Authorization Server | Systems running jupyter-server-proxy (pip) versions prior to 4.1.1, 3.2.3.
|
22 Mar 2024 | VULN139 | jupyter-server : Unauthenticated Websocket Proxying with jupyter-server-proxy | Systems running jupyter-server-proxy (pip) versions prior to 4.1.1, 3.2.3.
|
22 Mar 2024 | VULN138 | Apache : CVE-2024-27438 Apache Doris remote command execution and Possible race condition | Systems running Apache Doris versions prior to 2.0.5, 2.1.x.
|
22 Mar 2024 | VULN137 | Apache : CVE-2024-27439 Apache Wicket Possible bypass of CSRF protection | Systems running Apache Wicket versions prior to 9.17.0, 10.0.0.
|
21 Mar 2024 | VULN136 | Apache : Apache Archiva Vulnerabilities | Systems running Apache Archiva.
|
21 Mar 2024 | VULN135 | Apache : CVE-2024-28752 Apache CXF SSRF Vulnerability using the Aegis databinding | Systems running Apache CXF versions prior to 4.0.4, 3.6.3, 3.5.8.
|
21 Mar 2024 | VULN134 | Apache : Apache Commons Configuration vulnerabilities fixed | Systems running Apache Commons Configuration versions prior to 2.10.1.
|
21 Mar 2024 | VULN133 | Python : Vulnerabilities fixed in Python 3.10.14, 3.9.19, 3.8.19 | Systems running Python versions prior to 3.10.14, 3.9.19, 3.8.19.
|
21 Mar 2024 | VULN132 | Apache : CVE-2024-23944 Apache ZooKeeper Information disclosure in persistent watcher handling | Systems running Jenkins weekly versions prior to 2.444, Jenkins LTS versions prior to 2.440.1.
|
21 Mar 2024 | VULN131 | glpi : Multiple vulnerabilities fixed in glpi 10.0.13 | Systems running glpi versions prior to 10.0.13.
|
20 Mar 2024 | STAT11 | |
|
15 Mar 2024 | VULN130 | Apache : CVE-2024-23944 Apache ZooKeeper Information disclosure in persistent watcher handling | Systems running Apache ZooKeeper versions prior to 3.9.2, 3.8.4.
|
15 Mar 2024 | VULN129 | Palo Alto : CVE-2024-2433 PAN-OS Improper Privilege Management Vulnerability in Panorama Software | Panorama on PAN-OS versions prior to 9.0.17-h4, 9.1.18, 10.1.12, 10.2.11, 11.0.4.
|
15 Mar 2024 | VULN128 | Palo Alto : CVE-2024-2432 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability | Systems running GlobalProtect App versions prior to 6.2.1, 6.1.2, 6.0.8, 5.1.12.
|
15 Mar 2024 | VULN127 | Apache : Multiple Vulnerabilities fixed in Apache Pulsar | Systems running Apache Pulsar versions prior to 2.10.6, 2.11.4, 3.0.3, 3.1.3, 3.2.1.
|
15 Mar 2024 | VULN126 | Apache : Vulnerability in custom, long deprecated OpenID (NOT OIDC) authentication method in Flask AppBuilder | Systems running Apache Airflow versions prior to 2.8.2.
|
14 Mar 2024 | VULN125 | Apache : Vulnerability in custom, long deprecated OpenID (NOT OIDC) authentication method in Flask AppBuilder | Systems running Apache Airflow versions prior to 2.8.2.
|
14 Mar 2024 | VULN124 | Apache : Apache Tomcat - Denial of Service Vulnerabilities | Systems running Apache Tomcat versions prior to 11.0.0-M17, 10.1.19, 9.0.86, 8.5.99.
|
14 Mar 2024 | VULN123 | Cisco : Cisco Security Advisories Published on March 13, 2024 | Cisco IOS XR Software versions prior to 7.9.2, 7.10.1.
|
14 Mar 2024 | VULN122 | Directus : URL Redirection to Untrusted Site and Session Token in URL | Systems running directus versions prior to 10.10.0.
|
13 Mar 2024 | VULN121 | Fortinet : FortiWLM MEA for FortiManager - improper access control in backup and restore features | Systems running FortiWLM MEA for FortiManager versions prior to 7.4.1,7.2.4, 7.0.11, 6.4.14.
|
13 Mar 2024 | VULN120 | Xen : Register File Data Sampling and GhostRace: Speculative Race Conditions | Systems running Xen.
|
13 Mar 2024 | VULN119 | Fortinet : Vulnerabilities fixed in FortiClientEMS | Systems running FortiClientEMS versions prior to 7.2.3, 7.0.11.
|
13 Mar 2024 | VULN118 | Fortinet : Multiple vulnerabilities fixed in FortiOS & FortiProxy | FortiOS versions prior to 7.4.2, 7.2.7, 7.0.13, 6.4.15, 6.2.16, FortiProxy versions prior to 7.4.3, 7.2.9, 7.0.15, 2.0.14.
|
13 Mar 2024 | VULN117 | Google : Chrome Stable channel updated to 122.0.6261.128/.129 | Systems running Google Chrome versions prior to 122.0.6261.128/.129.
|
13 Mar 2024 | VULN116 | Citrix : Citrix SDWAN Security Bulletin for CVE-2024-2049 | Systems running Citrix SDWAN.
|
13 Mar 2024 | VULN115 | Citrix : Citrix Hypervisor Security Update for CVE-2023-39368 and CVE-2023-38575 | Systems running Citrix Hypervisor.
|
12 Mar 2024 | VULN114 | OpenStack : Unresolved Vulnerability in OpenStack Murano | Systems running OpenStack Murano.
|
12 Mar 2024 | VULN113 | Go : Go 1.22.1 and Go 1.21.8 are released | Systems running Go versions prior to 1.22.1, 1.21.8.
|
12 Mar 2024 | VULN112 | Rancher API Server: XSS Vulnerability in API Server | Systems running Rancher API Server versions prior to 4fd7d82 (master), 69b3c2b (release/v2.8), a3b9e37 (release/v2.8.s3), 4e102cf (release/v2.7), 97a10a3 (release/v2.7.s3), 4df268e (release/v2.6).
|
12 Mar 2024 | VULN111 | Rancher : Multiple vulnerabilities fixed in Rancher 2.6.14, 2.7.10 and 2.8.2 | Systems running Rancher versions prior to 2.6.14, 2.7.10, 2.8.2.
|
12 Mar 2024 | VULN110 | TYPO3 : Multiple vulnerabilities fixed in TYPO3 | Systems running TYPO3 CMS versions prior to 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1.
|
12 Mar 2024 | VULN109 | Moodle : Multiple vulnerabilities fixed in Moodle 4.3.3, 4.2.6, 4.1.9 | Systems running Moodle versions prior to 4.3.3, 4.2.6, 4.1.9).
|
12 Mar 2024 | VULN108 | Grafana : User with permissions to create a data source can CRUD all data sources | Systems running Grafana versions prior to 9.5.7, 10.0.12, 10.1.8, 10.2.5, 10.3.4.
|
11 Mar 2024 | VULN107 | APPLE : APPLE-SA-03-07-2024-6 tvOS 17.4 | tvOS versions prior to 17.4.
|
11 Mar 2024 | VULN106 | APPLE : APPLE-SA-03-07-2024-5 watchOS 10.4 | Systems running watchOS versions prior to 10.4.
|
11 Mar 2024 | VULN105 | APPLE : APPLE-SA-03-07-2024-1 Safari 17.4 | Systems running Safari versions prior to 17.4.
|
11 Mar 2024 | VULN104 | APPLE : Multiple vulnerabilities fixed in macOS Monterey, Ventura, Sonoma | Systems running macOS versions prior to Monterey 12.7.4, Ventura 13.6.5, Sonoma 14.4
|
11 Mar 2024 | VULN103 | TeamCity : Additional Critical Security Issues Affecting TeamCity On-Premises (CVE-2024-27198 and CVE-2024-27199) | Systems running TeamCity On-Premises versions prior to 2023.11.4.
|
10 Mar 2023 | STAT10 | |
|
8 Mar 2024 | VULN102 | Nagios XI : Multiple vulnerabilities fixed in 2024R1.0.2 | Systems running Nagios XI versions prior to 2024R1.0.2.
|
8 Mar 2024 | VULN101 | Apache : Apache Camel issue on ExchangeCreatedEvent and Camel-SQL, Camel-CassandraQL Unsafe Deserialization | Systems running Apache Camel versions prior to 3.21.4, 3.22.1, 4.0.4, 4.4.0.
|
8 Mar 2024 | VULN100 | GitLab : GitLab Security Release 16.9.2, 16.8.4, 16.7.7 | Systems running GitLab versions prior to 16.9.2, 16.8.4, 16.7.7.
|
8 Mar 2024 | VULN099 | Joomla! : Multiple security vulnerabilities fixed in Joomla! 4.4.3, 5.0.3, 3.7.0-3.10.14-elts | Systems running Joomla! versions prior to 3.10.15-elts, 4.4.3, 5.0.3.
|
8 Mar 2024 | VULN098 | PostgreSQL : PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 Released! | Systems running PostgreSQL versions prior to 16.2, 15.6, 14.11, 13.14, 12.18.
|
8 Mar 2024 | VULN097 | PostgreSQL JDBC Driver : SQL Injection via line comment generation | Systems running PostgreSQL JDBC Driver versions prior to 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, 42.2.28, 42.2.28.jre7.
|
8 Mar 2024 | VULN096 | Node.js : Multiple vulnerabilities fixed in Node.js | Systems running Node.js.
|
8 Mar 2024 | VULN095 | BuildKit : Multiple vulnerabilities fixed in BuildKit 0.12.5 | Systems running BuildKit versions prior to 0.12.5.
|
8 Mar 2024 | VULN094 | Django : Django security releases issued: 5.0.3, 4.2.11, and 3.2.25 | Systems running Django versions prior to 5.0.3, 4.2.11, 3.2.25.
|
8 Mar 2024 | VULN093 | Mozilla : Security Vulnerabilities fixed in Thunderbird 115.8.1 | Systems running Thunderbird versions prior to 115.8.1.
|
8 Mar 2024 | VULN092 | Google : Stable Channel for Desktop Updated to 122.0.6261.111/.112 | Systems running Google Chrome versions prior to 122.0.6261.111/.112.
|
7 Mar 2024 | VULN091 | Vmware : VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities | Systems running VMware ESXi, VMware Workstation, VMware Fusion, VMware Cloud Foundation.
|
7 Mar 2024 | VULN090 | Jenkins : Jenkins Security Advisory 2024-03-06 | Systems running Jenkins plugins.
|
7 Mar 2024 | VULN089 | APPLE : iOS 17.4, 16.7.6 and iPadOS 17.4, 16.7.6 | iOS, iPadOS versions prior to 17.4, 16.7.6.
|
3 Mar 2023 | STAT09 | |
|
28 Feb 2024 | STAT08 | |
|
23 Feb 2024 | VULN088 | : ConnectWise ScreenConnect Authentication Bypass and remote code execution | Systems running ScreenConnect 23.9.7 and prior
|
23 Feb 2024 | VULN087 | : Microsoft Exchange Server Elevation of Privilege Vulnerability | Systems running Microsoft Exchange Server 2019 Cumulative Update 14, Microsoft Exchange Server 2019 Cumulative Update 13 and Microsoft Exchange Server 2016 Cumulative Update 23
|
23 Feb 2024 | VULN086 | : Microsoft Outlook Remote Code Execution Vulnerability | Systems running Microsoft Office 2016, Microsoft Office 2019, Microsoft Office LTSC 2021 and Microsoft Office LTSC 2021
|
21 Feb 2024 | STAT07 | |
|
17 Feb 2023 | VULN085 | (graphql-mesh : Unwanted access to | Systems running graphql-mesh/cli versions prior to 0.82.22, graphql-mesh/http versions prior to 0.3.19.
|
15 Feb 2024 | STAT06 | |
|
9 Feb 2024 | VULN084 | FortiOS - Out-of-bound Write in sslvpnd | FortiOS - Out-of-bound Write in sslvpnd
|
9 Feb 2024 | VULN083 | : FortiOS - Format String Bug in fgfmd | FortiOS - Format String Bug in fgfmd
|
9 Feb 2024 | VULN082 | Ivanti : CVE-2024-22024 (XXE) for Ivanti Connect Secure and Ivanti Policy Secure Gateways | Systems running Ivanti Connect Secure (ICS), Ivanti Policy Secure gateways, Ivanti Neurons for ZTA gateways.
|
17 Feb 2023 | VULN081 | (TimescaleDB : TimescaleDB 2.8.0 | Systems running TimescaleDB versions prior to 2.9.3.
|
8 Feb 2024 | VULN080 | Cisco : Cisco Critical and High Security Advisories Published on February 07, 2024 | Cisco Systems running Cisco Expressway Series, ClamAV.
|
8 Feb 2024 | STAT05 | |
|
2 Feb 2024 | VULN079 | Splunk : Security Updates in Splunk Add-on Builder | Systems running Splunk Add-on Builder versions prior to 4.1.4.
|
2 Feb 2024 | VULN078 | glpi : LDAP Injection during authentication and Reflected XSS in reports pages | Systems running glpi versions prior to 10.0.12.
|
2 Feb 2024 | VULN077 | Moby : Classic builder cache poisoning | Systems running moby versions prior to 25.0.2, 24.0.9.
|
2 Feb 2024 | VULN076 | Mastodon : Remote user impersonation and takeover | Systems running Mastodon versions prior to 3.5.17, 4.0.13, 4.1.13, 4.2.5.
|
1 Feb 2024 | VULN075 | Google : Stable Channel for Desktop Updated to 121.0.6167.139 | Systems running Google chrome versions prior to 1.1.12.
|
1 Feb 2024 | VULN074 | runc : several container breakouts due to internally leaked fds | Systems running runc versions prior to 1.1.12.
|
1 Feb 2024 | STAT04 | |
|
31 Jan 2024 | VULN073 | ESET : Unquoted path privilege vulnerability in ESET products for Windows fixed | Systems running ESET Endpoint Security, ESET Endpoint Antivirus versions prior to 11.0.2032.x, ESET NOD32 Antivirus, ESET Internet Security and ESET Smart Security Premium versions prior to 17.0.15.0, ESET Mail Security for Microsoft Exchange Server versions prior to 10.1.10012.0.
|
31 Jan 2024 | VULN072 | Spring : local information disclosure via temporary directory created with unsafe permissions | Systems running Spring Cloud Contract versions prior to 3.1.10, 4.0.5, 4.1.1.
|
31 Jan 2024 | VULN071 | WordPress : WordPress 6.4.3 =?UTF-8?Q?=E2=80=93?= Maintenance and Security release | Systems running WordPress versions prior to 6.4.3.
|
31 Jan 2024 | VULN070 | CrateDB : CrateDB database has an arbitrary file read vulnerability | Systems running CrateDB versions prior to 5.3.9, 5.4.8, 5.5.4, 5.6.1.
|
31 Jan 2024 | VULN069 | Apache : CVE-2023-29055 Apache Kylin: Insufficiently protected credentials in config file | Systems running Apache Kylin versions prior to 4.0.4.
|
31 Jan 2024 | VULN068 | curl : OCSP verification bypass with TLS session reuse | Systems running curl versions 8.5.x prior to 8.6.0.
|
30 Jan 2024 | VULN067 | Xen : Unauthorized memory access and VT-d Failure to quarantine devices fixed | Systems running Xen.
|
26 Jan 2024 | VULN066 | Mozilla : Security Vulnerabilities fixed in Thunderbird 115.7 | Systems running Thunderbird versions prior to 115.7.
|
26 Jan 2024 | VULN065 | Mozilla : Multiple vulnerabilities fixed in Firefox 122, ESR 115.7 | Systems running Firefox versions prior to 122, ESR 115.7.
|
26 Jan 2024 | VULN064 | OpenSSL : OpenSSL Security Advisory [25th January 2024] | Systems running OpenSSL versions prior to 3.2.1, 3.1.5, 3.0.13, 1.1.1x, 1.0.2zj.
|
26 Jan 2024 | VULN063 | Google : Stable Channel 121.0.6167.85 Update for Desktop | Google Chrome versions prior to 121.0.6167.85.
|
25 Jan 2024 | VULN062 | APPLE : APPLE-SA-01-22-2024-8 watchOS 10.3 | watchOS versions prior to 10.3.
|
25 Jan 2024 | VULN061 | APPLE : APPLE-SA-01-22-2024-1 Safari 17.3 | Systems running Safari versions prior to 17.3.
|
25 Jan 2024 | VULN060 | APPLE : macOS Ventura 13.6.4, Monterey 12.7.3 | macOS versions prior to Ventura 13.6.4, Monterey 12.7.3.
|
25 Jan 2024 | VULN059 | APPLE : APPLE-SA-01-22-2024-2 iOS 17.3, 16.7.5 and iPadOS 17.3, 16.7.5 | iOS, iPadOS versions prior to 17.3, 16.7.5.
|
25 Jan 2024 | VULN058 | Apache : Apache Superset vulnerabilities fixed | Systems running Apache Superset versions prior to 3.0.3, Apache Superset Helm chart versions prior to 0.10.15.
|
25 Jan 2024 | VULN057 | Apache : Apache Airflow CNCF Kubernetes provider, Apache Airflow Kubernetes configuration file vulnerafitily | Systems running Apache Airflow versions prior to 2.6.1, Apache Airflow CNCF Kubernetes provider versions prior to 7.0.0.
|
25 Jan 2024 | VULN056 | Xen : Linux netback processing of zero-length transmit fragment | Systems running Xen.
|
25 Jan 2024 | VULN055 | SQUID : SQUID-2023:11 Denial of Service in Cache Manager | Systems running SQUID versions prior to 6.6.
|
25 Jan 2024 | VULN054 | Citrix : Citrix Hypervisor Security Bulletin for CVE-2023-46838 | Systems running Citrix Hypervisor versions 8.2 CU1 LTSR .
|
24 Jan 2024 | VULN053 | Jenkins : Jenkins Security Advisory 2024-01-24 | Systems running Jenkins (core), Git server Plugin, GitLab Branch Source Plugin, Log Command Plugin, Matrix Project Plugin, Qualys Policy Compliance Scanning Connector Plugin, Red Hat Dependency Analytics Plugin.
|
24 Jan 2024 | VULN052 | Cisco : Cisco Security Advisories Published on January 24, 2024 | Systems running Cisco Unified Communications, Products, Cisco Small Business Series Switches firmware, Cisco Unity products.
|
24 Jan 2024 | VULN051 | Atlassian : January 2024 Security Bulletin | Systems running Confluence Data Center and Server versions prior to 7.19.18, 8.5.5, 8.7.2, Confluence Server versions prior to 7.19.18, 8.5.5, Crowd Data Center and Server versions prior to 5.2.2, Jira Service Management Data Center and Server versions prior to 4.20.30, 5.4.15, 5.12.2, Jira Data Center and Server versions prior to 9.4.13, 9.7.0, Bamboo Data Center and Server versions prior to 9.2.9, 9.3.6, 9.4, Bitbucket Server versions prior to 7.21.21, 8.9.9, 8.13.5, 8.14.4, Bitbucket Data Center versions prior to 7.21.21, 8.9.9, 8.13.5, 8.14.4, 8.15.3, 8.16.2, 8.17.0.
|
24 Jan 2024 | STAT03 | |
|
22 Jan 2024 | VULN050 | gnutls : gnutls 3.8.3 fix vulnerabilities | Systems running gnutls versions prior to 3.8.3.
|
22 Jan 2024 | VULN049 | Postfix : Postfix stable release 3.8.5, 3.7.10, 3.6.14, 3.5.24 | Systems running Postfix versions prior to 3.8.5, 3.7.10, 3.6.14, 3.5.24.
|
22 Jan 2024 | VULN048 | Argo CD : Cross-Site Request Forgery (CSRF) in github.com/argoproj/argo-cd | Systems running Argo CD versions prior to 2.10-rc2, 2.9.4, 2.8.8, 2.7.16.
|
22 Jan 2024 | VULN047 | Jupyterlab : Potential authentication, CSRF tokens leak and SXSS in Markdown Preview | Systems running jupyterlab (pip) versions prior to 4.0.11, 3.6.7, notebook (pip) versions prior to 7.0.7.
|
22 Jan 2024 | VULN046 | Exim : Exim 4.97.1 fix SMTP smuggling vulnerability | Systems running Exim versions prior to 4.97.1.
|
22 Jan 2024 | VULN045 | Apache : CVE-2023-46589 Apache Tomcat - Information Disclosure | Systems running Apache Tomcat versions prior to 9.0.44, 8.5.64.
|
18 Jan 2024 | VULN044 | Synology : Synology-SA-24:01 DSM DiskStation Manager | DSM 7.2 versions prior to 7.2-64561, DSM 7.1, DSM 6.2, DSMUC 3.1 versions prior to 3.1.2-23068.
|
18 Jan 2024 | VULN043 | SonicWall : SFPMonitor.sys KOOB Write vulnerability | Systems running SonicWall Capture Client versions prior to 3.7.11, SonicWall NetExtender Windows Client versions prior to 10.2.338.
|
18 Jan 2024 | VULN042 | X.Org : Issues in X.Org X server prior to 21.1.11 and Xwayland prior to 23.2.4 | Systems running X.Org versions prior to 21.1.11, Xwayland versions prior to 23.2.4.
|
18 Jan 2024 | VULN041 | Drupal : Drupal core - Moderately critical - Denial of Service - SA-CORE-2024-001 | Systems running Drupal core versions prior to 10.2.2, 10.1.8.
|
17 Jan 2024 | VULN040 | Citrix : Citrix StoreFront Security Bulletin for CVE-2023-5914 | Systems running Citrix StoreFront versions prior to 2308.1, 2311, 1912 LTSR CU8 hotfix 3.22.8001.2, 2203 LTSR CU4 Update 1.
|
17 Jan 2024 | VULN039 | Google : Google Chrome 120.0.6099.234 fix multiple vulnerabilities | Systems running Google Chrome versions prior to 120.0.6099.234.
|
17 Jan 2024 | VULN038 | Oracle : January 2024 Critical Patch Update Released | Systems running Oracle’s products.
|
17 Jan 2024 | VULN037 | Vmware : VMware Aria Automation updates address a Missing Access Control vulnerability (CVE-2023-34063) | Systems running VMware Aria Automation versions prior to 8.14.1 + Patch, 8.13.1 + Patch, 8.12.2 + Patch, 8.11.2 + Patch, VMware Cloud Foundation (Aria Automation).
|
17 Jan 2024 | VULN036 | Citrix : Citrix Session Recording Security Bulletin for CVE-2023-6184 | Systems running Citrix Virtual Apps and Desktops versions prior to 2311, 1912 LTSR CU8 hotfix 19.12.8100.4, 2203 LTSR CU4.
|
17 Jan 2024 | VULN035 | Citrix : NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549 | Systems running Citrix NetScaler ADC and NetScaler Gateway versions prior to 14.1-12.35, 13.1-51.15, 13.0-92.21, NetScaler ADC versions prior to 13.1-FIPS 13.1-37.176, 12.1-FIPS 12.1-55.302, 12.1-NDcPP 12.1-55.302.
|
17 Jan 2024 | STAT02 | |
|
16 Jan 2024 | VULN034 | Apache : CVE-2023-50290 Apache Solr allows read access to host environment variables | Systems running Apache Solr versions prior to 9.3.0.
|
16 Jan 2024 | VULN033 | Apache : CVE-2023-46749 Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a path traversal attack | Systems running Apache Shiro versions prior to 1.13.0+, 2.0.0-alpha-4+.
|
16 Jan 2024 | VULN032 | OpenSSL : Excessive time spent checking invalid RSA public keys (CVE-2023-6237) | Systems running OpenSSL versions 3.0.0 to 3.0.12, 3.1.0 to 3.1.4 and 3.2.0
|
12 Jan 2024 | VULN031 | Ivanti : CVE-2023-46805 (Authentication Bypass) & CVE-2024-21887 (Command Injection) for Ivanti Connect Secure and Ivanti Policy Secure Gateways | Systems running Ivanti Connect Secure (ICS), Ivanti Policy Secure gateways, Ivanti Neurons for ZTA gateways.
|
12 Jan 2024 | VULN030 | Ivanti : SA-2023-12-19-CVE-2023-39336 | Systems running Ivanti Endpoint Manager versions prior to 2022 SU5.
|
12 Jan 2024 | VULN029 | GitLab : GitLab Critical Security Release 16.7.2, 16.6.4, 16.5.6 | Systems running GitLab versions prior to 16.7.2, 16.6.4, 16.5.6.
|
12 Jan 2024 | VULN028 | SPIP : Mise à jour de maintenance et sécurité sortie de SPIP 4.2.8, SPIP 4.1.14 | Systems running SPIP versions prior to 4.2.8, 4.1.14.
|
11 Jan 2024 | VULN027 | GitPython : Untrusted search path under some conditions on Windows allows arbitrary code execution | Systems running GitPython versions prior to 3.1.41.
|
11 Jan 2024 | VULN026 | go-git : Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients | Systems running go-git versions prior to 5.11.
|
11 Jan 2024 | VULN025 | Cisco : Cisco Security Advisories Published on January 10, 2024 | Systems running Cisco Unity Connection, Cisco WAP371 Wireless Access Point, Cisco ThousandEyes Enterprise Agent Virtual Appliance Cisco Evolved Programmable Network Manager, Cisco Prime Infrastructure, Cisco BroadWorks Application Delivery Platform, Cisco BroadWorks Xtended Services Platform, Cisco Identity Services Engine, Cisco TelePresence Management Suite.
|
10 Jan 2024 | STAT01 | |
|
10 Jan 2024 | VULN024 | Splunk : Splunk User Behavior Analytics (UBA) Third-Party Package Updates | Systems running Splunk User Behavior Analytics versions prior to 5.3.0, 5.2.1.
|
10 Jan 2024 | VULN023 | Splunk : Multiple Vulnerabilities fixed in Splunk Enterprise Security | Systems running Splunk Enterprise Security versions prior to 7.1.2, 7.2.0, 7.3.0.
|
10 Jan 2024 | VULN022 | OpenSSL : POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129) | Systems running OpenSSL versions prior to 1.1.1, 1.0.2.
|
9 Jan 2024 | VULN021 | QNAP : Multiple Vulnerabilities in Video Station | Systems running Video Station versions prior to 5.7.2 (2023/11/23).
|
9 Jan 2024 | VULN020 | Qnap : Vulnerability in QcalAgent | Systems running QcalAgent versions prior to 1.1.8.
|
9 Jan 2024 | VULN019 | Qnap : Multiple Vulnerabilities in QuMagie | Systems running QuMagie versions prior to 2.2.1.
|
8 Jan 2024 | VULN018 | QNAP : Multiple Vulnerabilities in Video Station | Systems running Video Station versions prior to 5.7.2 (2023/11/23).
|
8 Jan 2024 | VULN017 | Qnap : Vulnerabilities fixed in QTS, QuTS hero | Systems running QTS, QuTS hero versions prior to 5.1.3.2578 build 20231110, 5.1.4.2596 build 20231128.
|
8 Jan 2024 | VULN016 | Centreon : Security bulletin for Centreon Web available through The Watch | Systems running Centreon Web versions prior to 23.10.5, 23.04.13, 22.10.17, 22.04.19.
|
5 Jan 2024 | VULN015 | gradio : Make the `/file` secure against file traversal attacks and SSRF | Systems running gradio versions prior to 4.11.0.
|
5 Jan 2024 | VULN014 | SPIP : Mise à jour de maintenance et sécurité sortie de SPIP 4.2.7, SPIP 4.1.13 | Systems running SPIP versions prior to 4.2.7, 4.1.13.
|
5 Jan 2024 | VULN013 | Asterisk : Multiple vulnerabilities fixed in Asterisk | Systems running Asterisk versions prior to 21.0.1, 18.20.1, 20.5.1, certified-asterisk versions prior to 18.9-cert6.
|
5 Jan 2024 | VULN012 | Wireshark : Multiple dissector crash vulnerabilities fixed in Wireshark | Systems running Wireshark versions prior to 4.2.1, 4.0.12, 3.6.20.
|
5 Jan 2024 | VULN011 | Google : Google Chrome 120.0.6099.199 fix multiple vulnerabilities | Systems running Google Chrome versions prior to 120.0.6099.199.
|
4 Jan 2024 | VULN010 | Apache : Apache InLong Arbitrary File Read and Remote Code Execution vulnerabilities | Systems running Apache InLong versions 1.7.0 through 1.9.0.
|
4 Jan 2024 | VULN009 | WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2023-0012 | Systems running WebKitGTK, WPE WebKit versions prior to 2.42.4.
|
4 Jan 2024 | VULN008 | Apache : CVE-2023-49299: Apache DolphinScheduler Arbitrary js execute as root for authenticated users | Systems running Apache DolphinScheduler versions prior to 3.1.9.
|
4 Jan 2024 | VULN007 | containerd : RAPL accessible to a container | Systems running containerd versions prior to 1.7.11, 1.6.26.
|
4 Jan 2024 | VULN006 | Cacti : Cacti 1.2.26 fixes multiple security vulnerabilities | Systems running Cacti versions prior to 1.2.26.
|
4 Jan 2024 | VULN005 | OpenSSH : OpenSSH 9.6 addresses key vulnerabilities | Systems running OpenSSH versions prior to 9.6.
|
4 Jan 2024 | VULN004 | libssh : Multiple vulnerabilities fixed in libssh | Systems running libssh versions prior to 0.10.6, 0.9.8.
|
3 Jan 2024 | VULN003 | Moodle : Multiple vulnerabilities fixed in Moodle | Systems running Moodle versions prior to 4.3.1, 4.2.4, 4.1.7, 4.0.12, 3.11.18, 3.9.25.
|
3 Jan 2024 | VULN002 | Apache : Pre-authentication RCE, Arbitrary file properties reading and SSRF vulnerabilities fixed | Systems running Apache OFBiz versions prior to 18.12.11.
|
3 Jan 2024 | VULN001 | Apache : Apache OpenOffice 4.1.15 fixes multiple vulnerabilities | Systems running Apache OpenOffice versions prior to 4.1.15.
|
3 Jan 2024 | STAT52 | |
|
3 Jan 2024 | STAT51 | |
|