Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Research Advisories

This page contains information regarding security vulnerabilities in third-party software discovered by a dedicated team supported by researchers and engineers at Tenable. Tenable believes in coordinated disclosure, working with vendors to better protect our customers. Here is our public key. Please refer to our Vulnerability Disclosure Policy for additional details.

For issues that impact Tenable products, please visit the Tenable Product Security Advisories. For more details on submitting vulnerability information for Tenable products, please see our Vulnerability Reporting Guidelines page.

Find a vulnerability in a Tenable product?

Please report it here

Report

Date Advisory ID Name Severity CVE ID
TRA-2024-46 Siemens TeleControl Server Basic Deserialization Vulnerability Critical CVE-2024-44102
TRA-2024-45 GCP 1st Gen Cloud Functions Cross Account Code Execution Medium
TRA-2024-44 SQL Injection in SureCart WordPress Plugin High CVE-2024-10859
TRA-2024-43 Rockwell Automation ThinManager ThinServer.exe Monitor Thread Multiple Vulnerabilities Critical CVE-2024-10386
CVE-2024-10387
TRA-2024-42 Ivanti Avalanche WLAvalancheService.exe v6.4.4.0 Multiple Denial of Service Vulnerabilities High CVE-2024-47007
TRA-2024-41 Ada.cx SSRF via Sentry Misconfiguration Low CVE-2024-9410
TRA-2024-40 Flowise Stored Cross-Site Scripting Critical CVE-2024-9148
TRA-2024-39 Siemens Automation License Manager almsrv64x.exe int64 Overflow Unauthenticated DoS High CVE-2024-44087
TRA-2024-38 WebIQ 2.15.9 Runtime on Windows - Directory Traversal Vulnerability High CVE-2024-8752
TRA-2024-37 Siemens SINEC NMS UMC Unauthenticated Heap-based Buffer Overflow Critical CVE-2024-33698
TRA-2024-36 OPA SMB Force-Authentication Medium CVE-2024-8260
TRA-2024-35 Fortra FileCatalyst Workflow Static HSQLDB Password Critical CVE-2024-6633
TRA-2024-34 Flowise Denial of Service High CVE-2024-8182
TRA-2024-33 Flowise Authentication Bypass Critical CVE-2024-8181
TRA-2024-32 Microsoft Copilot Studio SSRF Critical CVE-2024-38206
TRA-2024-31 DevikaAI Stored Cross-Site Scripting Medium CVE-2024-7790
TRA-2024-30 Ivanti Avalanche WLInfoRailService.exe Off-By-One Unauthenticated DoS High CVE-2024-36136
TRA-2024-27 Microsoft Azure Health Bot Server-Side Request Forgery (Data Connection Endpoints) Critical CVE-2024-38109
TRA-2024-28 Microsoft Azure Health Bot Server-Side Request Forgery (FHIR Endpoint Validation) High
TRA-2024-29 Schneider Electric Accutech Manager RFManagerService.exe Denial of Service High CVE-2024-6918
TRA-2024-26 Langflow Privilege Escalation through Mass Assignment High CVE-2024-7297
TRA-2024-25 Fortra FileCatalyst Workflow Unauthenticated SQLi Critical CVE-2024-5276
TRA-2024-24 Rockwell Automation ThinManager ThinServer Multiple Vulnerabilities Critical CVE-2024-5988
CVE-2024-5989
CVE-2024-5990
TRA-2024-23 NextChat Server-Side Request Forgery / Cross-Site Scripting High CVE-2024-38514
TRA-2024-22 SSRF Security Feature Bypass in Azure AI and ML Studios High
TRA-2024-21 Multiple Vulnerabilities in Adobe FrameMaker Publishing Server (FMPS) December 2022 release Update 2 Critical CVE-2024-30299
CVE-2024-30300
TRA-2024-20 Google Cloud Platform (GCP) Privilege Escalation Vulnerability In Cloud Functions Medium
TRA-2024-19 Microsoft Azure Firewall Bypass Vulnerability High
TRA-2024-18 Google Cloud Platform Remote Code Execution Vulnerability in GCP Composer Critical
TRA-2024-17 Fluent Bit Memory Corruption Vulnerability Critical CVE-2024-4323
TRA-2024-16 Cross-Site Scripting in WordPress RSS Aggregator Plugin Medium CVE-2024-4860
TRA-2024-15 Solidus Stored Cross-Site Scripting Medium CVE-2024-4859
TRA-2024-14 CyberPower PowerPanel Enterprise Power Device Network Utility Multiple Vulnerabilities Critical CVE-2024-32735
CVE-2024-32736
CVE-2024-32737
CVE-2024-32738
CVE-2024-32739
TRA-2024-13 Delta Electronics DIAEnergie CEBC.exe Multiple Vulnerabilities Critical CVE-2024-4547
CVE-2024-4548
CVE-2024-4549
TRA-2024-12 Approach.App Multiple Vulnerabilities High
TRA-2024-11 Karros Technologies Authentication Bypass Critical
TRA-2024-10 Ivanti Avalanche WLAvalancheService.exe Unauthenticated Heap-based Buffer Overflow Critical CVE-2024-29204
TRA-2024-09 Path Traversal Affecting Multiple CData Products Critical CVE-2024-31848
CVE-2024-31849
CVE-2024-31850
CVE-2024-31851
TRA-2024-08 LG LED Assistant v2.1.65 Multiple Vulnerabilities Critical CVE-2024-2862
CVE-2024-2863
TRA-2024-07 Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities Critical CVE-2024-0799
CVE-2024-0800
CVE-2024-0801
TRA-2024-06 Microsoft Azure Synapse Analytics - Privilege Escalation via Vegas Caching Service Medium
TRA-2024-05 Showdownjs Denial of Service Medium CVE-2024-1899
TRA-2024-04 Missing Authentication for Critical Function in Adobe FrameMaker Publishing Server (FMPS) Critical CVE-2024-20738
TRA-2024-03 Appwrite Blind SSRF Medium CVE-2024-1063
TRA-2024-02 SQL Injection in HTML5 Video Player WordPress Plugin High CVE-2024-1061
TRA-2024-01 Pimcore Multiple Vulnerabilities Medium CVE-2024-21665
CVE-2024-21666
CVE-2024-21667
TRA-2023-43 D-Link D-View 8 Unauthenticated Probe-Core Server Communication Critical CVE-2023-7163
TRA-2023-42 Ivanti Avalanche Multiple Vulnerabilities Critical CVE-2023-46216
CVE-2023-46217
CVE-2023-41727
TRA-2023-41 Edulog Parent Portal Products Improper Access Controls Critical
TRA-2023-40 SQL Injection in My Calendar WordPress Plugin High CVE-2023-6360
TRA-2023-39 NETGEAR ProSAFE Network Management System (NMS300) Multiple Vulnerabilities Critical CVE-2023-49693
CVE-2023-49694
TRA-2023-38 LG LED Assistant Multiple Vulnerabilities Critical
TRA-2023-37 Arcserve Unified Data Protection Multiple Vulnerabilities Critical CVE-2023-41998
CVE-2023-41999
CVE-2023-42000
TRA-2023-36 Control iD iDSecure passwordCustom Authentication Bypass Critical CVE-2023-6329
TRA-2023-35 ManageEngine Information Disclosure Medium CVE-2023-6105
TRA-2023-34 Cacti Privilege Escalation High CVE-2023-31132
TRA-2023-33 Advantech R-SeeNet snmpmon.ini Unauthenticated Read Write Critical CVE-2023-5642
TRA-2023-32 Authentication Bypass in D-Link D-View 8 Critical CVE-2023-5074
TRA-2023-31 PaperCut NG Unauthenticated XMLRPC Functionality Medium CVE-2023-4568
TRA-2023-30 Moxa MXsecurity Unauthenticated Device Registration Medium CVE-2023-39983
TRA-2023-29 Citrix ShareFile Reflected XSS on Login Page Medium
TRA-2023-28 Rockwell Automation ThinManager ThinServer Multiple Vulnerabilities Critical CVE-2023-2914
CVE-2023-2915
CVE-2023-2917
TRA-2023-27 Unauthenticated Stack Buffer Overflows in Ivanti Avalanche Critical CVE-2023-32560
TRA-2023-26 Reflected Cross-Site Scripting in AYS Popup Box WordPress Plugin Medium CVE-2023-4137
TRA-2023-25 Unauthorized Access to Cross-Tenant Applications in Microsoft Power Platform Critical
TRA-2023-24 Authenticated SQL Injection in Advantech iView High CVE-2023-3983
TRA-2023-23 PaperCut NG Unauthenticated File Upload High CVE-2023-3486
TRA-2023-22 Cross-Site Scripting in Microsoft Teams via Dynamics and Microsoft Stream Domains Medium
TRA-2023-21 Contec CONPROSYS HMI System Login DoS Medium CVE-2023-2758
TRA-2023-20 Stored Cross-Site Scripting in Craft CMS Low CVE-2023-2817
TRA-2023-19 Multiple Vulnerabilities in Telstra Device High
TRA-2023-18 Strikingly CMS Prototype Pollution Medium CVE-2023-2582
TRA-2023-17 Trend Micro Mobile Security for Enterprise Multiple Vulnerabilities Critical CVE-2023-32521
CVE-2023-32522
TRA-2023-16 Zoho ManageEngine Disclosure of Hardcoded Credentials High CVE-2023-2291
TRA-2023-15 Schneider Electric APC Easy UPS Online Monitoring Software Unauthenticated RMI Calls Critical CVE-2023-29411
TRA-2023-14 Contec CONPROSYS HMI System (CHS) Unauthenticated SQLi High CVE-2023-1658
TRA-2023-13 Rockwell Automation ThinManager ThinServer Multiple Vulnerabilities Critical CVE-2023-27855
CVE-2023-27856
CVE-2023-27857
TRA-2023-12 Netgear RAX30 Multiple Vulnerabilities High CVE-2023-28337
CVE-2023-28338
TRA-2023-11 Unauthenticated Command Injection in TP-Link Archer AX21 (AX1800) High CVE-2023-1389
TRA-2023-10 Authentication Bypass in Netgear RAX30 (AX2400) < 1.0.6.74 High CVE-2023-1327
TRA-2023-9 Netgear RAX30 Multiple Vulnerabilities High CVE-2023-27850
CVE-2023-27851
CVE-2023-27852
CVE-2023-27853
CVE-2023-1205
TRA-2023-8 Multiple Vulnerabilities in OpenCATS 0.9.6 High CVE-2023-27292
CVE-2023-27293
CVE-2023-27294
CVE-2023-27295
TRA-2023-7 Insecure Deserialization in Multiple WordPress Plugins High CVE-2023-26326
CVE-2023-28667
TRA-2023-6 Cross-Site Scripting in Multiple Microsoft Domains and Microsoft Teams Medium
TRA-2023-5 Trend Micro Apex One fcgiOfcDDA.exe File Upload Vulnerability High CVE-2023-0587
TRA-2023-4 Delta Electronics InfraSuite Device Master Privilege Escalation High CVE-2023-0444
TRA-2023-3 Cross-Site Scripting vulnerabilities in Multiple WordPress Plugins Medium CVE-2023-23491
CVE-2023-23492
CVE-2023-0448
CVE-2023-28664
CVE-2023-28665
CVE-2023-28666
TRA-2023-2 SQL Injection in Multiple WordPress Plugins Critical CVE-2023-23488
CVE-2023-23489
CVE-2023-23490
CVE-2023-26325
CVE-2023-28659
CVE-2023-28660
CVE-2023-28661
CVE-2023-28662
CVE-2023-28663
TRA-2023-1 Command Injection in D-Link DWL-2600AP with firmware v4.2.0.17 Medium CVE-2023-0127
TRA-2022-37 NETGEAR Nighthawk WiFi6 Router Multiple Vulnerabilities Critical CVE-2022-47208
CVE-2022-47209
CVE-2022-47210
TRA-2022-36 NETGEAR Nighthawk WiFi6 Router Network Misconfiguration Medium CVE-2022-4390
TRA-2022-35 Denial of Service Vulnerability in Dropbox's JPEG Compression Tool, Lepton Low CVE-2022-4104
TRA-2022-33 Delta Electronics DIAEnergie Multiple Vulnerabilities Critical CVE-2022-43774
CVE-2022-43775
TRA-2022-34 SSRF in Metabase GeoJSON URL Medium CVE-2022-43776
TRA-2022-32 Advantech iView ConfigurationServlet setConfiguration SQL Injection Critical CVE-2022-3323
TRA-2022-31 VISAM VBASE v11.7.0.2 Credential Disclosure High CVE-2022-3217
TRA-2022-30 RStudio Connect Open Redirect Medium CVE-2022-38131
TRA-2022-29 Multiple Vulnerabilities in Eyes of Network Web version 5.3 High CVE-2022-38357
CVE-2022-38358
CVE-2022-38359
TRA-2022-28 Keysight Technologies Sensor Management Server Multiple RCE Vulnerabilities Critical CVE-2022-38129
CVE-2022-38130
TRA-2022-27 Microsoft Azure Arc Jumpstart Information Disclosure Medium CVE-2022-35798
TRA-2022-26 Microsoft Azure Site Recovery Privilege Escalation High CVE-2022-33675
TRA-2022-25 ManageEngine Multiple Products Remote Directory/File Creation Medium CVE-2022-35404
TRA-2022-24 Apple Safari Security Feature Bypass (Trusted Downloads) Low
TRA-2022-23 Schneider Electric IGSS Data Server v15.0.0.22139 Project Report Directory File Manipulation High CVE-2022-32528
TRA-2022-22 Schneider Electric IGSS Data Server Multiple Vulnerabilities Critical CVE-2022-32522
CVE-2022-32523
CVE-2022-32524
CVE-2022-32525
CVE-2022-32526
CVE-2022-32527
CVE-2022-32529
TRA-2022-21 XSS in Rustici Software SCORM Engine Medium CVE-2022-2035
TRA-2022-19 Microsoft Azure Synapse Analytics Hosts File Poisoning Low
TRA-2022-20 Microsoft Azure Synapse Analytics Privilege Escalation Critical
TRA-2022-18 Windows Azure Guest Agent Privilege Escalation Low
TRA-2022-17 Metasonic Doc WebClient SQL Injection Medium CVE-2022-1731
TRA-2022-16 Cross-site Scripting in webapp.kaiza.la and kaizala mobile app Medium
TRA-2022-15 Reflected Cross-Site Scripting in businesscenter.kaiza.la Medium
TRA-2022-14 ManageEngine Access Manager Plus REST API Restriction Bypass High CVE-2022-29081
TRA-2022-13 Schneider Electric IGSS Data Server v15.0.0.22073 Integer Overflow Critical CVE-2022-2329
TRA-2022-12 Information Disclosure in Gryphon Shepherd API Low
TRA-2022-11 PositiveGrid Spark API Multiple Vulnerabilities Low
TRA-2022-09 Command Injection Vulnerability in /bin/protest Binary on Multiple D-Link Routers Medium CVE-2022-1262
TRA-2022-10 Cross-Site Scripting in Odoo Apps via Prototype Pollution Medium
TRA-2022-08 XSS via angular template injection in manage.kaiza.la Medium
TRA-2022-07 Vulnerability in DVDFab Player Permits Attacker to Read Arbitrary Files in Windows Filesystem High CVE-2022-25216
TRA-2022-06 Zyxel Routers and Home WiFi Systems - Unprotected Root Access via UART Using Default Password High CVE-2021-35033
TRA-2022-05 Multiple Vulnerabilities in Trend Micro ServerProtect Critical CVE-2022-25329
CVE-2022-25330
CVE-2022-25331
TRA-2022-04 Microsoft Teams Session Token in URL (Zip Preview) Low
TRA-2022-03 Schneider Electric IGSS Data Collector Multiple Vulnerabilities High CVE-2021-22823
CVE-2021-22824
TRA-2022-02 Schneider Electric IGSS Data Server Multiple Vulnerabilities Critical CVE-2022-24310
CVE-2022-24314
TRA-2022-01 Unpatchable Vulnerabilities in Phicomm Router Firmware High CVE-2022-25214
CVE-2022-25215
CVE-2022-25217
CVE-2022-25218
CVE-2022-25219
CVE-2022-25213
TRA-2021-58 Bitmask Riseup Local Privilege Escalation High CVE-2021-44466
TRA-2021-57 Netgear Nighthawk R6700 Multiple Vulnerabilities High CVE-2021-20173
CVE-2021-20174
CVE-2021-20175
CVE-2021-23147
CVE-2021-45732
CVE-2021-45077
TRA-2021-56 Netgear Genie MacOS Installer Privilege Escalation Medium CVE-2021-20172
TRA-2021-55 Netgear Nighthawk RAX43 Multiple Vulnerabilities Critical CVE-2021-20166
CVE-2021-20167
CVE-2021-20168
CVE-2021-20169
CVE-2021-20170
CVE-2021-20171
TRA-2021-54 Trendnet AC2600 TEW-827DRU Multiple Vulnerabilities Critical CVE-2021-20149
CVE-2021-20150
CVE-2021-20151
CVE-2021-20152
CVE-2021-20153
CVE-2021-20154
CVE-2021-20155
CVE-2021-20156
CVE-2021-20157
CVE-2021-20158
CVE-2021-20159
CVE-2021-20160
CVE-2021-20161
CVE-2021-20162
CVE-2021-20163
CVE-2021-20164
CVE-2021-20165
TRA-2021-53 AutoDesk Meshmixer macOS Installer Local Privilege Escalation Medium
TRA-2021-52 ManageEngine SelfService Plus Multiple Vulnerabilities Medium CVE-2021-20147
CVE-2021-20148
TRA-2021-51 Multiple Vulnerabilities in Gryphon Tower Router Critical CVE-2021-20137
CVE-2021-20138
CVE-2021-20139
CVE-2021-20140
CVE-2021-20141
CVE-2021-20142
CVE-2021-20143
CVE-2021-20144
CVE-2021-20145
CVE-2021-20146
TRA-2021-50 Schneider Electric C-Gate Multiple Vulnerabilities High CVE-2021-22796
CVE-2021-22720
CVE-2021-22784
TRA-2021-49 Arris SurfBoard SB8200 Insecure Password Change Utility Medium CVE-2021-20119
TRA-2021-48 ManageEngine Log360 Database Configuration Overwrite Unauthenticated RCE Critical CVE-2021-20136
TRA-2021-47 CODESYS V2 Web Server Multiple Vulnerabilities Critical CVE-2021-34583
CVE-2021-34584
CVE-2021-34585
CVE-2021-34586
TRA-2021-46 Wishpond Connect.js Javascript Library Prototype Pollution Medium
TRA-2021-45 Arris SurfBoard SB8200 Cross Site Request Forgery High CVE-2021-20120
TRA-2021-44 Critical Vulnerabilities on the D-Link DIR-2640 Router High CVE-2021-20132
CVE-2021-20133
CVE-2021-20134
TRA-2021-43 ManageEngine ADManager Plus Build 7111 Multiple Vulnerabilities High CVE-2021-20130
CVE-2021-20131
TRA-2021-42 Multiple Vulnerabilities in Draytek VigorConnect 1.60.0-B3 Critical CVE-2021-20123
CVE-2021-20124
CVE-2021-20125
CVE-2021-20126
CVE-2021-20127
CVE-2021-20128
CVE-2021-20129
TRA-2021-41 Multiple Vulnerabilities in Telus Wi-Fi Hub Medium CVE-2021-20121
CVE-2021-20122
TRA-2021-40 Johnson Controls exacqVision Multiple Vulnerabilities Critical CVE-2021-27664
CVE-2021-27665
TRA-2021-39 Multiple Vulnerabilities in Tracki / Trackimo GPS Platform and application Medium
TRA-2021-38 Multiple Vulnerabilities in Optimus GPS Platform Medium
TRA-2021-37 Multiple Vulnerabilities in Spytec GPS platform Medium
TRA-2021-36 Multiple Vulnerabilities in LandAirSea SilverCloud GPS Platform Medium
TRA-2021-35 User Enumeration in GSuite Okta Integration Low
TRA-2021-34 Cisco Webex Universal Links Redirect Medium
TRA-2021-33 HPE Edgeline Infrastructure Manager Unauthenticated Information Disclosure Medium CVE-2021-26586
TRA-2021-32 Multiple Vulnerabilities in TCExam Critical CVE-2021-20111
CVE-2021-20112
CVE-2021-20113
CVE-2021-20114
CVE-2021-20115
CVE-2021-20116
TRA-2021-31 Manage Engine Asset Explorer Agent - Integer Overflow High CVE-2021-20110
TRA-2021-30 Manage Engine Heap Overflow POST payload High CVE-2021-20109
TRA-2021-29 Manage Engine Asset Explorer Agent - Remote DoS High CVE-2021-20108
TRA-2021-28 Schneider Electric Modicon M340 / M580 Authentication Bypass Vulnerability High CVE-2021-22779
TRA-2021-27 AWS EC2 macOS Local Privilege Escalation Medium
TRA-2021-26 Sloan Smart Faucet Unauthenticated BLE Medium CVE-2021-20107
TRA-2021-25 Machform Multiple Vulnerabilities High CVE-2021-20101
CVE-2021-20102
CVE-2021-20103
CVE-2021-20104
CVE-2021-20105
tra-2021-24 Multiple Vulnerabilities in Wibu-Systems CodeMeter Critical CVE-2021-20093
CVE-2021-20094
TRA-2021-23 Multiple vulnerabilities in Microsoft Power Apps (apps.powerapps.com, make.powerapps.com) Medium
TRA-2021-22 ManageEngine ServiceDesk Plus Authenticated RCE High CVE-2021-20081
TRA-2021-21 macOS Gatekeeper Bypass / Local Privilege Escalation Medium
TRA-2021-20 macOS Installer Local Privilege Escalation Medium
TRA-2021-19 Microsoft Teams macOS Installer Local Privilege Escalation Medium
TRA-2021-18 OpenOversight Multiple Vulnerabilities Medium CVE-2021-20096
TRA-2021-17 SecureDrop OSSEC Cross-Site Request Forgery Low
TRA-2021-16 LINE Private IP Address and Platform information Disclosure via GIFMagazine Medium
TRA-2021-15 HPE Edgeline Infrastructure Manager v1.21 Authentication Bypass Critical CVE-2021-29203
TRA-2021-14 Python-Babel/Babel Locale Directory Traversal / Arbitrary Code Execution Medium
TRA-2021-13 Multiple Vulnerabilities in Buffalo and Arcadyan manufactured routers High CVE-2021-20090
CVE-2021-20091
CVE-2021-20092
TRA-2021-12 Stored XSS in make.powerapps.com Medium
TRA-2021-11 ManageEngine ServiceDesk Plus and AssetExplorer - Unauthenticated Stored XSS Medium CVE-2021-20080
TRA-2021-10 ManageEngine OpManager Remote Directory Deletion Critical CVE-2021-20078
TRA-2021-09 Microsoft Teams services forwarding to untrusted domain Medium
TRA-2021-08 LINE Debugging Interface Information Disclosure Medium
TRA-2021-07 Dell EMC OpenManage Server Administrator Authentication Bypass Critical CVE-2021-21513
TRA-2021-06 Secomea GateManager Multiple Vulnerabilities High CVE-2020-29028
CVE-2020-29030
CVE-2020-29032
TRA-2021-05 JSDom Improper Loading of Local Resources Medium CVE-2021-20066
TRA-2021-04 Racom MIDGE Firmware Multiple Vulnerabilities High CVE-2021-20067
CVE-2021-20068
CVE-2021-20069
CVE-2021-20070
CVE-2021-20071
CVE-2021-20072
CVE-2021-20073
CVE-2021-20074
CVE-2021-20075
TRA-2021-03 IBM Spectrum Protect Operations Center 8.1.10 Multiple Vulnerabilities High CVE-2020-4954
CVE-2020-4955
CVE-2020-4956
TRA-2021-02 ManageEngine Applications Manager Authenticated SQLi High CVE-2020-35765
TRA-2021-01 Marvell QConvergeConsole GUI Multiple Vulnerabilities High CVE-2020-5804
CVE-2020-5805
TRA-2020-71 Rockwell Automation FactoryTalk Multiple Vulnerabilities High CVE-2020-5801
CVE-2020-5802
CVE-2020-5806
CVE-2020-5807
TRA-2020-70 Secomea GateManager Multiple Vulnerabilities Medium CVE-2020-29021
CVE-2020-29022
TRA-2020-69 Carbon Black Installer Multiple Vulnerabilities Medium CVE-2020-4008
TRA-2020-68 PsExec Local Privilege Escalation Medium
TRA-2020-67 Druva inSync Installer Privilege Escalation High CVE-2020-5798
TRA-2020-66 IBM Spectrum Protect Plus Static Credential Vulnerability Critical CVE-2020-4854
TRA-2020-65 Eat Spray Love Mobile App Multiple Vulnerabilities High CVE-2020-5799
CVE-2020-5800
TRA-2020-64 Cross-site Scripting via WHOIS and DNS records on multiple lookup platforms High
TRA-2020-63 Trend Micro InterScan Web Security Virtual Appliance Multiple Vulnerabilities High CVE-2020-28578
CVE-2020-28579
CVE-2020-28580
CVE-2020-28581
TRA-2020-62 Trend Micro Worry-Free Business Security Unauthenticated Remote File Deletion High CVE-2020-28574
TRA-2020-61 Nagios XI Local Privilege Escalation High CVE-2020-5796
TRA-2020-60 TP-Link Archer Routers USB Symlink Following Vulnerabilities Medium CVE-2020-5795
CVE-2020-5797
TRA-2020-59 Umbraco Cloud CMS Multiple Vulnerabilities Medium CVE-2020-5809
CVE-2020-5810
CVE-2020-5811
TRA-2020-58 Nagios XI Multiple Vulnerabilities Medium CVE-2020-5790
CVE-2020-5791
CVE-2020-5792
TRA-2020-57 Teltonika Gateway TRB245 Multiple Vulnerabilities Medium CVE-2020-5784
CVE-2020-5785
CVE-2020-5786
CVE-2020-5787
CVE-2020-5788
CVE-2020-5789
TRA-2020-56 Marvell QConvergeConsole GUI Multiple Vulnerabilities High CVE-2020-15643
CVE-2020-15644
CVE-2020-15645
CVE-2020-5803
TRA-2020-55 IgniteNet HeliOS GLinq v2.2.1 r2961 Multiple Vulnerabilities Medium CVE-2020-5781
CVE-2020-5782
CVE-2020-5783
TRA-2020-54 IBM Spectrum Protect Plus 10.1.6-1974 Multiple Vulnerabilities High CVE-2020-4711
CVE-2020-4703
TRA-2020-53 Unauthenticated email forgery/spoofing in WordPress Email Subscribers plugin High CVE-2020-5780
TRA-2020-52 Trading Technologies Messaging Multiple Unauthenticated Remote DoS High CVE-2020-5778
CVE-2020-5779
TRA-2020-51 MAGMI Multiple Vulnerabilities Medium CVE-2020-5777
CVE-2020-5776
TRA-2020-50 IBM Spectrum Protect CertQryResp Unauthenticated Remote DoS High CVE-2020-4559
TRA-2020-49 Canvas LMS Unauthenticated Blind SSRF Medium CVE-2020-5775
TRA-2020-48 Teltonika Gateway TRB245 Multiple Vulnerabilities High CVE-2020-5770
CVE-2020-5771
CVE-2020-5772
CVE-2020-5773
TRA-2020-47 Grandstream ATA HT800 Series Multiple Vulnerabilities Critical CVE-2020-5760
CVE-2020-5761
CVE-2020-5762
CVE-2020-5763
TRA-2020-46 CODESYS V3 Unauthenticated Webserver Memory Leak DoS High CVE-2020-15806
TRA-2020-45 Ubiquiti UniFi Protect Username Discovery Medium CVE-2020-8213
TRA-2020-44 Multiple Vulnerabilities in Icegram Email Subscribers & Newsletters Plugin for WordPress Medium CVE-2020-5767
CVE-2020-5768
TRA-2020-43 Teltonika Gateway TRB245 Stored Cross-site Scripting Low CVE-2020-5769
TRA-2020-42 SQL Injection in SRS Simple Hits Counter Plugin for WordPress Medium CVE-2020-5766
TRA-2020-41 MX Player Android App Directory Traversal High CVE-2020-5764
TRA-2020-40 Grandstream UCM6200 Series Multiple Authenticated RCE Critical CVE-2020-5757
CVE-2020-5758
CVE-2020-5759
TRA-2020-39 Grandstream GWN7000 Authenticated Command Execution Critical CVE-2020-5756
TRA-2020-38 VMware Tools Denial of Service Medium CVE-2020-3972
TRA-2020-37 IBM Spectrum Protect Plus Multiple Vulnerabilities Critical CVE-2020-4469
CVE-2020-4470
CVE-2020-4471
TRA-2020-36 Webroot Multiple Vulnerabilities High CVE-2020-5754
CVE-2020-5755
TRA-2020-35 Plex Media Server Weak CORS Policy Medium CVE-2020-5742
TRA-2020-34 Druva inSync Windows Client Local Privilege Escalation (CVE-2019-3999 Patch Bypass) High CVE-2020-5752
TRA-2020-33 Signal App Information Disclosure Low CVE-2020-5753
TRA-2020-32 Plex Media Server Authenticated Python Deserialization / RCE (Windows) Medium CVE-2020-5741
TRA-2020-31 TCExam Multiple Vulnerabilities Medium CVE-2020-5743
CVE-2020-5744
CVE-2020-5745
CVE-2020-5746
CVE-2020-5747
CVE-2020-5748
CVE-2020-5749
CVE-2020-5750
CVE-2020-5751
TRA-2020-30 Instacart SMS Link Spoofing Vulnerability Medium
TRA-2020-29 SimpliSafe SS3 PIN Add Using Rogue Keypad Low CVE-2020-5727
TRA-2020-28 Flexera FlexNet Publisher lmadmin Message 282 Remote DoS Medium CVE-2020-12080
TRA-2020-27 Ubiquiti UniFi Cloud Key - Unprotected root UART Access High CVE-2020-8157
TRA-2020-26 IBM Spectrum Protect Verb 134 Unauthenticated Remote Stack Overflow Critical CVE-2020-4415
TRA-2020-25 Plex Media Server Local Privilege Escalation (Windows) High CVE-2020-5740
TRA-2020-24 Cisco IP Phones Web Server Multiple Vulnerabilities Critical CVE-2020-3161
CVE-2016-1421
TRA-2020-23 MikroTik WinBox Cleartext Password Storage Low CVE-2020-5721
TRA-2020-22 Grandstream GXP1600 Series Multiple Issues Critical CVE-2020-5738
CVE-2020-5739
TRA-2020-21 Ubiquiti Unifi Cloud Key Gen2 Plus Unauthenticated Hostname Modification Medium CVE-2020-8148
TRA-2020-20 Amcrest Camera/NVR Multiple Vulnerabilities Critical CVE-2020-5735
CVE-2020-5736
TRA-2020-19 SolarWinds Dameware DoS High CVE-2020-5734
TRA-2020-18 OpenMRS Multiple Vulnerabilities Medium CVE-2020-5728
CVE-2020-5729
CVE-2020-5730
CVE-2020-5731
CVE-2020-5732
CVE-2020-5733
TRA-2020-17 Grandstream UCM62xx Multiple SQL Injections Medium CVE-2020-5723
CVE-2020-5724
CVE-2020-5725
CVE-2020-5726
TRA-2020-16 CODESYS V3 Unauthenticated Remote Heap Overflow Critical CVE-2020-10245
TRA-2020-15 Grandstream UCM62xx SQL Injection Critical CVE-2020-5722
TRA-2020-14 Kodi Multiple Issues High
TRA-2020-13 Advantech WebAccess/SCADA Unauthenticated Remote Heap Buffer Overflow Critical
TRA-2020-12 Druva inSync Client Multiple Vulnerabilities High CVE-2019-3999
CVE-2019-4000
CVE-2019-4001
TRA-2020-11 Palo Alto Expedition Migration Tool Insufficient XSRF Protection High CVE-2020-1977
TRA-2020-10 Siemens TIA Portal Denial of Service High CVE-2019-19282
TRA-2020-09 SimpliSafe SS3 Unauthenticated Wi-Fi Config Modification Low CVE-2019-3998
TRA-2020-08 Microsoft Windows User Group Policy Bypass Medium
TRA-2020-07 MikroTik WinBox Path Traversal Medium CVE-2020-5720
TRA-2020-06 Atlassian Jira CSRF Medium CVE-2019-20100
TRA-2020-05 Atlassian Jira Multiple CSRF Medium CVE-2019-20098
CVE-2019-20099
TRA-2020-04 CODESYS V3 Denial of Service High CVE-2020-7052
TRA-2020-03 SimpliSafe SS3 Unauthenticated Keypad Pairing Vulnerability Low CVE-2019-3997
TRA-2020-02 HPE Smart Update Manager 8.4.5 Remote Unauthorized Access Critical CVE-2020-7136
TRA-2020-01 MikroTik WinBox Man-in-the-Middle Password Hash Disclosure Medium CVE-2019-3981
TRA-2019-54 Microsoft Teams Multiple Vulnerabilities Medium
TRA-2019-53 ELOG Multiple Vulnerabilities High CVE-2019-3992
CVE-2019-3993
CVE-2019-3994
CVE-2019-3995
CVE-2019-3996
TRA-2019-52 Advantech WebAccess/SCADA Stack Buffer Overflow Critical CVE-2019-3951
TRA-2019-51 Blink XT2 Sync Module Multiple Vulnerabilities High CVE-2019-3983
CVE-2019-3984
CVE-2019-3985
CVE-2019-3986
CVE-2019-3987
CVE-2019-3988
CVE-2019-3989
TRA-2019-50 Harbor.io User Enumeration Vulnerability Medium CVE-2019-3990
TRA-2019-49 Schneider Electric FLM v2.3.1.0 / FlexNet Publisher 11.6.2 Multiple Vulnerabilities High CVE-2019-8960
CVE-2019-8961
TRA-2019-48 CODESYS V3 Unauthenticated Remote Heap Buffer Overflow Critical CVE-2019-18858
TRA-2019-47 Qualcomm Atheros Universal WLAN Kernel Memory Disclosure Medium CVE-2019-10618
TRA-2019-46 MikroTik RouterOS Multiple Vulnerabilities High CVE-2019-3976
CVE-2019-3977
CVE-2019-3978
CVE-2019-3979
TRA-2019-45 Cisco TelePresence Advanced Media Gateway 3610 Denial of Service Medium CVE-2019-15966
TRA-2019-44 Cisco SPA100 Series Multiple Vulnerabilities Critical CVE-2019-15240
CVE-2019-15241
CVE-2019-15242
CVE-2019-15243
CVE-2019-15244
CVE-2019-15245
CVE-2019-15246
CVE-2019-15247
CVE-2019-15248
CVE-2019-15249
CVE-2019-15250
CVE-2019-15251
CVE-2019-15252
CVE-2019-15257
CVE-2019-15258
CVE-2019-12702
CVE-2019-12703
CVE-2019-12704
CVE-2019-12708
TRA-2019-43 SolarWinds Dameware Mini Remote Control Unauthenticated RCE Critical CVE-2019-3980
TRA-2019-42 HPE iMC 7.3 E0703 Multiple Vulnerabilities Critical CVE-2019-5390
CVE-2019-5391
TRA-2019-41 Advantech WebAccess/SCADA 8.4.1 Unauthenticated Remote Stack Buffer Overflow Critical CVE-2019-3975
TRA-2019-40 OpenEMR Multiple Vulnerabilities High CVE-2019-3963
CVE-2019-3964
CVE-2019-3965
CVE-2019-3966
CVE-2019-3967
CVE-2019-3968
TRA-2019-39 Apple macOS / iOS UIFoundation Vulnerability Medium
TRA-2019-38 macOS LaunchServices Denial of Service Medium
TRA-2019-37 WallacePOS Multiple Vulnerabilities Medium CVE-2019-3958
CVE-2019-3959
CVE-2019-3960
TRA-2019-36 Amcrest IP Camera Multiple Vulnerabilities Medium CVE-2019-3948
TRA-2019-35 Jenkins Path Traversal / Arbitrary File Write Medium CVE-2019-10352
TRA-2019-34 Comodo Antivirus Multiple Vulnerabilities Medium CVE-2019-3969
CVE-2019-3970
CVE-2019-3971
CVE-2019-3972
CVE-2019-3973
TRA-2019-33 Siemens TIA Portal (STEP7) Remote Code Execution Critical CVE-2019-10915
TRA-2019-32 Citrix SD-WAN Appliance Multiple Vulnerabilities Critical CVE-2019-12989
CVE-2019-12991
TRA-2019-31 Citrix SD-WAN Center Multiple Vulnerabilities Critical CVE-2019-12985
CVE-2019-12986
CVE-2019-12987
CVE-2019-12988
CVE-2019-12990
CVE-2019-12992
TRA-2019-30 Arlo Basestation Firmware Multiple Vulnerabilities High CVE-2019-3949
CVE-2019-3950
TRA-2019-29 Cisco RV110W, RV130W, and RV215W Routers Multiple Vulnerabilities Medium CVE-2019-1897
CVE-2019-1898
CVE-2019-1899
TRA-2019-28 Multiple Advantech WebAccess Vulnerabilities Critical CVE-2019-3953
CVE-2019-3954
TRA-2019-27 Fuji Electric V-Server Denial of Service and Information Disclosure Medium CVE-2019-3946
CVE-2019-3947
TRA-2019-26 Dameware Remote Mini Controller Multiple Vulnerabilities High CVE-2019-3955
CVE-2019-3956
CVE-2019-3957
TRA-2019-25 Zsh Multiple Denial of Service Vulnerabilities Low
TRA-2019-24 Chromium Dev Tools Crash Low
TRA-2019-23 Slack Desktop Application for Windows Download Hijack Medium
TRA-2019-22 Parrot ANAFI Drone Denial of Service Medium CVE-2019-3944
CVE-2019-3945
TRA-2019-21 Cisco Small Business Switch Security Feature Bypass High CVE-2019-1859
TRA-2019-20 OEM Presentation Platform Vulnerabilities Critical CVE-2019-3925
CVE-2019-3926
CVE-2019-3927
CVE-2019-3928
CVE-2019-3929
CVE-2019-3930
CVE-2019-3931
CVE-2019-3932
CVE-2019-3933
CVE-2019-3934
CVE-2019-3935
CVE-2019-3936
CVE-2019-3937
CVE-2019-3938
CVE-2019-3939
CVE-2017-16709
TRA-2019-19 Palo Alto Expedition Migration Tool 1.1.12 and earlier - XSS Low CVE-2019-1574
TRA-2019-18 Citrix SD-WAN Center and NetScaler SD-WAN Center Unauthenticated Remote Command Injection Critical CVE-2019-10883
TRA-2019-17 Verizon Fios Quantum Gateway Multiple Vulnerabilities High CVE-2019-3914
CVE-2019-3915
CVE-2019-3916
TRA-2019-16 MikroTik RouterOS Authenticated Directory Traversal High CVE-2019-3943
TRA-2019-15 Multiple Advantech WebAccess Vulnerabilities Critical CVE-2019-3940
CVE-2019-3941
CVE-2019-3942
TRA-2019-14 FileZilla 'fzsftp' Untrusted Search Path Medium CVE-2019-5429
TRA-2019-13 Palo Alto Expedition Migration Tool 1.1.8 and earlier - Multiple XSS Low CVE-2019-1569
CVE-2019-1570
CVE-2019-1571
TRA-2019-12 HPE iMC 7.3 E0605P06 Multiple Vulnerabilities Critical CVE-2019-5390
CVE-2019-5391
TRA-2019-11 RSLinx Classic Stack Buffer Overflow Critical CVE-2019-6553
TRA-2019-10 Palo Alto Expedition Migration Tool Stored XSS Low CVE-2019-1567
TRA-2019-09 Nokia GPON ONT Multiple Vulnerabilities Critical CVE-2019-3917
CVE-2019-3918
CVE-2019-3919
CVE-2019-3920
CVE-2019-3921
CVE-2019-3922
TRA-2019-08 SonicOS Improper Certificate Access Medium CVE-2018-9867
TRA-2019-07 MikroTik RouterOS Unauthenticated Intermediary Medium CVE-2019-3924
TRA-2019-06 Rockwell Automation EWEB SNMP Denial of Service Medium CVE-2018-19016
TRA-2019-05 Crestron DGE-100 Unauthenticated Remote Denial of Service High
TRA-2019-04 Indusoft Web Studio and InTouch Edge HMI Remote Code Execution Critical CVE-2019-6545
CVE-2019-6543
TRA-2019-03 LabKey Server Community Edition Multiple Vulnerabilities Medium CVE-2019-3911
CVE-2019-3912
CVE-2019-3913
TRA-2019-02 [R1] Crestron AM-100 Authentication Bypass Critical CVE-2019-3910
TRA-2019-01 [R3] Multiple Premisys Identicard Vulnerabilities Critical CVE-2019-3906
CVE-2019-3907
CVE-2019-3908
CVE-2019-3909
TRA-2018-48 [R2] Netatalk Out-of-bounds Write Critical CVE-2018-1160
TRA-2018-47 [R2] Logitech Harmony Hub Multiple Vulnerabilities High CVE-2018-15720
CVE-2018-15721
CVE-2018-15722
CVE-2018-15723
TRA-2018-46 [R1] Cisco Adaptive Security Appliance HTTP Privilege Escalation High CVE-2018-15465
TRA-2018-45 [R2] Advantech WebAccess Stack Buffer Overflow Critical CVE-2018-18999
TRA-2018-44 [R1] Open Dental Multiple Vulnerabilities Critical CVE-2018-15717
CVE-2018-15718
CVE-2018-15719
TRA-2018-43 [R2] Jenkins Forced Migration of User Records Medium CVE-2018-1000863
TRA-2018-42 [R1] Cisco Energy Management Suite Default PostgreSQL Credentials Medium CVE-2018-0468
TRA-2018-41 [R1] NUUO NVRMini2 Authenticated Command Injection Critical CVE-2018-15716
TRA-2018-40 [R2] Zoom Message Spoofing Critical CVE-2018-15715
TRA-2018-39 [R1] Multiple HPE Moonshot Provisioning Manager Vulnerabilities High
TRA-2018-38 [R1] Multiple Schneider Electric Modicon Quantum Vulnerabilities Critical CVE-2018-7809
CVE-2018-7810
CVE-2018-7811
CVE-2018-7830
CVE-2018-7831
TRA-2018-37 [R2] Nagios XI Multiple Vulnerabilities High CVE-2018-15708
CVE-2018-15709
CVE-2018-15710
CVE-2018-15711
CVE-2018-15712
CVE-2018-15713
CVE-2018-15714
TRA-2018-36 [R1] Cisco Energy Management Suite Multiple Vulnerabilities Critical CVE-2018-15444
CVE-2018-15445
TRA-2018-35 [R1] Multiple Advantech WebAccess Vulnerabilities Critical CVE-2018-15705
CVE-2018-15706
CVE-2018-15707
TRA-2018-34 [R1] Multiple Vulnerabilities in AVEVA Indusoft Web Studio and InTouch Edge HMI Critical CVE-2018-17914
CVE-2018-17916
TRA-2018-33 [R1] Multiple Advantech WebAccess Vulnerabilities High CVE-2018-15703
CVE-2018-15704
TRA-2018-32 [R1] Multiple Oracle WebLogic Docker Password Disclosures Medium CVE-2018-3213
TRA-2018-31 [R1] Multiple Oracle GoldenGate Manager Vulnerabilities Critical CVE-2018-2912
CVE-2018-2913
CVE-2018-2914
TRA-2018-30 [R1] IBM WebSphere Application Server Admin Console File Disclosure Medium CVE-2018-1770
TRA-2018-29 [R1] Multiple Jenkins Vulnerabilities Medium
TRA-2018-28 [R3] HPE Intelligent Management Center Multiple Vulnerabilities Critical CVE-2018-7116
CVE-2018-7121
CVE-2018-7122
CVE-2018-7123
CVE-2019-5392
CVE-2019-5393
TRA-2018-27 [R1] TP-Link TL-WRN841N Multiple Vulnerabilities Critical CVE-2018-15700
CVE-2018-15701
CVE-2018-15702
TRA-2018-26 [R1] RSLinx Classic Buffer Overflows Critical CVE-2018-14821
CVE-2018-14829
TRA-2018-25 [R2] Multiple NUUO NVRMini2 Vulnerabilities Critical CVE-2018-1149
CVE-2018-1150
TRA-2018-24 [R1] HPE Intelligent Management Center Stack Buffer Overflow Critical CVE-2018-7115
TRA-2018-23 [R1] Advantech WebAccess Remote Code Execution Critical CVE-2017-16720
TRA-2018-22 [R1] Multiple ASUSTOR Data Master Vulnerabilities High CVE-2018-15694
CVE-2018-15695
CVE-2018-15696
CVE-2018-15697
CVE-2018-15698
CVE-2018-15699
TRA-2018-21 [R1] Mikrotik RouterOS Multiple Authenticated Vulnerabilities Critical CVE-2018-1156
CVE-2018-1157
CVE-2018-1158
CVE-2018-1159
TRA-2018-20 [R2] Cisco Data Center Network Manager Authenticated Path Traversal Medium CVE-2018-0464
TRA-2018-19 [R1] AVEVA InduSoft Web Studio and InTouch Machine Edition Remote Code Execution Critical CVE-2018-10620
TRA-2018-18 [R1] Burp Suite Community Edition Improper Certificate Validation Medium CVE-2018-1153
TRA-2018-17 [R1] libturbo-jpeg Denial of Service Medium CVE-2018-1152
TRA-2018-16 [R1] GlassFish 4.x Denial of Service High
TRA-2018-15 [R2] HPE Moonshot Provisioning Manager Arbitrary File Move High CVE-2018-7072
CVE-2018-7073
TRA-2018-14 [R1] Western Digital TV Media Player and Live Hub Unauthenticated RCE Critical CVE-2018-1151
TRA-2018-13 [R2] IBM Netezza Appliance Local Privilege Escalation High CVE-2018-1460
TRA-2018-12 [R1] Cylance PROTECT Missing SSL Certificate Verification Medium
TRA-2018-11 [R1] Cisco Prime Data Center Network Manager Remote Code Execution Critical CVE-2018-0258
TRA-2018-10 [R1] Trend Micro Smart Protection Server Denial of Service High CVE-2018-6237
TRA-2018-09 [R1] OpenVPN Windows Service Double Free High CVE-2018-9336
TRA-2018-08 [R1] Belkin N750 F9K1103 v1 Multiple Vulnerabilities Critical CVE-2018-1143
CVE-2018-1144
CVE-2018-1145
CVE-2018-1146
TRA-2018-07 [R3] Schneider Electric InduSoft Web Studio and InTouch Machine Edition Remote Code Execution Critical CVE-2018-8840
TRA-2018-06 [R1] Cisco IOS and IOS XE Multiple Memory Corruption Vulnerabilities High CVE-2018-0172
CVE-2018-0173
CVE-2018-0174
TRA-2018-05 [R1] Micro Focus Operations Orchestrations Information Disclosure and Remote Denial of Service High CVE-2018-6490
TRA-2018-04 [R3] Check Point Gaia OS Privilege Escalation Medium
TRA-2018-03 [R2] EMC VASA Virtual Appliance Default Creds and Arbitrary File Upload Critical CVE-2018-1216
CVE-2018-1215
TRA-2018-02 [R1] NetGain Enterprise Manager Multiple Remote Vulnerabilities High CVE-2017-17406
CVE-2017-16610
CVE-2017-16607
CVE-2017-16609
CVE-2017-16608
TRA-2018-01 [R1] HPE Intelligent Management Center (iMC) PLAT Java RMI RCE High CVE-2017-5792
TRA-2017-37 [R1] gSOAP HTTP DIME Parsing Denial of Service Medium
TRA-2017-36 [R1] Firebird fbudf Module Authenticated Remote Code Execution Critical CVE-2017-11509
TRA-2017-35 [R2] Verizon Fios Quantum Gateway G1100 Remote Information Disclosure Medium
TRA-2017-34 [R1] Siemens SIMATIC Logon Denial of Service Medium CVE-2017-9938
TRA-2017-33 [R1] Wanscam Network Camera Multiple Vulnerabiltiies Medium CVE-2017-11510
TRA-2017-32 [R1] HPE Universal Configuration Management Database Multiple Vulnerabilities Critical CVE-2017-14351
CVE-2017-14353
CVE-2017-14354
TRA-2017-31 [R1] ManageEngine ServiceDesk Multiple Vulnerabilties High CVE-2017-11511
CVE-2017-11512
TRA-2017-30 [R1] HPE System Management Homepage Remote Denial of Service High CVE-2017-12545
TRA-2017-29 [R1] Advantech WebAccess SQL Injection Critical CVE-2017-12710
TRA-2017-28 [R1] HPE Operations Orchestration Central Remoting Java Deserialization Remote Code Execution High CVE-2017-8994
TRA-2017-27 [R1] HPE Intelligent Management Center SOM Module Remote File Disclosure Medium CVE-2017-12555
TRA-2017-26 [R1] HP Data Protector Multiple Remote Vulnerabilities High CVE-2017-5807, CVE-2017-5808
TRA-2017-25 [R2] HPE Operations Orchestration Incomplete Fix for CVE-2016-8519 High CVE-2017-8994
TRA-2017-24 [R1] Ecava IntegraXor SQL Injection Remote Code Execution High CVE-2017-6050
TRA-2017-23 [R1] Cisco Security Manager and Prime LMS Java Deserialization Remote Code Execution Critical CVE-2015-6420
TRA-2017-22 [R1] ReadyMedia HTTP Request Denial of Service High
TRA-2017-21 [R1] Check_MK Multisite Web UI Reflected XSS Medium CVE-2017-9781
TRA-2017-20 [R2] Check_MK Multisite Web UI Stored and Reflected XSS Medium CVE-2017-11507
TRA-2017-19 [R1] Kaa IoT Platform SdkServlet / RecordServlet Java Object Deserialization Remote Code Execution High CVE-2017-7911
TRA-2017-18 [R1] HP Intelligent Management Center (iMC) Platform euplat RMI Registry Java Deserialization Remote Code Execution Critical CVE-2017-5792
TRA-2017-17 [R1] ManageEngine ServiceDesk Plus AuthError.jsp ErrorMsg Parameter Reflected XSS Medium
TRA-2017-16 [R1] Oracle WebLogic Server Web Container Subcomponent Reflected PartItem File Manipulation Remote Code Execution Critical CVE-2017-3531
TRA-2017-15 [R2] NetIQ Sentinel Multiple Remote Vulnerabilities High CVE-2017-5184
CVE-2017-5185
TRA-2017-14 [R1] Cisco Unified Customer Voice Portal Java Deserialization Remote Code Execution Critical CVE-2015-6420
TRA-2017-13 [R1] HPE LoadRunner libxdrutil.dll mxdr_string() Function XDR String Handling Remote Heap Buffer Overflow Critical CVE-2017-5789
TRA-2017-12 [R1] HP Intelligent Management Center (iMC) Platform /imc/fault/accessMgrServlet Java Deserialization Remote Code Execution Critical CVE-2017-5790
TRA-2017-11 [R1] Sophos XG Firewall login.jsp utype Parameter Reflected XSS Medium
TRA-2017-10 [R1] Debian MediaTomb (fork) Multiple Remote Vulnerabilities Critical CVE-2012-5958
CVE-2012-5959
CVE-2012-5960
CVE-2016-6255
CVE-2016-8863
TRA-2017-09 [R2] HP Intelligent Management Center (iMC) Platform /rptviewer/servlets/redirectviewer Multiple Remote Issues High CVE-2016-8525
CVE-2016-8530
TRA-2017-08 [R1] Portable SDK for UPnP Devices (libupnp) glibc Implementation getaddrinfo() Function Remote Stack Overflow Critical CVE-2015-7547
TRA-2017-07 [R1] Oracle WebLogic RMI Registry UnicastRef Object Java Deserialization Remote Code Execution Critical CVE-2017-3248
TRA-2017-06 [R1] ManageEngine ADAudit Plus Multiple Vulnerabilities High
TRA-2017-05 [R1] HP Operations Orchestration (HP OO) /oo/backwards-compatibility/wsExecutionBridgeService Jaa Deserialization Remote Code Execution Critical CVE-2016-8519
TRA-2017-04 [R1] Advantech WebAccess Multiple Vulnerabilities High CVE-2017-5152
CVE-2017-5154
TRA-2017-03 [R2] Oracle Outside In Content Access vspdf.dll Multiple Remote DoS Medium CVE-2017-3294
CVE-2017-3295
TRA-2017-02 [R2] Sophos Web Protection Appliance ftp_redirect.php s Parameter Reflected XSS Medium CVE-2017-9523
TRA-2017-01 [R1] Liferay CE Portal /api/liferay Java Deserialization Blacklist Bypass Remote Code Execution Critical
TRA-2016-39 [R1] Hewlett Packard Network Automation RPCServlet Arbitrary Code Execution High CVE-2016-8511
TRA-2016-38 [R1] Cisco Prime Collaboration Provisioning Restricted CLI Bypass Local Privilege Escalation Medium CVE-2016-1320
TRA-2016-37 [R2] Dell SonicWALL /appliance/license.jsp Serial Number Disclosure Remote Privilege Escalation Medium
TRA-2016-36 [R1] ManageEngine OpManager NMS Server Multiple Vulnerabilities Critical
TRA-2016-35 [R1] WISE Server Commons Collection / FileUpload Java Deserialization Remote Command Execution Critical
TRA-2016-34 [R1] VMWare vRealize Operations Manager Appliance Multiple Vulnerabilities Chained Remote Code Execution High CVE-2016-7462
TRA-2016-33 [R1] Oracle WebLogic Server Commons DiskFileItem Remote File Manipulation Critical CVE-2016-5535
TRA-2016-32 [R1] HP System Management Homepage (SMH) Multiple Remote Stack Buffer Overflows High CVE-2016-4395
CVE-2016-4396
TRA-2016-31 [R1] ManageEngine ADAudit Plus Obfuscated Cookie Password Disclosure Low
TRA-2016-30 [R1] Novell NetIQ Sentinel Commons DiskFileItem RMI Java Deserialization Remote File Creation / Manipulation Critical CVE-2016-1000031
TRA-2016-29 [R2] Citrix License Server / Flexera FlexNet Publisher lmadmin.exe 2F Packet Handling Remote DoS Medium CVE-2016-6273
TRA-2016-28 [R2] CloudView NMS Multiple Remote Vulnerabilities High
TRA-2016-27 [R1] Hewlett Packard Network Automation RMI Registry Port Java Deserialization Remote Code Execution Critical CVE-2016-4385
TRA-2016-26 [R1] HP LoadRunner Multiple Remote DoS High CVE-2016-4384
CVE-2016-4361
TRA-2016-25 [R1] Red5 Server RMI Registry /red5 Java Deserialization Remote Code Execution Critical
TRA-2016-24 [R1] PowerFolder Multiple Remote Vulnerabilities Critical
TRA-2016-23 [R4] Apache Wicket DiskFileItem Java Deserialization Remote File Manipulation Medium CVE-2013-2186
CVE-2016-1000031
CVE-2016-6793
TRA-2016-22 [R2] Red Hat JBoss Operations Network /jboss-remoting-servlet-invoker/ServerInvokerServlet Jython Deserialization Remote Code Execution Critical CVE-2016-3737
CVE-2016-6330
TRA-2016-21 [R1] Oracle WebLogic Server weblogic.corba.utils.MarshallObject Java Deserialization Remote Code Execution Critical CVE-2016-3510
TRA-2016-20 [R2] Pivotal Spring Framework HttpInvokerServiceExporter readRemoteInvocation Method Untrusted Java Deserialization Critical CVE-2016-1000027
TRA-2016-19 [R1] Palo Alto Networks PAN-OS /api Multiple Parameter Handling Remote DoS Medium
TRA-2016-18 [R1] IBM iAccess for Windows i Navigator Encoded Windows Admin Password Local Disclosure Low CVE-2016-0287
TRA-2016-17 [R2] HP Loadrunner / HP Performance Center Virtual Table Server (VTS) \web\admin\data.js Remote File Deletion High CVE-2016-4360
TRA-2016-16 [R2] HP LoadRunner mchan.dll Shared Memory Object Name Construction Remote Stack Buffer Overflow High CVE-2016-4359
TRA-2016-15 [R1] Ipswitch WhatsUp Gold WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection Medium CVE-2016-1000000
TRA-2016-14 [R1] HP System Management Homepage (SMH) mod_smh_config.so AddCertsToTrustCfgList() Function X.509 Certificate Subject Common Name Handling Remote DoS Low
TRA-2016-13 [R1] Core FTP Server Path Traversal Arbitrary File/Directory Access Medium
TRA-2016-12 [R3] Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution (LOBSTER) Critical CVE-2016-1000031
TRA-2016-11 [R1] Oracle MySQL Enterprise Monitor Multiple Library readObject() Function Java Object Deserialization Remote Code Execution High CVE-2016-3461
TRA-2016-10 [R2] ManageEngine OpManager / Service Desk Multiple Vulnerabilities High CVE-2016-82014
CVE-2016-82015
TRA-2016-09 [R1] Oracle WebLogic ClassFilter.class ServerChannelInputStream Bypass Java Deserialization Remote Code Execution Critical CVE-2016-0638
CVE-2015-4829
TRA-2016-08 [R1] Cisco Unified Computing System - Multiple Vulnerabilities Medium CVE-2016-1339
CVE-2016-1340
TRA-2016-07 [R1] Microsoft Windows 10 lsass.exe Empty SID Lookup Handling Remote DoS Medium CVE-2016-0135
TRA-2016-06 [R1] Cisco Multiple Routers Fragmented IKEv2 Packet Handling Remote Integer Overflow High CVE-2016-1344
TRA-2016-05 [R1] Barco ClickShare Multiple Script Remote Command Execution High CVE-2015-6532
CVE-2015-6533
TRA-2016-04 [R2] Cisco IOS Smart Install Client Feature Config / Boot Image File List Upload Remote Code Execution High CVE-2015-6264
CVE-2016-1349
TRA-2016-03 [R1] Microsoft Windows DNS Server dns.exe answerIQuery() Function Remote Buffer Overflow Medium CVE-2016-82007
TRA-2016-02 [R1] HP Operations Manager i flex-messaging-core.jar XML External Entity (XXE) Injection Remote Information Disclosure Medium CVE-2015-3269
TRA-2016-01 [R1] ManageEngine AssetExplorer /workorder/FileDownload.jsp fName Parameter Traversal Remote File Disclosure Medium CVE-2016-82002
TRA-2015-07 [R1] ManageEngine Desktop Central /statusUpdate fileName Parameter Traversal Multiple Extension File Upload Remote Code Execution Critical CVE-2015-82001
TRA-2014-04 [R1] NetMotion Mobility VPN nmdrv.sys TCP Connection Termination Handling Remote DoS High CVE-2014-82000
TRA-2015-06 [R1] HP Client Automation / Accelerite Endpoint Management Core Server HPCA Management Agent (nvdkit.exe) Cleartext Credentials MiTM Disclosure Low CVE-2015-82000
TRA-2015-05 [R1] FreeSWITCH parse_string() Function Multiple Vector Remote Heap Buffer Overflow Critical CVE-2015-8311
TRA-2015-04 [R1] NTP Autokey Functionality Multiple Remote DoS High CVE-2015-7691
CVE-2015-7692
CVE-2015-7701
TRA-2015-03 [R1] 3S CODESYS PLCWinNT Runtime Service NULL Pointer Dereference Remote DoS High CVE-2015-6482
TRA-2015-02 [R2] Palo Alto Networks Panorama VM Appliance PAN-OS Firmware Signature Verification Bypass Arbitrary Code Execution High CVE-2015-6531
TRA-2015-01 [R1] Microsoft Windows SMB v1 Service Principal Name Handling Remote Buffer Overflow High CVE-2015-2474
TRA-2014-01 Juniper Junos Space MySQL Server Unspecified Hardcoded Credentials High CVE-2014-3413
TRA-2014-02 Novell ZENworks Configuration Management (ZCM) PreBoot Service (novell-pbserv.exe) Remote Path Traversal File Access High CVE-2013-3706
TRA-2014-03 3S CoDeSys Runtime Toolkit Unspecified NULL Pointer Dereference Remote DoS High CVE-2014-0757
TRA-2013-08 Adobe ColdFusion CFIDE Directory Unspecified Reflected XSS Medium CVE-2013-5326
TRA-2013-07 [R1] Cisco Prime Network Control System (NCS) / Wireless Control System (WCS) login.jsp requestUrl Parameter Reflected XSS Medium CVE-2012-5990
TRA-2013-05 HP LoadRunner magentproc.exe SSL Connection Handling Buffer Overflow Remote Code Execution High CVE-2013-4800
TRA-2013-06 HP LoadRunner XDR-encoded Data Handling Remote Buffer Overflow High CVE-2013-4799
TRA-2013-10 3S CoDeSys Gateway Unspecified Use-after-free Arbitrary Code Execution Critical CVE-2013-2781
TRA-2013-04 Adobe ColdFusion Unspecified Remote Code Execution Critical CVE-2013-1389
TRA-2013-09 [R1] IBM InfoSphere Products /rdweb/getUsers.do Remote Account Information Remote Disclosure Medium CVE-2013-0584
TRA-2013-03 Cisco IOS Smart Install Client Feature Malformed Config / Boot Image File Upload Remote Code Execution Critical CVE-2013-1146
TRA-2013-02 [R1] WebYaST /host Configuration Path Handling Unauthenticated Host List Manipulation Medium CVE-2012-0435
TRA-2013-01 Dell OpenManage Server Administrator /help/sm/en/Output/wwhelp/wwhimpl/js/html/index_main.htm topic Parameter DOM-based XSS Medium CVE-2012-6272
TRA-2012-18 Novell File Reporter NFRAgent.exe VOL Element Tag Parsing Remote Overflow High
TRA-2012-17 [R1] McAfee Email and Web Security / Email Gateway Multiple Vulnerabilities Critical CVE-2012-4595
CVE-2012-4596
CVE-2012-4597
TRA-2012-16 [R1] Symantec Web Gateway (SWG) Multiple Vulnerabilities #2 Critical CVE-2012-2953
CVE-2012-2957
CVE-2012-2961
CVE-2012-2977
TRA-2012-05 Rocket U2 UniData unidata72 RPC Interface Call Parsing Arbitrary Command Execution Critical
TRA-2012-04 [R1] Symantec LiveUpdate Administrator Installation Directory Permission Weakness Local Privilege Escalation High CVE-2012-0304
TRA-2012-03 [R1] Symantec Web Gateway (SWG) Multiple Vulnerabilities #1 Critical CVE-2012-0297
CVE-2012-0298
CVE-2012-0299
CVE-2012-0296
TRA-2012-02 Apple Mac OS X SRP-Based Authentication Credential Verification Time Capsule Credential Information Disclosure Medium CVE-2012-0675
TRA-2012-19 [R1] CiscoWorks Prime LAN Management Solution (LMS) Autologin.jsp URL Parameter HTTP Header Response Splitting Medium CVE-2011-4237
TRA-2012-01 PHP Timezone Functionality php_date_parse_tzfile Cache strtotime Function Call Saturation Remote DoS Medium CVE-2012-0789
TRA-2011-12 HP StorageWorks P4000 Virtual SAN Appliance Software Management Service Authentication Bypass Remote Command Execution High CVE-2012-4361
CVE-2012-2986
TRA-2011-08 [R1] Dell KACE K2000 System Deployment Appliance Read-Only Account Default Credentials Remote Information Disclosure Medium CVE-2011-4048
TRA-2011-09 [R1] Dell KACE K2000 System Deployment Appliance Task Processor Database Write Access Remote Privilege Escalation High CVE-2011-4047
TRA-2011-10 [R1] Dell KACE K2000 System Deployment Appliance Multiple Reflected XSS Medium CVE-2011-4436
TRA-2011-11 [R2] Dell KACE K2000 System Deployment Appliance Backdoor Admin Account Critical CVE-2011-4046
TRA-2011-07 [R1] Microsoft Forefront Unified Access Gateway Multiple Vulnerabilities Medium CVE-2011-1895
CVE-2011-1896
CVE-2011-1897
TRA-2011-06 [R2] HP OpenView Performance Insight sendEmail.jsp bgcolor Parameter Reflected XSS Medium CVE-2011-2410
TRA-2011-05 [R1] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution Critical CVE-2011-2261
TRA-2011-04 [R1] IBM Tivoli Management Framework Endpoint lcfd.exe opts Field Handling Remote Buffer Overflow High CVE-2011-1220
TRA-2011-03 IBM solidDB rpc_test_svc Commands Handling NULL Dereference Remote DoS High CVE-2011-1208
TRA-2011-02 IBM solidDB Password Hash Verification Bypass Remote Code Execution High CVE-2011-1560
TRA-2011-01 [R1] Adobe ColdFusion Administrator Console login.cfm URI Handling Reflected XSS Medium CVE-2011-0580
TRA-2010-05 HP Power Manager Management Server Login Form URL Parameter Buffer Overflow High CVE-2010-4113
TRA-2010-04 [R1] FreeNAS exec_raw.php cmd Parameter Remote Command Execution Critical
TRA-2010-03 [R1] HP Multiple Products switchFWInstallStatus.jsp logfile Parameter Arbitrary File Access High CVE-2010-3286
CVE-2010-3986
CVE-2010-4100
CVE-2010-4103
CVE-2010-4102
TRA-2010-02 [R1] phpMyAdmin Setup Script setup/frames/index.inc.php Verbose Server Name Stored XSS Medium CVE-2010-3263
TRA-2010-01 HP Mercury LoadRunner Agent magentproc.exe Remote Arbitrary Code Execution Critical CVE-2010-1549
TRA-2009-04 HP Storage OpenView Data Protector Backup Client Service MSG_PROTOCOL Command Remote Overflow Critical CVE-2007-2280
TRA-2009-03 Movable Type /mt/mt-check.cgi System Information Disclosure Medium
TRA-2009-02 [R1] phpMyAdmin < 3.1.3.2 Multiple Vulnerabilities Critical CVE-2009-1285
TRA-2009-01 Adobe Acrobat getIcon() Function PDF Handling Overflow High CVE-2009-0927
TRA-2008-01 Symantec Veritas Storage Foundation Scheduler Service (VxSchedService.exe) NULL NTLMSSP Authentication Bypass Critical CVE-2008-3703
TRA-2007-12 HP-UX Software Distributor (SD) swagentd sw_rpc_agent_init Function Crafted DCE RPC Request Remote Overflow Critical CVE-2007-6195
TRA-2007-11 Microsoft Windows Message Queuing MSMQ Message Handling Arbitrary Code Execution High CVE-2007-3039
TRA-2007-10 Novell NetMail AntiVirus Agent (avirus.exe) Unspecified ASCII Iinteger Handling Remote Overflow Medium CVE-2007-6302
TRA-2007-09 HP OpenView Network Node Manager (OV NNM) Multiple Remote Overflow Critical CVE-2007-6204
TRA-2007-08 CA BrightStor ARCServe Backup Message Engine RPC Service Arbitrary Code Execution Critical CVE-2007-5328
TRA-2007-07 MIT Kerberos 5 RPCSEC_GSS RPC Library (librpcsecgss) lib/rpc/svc_auth_gss.c svcauth_gss_validate Function Remote Overflow Critical CVE-2007-3999
TRA-2007-06 EMC NetWorker Remote Exec Service (nsrexecd.exe) Remote Overflow High CVE-2007-3618
TRA-2007-05 BakBone NetVault Reporter Manager Scheduler Client Multiple Remote Overflow Critical CVE-2007-3911
TRA-2007-04 Panda AdminSecure Agent Crafted Packet Remote Overflow High CVE-2007-3026
TRA-2007-03 CA Multiple Products inoweb Console Server Authentication Remote Overflow Critical CVE-2007-2522
TRA-2007-02 CA BrightStor ARCserve Backup Media Server SUN RPC Service Remote Overflows Critical CVE-2007-2139
TRA-2007-01 Novell GroupWise WebAccess GWINTER.exe Basic Authentication Base64 Decoding Overflow Critical CVE-2007-2171
TRA-2006-01 Microsoft Windows Server Service SRV.SYS Crafted Request SMB Information Disclosure Medium CVE-2006-1315
Try for free Buy now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Buy Now
Try for free Buy now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Buy Now
Try for free Buy now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Buy Now
Try for free Buy now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for free Contact sales

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a sales representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Request a demo of Tenable Security Center

Please fill out this form with your contact information.

A sales representative will contact you shortly to schedule a demo.

* Field is required

Request a demo of Tenable OT Security

Get the Operational Technology security you need.

Reduce the risk you don’t.

Request a demo of Tenable Identity Exposure

Continuously detect and respond to Active Directory attacks. No agents. No privileges.

On-prem and in the cloud.

Request a demo of Tenable Cloud Security

Exceptional unified cloud security awaits you!

We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.

See
Tenable One
in action

Exposure management for the modern attack surface.

See Tenable Attack Surface Management in action

Know the exposure of every asset on any platform.

Get a demo of Tenable Enclave Security

Please fill out the form with your contact information and a sales representative will contact you shortly to schedule a demo.

Try for free Buy now

Try Tenable Nessus Professional free

Free for 7 days

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
now available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select your license

Buy a multi-year license and save.

Add support and training
Buy Now
Renew an existing license Find a reseller
Try for free Buy now

Try Tenable Nessus Expert free

Free for 7 days.

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select your license

Buy a multi-year license and save more.

Add support and training
Buy Now
Renew an existing license Find a reseller