Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Research Advisories

This page contains information regarding security vulnerabilities in third-party software discovered by a dedicated team supported by researchers and engineers at Tenable. Tenable believes in coordinated disclosure, working with vendors to better protect our customers. Here is our public key. Please refer to our Vulnerability Disclosure Policy for additional details.

For issues that impact Tenable products, please visit the Tenable Product Security Advisories. For more details on submitting vulnerability information for Tenable products, please see our Vulnerability Reporting Guidelines page.

Find a vulnerability in a Tenable product?

Please report it here

Report

Date Advisory ID Name Severity CVE ID
May 31, 2023 TRA-2023-21 Contec CONPROSYS HMI System Login DoS Medium CVE-2023-2758
May 19, 2023 TRA-2023-20 Stored Cross-Site Scripting in Craft CMS Low CVE-2023-2817
May 19, 2023 TRA-2023-19 Multiple Vulnerabilities in Telstra Device High
May 8, 2023 TRA-2023-18 Strikingly CMS Prototype Pollution Medium CVE-2023-2582
May 1, 2023 TRA-2023-17 Trend Micro Mobile Security for Enterprise Multiple Vulnerabilities Critical CVE-2023-32521
CVE-2023-32522
April 25, 2023 TRA-2023-16 Zoho ManageEngine Disclosure of Hardcoded Credentials High CVE-2023-2291
April 21, 2023 TRA-2023-15 Schneider Electric APC Easy UPS Online Monitoring Software Unauthenticated RMI Calls Critical CVE-2023-29411
March 31, 2023 TRA-2023-14 Contec CONPROSYS HMI System (CHS) Unauthenticated SQLi High CVE-2023-1658
March 21, 2023 TRA-2023-13 Rockwell Automation ThinManager ThinServer Multiple Vulnerabilities Critical CVE-2023-27855
CVE-2023-27856
CVE-2023-27857
March 14, 2023 TRA-2023-12 Netgear RAX30 Multiple Vulnerabilities High CVE-2023-28337
CVE-2023-28338
March 14, 2023 TRA-2023-11 Unauthenticated Command Injection in TP-Link Archer AX21 (AX1800) High CVE-2023-1389
March 10, 2023 TRA-2023-10 Authentication Bypass in Netgear RAX30 (AX2400) < 1.0.6.74 High CVE-2023-1327
March 8, 2023 TRA-2023-9 Netgear RAX30 Multiple Vulnerabilities High CVE-2023-27850
CVE-2023-27851
CVE-2023-27852
CVE-2023-27853
CVE-2023-1205
February 27, 2023 TRA-2023-8 Multiple Vulnerabilities in OpenCATS 0.9.6 High CVE-2023-27292
CVE-2023-27293
CVE-2023-27294
CVE-2023-27295
February 22, 2023 TRA-2023-7 Insecure Deserialization in Multiple WordPress Plugins High CVE-2023-26326
CVE-2023-28667
February 1, 2023 TRA-2023-6 Cross-Site Scripting in Multiple Microsoft Domains and Microsoft Teams Medium
January 30, 2023 TRA-2023-5 Trend Micro Apex One fcgiOfcDDA.exe File Upload Vulnerability High CVE-2023-0587
January 23, 2023 TRA-2023-4 Delta Electronics InfraSuite Device Master Privilege Escalation High CVE-2023-0444
January 12, 2023 TRA-2023-3 Cross-Site Scripting vulnerabilities in Multiple WordPress Plugins Medium CVE-2023-23491
CVE-2023-23492
CVE-2023-0448
CVE-2023-28664
CVE-2023-28665
CVE-2023-28666
January 12, 2023 TRA-2023-2 SQL Injection in Multiple WordPress Plugins Critical CVE-2023-23488
CVE-2023-23489
CVE-2023-23490
CVE-2023-26325
CVE-2023-28659
CVE-2023-28660
CVE-2023-28661
CVE-2023-28662
CVE-2023-28663
January 9, 2023 TRA-2023-1 Command Injection in D-Link DWL-2600AP with firmware v4.2.0.17 Medium CVE-2023-0127
December 16, 2022 TRA-2022-37 NETGEAR Nighthawk WiFi6 Router Multiple Vulnerabilities Critical CVE-2022-47208
CVE-2022-47209
CVE-2022-47210
December 2, 2022 TRA-2022-36 NETGEAR Nighthawk WiFi6 Router Network Misconfiguration Medium CVE-2022-4390
November 21, 2022 TRA-2022-35 Denial of Service Vulnerability in Dropbox's JPEG Compression Tool, Lepton Low CVE-2022-4104
October 25, 2022 TRA-2022-33 Delta Electronics DIAEnergie Multiple Vulnerabilities Critical CVE-2022-43774
CVE-2022-43775
October 25, 2022 TRA-2022-34 SSRF in Metabase GeoJSON URL Medium CVE-2022-43776
September 26, 2022 TRA-2022-32 Advantech iView ConfigurationServlet setConfiguration SQL Injection Critical CVE-2022-3323
September 12, 2022 TRA-2022-31 VISAM VBASE v11.7.0.2 Credential Disclosure High CVE-2022-3217
September 1, 2022 TRA-2022-30 RStudio Connect Open Redirect Medium CVE-2022-38131
August 15, 2022 TRA-2022-29 Multiple Vulnerabilities in Eyes of Network Web version 5.3 High CVE-2022-38357
CVE-2022-38358
CVE-2022-38359
August 10, 2022 TRA-2022-28 Keysight Technologies Sensor Management Server Multiple RCE Vulnerabilities Critical CVE-2022-38129
CVE-2022-38130
July 15, 2022 TRA-2022-27 Microsoft Azure Arc Jumpstart Information Disclosure Medium CVE-2022-35798
July 12, 2022 TRA-2022-26 Microsoft Azure Site Recovery Privilege Escalation High CVE-2022-33675
July 6, 2022 TRA-2022-25 ManageEngine Multiple Products Remote Directory/File Creation Medium CVE-2022-35404
June 28, 2022 TRA-2022-24 Apple Safari Security Feature Bypass (Trusted Downloads) Low
June 15, 2022 TRA-2022-23 Schneider Electric IGSS Data Server v15.0.0.22139 Project Report Directory File Manipulation High CVE-2022-32528
June 15, 2022 TRA-2022-22 Schneider Electric IGSS Data Server Multiple Vulnerabilities Critical CVE-2022-32522
CVE-2022-32523
CVE-2022-32524
CVE-2022-32525
CVE-2022-32526
CVE-2022-32527
CVE-2022-32529
June 8, 2022 TRA-2022-21 XSS in Rustici Software SCORM Engine Medium CVE-2022-2035
June 6, 2022 TRA-2022-19 Microsoft Azure Synapse Analytics Hosts File Poisoning Low
June 6, 2022 TRA-2022-20 Microsoft Azure Synapse Analytics Privilege Escalation Critical
June 1, 2022 TRA-2022-18 Windows Azure Guest Agent Privilege Escalation Low
May 16, 2022 TRA-2022-17 Metasonic Doc WebClient SQL Injection Medium CVE-2022-1731
May 5, 2022 TRA-2022-16 Cross-site Scripting in webapp.kaiza.la and kaizala mobile app Medium
May 5, 2022 TRA-2022-15 Reflected Cross-Site Scripting in businesscenter.kaiza.la Medium
April 27, 2022 TRA-2022-14 ManageEngine Access Manager Plus REST API Restriction Bypass High CVE-2022-29081
April 19, 2022 TRA-2022-13 Schneider Electric IGSS Data Server v15.0.0.22073 Integer Overflow Critical CVE-2022-2329
April 14, 2022 TRA-2022-12 Information Disclosure in Gryphon Shepherd API Low
April 12, 2022 TRA-2022-11 PositiveGrid Spark API Multiple Vulnerabilities Low
April 6, 2022 TRA-2022-09 Command Injection Vulnerability in /bin/protest Binary on Multiple D-Link Routers Medium CVE-2022-1262
April 6, 2022 TRA-2022-10 Cross-Site Scripting in Odoo Apps via Prototype Pollution Medium
March 23, 2022 TRA-2022-08 XSS via angular template injection in manage.kaiza.la Medium
March 11, 2022 TRA-2022-07 Vulnerability in DVDFab Player Permits Attacker to Read Arbitrary Files in Windows Filesystem High CVE-2022-25216
February 28, 2022 TRA-2022-06 Zyxel Routers and Home WiFi Systems - Unprotected Root Access via UART Using Default Password High CVE-2021-35033
February 22, 2022 TRA-2022-05 Multiple Vulnerabilities in Trend Micro ServerProtect Critical CVE-2022-25329
CVE-2022-25330
CVE-2022-25331
February 14, 2022 TRA-2022-04 Microsoft Teams Session Token in URL (Zip Preview) Low
February 7, 2022 TRA-2022-03 Schneider Electric IGSS Data Collector Multiple Vulnerabilities High CVE-2021-22823
CVE-2021-22824
February 7, 2022 TRA-2022-02 Schneider Electric IGSS Data Server Multiple Vulnerabilities Critical CVE-2022-24310
CVE-2022-24314
February 1, 2022 TRA-2022-01 Unpatchable Vulnerabilities in Phicomm Router Firmware High CVE-2022-25214
CVE-2022-25215
CVE-2022-25217
CVE-2022-25218
CVE-2022-25219
CVE-2022-25213
December 30, 2021 TRA-2021-58 Bitmask Riseup Local Privilege Escalation High CVE-2021-44466
December 30, 2021 TRA-2021-57 Netgear Nighthawk R6700 Multiple Vulnerabilities High CVE-2021-20173
CVE-2021-20174
CVE-2021-20175
CVE-2021-23147
CVE-2021-45732
CVE-2021-45077
December 30, 2021 TRA-2021-56 Netgear Genie MacOS Installer Privilege Escalation Medium CVE-2021-20172
December 30, 2021 TRA-2021-55 Netgear Nighthawk RAX43 Multiple Vulnerabilities Critical CVE-2021-20166
CVE-2021-20167
CVE-2021-20168
CVE-2021-20169
CVE-2021-20170
CVE-2021-20171
December 30, 2021 TRA-2021-54 Trendnet AC2600 TEW-827DRU Multiple Vulnerabilities Critical CVE-2021-20149
CVE-2021-20150
CVE-2021-20151
CVE-2021-20152
CVE-2021-20153
CVE-2021-20154
CVE-2021-20155
CVE-2021-20156
CVE-2021-20157
CVE-2021-20158
CVE-2021-20159
CVE-2021-20160
CVE-2021-20161
CVE-2021-20162
CVE-2021-20163
CVE-2021-20164
CVE-2021-20165
December 30, 2021 TRA-2021-53 AutoDesk Meshmixer macOS Installer Local Privilege Escalation Medium
December 23, 2021 TRA-2021-52 ManageEngine SelfService Plus Multiple Vulnerabilities Medium CVE-2021-20147
CVE-2021-20148
December 7, 2021 TRA-2021-51 Multiple Vulnerabilities in Gryphon Tower Router Critical CVE-2021-20137
CVE-2021-20138
CVE-2021-20139
CVE-2021-20140
CVE-2021-20141
CVE-2021-20142
CVE-2021-20143
CVE-2021-20144
CVE-2021-20145
CVE-2021-20146
November 16, 2021 TRA-2021-50 Schneider Electric C-Gate Multiple Vulnerabilities High CVE-2021-22796
CVE-2021-22720
CVE-2021-22784
November 8, 2021 TRA-2021-49 Arris SurfBoard SB8200 Insecure Password Change Utility Medium CVE-2021-20119
October 29, 2021 TRA-2021-48 ManageEngine Log360 Database Configuration Overwrite Unauthenticated RCE Critical CVE-2021-20136
October 26, 2021 TRA-2021-47 CODESYS V2 Web Server Multiple Vulnerabilities Critical CVE-2021-34583
CVE-2021-34584
CVE-2021-34585
CVE-2021-34586
October 26, 2021 TRA-2021-46 Wishpond Connect.js Javascript Library Prototype Pollution Medium
October 20, 2021 TRA-2021-45 Arris SurfBoard SB8200 Cross Site Request Forgery High CVE-2021-20120
October 19, 2021 TRA-2021-44 Critical Vulnerabilities on the D-Link DIR-2640 Router High CVE-2021-20132
CVE-2021-20133
CVE-2021-20134
October 13, 2021 TRA-2021-43 ManageEngine ADManager Plus Build 7111 Multiple Vulnerabilities High CVE-2021-20130
CVE-2021-20131
October 12, 2021 TRA-2021-42 Multiple Vulnerabilities in Draytek VigorConnect 1.60.0-B3 Critical CVE-2021-20123
CVE-2021-20124
CVE-2021-20125
CVE-2021-20126
CVE-2021-20127
CVE-2021-20128
CVE-2021-20129
October 11, 2021 TRA-2021-41 Multiple Vulnerabilities in Telus Wi-Fi Hub Medium CVE-2021-20121
CVE-2021-20122
October 8, 2021 TRA-2021-40 Johnson Controls exacqVision Multiple Vulnerabilities Critical CVE-2021-27664
CVE-2021-27665
September 14, 2021 TRA-2021-39 Multiple Vulnerabilities in Tracki / Trackimo GPS Platform and application Medium
September 14, 2021 TRA-2021-38 Multiple Vulnerabilities in Optimus GPS Platform Medium
September 14, 2021 TRA-2021-37 Multiple Vulnerabilities in Spytec GPS platform Medium
September 14, 2021 TRA-2021-36 Multiple Vulnerabilities in LandAirSea SilverCloud GPS Platform Medium
August 19, 2021 TRA-2021-35 User Enumeration in GSuite Okta Integration Low
August 9, 2021 TRA-2021-34 Cisco Webex Universal Links Redirect Medium
August 9, 2021 TRA-2021-33 HPE Edgeline Infrastructure Manager Unauthenticated Information Disclosure Medium CVE-2021-26586
July 21, 2021 TRA-2021-32 Multiple Vulnerabilities in TCExam Critical CVE-2021-20111
CVE-2021-20112
CVE-2021-20113
CVE-2021-20114
CVE-2021-20115
CVE-2021-20116
July 16, 2021 TRA-2021-31 Manage Engine Asset Explorer Agent - Integer Overflow High CVE-2021-20110
July 16, 2021 TRA-2021-30 Manage Engine Heap Overflow POST payload High CVE-2021-20109
July 16, 2021 TRA-2021-29 Manage Engine Asset Explorer Agent - Remote DoS High CVE-2021-20108
July 12, 2021 TRA-2021-28 Schneider Electric Modicon M340 / M580 Authentication Bypass Vulnerability High CVE-2021-22779
July 12, 2021 TRA-2021-27 AWS EC2 macOS Local Privilege Escalation Medium
June 30, 2021 TRA-2021-26 Sloan Smart Faucet Unauthenticated BLE Medium CVE-2021-20107
June 28, 2021 TRA-2021-25 Machform Multiple Vulnerabilities High CVE-2021-20101
CVE-2021-20102
CVE-2021-20103
CVE-2021-20104
CVE-2021-20105
June 15, 2021 tra-2021-24 Multiple Vulnerabilities in Wibu-Systems CodeMeter Critical CVE-2021-20093
CVE-2021-20094
June 13, 2021 TRA-2021-23 Multiple vulnerabilities in Microsoft Power Apps (apps.powerapps.com, make.powerapps.com) Medium
June 9, 2021 TRA-2021-22 ManageEngine ServiceDesk Plus Authenticated RCE High CVE-2021-20081
June 2, 2021 TRA-2021-21 macOS Gatekeeper Bypass / Local Privilege Escalation Medium
June 2, 2021 TRA-2021-20 macOS Installer Local Privilege Escalation Medium
June 2, 2021 TRA-2021-19 Microsoft Teams macOS Installer Local Privilege Escalation Medium
May 21, 2021 TRA-2021-18 OpenOversight Multiple Vulnerabilities Medium CVE-2021-20096
May 19, 2021 TRA-2021-17 SecureDrop OSSEC Cross-Site Request Forgery Low
May 11, 2021 TRA-2021-16 LINE Private IP Address and Platform information Disclosure via GIFMagazine Medium
April 30, 2021 TRA-2021-15 HPE Edgeline Infrastructure Manager v1.21 Authentication Bypass Critical CVE-2021-29203
April 28, 2021 TRA-2021-14 Python-Babel/Babel Locale Directory Traversal / Arbitrary Code Execution Medium
April 23, 2021 TRA-2021-13 Multiple Vulnerabilities in Buffalo and Arcadyan manufactured routers High CVE-2021-20090
CVE-2021-20091
CVE-2021-20092
April 21, 2021 TRA-2021-12 Stored XSS in make.powerapps.com Medium
April 8, 2021 TRA-2021-11 ManageEngine ServiceDesk Plus and AssetExplorer - Unauthenticated Stored XSS Medium CVE-2021-20080
March 31, 2021 TRA-2021-10 ManageEngine OpManager Remote Directory Deletion Critical CVE-2021-20078
March 12, 2021 TRA-2021-09 Microsoft Teams services forwarding to untrusted domain Medium
March 8, 2021 TRA-2021-08 LINE Debugging Interface Information Disclosure Medium
March 1, 2021 TRA-2021-07 Dell EMC OpenManage Server Administrator Authentication Bypass Critical CVE-2021-21513
February 22, 2021 TRA-2021-06 Secomea GateManager Multiple Vulnerabilities High CVE-2020-29028
CVE-2020-29030
CVE-2020-29032
February 16, 2021 TRA-2021-05 JSDom Improper Loading of Local Resources Medium CVE-2021-20066
February 16, 2021 TRA-2021-04 Racom MIDGE Firmware Multiple Vulnerabilities High CVE-2021-20067
CVE-2021-20068
CVE-2021-20069
CVE-2021-20070
CVE-2021-20071
CVE-2021-20072
CVE-2021-20073
CVE-2021-20074
CVE-2021-20075
February 15, 2021 TRA-2021-03 IBM Spectrum Protect Operations Center 8.1.10 Multiple Vulnerabilities High CVE-2020-4954
CVE-2020-4955
CVE-2020-4956
February 4, 2021 TRA-2021-02 ManageEngine Applications Manager Authenticated SQLi High CVE-2020-35765
January 7, 2021 TRA-2021-01 Marvell QConvergeConsole GUI Multiple Vulnerabilities High CVE-2020-5804
CVE-2020-5805
December 28, 2020 TRA-2020-71 Rockwell Automation FactoryTalk Multiple Vulnerabilities High CVE-2020-5801
CVE-2020-5802
CVE-2020-5806
CVE-2020-5807
December 18, 2020 TRA-2020-70 Secomea GateManager Multiple Vulnerabilities Medium CVE-2020-29021
CVE-2020-29022
December 15, 2020 TRA-2020-69 Carbon Black Installer Multiple Vulnerabilities Medium CVE-2020-4008
December 6, 2020 TRA-2020-68 PsExec Local Privilege Escalation Medium
December 4, 2020 TRA-2020-67 Druva inSync Installer Privilege Escalation High CVE-2020-5798
December 4, 2020 TRA-2020-66 IBM Spectrum Protect Plus Static Credential Vulnerability Critical CVE-2020-4854
December 3, 2020 TRA-2020-65 Eat Spray Love Mobile App Multiple Vulnerabilities High CVE-2020-5799
CVE-2020-5800
November 23, 2020 TRA-2020-64 Cross-site Scripting via WHOIS and DNS records on multiple lookup platforms High
November 16, 2020 TRA-2020-63 Trend Micro InterScan Web Security Virtual Appliance Multiple Vulnerabilities High CVE-2020-28578
CVE-2020-28579
CVE-2020-28580
CVE-2020-28581
November 16, 2020 TRA-2020-62 Trend Micro Worry-Free Business Security Unauthenticated Remote File Deletion High CVE-2020-28574
November 13, 2020 TRA-2020-61 Nagios XI Local Privilege Escalation High CVE-2020-5796
November 5, 2020 TRA-2020-60 TP-Link Archer Routers USB Symlink Following Vulnerabilities Medium CVE-2020-5795
CVE-2020-5797
October 21, 2020 TRA-2020-59 Umbraco Cloud CMS Multiple Vulnerabilities Medium CVE-2020-5809
CVE-2020-5810
CVE-2020-5811
October 20, 2020 TRA-2020-58 Nagios XI Multiple Vulnerabilities Medium CVE-2020-5790
CVE-2020-5791
CVE-2020-5792
October 1, 2020 TRA-2020-57 Teltonika Gateway TRB245 Multiple Vulnerabilities Medium CVE-2020-5784
CVE-2020-5785
CVE-2020-5786
CVE-2020-5787
CVE-2020-5788
CVE-2020-5789
September 25, 2020 TRA-2020-56 Marvell QConvergeConsole GUI Multiple Vulnerabilities High CVE-2020-15643
CVE-2020-15644
CVE-2020-15645
CVE-2020-5803
September 22, 2020 TRA-2020-55 IgniteNet HeliOS GLinq v2.2.1 r2961 Multiple Vulnerabilities Medium CVE-2020-5781
CVE-2020-5782
CVE-2020-5783
September 14, 2020 TRA-2020-54 IBM Spectrum Protect Plus 10.1.6-1974 Multiple Vulnerabilities High CVE-2020-4711
CVE-2020-4703
September 9, 2020 TRA-2020-53 Unauthenticated email forgery/spoofing in WordPress Email Subscribers plugin High CVE-2020-5780
September 2, 2020 TRA-2020-52 Trading Technologies Messaging Multiple Unauthenticated Remote DoS High CVE-2020-5778
CVE-2020-5779
September 1, 2020 TRA-2020-51 MAGMI Multiple Vulnerabilities Medium CVE-2020-5777
CVE-2020-5776
August 28, 2020 TRA-2020-50 IBM Spectrum Protect CertQryResp Unauthenticated Remote DoS High CVE-2020-4559
August 11, 2020 TRA-2020-49 Canvas LMS Unauthenticated Blind SSRF Medium CVE-2020-5775
August 3, 2020 TRA-2020-48 Teltonika Gateway TRB245 Multiple Vulnerabilities High CVE-2020-5770
CVE-2020-5771
CVE-2020-5772
CVE-2020-5773
July 29, 2020 TRA-2020-47 Grandstream ATA HT800 Series Multiple Vulnerabilities Critical CVE-2020-5760
CVE-2020-5761
CVE-2020-5762
CVE-2020-5763
July 22, 2020 TRA-2020-46 CODESYS V3 Unauthenticated Webserver Memory Leak DoS High CVE-2020-15806
July 17, 2020 TRA-2020-45 Ubiquiti UniFi Protect Username Discovery Medium CVE-2020-8213
July 16, 2020 TRA-2020-44 Multiple Vulnerabilities in Icegram Email Subscribers & Newsletters Plugin for WordPress Medium CVE-2020-5767
CVE-2020-5768
July 16, 2020 TRA-2020-43 Teltonika Gateway TRB245 Stored Cross-site Scripting Low CVE-2020-5769
July 10, 2020 TRA-2020-42 SQL Injection in SRS Simple Hits Counter Plugin for WordPress Medium CVE-2020-5766
July 7, 2020 TRA-2020-41 MX Player Android App Directory Traversal High CVE-2020-5764
June 23, 2020 TRA-2020-40 Grandstream UCM6200 Series Multiple Authenticated RCE Critical CVE-2020-5757
CVE-2020-5758
CVE-2020-5759
June 23, 2020 TRA-2020-39 Grandstream GWN7000 Authenticated Command Execution Critical CVE-2020-5756
June 19, 2020 TRA-2020-38 VMware Tools Denial of Service Medium CVE-2020-3972
June 15, 2020 TRA-2020-37 IBM Spectrum Protect Plus Multiple Vulnerabilities Critical CVE-2020-4469
CVE-2020-4470
CVE-2020-4471
June 15, 2020 TRA-2020-36 Webroot Multiple Vulnerabilities High CVE-2020-5754
CVE-2020-5755
June 15, 2020 TRA-2020-35 Plex Media Server Weak CORS Policy Medium CVE-2020-5742
May 21, 2020 TRA-2020-34 Druva inSync Windows Client Local Privilege Escalation (CVE-2019-3999 Patch Bypass) High CVE-2020-5752
May 19, 2020 TRA-2020-33 Signal App Information Disclosure Low CVE-2020-5753
May 7, 2020 TRA-2020-32 Plex Media Server Authenticated Python Deserialization / RCE (Windows) Medium CVE-2020-5741
May 7, 2020 TRA-2020-31 TCExam Multiple Vulnerabilities Medium CVE-2020-5743
CVE-2020-5744
CVE-2020-5745
CVE-2020-5746
CVE-2020-5747
CVE-2020-5748
CVE-2020-5749
CVE-2020-5750
CVE-2020-5751
May 4, 2020 TRA-2020-30 Instacart SMS Link Spoofing Vulnerability Medium
May 1, 2020 TRA-2020-29 SimpliSafe SS3 PIN Add Using Rogue Keypad Low CVE-2020-5727
April 27, 2020 TRA-2020-28 Flexera FlexNet Publisher lmadmin Message 282 Remote DoS Medium CVE-2020-12080
April 22, 2020 TRA-2020-27 Ubiquiti UniFi Cloud Key - Unprotected root UART Access High CVE-2020-8157
April 22, 2020 TRA-2020-26 IBM Spectrum Protect Verb 134 Unauthenticated Remote Stack Overflow Critical CVE-2020-4415
April 21, 2020 TRA-2020-25 Plex Media Server Local Privilege Escalation (Windows) High CVE-2020-5740
April 15, 2020 TRA-2020-24 Cisco IP Phones Web Server Multiple Vulnerabilities Critical CVE-2020-3161
CVE-2016-1421
April 15, 2020 TRA-2020-23 MikroTik WinBox Cleartext Password Storage Low CVE-2020-5721
April 13, 2020 TRA-2020-22 Grandstream GXP1600 Series Multiple Issues Critical CVE-2020-5738
CVE-2020-5739
April 9, 2020 TRA-2020-21 Ubiquiti Unifi Cloud Key Gen2 Plus Unauthenticated Hostname Modification Medium CVE-2020-8148
April 7, 2020 TRA-2020-20 Amcrest Camera/NVR Multiple Vulnerabilities Critical CVE-2020-5735
CVE-2020-5736
April 6, 2020 TRA-2020-19 SolarWinds Dameware DoS High CVE-2020-5734
April 3, 2020 TRA-2020-18 OpenMRS Multiple Vulnerabilities Medium CVE-2020-5728
CVE-2020-5729
CVE-2020-5730
CVE-2020-5731
CVE-2020-5732
CVE-2020-5733
March 30, 2020 TRA-2020-17 Grandstream UCM62xx Multiple SQL Injections Medium CVE-2020-5723
CVE-2020-5724
CVE-2020-5725
CVE-2020-5726
March 25, 2020 TRA-2020-16 CODESYS V3 Unauthenticated Remote Heap Overflow Critical CVE-2020-10245
March 23, 2020 TRA-2020-15 Grandstream UCM62xx SQL Injection Critical CVE-2020-5722
March 12, 2020 TRA-2020-14 Kodi Multiple Issues High
February 26, 2020 TRA-2020-13 Advantech WebAccess/SCADA Unauthenticated Remote Heap Buffer Overflow Critical
February 25, 2020 TRA-2020-12 Druva inSync Client Multiple Vulnerabilities High CVE-2019-3999
CVE-2019-4000
CVE-2019-4001
February 19, 2020 TRA-2020-11 Palo Alto Expedition Migration Tool Insufficient XSRF Protection High CVE-2020-1977
February 18, 2020 TRA-2020-10 Siemens TIA Portal Denial of Service High CVE-2019-19282
February 13, 2020 TRA-2020-09 SimpliSafe SS3 Unauthenticated Wi-Fi Config Modification Low CVE-2019-3998
February 9, 2020 TRA-2020-08 Microsoft Windows User Group Policy Bypass Medium
February 6, 2020 TRA-2020-07 MikroTik WinBox Path Traversal Medium CVE-2020-5720
February 3, 2020 TRA-2020-06 Atlassian Jira CSRF Medium CVE-2019-20100
February 3, 2020 TRA-2020-05 Atlassian Jira Multiple CSRF Medium CVE-2019-20098
CVE-2019-20099
January 23, 2020 TRA-2020-04 CODESYS V3 Denial of Service High CVE-2020-7052
January 16, 2020 TRA-2020-03 SimpliSafe SS3 Unauthenticated Keypad Pairing Vulnerability Low CVE-2019-3997
January 15, 2020 TRA-2020-02 HPE Smart Update Manager 8.4.5 Remote Unauthorized Access Critical
January 14, 2020 TRA-2020-01 MikroTik WinBox Man-in-the-Middle Password Hash Disclosure Medium CVE-2019-3981
December 26, 2019 TRA-2019-54 Microsoft Teams Multiple Vulnerabilities Medium
December 12, 2019 TRA-2019-53 ELOG Multiple Vulnerabilities High CVE-2019-3992
CVE-2019-3993
CVE-2019-3994
CVE-2019-3995
CVE-2019-3996
December 11, 2019 TRA-2019-52 Advantech WebAccess/SCADA Stack Buffer Overflow Critical CVE-2019-3951
December 5, 2019 TRA-2019-51 Blink XT2 Sync Module Multiple Vulnerabilities High CVE-2019-3983
CVE-2019-3984
CVE-2019-3985
CVE-2019-3986
CVE-2019-3987
CVE-2019-3988
CVE-2019-3989
December 3, 2019 TRA-2019-50 Harbor.io User Enumeration Vulnerability Medium CVE-2019-3990
November 20, 2019 TRA-2019-49 Schneider Electric FLM v2.3.1.0 / FlexNet Publisher 11.6.2 Multiple Vulnerabilities High
November 20, 2019 TRA-2019-48 CODESYS V3 Unauthenticated Remote Heap Buffer Overflow Critical CVE-2019-18858
November 6, 2019 TRA-2019-47 Qualcomm Atheros Universal WLAN Kernel Memory Disclosure Medium CVE-2019-10618
October 28, 2019 TRA-2019-46 MikroTik RouterOS Multiple Vulnerabilities High CVE-2019-3976
CVE-2019-3977
CVE-2019-3978
CVE-2019-3979
October 17, 2019 TRA-2019-45 Cisco TelePresence Advanced Media Gateway 3610 Denial of Service Medium CVE-2019-15966
October 15, 2019 TRA-2019-44 Cisco SPA100 Series Multiple Vulnerabilities Critical CVE-2019-15240
CVE-2019-15241
CVE-2019-15242
CVE-2019-15243
CVE-2019-15244
CVE-2019-15245
CVE-2019-15246
CVE-2019-15247
CVE-2019-15248
CVE-2019-15249
CVE-2019-15250
CVE-2019-15251
CVE-2019-15252
CVE-2019-15257
CVE-2019-15258
CVE-2019-12702
CVE-2019-12703
CVE-2019-12704
CVE-2019-12708
September 30, 2019 TRA-2019-43 SolarWinds Dameware Mini Remote Control Unauthenticated RCE Critical CVE-2019-3980
September 25, 2019 TRA-2019-42 HPE iMC 7.3 E0703 Multiple Vulnerabilities Critical CVE-2019-5390
CVE-2019-5391
September 10, 2019 TRA-2019-41 Advantech WebAccess/SCADA 8.4.1 Unauthenticated Remote Stack Buffer Overflow Critical CVE-2019-3975
August 19, 2019 TRA-2019-40 OpenEMR Multiple Vulnerabilities High CVE-2019-3963
CVE-2019-3964
CVE-2019-3965
CVE-2019-3966
CVE-2019-3967
CVE-2019-3968
August 12, 2019 TRA-2019-39 Apple macOS / iOS UIFoundation Vulnerability Medium
August 2, 2019 TRA-2019-38 macOS LaunchServices Denial of Service Medium
July 30, 2019 TRA-2019-37 WallacePOS Multiple Vulnerabilities Medium CVE-2019-3958
CVE-2019-3959
CVE-2019-3960
July 29, 2019 TRA-2019-36 Amcrest IP Camera Multiple Vulnerabilities Medium CVE-2019-3948
July 17, 2019 TRA-2019-35 Jenkins Path Traversal / Arbitrary File Write Medium CVE-2019-10352
July 15, 2019 TRA-2019-34 Comodo Antivirus Multiple Vulnerabilities Medium CVE-2019-3969
CVE-2019-3970
CVE-2019-3971
CVE-2019-3972
CVE-2019-3973
July 8, 2019 TRA-2019-33 Siemens TIA Portal (STEP7) Remote Code Execution Critical CVE-2019-10915
July 2, 2019 TRA-2019-32 Citrix SD-WAN Appliance Multiple Vulnerabilities Critical CVE-2019-12989
CVE-2019-12991
July 2, 2019 TRA-2019-31 Citrix SD-WAN Center Multiple Vulnerabilities Critical CVE-2019-12985
CVE-2019-12986
CVE-2019-12987
CVE-2019-12988
CVE-2019-12990
CVE-2019-12992
July 1, 2019 TRA-2019-30 Arlo Basestation Firmware Multiple Vulnerabilities High CVE-2019-3949
CVE-2019-3950
June 19, 2019 TRA-2019-29 Cisco RV110W, RV130W, and RV215W Routers Multiple Vulnerabilities Medium CVE-2019-1897
CVE-2019-1898
CVE-2019-1899
June 18, 2019 TRA-2019-28 Multiple Advantech WebAccess Vulnerabilities Critical CVE-2019-3953
CVE-2019-3954
June 11, 2019 TRA-2019-27 Fuji Electric V-Server Denial of Service and Information Disclosure Medium CVE-2019-3946
CVE-2019-3947
June 6, 2019 TRA-2019-26 Dameware Remote Mini Controller Multiple Vulnerabilities High CVE-2019-3955
CVE-2019-3956
CVE-2019-3957
June 3, 2019 TRA-2019-25 Zsh Multiple Denial of Service Vulnerabilities Low
May 29, 2019 TRA-2019-24 Chromium Dev Tools Crash Low
May 7, 2019 TRA-2019-23 Slack Desktop Application for Windows Download Hijack Medium
May 7, 2019 TRA-2019-22 Parrot ANAFI Drone Denial of Service Medium CVE-2019-3944
CVE-2019-3945
May 1, 2019 TRA-2019-21 Cisco Small Business Switch Security Feature Bypass High CVE-2019-1859
April 30, 2019 TRA-2019-20 OEM Presentation Platform Vulnerabilities Critical CVE-2019-3925
CVE-2019-3926
CVE-2019-3927
CVE-2019-3928
CVE-2019-3929
CVE-2019-3930
CVE-2019-3931
CVE-2019-3932
CVE-2019-3933
CVE-2019-3934
CVE-2019-3935
CVE-2019-3936
CVE-2019-3937
CVE-2019-3938
CVE-2019-3939
CVE-2017-16709
April 11, 2019 TRA-2019-19 Palo Alto Expedition Migration Tool 1.1.12 and earlier - XSS Low CVE-2019-1574
April 10, 2019 TRA-2019-18 Citrix SD-WAN Center and NetScaler SD-WAN Center Unauthenticated Remote Command Injection Critical CVE-2019-10883
April 9, 2019 TRA-2019-17 Verizon Fios Quantum Gateway Multiple Vulnerabilities High CVE-2019-3914
CVE-2019-3915
CVE-2019-3916
April 8, 2019 TRA-2019-16 MikroTik RouterOS Authenticated Directory Traversal High CVE-2019-3943
April 4, 2019 TRA-2019-15 Multiple Advantech WebAccess Vulnerabilities Critical CVE-2019-3940
CVE-2019-3941
CVE-2019-3942
March 27, 2019 TRA-2019-14 FileZilla 'fzsftp' Untrusted Search Path Medium CVE-2019-5429
March 22, 2019 TRA-2019-13 Palo Alto Expedition Migration Tool 1.1.8 and earlier - Multiple XSS Low CVE-2019-1569
CVE-2019-1570
CVE-2019-1571
March 20, 2019 TRA-2019-12 HPE iMC 7.3 E0605P06 Multiple Vulnerabilities Critical CVE-2019-5390
CVE-2019-5391
March 4, 2019 TRA-2019-11 RSLinx Classic Stack Buffer Overflow Critical CVE-2019-6553
March 1, 2019 TRA-2019-10 Palo Alto Expedition Migration Tool Stored XSS Low CVE-2019-1567
February 27, 2019 TRA-2019-09 Nokia GPON ONT Multiple Vulnerabilities Critical CVE-2019-3917
CVE-2019-3918
CVE-2019-3919
CVE-2019-3920
CVE-2019-3921
CVE-2019-3922
February 20, 2019 TRA-2019-08 SonicOS Improper Certificate Access Medium CVE-2018-9867
February 12, 2019 TRA-2019-07 MikroTik RouterOS Unauthenticated Intermediary Medium CVE-2019-3924
February 4, 2019 TRA-2019-06 Rockwell Automation EWEB SNMP Denial of Service Medium CVE-2018-19016
February 4, 2019 TRA-2019-05 Crestron DGE-100 Unauthenticated Remote Denial of Service High
February 4, 2019 TRA-2019-04 Indusoft Web Studio and InTouch Edge HMI Remote Code Execution Critical CVE-2019-6545
CVE-2019-6543
January 24, 2019 TRA-2019-03 LabKey Server Community Edition Multiple Vulnerabilities Medium CVE-2019-3911
CVE-2019-3912
CVE-2019-3913
January 10, 2019 TRA-2019-02 [R1] Crestron AM-100 Authentication Bypass Critical CVE-2019-3910
January 8, 2019 TRA-2019-01 [R3] Multiple Premisys Identicard Vulnerabilities Critical CVE-2019-3906
CVE-2019-3907
CVE-2019-3908
CVE-2019-3909
December 20, 2018 TRA-2018-48 [R2] Netatalk Out-of-bounds Write Critical CVE-2018-1160
December 19, 2018 TRA-2018-47 [R2] Logitech Harmony Hub Multiple Vulnerabilities High CVE-2018-15720
CVE-2018-15721
CVE-2018-15722
CVE-2018-15723
December 19, 2018 TRA-2018-46 [R1] Cisco Adaptive Security Appliance HTTP Privilege Escalation High CVE-2018-15465
December 14, 2018 TRA-2018-45 [R2] Advantech WebAccess Stack Buffer Overflow Critical CVE-2018-18999
December 12, 2018 TRA-2018-44 [R1] Open Dental Multiple Vulnerabilities Critical CVE-2018-15717
CVE-2018-15718
CVE-2018-15719
December 5, 2018 TRA-2018-43 [R2] Jenkins Forced Migration of User Records Medium CVE-2018-1000863
December 5, 2018 TRA-2018-42 [R1] Cisco Energy Management Suite Default PostgreSQL Credentials Medium CVE-2018-0468
November 29, 2018 TRA-2018-41 [R1] NUUO NVRMini2 Authenticated Command Injection Critical CVE-2018-15716
November 29, 2018 TRA-2018-40 [R2] Zoom Message Spoofing Critical CVE-2018-15715
November 26, 2018 TRA-2018-39 [R1] Multiple HPE Moonshot Provisioning Manager Vulnerabilities High
November 26, 2018 TRA-2018-38 [R1] Multiple Schneider Electric Modicon Quantum Vulnerabilities Critical CVE-2018-7809
CVE-2018-7810
CVE-2018-7811
CVE-2018-7830
CVE-2018-7831
November 13, 2018 TRA-2018-37 [R2] Nagios XI Multiple Vulnerabilities High CVE-2018-15708
CVE-2018-15709
CVE-2018-15710
CVE-2018-15711
CVE-2018-15712
CVE-2018-15713
CVE-2018-15714
November 9, 2018 TRA-2018-36 [R1] Cisco Energy Management Suite Multiple Vulnerabilities Critical CVE-2018-15444
CVE-2018-15445
October 31, 2018 TRA-2018-35 [R1] Multiple Advantech WebAccess Vulnerabilities Critical CVE-2018-15705
CVE-2018-15706
CVE-2018-15707
October 30, 2018 TRA-2018-34 [R1] Multiple Vulnerabilities in AVEVA Indusoft Web Studio and InTouch Edge HMI Critical CVE-2018-17914
CVE-2018-17916
October 18, 2018 TRA-2018-33 [R1] Multiple Advantech WebAccess Vulnerabilities High CVE-2018-15703
CVE-2018-15704
October 17, 2018 TRA-2018-32 [R1] Multiple Oracle WebLogic Docker Password Disclosures Medium CVE-2018-3213
October 17, 2018 TRA-2018-31 [R1] Multiple Oracle GoldenGate Manager Vulnerabilities Critical CVE-2018-2912
CVE-2018-2913
CVE-2018-2914
October 12, 2018 TRA-2018-30 [R1] IBM WebSphere Application Server Admin Console File Disclosure Medium CVE-2018-1770
October 10, 2018 TRA-2018-29 [R1] Multiple Jenkins Vulnerabilities Medium
October 9, 2018 TRA-2018-28 [R3] HPE Intelligent Management Center Multiple Vulnerabilities Critical CVE-2018-7116
CVE-2018-7121
CVE-2018-7122
CVE-2018-7123
CVE-2019-5392
CVE-2019-5393
October 1, 2018 TRA-2018-27 [R1] TP-Link TL-WRN841N Multiple Vulnerabilities Critical CVE-2018-15700
CVE-2018-15701
CVE-2018-15702
September 20, 2018 TRA-2018-26 [R1] RSLinx Classic Buffer Overflows Critical CVE-2018-14821
CVE-2018-14829
September 17, 2018 TRA-2018-25 [R2] Multiple NUUO NVRMini2 Vulnerabilities Critical CVE-2018-1149
CVE-2018-1150
September 10, 2018 TRA-2018-24 [R1] HPE Intelligent Management Center Stack Buffer Overflow Critical CVE-2018-7115
September 10, 2018 TRA-2018-23 [R1] Advantech WebAccess Remote Code Execution Critical CVE-2017-16720
August 24, 2018 TRA-2018-22 [R1] Multiple ASUSTOR Data Master Vulnerabilities High CVE-2018-15694
CVE-2018-15695
CVE-2018-15696
CVE-2018-15697
CVE-2018-15698
CVE-2018-15699
August 22, 2018 TRA-2018-21 [R1] Mikrotik RouterOS Multiple Authenticated Vulnerabilities Critical CVE-2018-1156
CVE-2018-1157
CVE-2018-1158
CVE-2018-1159
August 21, 2018 TRA-2018-20 [R2] Cisco Data Center Network Manager Authenticated Path Traversal Medium CVE-2018-0464
July 18, 2018 TRA-2018-19 [R1] AVEVA InduSoft Web Studio and InTouch Machine Edition Remote Code Execution Critical CVE-2018-10620
June 15, 2018 TRA-2018-18 [R1] Burp Suite Community Edition Improper Certificate Validation Medium CVE-2018-1153
June 14, 2018 TRA-2018-17 [R1] libturbo-jpeg Denial of Service Medium CVE-2018-1152
June 12, 2018 TRA-2018-16 [R1] GlassFish 4.x Denial of Service High
June 11, 2018 TRA-2018-15 [R2] HPE Moonshot Provisioning Manager Arbitrary File Move High CVE-2018-7072
CVE-2018-7073
June 11, 2018 TRA-2018-14 [R1] Western Digital TV Media Player and Live Hub Unauthenticated RCE Critical CVE-2018-1151
June 8, 2018 TRA-2018-13 [R2] IBM Netezza Appliance Local Privilege Escalation High CVE-2018-1460
May 4, 2018 TRA-2018-12 [R1] Cylance PROTECT Missing SSL Certificate Verification Medium
May 4, 2018 TRA-2018-11 [R1] Cisco Prime Data Center Network Manager Remote Code Execution Critical CVE-2018-0258
May 4, 2018 TRA-2018-10 [R1] Trend Micro Smart Protection Server Denial of Service High CVE-2018-6237
May 4, 2018 TRA-2018-09 [R1] OpenVPN Windows Service Double Free High CVE-2018-9336
April 12, 2018 TRA-2018-08 [R1] Belkin N750 F9K1103 v1 Multiple Vulnerabilities Critical CVE-2018-1143
CVE-2018-1144
CVE-2018-1145
CVE-2018-1146
April 6, 2018 TRA-2018-07 [R3] Schneider Electric InduSoft Web Studio and InTouch Machine Edition Remote Code Execution Critical CVE-2018-8840
March 28, 2018 TRA-2018-06 [R1] Cisco IOS and IOS XE Multiple Memory Corruption Vulnerabilities High CVE-2018-0172
CVE-2018-0173
CVE-2018-0174
February 26, 2018 TRA-2018-05 [R1] Micro Focus Operations Orchestrations Information Disclosure and Remote Denial of Service High CVE-2018-6490
February 26, 2018 TRA-2018-04 [R3] Check Point Gaia OS Privilege Escalation Medium
February 15, 2018 TRA-2018-03 [R2] EMC VASA Virtual Appliance Default Creds and Arbitrary File Upload Critical CVE-2018-1216
CVE-2018-1215
January 29, 2018 TRA-2018-02 [R1] NetGain Enterprise Manager Multiple Remote Vulnerabilities High CVE-2017-17406
CVE-2017-16610
CVE-2017-16607
CVE-2017-16609
CVE-2017-16608
January 29, 2018 TRA-2018-01 [R1] HPE Intelligent Management Center (iMC) PLAT Java RMI RCE High CVE-2017-5792
November 21, 2017 TRA-2017-37 [R1] gSOAP HTTP DIME Parsing Denial of Service Medium
November 21, 2017 TRA-2017-36 [R1] Firebird fbudf Module Authenticated Remote Code Execution Critical CVE-2017-11509
November 20, 2017 TRA-2017-35 [R2] Verizon Fios Quantum Gateway G1100 Remote Information Disclosure Medium
November 20, 2017 TRA-2017-34 [R1] Siemens SIMATIC Logon Denial of Service Medium CVE-2017-9938
November 10, 2017 TRA-2017-33 [R1] Wanscam Network Camera Multiple Vulnerabiltiies Medium CVE-2017-11510
November 9, 2017 TRA-2017-32 [R1] HPE Universal Configuration Management Database Multiple Vulnerabilities Critical CVE-2017-14351
CVE-2017-14353
CVE-2017-14354
November 8, 2017 TRA-2017-31 [R1] ManageEngine ServiceDesk Multiple Vulnerabilties High CVE-2017-11511
CVE-2017-11512
November 7, 2017 TRA-2017-30 [R1] HPE System Management Homepage Remote Denial of Service High CVE-2017-12545
November 7, 2017 TRA-2017-29 [R1] Advantech WebAccess SQL Injection Critical CVE-2017-12710
November 7, 2017 TRA-2017-28 [R1] HPE Operations Orchestration Central Remoting Java Deserialization Remote Code Execution High CVE-2017-8994
November 7, 2017 TRA-2017-27 [R1] HPE Intelligent Management Center SOM Module Remote File Disclosure Medium CVE-2017-12555
November 6, 2017 TRA-2017-26 [R1] HP Data Protector Multiple Remote Vulnerabilities High CVE-2017-5807, CVE-2017-5808
November 6, 2017 TRA-2017-25 [R2] HPE Operations Orchestration Incomplete Fix for CVE-2016-8519 High CVE-2017-8994
November 6, 2017 TRA-2017-24 [R1] Ecava IntegraXor SQL Injection Remote Code Execution High CVE-2017-6050
November 3, 2017 TRA-2017-23 [R1] Cisco Security Manager and Prime LMS Java Deserialization Remote Code Execution Critical CVE-2015-6420
November 2, 2017 TRA-2017-22 [R1] ReadyMedia HTTP Request Denial of Service High
November 2, 2017 TRA-2017-21 [R1] Check_MK Multisite Web UI Reflected XSS Medium CVE-2017-9781
November 2, 2017 TRA-2017-20 [R2] Check_MK Multisite Web UI Stored and Reflected XSS Medium CVE-2017-11507
May 2, 2017 TRA-2017-19 [R1] Kaa IoT Platform SdkServlet / RecordServlet Java Object Deserialization Remote Code Execution High CVE-2017-7911
April 26, 2017 TRA-2017-18 [R1] HP Intelligent Management Center (iMC) Platform euplat RMI Registry Java Deserialization Remote Code Execution Critical CVE-2017-5792
April 19, 2017 TRA-2017-17 [R1] ManageEngine ServiceDesk Plus AuthError.jsp ErrorMsg Parameter Reflected XSS Medium
April 18, 2017 TRA-2017-16 [R1] Oracle WebLogic Server Web Container Subcomponent Reflected PartItem File Manipulation Remote Code Execution Critical CVE-2017-3531
March 30, 2017 TRA-2017-15 [R2] NetIQ Sentinel Multiple Remote Vulnerabilities High CVE-2017-5184
CVE-2017-5185
March 25, 2017 TRA-2017-14 [R1] Cisco Unified Customer Voice Portal Java Deserialization Remote Code Execution Critical CVE-2015-6420
March 18, 2017 TRA-2017-13 [R1] HPE LoadRunner libxdrutil.dll mxdr_string() Function XDR String Handling Remote Heap Buffer Overflow Critical CVE-2017-5789
March 16, 2017 TRA-2017-12 [R1] HP Intelligent Management Center (iMC) Platform /imc/fault/accessMgrServlet Java Deserialization Remote Code Execution Critical CVE-2017-5790
March 15, 2017 TRA-2017-11 [R1] Sophos XG Firewall login.jsp utype Parameter Reflected XSS Medium
March 13, 2017 TRA-2017-10 [R1] Debian MediaTomb (fork) Multiple Remote Vulnerabilities Critical CVE-2012-5958
CVE-2012-5959
CVE-2012-5960
CVE-2016-6255
CVE-2016-8863
February 1, 2017 TRA-2017-09 [R2] HP Intelligent Management Center (iMC) Platform /rptviewer/servlets/redirectviewer Multiple Remote Issues High CVE-2016-8525
CVE-2016-8530
January 26, 2017 TRA-2017-08 [R1] Portable SDK for UPnP Devices (libupnp) glibc Implementation getaddrinfo() Function Remote Stack Overflow Critical CVE-2015-7547
January 25, 2017 TRA-2017-07 [R1] Oracle WebLogic RMI Registry UnicastRef Object Java Deserialization Remote Code Execution Critical CVE-2017-3248
January 23, 2017 TRA-2017-06 [R1] ManageEngine ADAudit Plus Multiple Vulnerabilities High
January 20, 2017 TRA-2017-05 [R1] HP Operations Orchestration (HP OO) /oo/backwards-compatibility/wsExecutionBridgeService Jaa Deserialization Remote Code Execution Critical CVE-2016-8519
January 19, 2017 TRA-2017-04 [R1] Advantech WebAccess Multiple Vulnerabilities High CVE-2017-5152
CVE-2017-5154
January 18, 2017 TRA-2017-03 [R2] Oracle Outside In Content Access vspdf.dll Multiple Remote DoS Medium CVE-2017-3294
CVE-2017-3295
January 11, 2017 TRA-2017-02 [R2] Sophos Web Protection Appliance ftp_redirect.php s Parameter Reflected XSS Medium CVE-2017-9523
January 9, 2017 TRA-2017-01 [R1] Liferay CE Portal /api/liferay Java Deserialization Blacklist Bypass Remote Code Execution Critical
December 11, 2016 TRA-2016-39 [R1] Hewlett Packard Network Automation RPCServlet Arbitrary Code Execution High CVE-2016-8511
December 5, 2016 TRA-2016-38 [R1] Cisco Prime Collaboration Provisioning Restricted CLI Bypass Local Privilege Escalation Medium CVE-2016-1320
November 29, 2016 TRA-2016-37 [R2] Dell SonicWALL /appliance/license.jsp Serial Number Disclosure Remote Privilege Escalation Medium
November 28, 2016 TRA-2016-36 [R1] ManageEngine OpManager NMS Server Multiple Vulnerabilities Critical
November 25, 2016 TRA-2016-35 [R1] WISE Server Commons Collection / FileUpload Java Deserialization Remote Command Execution Critical
November 16, 2016 TRA-2016-34 [R1] VMWare vRealize Operations Manager Appliance Multiple Vulnerabilities Chained Remote Code Execution High CVE-2016-7462
November 1, 2016 TRA-2016-33 [R1] Oracle WebLogic Server Commons DiskFileItem Remote File Manipulation Critical CVE-2016-5535
October 29, 2016 TRA-2016-32 [R1] HP System Management Homepage (SMH) Multiple Remote Stack Buffer Overflows High CVE-2016-4395
CVE-2016-4396
October 21, 2016 TRA-2016-31 [R1] ManageEngine ADAudit Plus Obfuscated Cookie Password Disclosure Low
October 17, 2016 TRA-2016-30 [R1] Novell NetIQ Sentinel Commons DiskFileItem RMI Java Deserialization Remote File Creation / Manipulation Critical CVE-2016-1000031
October 6, 2016 TRA-2016-29 [R2] Citrix License Server / Flexera FlexNet Publisher lmadmin.exe 2F Packet Handling Remote DoS Medium CVE-2016-6273
September 26, 2016 TRA-2016-28 [R2] CloudView NMS Multiple Remote Vulnerabilities High
September 22, 2016 TRA-2016-27 [R1] Hewlett Packard Network Automation RMI Registry Port Java Deserialization Remote Code Execution Critical CVE-2016-4385
September 21, 2016 TRA-2016-26 [R1] HP LoadRunner Multiple Remote DoS High CVE-2016-4384
CVE-2016-4361
September 14, 2016 TRA-2016-25 [R1] Red5 Server RMI Registry /red5 Java Deserialization Remote Code Execution Critical
August 18, 2016 TRA-2016-24 [R1] PowerFolder Multiple Remote Vulnerabilities Critical
August 12, 2016 TRA-2016-23 [R4] Apache Wicket DiskFileItem Java Deserialization Remote File Manipulation Medium CVE-2013-2186
CVE-2016-1000031
CVE-2016-6793
July 20, 2016 TRA-2016-22 [R2] Red Hat JBoss Operations Network /jboss-remoting-servlet-invoker/ServerInvokerServlet Jython Deserialization Remote Code Execution Critical CVE-2016-3737
CVE-2016-6330
July 19, 2016 TRA-2016-21 [R1] Oracle WebLogic Server weblogic.corba.utils.MarshallObject Java Deserialization Remote Code Execution Critical CVE-2016-3510
July 8, 2016 TRA-2016-20 [R2] Pivotal Spring Framework HttpInvokerServiceExporter readRemoteInvocation Method Untrusted Java Deserialization Critical CVE-2016-1000027
June 28, 2016 TRA-2016-19 [R1] Palo Alto Networks PAN-OS /api Multiple Parameter Handling Remote DoS Medium
June 27, 2016 TRA-2016-18 [R1] IBM iAccess for Windows i Navigator Encoded Windows Admin Password Local Disclosure Low CVE-2016-0287
June 13, 2016 TRA-2016-17 [R2] HP Loadrunner / HP Performance Center Virtual Table Server (VTS) \web\admin\data.js Remote File Deletion High CVE-2016-4360
June 13, 2016 TRA-2016-16 [R2] HP LoadRunner mchan.dll Shared Memory Object Name Construction Remote Stack Buffer Overflow High CVE-2016-4359
May 17, 2016 TRA-2016-15 [R1] Ipswitch WhatsUp Gold WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection Medium CVE-2016-1000000
May 5, 2016 TRA-2016-14 [R1] HP System Management Homepage (SMH) mod_smh_config.so AddCertsToTrustCfgList() Function X.509 Certificate Subject Common Name Handling Remote DoS Low
May 3, 2016 TRA-2016-13 [R1] Core FTP Server Path Traversal Arbitrary File/Directory Access Medium
April 20, 2016 TRA-2016-12 [R3] Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution (LOBSTER) Critical CVE-2016-1000031
April 20, 2016 TRA-2016-11 [R1] Oracle MySQL Enterprise Monitor Multiple Library readObject() Function Java Object Deserialization Remote Code Execution High CVE-2016-3461
April 19, 2016 TRA-2016-10 [R2] ManageEngine OpManager / Service Desk Multiple Vulnerabilities High CVE-2016-82014
CVE-2016-82015
April 19, 2016 TRA-2016-09 [R1] Oracle WebLogic ClassFilter.class ServerChannelInputStream Bypass Java Deserialization Remote Code Execution Critical CVE-2016-0638
CVE-2015-4829
April 15, 2016 TRA-2016-08 [R1] Cisco Unified Computing System - Multiple Vulnerabilities Medium CVE-2016-1339
CVE-2016-1340
April 13, 2016 TRA-2016-07 [R1] Microsoft Windows 10 lsass.exe Empty SID Lookup Handling Remote DoS Medium CVE-2016-0135
April 5, 2016 TRA-2016-06 [R1] Cisco Multiple Routers Fragmented IKEv2 Packet Handling Remote Integer Overflow High CVE-2016-1344
March 29, 2016 TRA-2016-05 [R1] Barco ClickShare Multiple Script Remote Command Execution High CVE-2015-6532
CVE-2015-6533
March 28, 2016 TRA-2016-04 [R2] Cisco IOS Smart Install Client Feature Config / Boot Image File List Upload Remote Code Execution High CVE-2015-6264
CVE-2016-1349
March 24, 2016 TRA-2016-03 [R1] Microsoft Windows DNS Server dns.exe answerIQuery() Function Remote Buffer Overflow Medium CVE-2016-82007
March 14, 2016 TRA-2016-02 [R1] HP Operations Manager i flex-messaging-core.jar XML External Entity (XXE) Injection Remote Information Disclosure Medium CVE-2015-3269
February 17, 2016 TRA-2016-01 [R1] ManageEngine AssetExplorer /workorder/FileDownload.jsp fName Parameter Traversal Remote File Disclosure Medium CVE-2016-82002
December 14, 2015 TRA-2015-07 [R1] ManageEngine Desktop Central /statusUpdate fileName Parameter Traversal Multiple Extension File Upload Remote Code Execution Critical CVE-2015-82001
November 30, 2015 TRA-2014-04 [R1] NetMotion Mobility VPN nmdrv.sys TCP Connection Termination Handling Remote DoS High CVE-2014-82000
November 30, 2015 TRA-2015-06 [R1] HP Client Automation / Accelerite Endpoint Management Core Server HPCA Management Agent (nvdkit.exe) Cleartext Credentials MiTM Disclosure Low CVE-2015-82000
November 24, 2015 TRA-2015-05 [R1] FreeSWITCH parse_string() Function Multiple Vector Remote Heap Buffer Overflow Critical CVE-2015-8311
October 21, 2015 TRA-2015-04 [R1] NTP Autokey Functionality Multiple Remote DoS High CVE-2015-7691
CVE-2015-7692
CVE-2015-7701
October 15, 2015 TRA-2015-03 [R1] 3S CODESYS PLCWinNT Runtime Service NULL Pointer Dereference Remote DoS High CVE-2015-6482
September 15, 2015 TRA-2015-02 [R2] Palo Alto Networks Panorama VM Appliance PAN-OS Firmware Signature Verification Bypass Arbitrary Code Execution High CVE-2015-6531
August 24, 2015 TRA-2015-01 [R1] Microsoft Windows SMB v1 Service Principal Name Handling Remote Buffer Overflow High CVE-2015-2474
May 14, 2014 TRA-2014-01 Juniper Junos Space MySQL Server Unspecified Hardcoded Credentials High CVE-2014-3413
February 28, 2014 TRA-2014-02 Novell ZENworks Configuration Management (ZCM) PreBoot Service (novell-pbserv.exe) Remote Path Traversal File Access High CVE-2013-3706
January 30, 2014 TRA-2014-03 3S CoDeSys Runtime Toolkit Unspecified NULL Pointer Dereference Remote DoS High CVE-2014-0757
November 12, 2013 TRA-2013-08 Adobe ColdFusion CFIDE Directory Unspecified Reflected XSS Medium CVE-2013-5326
September 3, 2013 TRA-2013-07 [R1] Cisco Prime Network Control System (NCS) / Wireless Control System (WCS) login.jsp requestUrl Parameter Reflected XSS Medium CVE-2012-5990
July 24, 2013 TRA-2013-05 HP LoadRunner magentproc.exe SSL Connection Handling Buffer Overflow Remote Code Execution High CVE-2013-4800
July 24, 2013 TRA-2013-06 HP LoadRunner XDR-encoded Data Handling Remote Buffer Overflow High CVE-2013-4799
May 22, 2013 TRA-2013-10 3S CoDeSys Gateway Unspecified Use-after-free Arbitrary Code Execution Critical CVE-2013-2781
May 14, 2013 TRA-2013-04 Adobe ColdFusion Unspecified Remote Code Execution Critical CVE-2013-1389
April 19, 2013 TRA-2013-09 [R1] IBM InfoSphere Products /rdweb/getUsers.do Remote Account Information Remote Disclosure Medium CVE-2013-0584
March 27, 2013 TRA-2013-03 Cisco IOS Smart Install Client Feature Malformed Config / Boot Image File Upload Remote Code Execution Critical CVE-2013-1146
January 23, 2013 TRA-2013-02 [R1] WebYaST /host Configuration Path Handling Unauthenticated Host List Manipulation Medium CVE-2012-0435
January 9, 2013 TRA-2013-01 Dell OpenManage Server Administrator /help/sm/en/Output/wwhelp/wwhimpl/js/html/index_main.htm topic Parameter DOM-based XSS Medium CVE-2012-6272
August 29, 2012 TRA-2012-18 Novell File Reporter NFRAgent.exe VOL Element Tag Parsing Remote Overflow High
August 22, 2012 TRA-2012-17 [R1] McAfee Email and Web Security / Email Gateway Multiple Vulnerabilities Critical CVE-2012-4595
CVE-2012-4596
CVE-2012-4597
July 20, 2012 TRA-2012-16 [R1] Symantec Web Gateway (SWG) Multiple Vulnerabilities #2 Critical CVE-2012-2953
CVE-2012-2957
CVE-2012-2961
CVE-2012-2977
June 10, 2012 TRA-2012-05 Rocket U2 UniData unidata72 RPC Interface Call Parsing Arbitrary Command Execution Critical
May 19, 2012 TRA-2012-04 [R1] Symantec LiveUpdate Administrator Installation Directory Permission Weakness Local Privilege Escalation High CVE-2012-0304
May 17, 2012 TRA-2012-03 [R1] Symantec Web Gateway (SWG) Multiple Vulnerabilities #1 Critical CVE-2012-0297
CVE-2012-0298
CVE-2012-0299
CVE-2012-0296
May 9, 2012 TRA-2012-02 Apple Mac OS X SRP-Based Authentication Credential Verification Time Capsule Credential Information Disclosure Medium CVE-2012-0675
May 3, 2012 TRA-2012-19 [R1] CiscoWorks Prime LAN Management Solution (LMS) Autologin.jsp URL Parameter HTTP Header Response Splitting Medium CVE-2011-4237
January 10, 2012 TRA-2012-01 PHP Timezone Functionality php_date_parse_tzfile Cache strtotime Function Call Saturation Remote DoS Medium CVE-2012-0789
November 11, 2011 TRA-2011-12 HP StorageWorks P4000 Virtual SAN Appliance Software Management Service Authentication Bypass Remote Command Execution High CVE-2012-4361
CVE-2012-2986
November 3, 2011 TRA-2011-08 [R1] Dell KACE K2000 System Deployment Appliance Read-Only Account Default Credentials Remote Information Disclosure Medium CVE-2011-4048
November 3, 2011 TRA-2011-09 [R1] Dell KACE K2000 System Deployment Appliance Task Processor Database Write Access Remote Privilege Escalation High CVE-2011-4047
November 3, 2011 TRA-2011-10 [R1] Dell KACE K2000 System Deployment Appliance Multiple Reflected XSS Medium CVE-2011-4436
November 3, 2011 TRA-2011-11 [R2] Dell KACE K2000 System Deployment Appliance Backdoor Admin Account Critical CVE-2011-4046
October 11, 2011 TRA-2011-07 [R1] Microsoft Forefront Unified Access Gateway Multiple Vulnerabilities Medium CVE-2011-1895
CVE-2011-1896
CVE-2011-1897
August 8, 2011 TRA-2011-06 [R2] HP OpenView Performance Insight sendEmail.jsp bgcolor Parameter Reflected XSS Medium CVE-2011-2410
July 19, 2011 TRA-2011-05 [R1] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution Critical CVE-2011-2261
May 31, 2011 TRA-2011-04 [R1] IBM Tivoli Management Framework Endpoint lcfd.exe opts Field Handling Remote Buffer Overflow High CVE-2011-1220
April 26, 2011 TRA-2011-03 IBM solidDB rpc_test_svc Commands Handling NULL Dereference Remote DoS High CVE-2011-1208
April 1, 2011 TRA-2011-02 IBM solidDB Password Hash Verification Bypass Remote Code Execution High CVE-2011-1560
February 8, 2011 TRA-2011-01 [R1] Adobe ColdFusion Administrator Console login.cfm URI Handling Reflected XSS Medium CVE-2011-0580
December 15, 2010 TRA-2010-05 HP Power Manager Management Server Login Form URL Parameter Buffer Overflow High CVE-2010-4113
November 6, 2010 TRA-2010-04 [R1] FreeNAS exec_raw.php cmd Parameter Remote Command Execution Critical
October 13, 2010 TRA-2010-03 [R1] HP Multiple Products switchFWInstallStatus.jsp logfile Parameter Arbitrary File Access High CVE-2010-3286
CVE-2010-3986
CVE-2010-4100
CVE-2010-4103
CVE-2010-4102
September 8, 2010 TRA-2010-02 [R1] phpMyAdmin Setup Script setup/frames/index.inc.php Verbose Server Name Stored XSS Medium CVE-2010-3263
May 5, 2010 TRA-2010-01 HP Mercury LoadRunner Agent magentproc.exe Remote Arbitrary Code Execution Critical CVE-2010-1549
December 16, 2009 TRA-2009-04 HP Storage OpenView Data Protector Backup Client Service MSG_PROTOCOL Command Remote Overflow Critical CVE-2007-2280
November 10, 2009 TRA-2009-03 Movable Type /mt/mt-check.cgi System Information Disclosure Medium
April 14, 2009 TRA-2009-02 [R1] phpMyAdmin < 3.1.3.2 Multiple Vulnerabilities Critical CVE-2009-1285
March 19, 2009 TRA-2009-01 Adobe Acrobat getIcon() Function PDF Handling Overflow High CVE-2009-0927
August 14, 2008 TRA-2008-01 Symantec Veritas Storage Foundation Scheduler Service (VxSchedService.exe) NULL NTLMSSP Authentication Bypass Critical CVE-2008-3703
December 14, 2007 TRA-2007-12 HP-UX Software Distributor (SD) swagentd sw_rpc_agent_init Function Crafted DCE RPC Request Remote Overflow Critical CVE-2007-6195
December 11, 2007 TRA-2007-11 Microsoft Windows Message Queuing MSMQ Message Handling Arbitrary Code Execution High CVE-2007-3039
December 7, 2007 TRA-2007-10 Novell NetMail AntiVirus Agent (avirus.exe) Unspecified ASCII Iinteger Handling Remote Overflow Medium CVE-2007-6302
December 6, 2007 TRA-2007-09 HP OpenView Network Node Manager (OV NNM) Multiple Remote Overflow Critical CVE-2007-6204
October 10, 2007 TRA-2007-08 CA BrightStor ARCServe Backup Message Engine RPC Service Arbitrary Code Execution Critical CVE-2007-5328
September 4, 2007 TRA-2007-07 MIT Kerberos 5 RPCSEC_GSS RPC Library (librpcsecgss) lib/rpc/svc_auth_gss.c svcauth_gss_validate Function Remote Overflow Critical CVE-2007-3999
August 20, 2007 TRA-2007-06 EMC NetWorker Remote Exec Service (nsrexecd.exe) Remote Overflow High CVE-2007-3618
July 25, 2007 TRA-2007-05 BakBone NetVault Reporter Manager Scheduler Client Multiple Remote Overflow Critical CVE-2007-3911
July 20, 2007 TRA-2007-04 Panda AdminSecure Agent Crafted Packet Remote Overflow High CVE-2007-3026
May 9, 2007 TRA-2007-03 CA Multiple Products inoweb Console Server Authentication Remote Overflow Critical CVE-2007-2522
April 24, 2007 TRA-2007-02 CA BrightStor ARCserve Backup Media Server SUN RPC Service Remote Overflows Critical CVE-2007-2139
April 18, 2007 TRA-2007-01 Novell GroupWise WebAccess GWINTER.exe Basic Authentication Base64 Decoding Overflow Critical CVE-2007-2171
July 11, 2006 TRA-2006-01 Microsoft Windows Server Service SRV.SYS Crafted Request SMB Information Disclosure Medium CVE-2006-1315
Try for Free Buy Now

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin, Tenable Web App Scanning and Tenable Cloud Security.

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Buy Now
Renew an existing license | Find a reseller | Request a Quote
Try for Free Buy Now
Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin, Tenable Web App Scanning and Tenable Cloud Security.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Tenable Web App Scanning

Formerly Tenable.io Web Application Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management, Tenable Lumin and Tenable Cloud Security.

Buy Tenable Web App Scanning

Formerly Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management, Tenable Web App Scanning and Tenable Cloud Security.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try for Free Contact Sales

Try Tenable Cloud Security

Formerly Tenable.cs

Enjoy full access to detect and fix cloud infrastructure misconfigurations and view runtime vulnerabilities. Sign up for your free trial now. To learn more about the trial process click here.

Your Tenable Cloud Security trial also includes Tenable Vulnerability Management, Tenable Lumin and Tenable Web App Scanning.

Contact a Sales Rep to Buy Tenable Cloud Security

Contact a Sales Representative to learn more about Tenable Cloud Security and see how easy it is to onboard your cloud accounts and get visibility into both cloud misconfigurations and vulnerabilities within minutes.

Try for Free Buy Now

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training

Buy Now
Renew an existing license | Find a reseller | Request a quote
Try for Free Buy Now

Try Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training

Buy Now
Renew an existing license | Find a reseller | Request a quote