Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Research Advisories

This page contains information regarding security vulnerabilities in third-party software discovered by a dedicated team supported by researchers and engineers at Tenable. Tenable believes in coordinated disclosure, working with vendors to better protect our customers. Here is our public key. Please refer to our Vulnerability Disclosure Policy for additional details.

For issues that impact Tenable products, please visit the Tenable Product Security Advisories. For more details on submitting vulnerability information for Tenable products, please see our Vulnerability Reporting Guidelines page.

Find a vulnerability in a Tenable product?

Please report it here


Date Advisory ID Name Severity CVE ID
March 11, 2022 TRA-2022-07 Vulnerability in DVDFab Player Permits Attacker to Read Arbitrary Files in Windows Filesystem High
February 28, 2022 TRA-2022-06 Zyxel Routers and Home WiFi Systems - Unprotected Root Access via UART Using Default Password High
February 22, 2022 TRA-2022-05 Multiple Vulnerabilities in Trend Micro ServerProtect Critical
February 14, 2022 TRA-2022-04 Microsoft Teams Session Token in URL (Zip Preview) Low
February 7, 2022 TRA-2022-03 Schneider Electric IGSS Data Collector Multiple Vulnerabilities High
February 7, 2022 TRA-2022-02 Schneider Electric IGSS Data Server Multiple Vulnerabilities Critical
February 1, 2022 TRA-2022-01 Unpatchable Vulnerabilities in Phicomm Router Firmware
December 30, 2021 TRA-2021-58 Bitmask Riseup Local Privilege Escalation High
December 30, 2021 TRA-2021-57 Netgear Nighthawk R6700 Multiple Vulnerabilities High
December 30, 2021 TRA-2021-56 Netgear Genie MacOS Installer Privilege Escalation Medium
December 30, 2021 TRA-2021-55 Netgear Nighthawk RAX43 Multiple Vulnerabilities Critical
December 30, 2021 TRA-2021-54 Trendnet AC2600 TEW-827DRU Multiple Vulnerabilities Critical
December 30, 2021 TRA-2021-53 AutoDesk Meshmixer macOS Installer Local Privilege Escalation Medium
December 23, 2021 TRA-2021-52 ManageEngine SelfService Plus Multiple Vulnerabilities Medium
December 7, 2021 TRA-2021-51 Multiple Vulnerabilities in Gryphon Tower Router Critical
November 16, 2021 TRA-2021-50 Schneider Electric C-Gate Multiple Vulnerabilities High
November 8, 2021 TRA-2021-49 Arris SurfBoard SB8200 Insecure Password Change Utility Medium
October 29, 2021 TRA-2021-48 ManageEngine Log360 Database Configuration Overwrite Unauthenticated RCE Critical
October 26, 2021 TRA-2021-47 CODESYS V2 Web Server Multiple Vulnerabilities Critical
October 26, 2021 TRA-2021-46 Wishpond Connect.js Javascript Library Prototype Pollution Medium
October 20, 2021 TRA-2021-45 Arris SurfBoard SB8200 Cross Site Request Forgery High
October 19, 2021 TRA-2021-44 Critical Vulnerabilities on the D-Link DIR-2640 Router High
October 13, 2021 TRA-2021-43 ManageEngine ADManager Plus Build 7111 Multiple Vulnerabilities High
October 12, 2021 TRA-2021-42 Multiple Vulnerabilities in Draytek VigorConnect 1.60.0-B3 Critical
October 11, 2021 TRA-2021-41 Multiple Vulnerabilities in Telus Wi-Fi Hub Medium
October 8, 2021 TRA-2021-40 Johnson Controls exacqVision Multiple Vulnerabilities Critical
September 14, 2021 TRA-2021-39 Multiple Vulnerabilities in Tracki / Trackimo GPS Platform and application Medium
September 14, 2021 TRA-2021-38 Multiple Vulnerabilities in Optimus GPS Platform Medium
September 14, 2021 TRA-2021-37 Multiple Vulnerabilities in Spytec GPS platform Medium
September 14, 2021 TRA-2021-36 Multiple Vulnerabilities in LandAirSea SilverCloud GPS Platform Medium
August 19, 2021 TRA-2021-35 User Enumeration in GSuite Okta Integration Low
August 9, 2021 TRA-2021-34 Cisco Webex Universal Links Redirect Medium
August 9, 2021 TRA-2021-33 HPE Edgeline Infrastructure Manager Unauthenticated Information Disclosure Medium
July 21, 2021 TRA-2021-32 Multiple Vulnerabilities in TCExam Critical
July 16, 2021 TRA-2021-31 Manage Engine Asset Explorer Agent - Integer Overflow High
July 16, 2021 TRA-2021-30 Manage Engine Heap Overflow POST payload High
July 16, 2021 TRA-2021-29 Manage Engine Asset Explorer Agent - Remote DoS High
July 12, 2021 TRA-2021-28 Schneider Electric Modicon M340 / M580 Authentication Bypass Vulnerability High
July 12, 2021 TRA-2021-27 AWS EC2 macOS Local Privilege Escalation Medium
June 30, 2021 TRA-2021-26 Sloan Smart Faucet Unauthenticated BLE Medium
June 28, 2021 TRA-2021-25 Machform Multiple Vulnerabilities High
June 15, 2021 tra-2021-24 Multiple Vulnerabilities in Wibu-Systems CodeMeter Critical
June 13, 2021 TRA-2021-23 Multiple vulnerabilities in Microsoft Power Apps (apps.powerapps.com, make.powerapps.com) Medium
June 9, 2021 TRA-2021-22 ManageEngine ServiceDesk Plus Authenticated RCE High
June 2, 2021 TRA-2021-21 macOS Gatekeeper Bypass / Local Privilege Escalation Medium
June 2, 2021 TRA-2021-20 macOS Installer Local Privilege Escalation Medium
June 2, 2021 TRA-2021-19 Microsoft Teams macOS Installer Local Privilege Escalation Medium
May 21, 2021 TRA-2021-18 OpenOversight Multiple Vulnerabilities Medium
May 19, 2021 TRA-2021-17 SecureDrop OSSEC Cross-Site Request Forgery Low
May 11, 2021 TRA-2021-16 LINE Private IP Address and Platform information Disclosure via GIFMagazine Medium
April 30, 2021 TRA-2021-15 HPE Edgeline Infrastructure Manager v1.21 Authentication Bypass Critical
April 28, 2021 TRA-2021-14 Python-Babel/Babel Locale Directory Traversal / Arbitrary Code Execution Medium
April 23, 2021 TRA-2021-13 Multiple Vulnerabilities in Buffalo and Arcadyan manufactured routers High
April 21, 2021 TRA-2021-12 Stored XSS in make.powerapps.com Medium
April 8, 2021 TRA-2021-11 ManageEngine ServiceDesk Plus and AssetExplorer - Unauthenticated Stored XSS Medium
March 31, 2021 TRA-2021-10 ManageEngine OpManager Remote Directory Deletion Critical
March 12, 2021 TRA-2021-09 Microsoft Teams services forwarding to untrusted domain Medium
March 8, 2021 TRA-2021-08 LINE Debugging Interface Information Disclosure Medium
March 1, 2021 TRA-2021-07 Dell EMC OpenManage Server Administrator Authentication Bypass Critical
February 22, 2021 TRA-2021-06 Secomea GateManager Multiple Vulnerabilities High
February 16, 2021 TRA-2021-05 JSDom Improper Loading of Local Resources Medium
February 16, 2021 TRA-2021-04 Racom MIDGE Firmware Multiple Vulnerabilities High
February 15, 2021 TRA-2021-03 IBM Spectrum Protect Operations Center 8.1.10 Multiple Vulnerabilities High
February 4, 2021 TRA-2021-02 ManageEngine Applications Manager Authenticated SQLi High
January 7, 2021 TRA-2021-01 Marvell QConvergeConsole GUI Multiple Vulnerabilities High
December 28, 2020 TRA-2020-71 Rockwell Automation FactoryTalk Multiple Vulnerabilities High
December 18, 2020 TRA-2020-70 Secomea GateManager Multiple Vulnerabilities Medium
December 15, 2020 TRA-2020-69 Carbon Black Installer Multiple Vulnerabilities Medium
December 6, 2020 TRA-2020-68 PsExec Local Privilege Escalation Medium
December 4, 2020 TRA-2020-67 Druva inSync Installer Privilege Escalation High
December 4, 2020 TRA-2020-66 IBM Spectrum Protect Plus Static Credential Vulnerability Critical
December 3, 2020 TRA-2020-65 Eat Spray Love Mobile App Multiple Vulnerabilities High
November 23, 2020 TRA-2020-64 Cross-site Scripting via WHOIS and DNS records on multiple lookup platforms High
November 16, 2020 TRA-2020-63 Trend Micro InterScan Web Security Virtual Appliance Multiple Vulnerabilities High
November 16, 2020 TRA-2020-62 Trend Micro Worry-Free Business Security Unauthenticated Remote File Deletion High
November 13, 2020 TRA-2020-61 Nagios XI Local Privilege Escalation High
November 5, 2020 TRA-2020-60 TP-Link Archer Routers USB Symlink Following Vulnerabilities Medium
October 21, 2020 TRA-2020-59 Umbraco Cloud CMS Multiple Vulnerabilities Medium
October 20, 2020 TRA-2020-58 Nagios XI Multiple Vulnerabilities Medium
October 1, 2020 TRA-2020-57 Teltonika Gateway TRB245 Multiple Vulnerabilities Medium
September 25, 2020 TRA-2020-56 Marvell QConvergeConsole GUI Multiple Vulnerabilities High
September 22, 2020 TRA-2020-55 IgniteNet HeliOS GLinq v2.2.1 r2961 Multiple Vulnerabilities Medium
September 14, 2020 TRA-2020-54 IBM Spectrum Protect Plus 10.1.6-1974 Multiple Vulnerabilities High
September 9, 2020 TRA-2020-53 Unauthenticated email forgery/spoofing in WordPress Email Subscribers plugin High
September 2, 2020 TRA-2020-52 Trading Technologies Messaging Multiple Unauthenticated Remote DoS High
September 1, 2020 TRA-2020-51 MAGMI Multiple Vulnerabilities Medium
August 28, 2020 TRA-2020-50 IBM Spectrum Protect CertQryResp Unauthenticated Remote DoS High
August 11, 2020 TRA-2020-49 Canvas LMS Unauthenticated Blind SSRF Medium
August 3, 2020 TRA-2020-48 Teltonika Gateway TRB245 Multiple Vulnerabilities High
July 29, 2020 TRA-2020-47 Grandstream ATA HT800 Series Multiple Vulnerabilities Critical
July 22, 2020 TRA-2020-46 CODESYS V3 Unauthenticated Webserver Memory Leak DoS High
July 17, 2020 TRA-2020-45 Ubiquiti UniFi Protect Username Discovery Medium
July 16, 2020 TRA-2020-44 Multiple Vulnerabilities in Icegram Email Subscribers & Newsletters Plugin for WordPress Medium
July 16, 2020 TRA-2020-43 Teltonika Gateway TRB245 Stored Cross-site Scripting Low
July 10, 2020 TRA-2020-42 SQL Injection in SRS Simple Hits Counter Plugin for WordPress Medium
July 7, 2020 TRA-2020-41 MX Player Android App Directory Traversal High
June 23, 2020 TRA-2020-40 Grandstream UCM6200 Series Multiple Authenticated RCE Critical
June 23, 2020 TRA-2020-39 Grandstream GWN7000 Authenticated Command Execution Critical
June 19, 2020 TRA-2020-38 VMware Tools Denial of Service Medium
June 15, 2020 TRA-2020-37 IBM Spectrum Protect Plus Multiple Vulnerabilities Critical
June 15, 2020 TRA-2020-36 Webroot Multiple Vulnerabilities High
June 15, 2020 TRA-2020-35 Plex Media Server Weak CORS Policy Medium
May 21, 2020 TRA-2020-34 Druva inSync Windows Client Local Privilege Escalation (CVE-2019-3999 Patch Bypass) High
May 19, 2020 TRA-2020-33 Signal App Information Disclosure Low
May 7, 2020 TRA-2020-32 Plex Media Server Authenticated Python Deserialization / RCE (Windows) Medium
May 7, 2020 TRA-2020-31 TCExam Multiple Vulnerabilities Medium
May 4, 2020 TRA-2020-30 Instacart SMS Link Spoofing Vulnerability Medium
May 1, 2020 TRA-2020-29 SimpliSafe SS3 PIN Add Using Rogue Keypad Low
April 27, 2020 TRA-2020-28 Flexera FlexNet Publisher lmadmin Message 282 Remote DoS Medium
April 22, 2020 TRA-2020-27 Ubiquiti UniFi Cloud Key - Unprotected root UART Access High
April 22, 2020 TRA-2020-26 IBM Spectrum Protect Verb 134 Unauthenticated Remote Stack Overflow Critical
April 21, 2020 TRA-2020-25 Plex Media Server Local Privilege Escalation (Windows) High
April 15, 2020 TRA-2020-24 Cisco IP Phones Web Server Multiple Vulnerabilities Critical
April 15, 2020 TRA-2020-23 MikroTik WinBox Cleartext Password Storage Low
April 13, 2020 TRA-2020-22 Grandstream GXP1600 Series Multiple Issues Critical
April 9, 2020 TRA-2020-21 Ubiquiti Unifi Cloud Key Gen2 Plus Unauthenticated Hostname Modification Medium
April 7, 2020 TRA-2020-20 Amcrest Camera/NVR Multiple Vulnerabilities Critical
April 6, 2020 TRA-2020-19 SolarWinds Dameware DoS High
April 3, 2020 TRA-2020-18 OpenMRS Multiple Vulnerabilities Medium
March 30, 2020 TRA-2020-17 Grandstream UCM62xx Multiple SQL Injections Medium
March 25, 2020 TRA-2020-16 CODESYS V3 Unauthenticated Remote Heap Overflow Critical
March 23, 2020 TRA-2020-15 Grandstream UCM62xx SQL Injection Critical
March 12, 2020 TRA-2020-14 Kodi Multiple Issues High
February 26, 2020 TRA-2020-13 Advantech WebAccess/SCADA Unauthenticated Remote Heap Buffer Overflow Critical
February 25, 2020 TRA-2020-12 Druva inSync Client Multiple Vulnerabilities High
February 19, 2020 TRA-2020-11 Palo Alto Expedition Migration Tool Insufficient XSRF Protection High
February 18, 2020 TRA-2020-10 Siemens TIA Portal Denial of Service High
February 13, 2020 TRA-2020-09 SimpliSafe SS3 Unauthenticated Wi-Fi Config Modification Low
February 9, 2020 TRA-2020-08 Microsoft Windows User Group Policy Bypass Medium
February 6, 2020 TRA-2020-07 MikroTik WinBox Path Traversal Medium
February 3, 2020 TRA-2020-06 Atlassian Jira CSRF Medium
February 3, 2020 TRA-2020-05 Atlassian Jira Multiple CSRF Medium
January 23, 2020 TRA-2020-04 CODESYS V3 Denial of Service High
January 16, 2020 TRA-2020-03 SimpliSafe SS3 Unauthenticated Keypad Pairing Vulnerability Low
January 15, 2020 TRA-2020-02 HPE Smart Update Manager 8.4.5 Remote Unauthorized Access Critical
January 14, 2020 TRA-2020-01 MikroTik WinBox Man-in-the-Middle Password Hash Disclosure Medium
December 26, 2019 TRA-2019-54 Microsoft Teams Multiple Vulnerabilities Medium
December 12, 2019 TRA-2019-53 ELOG Multiple Vulnerabilities High
December 11, 2019 TRA-2019-52 Advantech WebAccess/SCADA Stack Buffer Overflow Critical
December 5, 2019 TRA-2019-51 Blink XT2 Sync Module Multiple Vulnerabilities High
December 3, 2019 TRA-2019-50 Harbor.io User Enumeration Vulnerability Medium
November 20, 2019 TRA-2019-49 Schneider Electric FLM v2.3.1.0 / FlexNet Publisher 11.6.2 Multiple Vulnerabilities High
November 20, 2019 TRA-2019-48 CODESYS V3 Unauthenticated Remote Heap Buffer Overflow Critical
November 6, 2019 TRA-2019-47 Qualcomm Atheros Universal WLAN Kernel Memory Disclosure Medium
October 28, 2019 TRA-2019-46 MikroTik RouterOS Multiple Vulnerabilities High
October 17, 2019 TRA-2019-45 Cisco TelePresence Advanced Media Gateway 3610 Denial of Service Medium
October 15, 2019 TRA-2019-44 Cisco SPA100 Series Multiple Vulnerabilities Critical
September 30, 2019 TRA-2019-43 SolarWinds Dameware Mini Remote Control Unauthenticated RCE Critical
September 25, 2019 TRA-2019-42 HPE iMC 7.3 E0703 Multiple Vulnerabilities Critical
September 10, 2019 TRA-2019-41 Advantech WebAccess/SCADA 8.4.1 Unauthenticated Remote Stack Buffer Overflow Critical
August 19, 2019 TRA-2019-40 OpenEMR Multiple Vulnerabilities High
August 12, 2019 TRA-2019-39 Apple macOS / iOS UIFoundation Vulnerability Medium
August 2, 2019 TRA-2019-38 macOS LaunchServices Denial of Service Medium
July 30, 2019 TRA-2019-37 WallacePOS Multiple Vulnerabilities Medium
July 29, 2019 TRA-2019-36 Amcrest IP Camera Multiple Vulnerabilities Medium
July 17, 2019 TRA-2019-35 Jenkins Path Traversal / Arbitrary File Write Medium
July 15, 2019 TRA-2019-34 Comodo Antivirus Multiple Vulnerabilities Medium
July 8, 2019 TRA-2019-33 Siemens TIA Portal (STEP7) Remote Code Execution Critical
July 2, 2019 TRA-2019-32 Citrix SD-WAN Appliance Multiple Vulnerabilities Critical
July 2, 2019 TRA-2019-31 Citrix SD-WAN Center Multiple Vulnerabilities Critical
July 1, 2019 TRA-2019-30 Arlo Basestation Firmware Multiple Vulnerabilities High
June 19, 2019 TRA-2019-29 Cisco RV110W, RV130W, and RV215W Routers Multiple Vulnerabilities Medium
June 18, 2019 TRA-2019-28 Multiple Advantech WebAccess Vulnerabilities Critical
June 11, 2019 TRA-2019-27 Fuji Electric V-Server Denial of Service and Information Disclosure Medium
June 6, 2019 TRA-2019-26 Dameware Remote Mini Controller Multiple Vulnerabilities High
June 3, 2019 TRA-2019-25 Zsh Multiple Denial of Service Vulnerabilities Low
May 29, 2019 TRA-2019-24 Chromium Dev Tools Crash Low
May 7, 2019 TRA-2019-23 Slack Desktop Application for Windows Download Hijack Medium
May 7, 2019 TRA-2019-22 Parrot ANAFI Drone Denial of Service Medium
May 1, 2019 TRA-2019-21 Cisco Small Business Switch Security Feature Bypass High
April 30, 2019 TRA-2019-20 OEM Presentation Platform Vulnerabilities Critical
April 11, 2019 TRA-2019-19 Palo Alto Expedition Migration Tool 1.1.12 and earlier - XSS Low
April 10, 2019 TRA-2019-18 Citrix SD-WAN Center and NetScaler SD-WAN Center Unauthenticated Remote Command Injection Critical
April 9, 2019 TRA-2019-17 Verizon Fios Quantum Gateway Multiple Vulnerabilities High
April 8, 2019 TRA-2019-16 MikroTik RouterOS Authenticated Directory Traversal High
April 4, 2019 TRA-2019-15 Multiple Advantech WebAccess Vulnerabilities Critical
March 27, 2019 TRA-2019-14 FileZilla 'fzsftp' Untrusted Search Path Medium
March 22, 2019 TRA-2019-13 Palo Alto Expedition Migration Tool 1.1.8 and earlier - Multiple XSS Low
March 20, 2019 TRA-2019-12 HPE iMC 7.3 E0605P06 Multiple Vulnerabilities Critical
March 4, 2019 TRA-2019-11 RSLinx Classic Stack Buffer Overflow Critical
March 1, 2019 TRA-2019-10 Palo Alto Expedition Migration Tool Stored XSS Low
February 27, 2019 TRA-2019-09 Nokia GPON ONT Multiple Vulnerabilities Critical
February 20, 2019 TRA-2019-08 SonicOS Improper Certificate Access Medium
February 12, 2019 TRA-2019-07 MikroTik RouterOS Unauthenticated Intermediary Medium
February 4, 2019 TRA-2019-06 Rockwell Automation EWEB SNMP Denial of Service Medium
February 4, 2019 TRA-2019-05 Crestron DGE-100 Unauthenticated Remote Denial of Service High
February 4, 2019 TRA-2019-04 Indusoft Web Studio and InTouch Edge HMI Remote Code Execution Critical
January 24, 2019 TRA-2019-03 LabKey Server Community Edition Multiple Vulnerabilities Medium
January 10, 2019 TRA-2019-02 [R1] Crestron AM-100 Authentication Bypass Critical
January 8, 2019 TRA-2019-01 [R3] Multiple Premisys Identicard Vulnerabilities Critical
December 20, 2018 TRA-2018-48 [R2] Netatalk Out-of-bounds Write Critical
December 19, 2018 TRA-2018-47 [R2] Logitech Harmony Hub Multiple Vulnerabilities High
December 19, 2018 TRA-2018-46 [R1] Cisco Adaptive Security Appliance HTTP Privilege Escalation High
December 14, 2018 TRA-2018-45 [R2] Advantech WebAccess Stack Buffer Overflow Critical
December 12, 2018 TRA-2018-44 [R1] Open Dental Multiple Vulnerabilities Critical
December 5, 2018 TRA-2018-43 [R2] Jenkins Forced Migration of User Records Medium
December 5, 2018 TRA-2018-42 [R1] Cisco Energy Management Suite Default PostgreSQL Credentials Medium
November 29, 2018 TRA-2018-41 [R1] NUUO NVRMini2 Authenticated Command Injection Critical
November 29, 2018 TRA-2018-40 [R2] Zoom Message Spoofing Critical
November 26, 2018 TRA-2018-39 [R1] Multiple HPE Moonshot Provisioning Manager Vulnerabilities High
November 26, 2018 TRA-2018-38 [R1] Multiple Schneider Electric Modicon Quantum Vulnerabilities Critical
November 13, 2018 TRA-2018-37 [R2] Nagios XI Multiple Vulnerabilities High
November 9, 2018 TRA-2018-36 [R1] Cisco Energy Management Suite Multiple Vulnerabilities Critical
October 31, 2018 TRA-2018-35 [R1] Multiple Advantech WebAccess Vulnerabilities Critical
October 30, 2018 TRA-2018-34 [R1] Multiple Vulnerabilities in AVEVA Indusoft Web Studio and InTouch Edge HMI Critical
October 18, 2018 TRA-2018-33 [R1] Multiple Advantech WebAccess Vulnerabilities High
October 17, 2018 TRA-2018-32 [R1] Multiple Oracle WebLogic Docker Password Disclosures Medium
October 17, 2018 TRA-2018-31 [R1] Multiple Oracle GoldenGate Manager Vulnerabilities Critical
October 12, 2018 TRA-2018-30 [R1] IBM WebSphere Application Server Admin Console File Disclosure Medium
October 10, 2018 TRA-2018-29 [R1] Multiple Jenkins Vulnerabilities Medium
October 9, 2018 TRA-2018-28 [R3] HPE Intelligent Management Center Multiple Vulnerabilities Critical
October 1, 2018 TRA-2018-27 [R1] TP-Link TL-WRN841N Multiple Vulnerabilities Critical
September 20, 2018 TRA-2018-26 [R1] RSLinx Classic Buffer Overflows Critical
September 17, 2018 TRA-2018-25 [R2] Multiple NUUO NVRMini2 Vulnerabilities Critical
September 10, 2018 TRA-2018-24 [R1] HPE Intelligent Management Center Stack Buffer Overflow Critical
September 10, 2018 TRA-2018-23 [R1] Advantech WebAccess Remote Code Execution Critical
August 24, 2018 TRA-2018-22 [R1] Multiple ASUSTOR Data Master Vulnerabilities High
August 22, 2018 TRA-2018-21 [R1] Mikrotik RouterOS Multiple Authenticated Vulnerabilities Critical
August 21, 2018 TRA-2018-20 [R2] Cisco Data Center Network Manager Authenticated Path Traversal Medium
July 18, 2018 TRA-2018-19 [R1] AVEVA InduSoft Web Studio and InTouch Machine Edition Remote Code Execution Critical
June 15, 2018 TRA-2018-18 [R1] Burp Suite Community Edition Improper Certificate Validation Medium
June 14, 2018 TRA-2018-17 [R1] libturbo-jpeg Denial of Service Medium
June 12, 2018 TRA-2018-16 [R1] GlassFish 4.x Denial of Service High
June 11, 2018 TRA-2018-15 [R2] HPE Moonshot Provisioning Manager Arbitrary File Move High
June 11, 2018 TRA-2018-14 [R1] Western Digital TV Media Player and Live Hub Unauthenticated RCE Critical
June 8, 2018 TRA-2018-13 [R2] IBM Netezza Appliance Local Privilege Escalation High
May 4, 2018 TRA-2018-12 [R1] Cylance PROTECT Missing SSL Certificate Verification Medium
May 4, 2018 TRA-2018-11 [R1] Cisco Prime Data Center Network Manager Remote Code Execution Critical
May 4, 2018 TRA-2018-10 [R1] Trend Micro Smart Protection Server Denial of Service High
May 4, 2018 TRA-2018-09 [R1] OpenVPN Windows Service Double Free High
April 12, 2018 TRA-2018-08 [R1] Belkin N750 F9K1103 v1 Multiple Vulnerabilities Critical
April 6, 2018 TRA-2018-07 [R3] Schneider Electric InduSoft Web Studio and InTouch Machine Edition Remote Code Execution Critical
March 28, 2018 TRA-2018-06 [R1] Cisco IOS and IOS XE Multiple Memory Corruption Vulnerabilities High
February 26, 2018 TRA-2018-05 [R1] Micro Focus Operations Orchestrations Information Disclosure and Remote Denial of Service High
February 26, 2018 TRA-2018-04 [R3] Check Point Gaia OS Privilege Escalation Medium
February 15, 2018 TRA-2018-03 [R2] EMC VASA Virtual Appliance Default Creds and Arbitrary File Upload Critical
January 29, 2018 TRA-2018-02 [R1] NetGain Enterprise Manager Multiple Remote Vulnerabilities High
January 29, 2018 TRA-2018-01 [R1] HPE Intelligent Management Center (iMC) PLAT Java RMI RCE High
November 21, 2017 TRA-2017-37 [R1] gSOAP HTTP DIME Parsing Denial of Service Medium
November 21, 2017 TRA-2017-36 [R1] Firebird fbudf Module Authenticated Remote Code Execution Critical
November 20, 2017 TRA-2017-35 [R2] Verizon Fios Quantum Gateway G1100 Remote Information Disclosure Medium
November 20, 2017 TRA-2017-34 [R1] Siemens SIMATIC Logon Denial of Service Medium
November 10, 2017 TRA-2017-33 [R1] Wanscam Network Camera Multiple Vulnerabiltiies Medium
November 9, 2017 TRA-2017-32 [R1] HPE Universal Configuration Management Database Multiple Vulnerabilities Critical
November 8, 2017 TRA-2017-31 [R1] ManageEngine ServiceDesk Multiple Vulnerabilties High
November 7, 2017 TRA-2017-30 [R1] HPE System Management Homepage Remote Denial of Service High
November 7, 2017 TRA-2017-29 [R1] Advantech WebAccess SQL Injection Critical
November 7, 2017 TRA-2017-28 [R1] HPE Operations Orchestration Central Remoting Java Deserialization Remote Code Execution High
November 7, 2017 TRA-2017-27 [R1] HPE Intelligent Management Center SOM Module Remote File Disclosure Medium
November 6, 2017 TRA-2017-26 [R1] HP Data Protector Multiple Remote Vulnerabilities High
November 6, 2017 TRA-2017-25 [R2] HPE Operations Orchestration Incomplete Fix for CVE-2016-8519 High
November 6, 2017 TRA-2017-24 [R1] Ecava IntegraXor SQL Injection Remote Code Execution High
November 3, 2017 TRA-2017-23 [R1] Cisco Security Manager and Prime LMS Java Deserialization Remote Code Execution Critical
November 2, 2017 TRA-2017-22 [R1] ReadyMedia HTTP Request Denial of Service High
November 2, 2017 TRA-2017-21 [R1] Check_MK Multisite Web UI Reflected XSS Medium
November 2, 2017 TRA-2017-20 [R2] Check_MK Multisite Web UI Stored and Reflected XSS Medium
May 2, 2017 TRA-2017-19 [R1] Kaa IoT Platform SdkServlet / RecordServlet Java Object Deserialization Remote Code Execution High
April 26, 2017 TRA-2017-18 [R1] HP Intelligent Management Center (iMC) Platform euplat RMI Registry Java Deserialization Remote Code Execution Critical
April 19, 2017 TRA-2017-17 [R1] ManageEngine ServiceDesk Plus AuthError.jsp ErrorMsg Parameter Reflected XSS Medium
April 18, 2017 TRA-2017-16 [R1] Oracle WebLogic Server Web Container Subcomponent Reflected PartItem File Manipulation Remote Code Execution Critical
March 30, 2017 TRA-2017-15 [R2] NetIQ Sentinel Multiple Remote Vulnerabilities High
March 25, 2017 TRA-2017-14 [R1] Cisco Unified Customer Voice Portal Java Deserialization Remote Code Execution Critical
March 18, 2017 TRA-2017-13 [R1] HPE LoadRunner libxdrutil.dll mxdr_string() Function XDR String Handling Remote Heap Buffer Overflow Critical
March 16, 2017 TRA-2017-12 [R1] HP Intelligent Management Center (iMC) Platform /imc/fault/accessMgrServlet Java Deserialization Remote Code Execution Critical
March 15, 2017 TRA-2017-11 [R1] Sophos XG Firewall login.jsp utype Parameter Reflected XSS Medium
March 13, 2017 TRA-2017-10 [R1] Debian MediaTomb (fork) Multiple Remote Vulnerabilities Critical
February 1, 2017 TRA-2017-09 [R2] HP Intelligent Management Center (iMC) Platform /rptviewer/servlets/redirectviewer Multiple Remote Issues High
January 26, 2017 TRA-2017-08 [R1] Portable SDK for UPnP Devices (libupnp) glibc Implementation getaddrinfo() Function Remote Stack Overflow Critical
January 25, 2017 TRA-2017-07 [R1] Oracle WebLogic RMI Registry UnicastRef Object Java Deserialization Remote Code Execution Critical
January 23, 2017 TRA-2017-06 [R1] ManageEngine ADAudit Plus Multiple Vulnerabilities High
January 20, 2017 TRA-2017-05 [R1] HP Operations Orchestration (HP OO) /oo/backwards-compatibility/wsExecutionBridgeService Jaa Deserialization Remote Code Execution Critical
January 19, 2017 TRA-2017-04 [R1] Advantech WebAccess Multiple Vulnerabilities High
January 18, 2017 TRA-2017-03 [R2] Oracle Outside In Content Access vspdf.dll Multiple Remote DoS Medium
January 11, 2017 TRA-2017-02 [R2] Sophos Web Protection Appliance ftp_redirect.php s Parameter Reflected XSS Medium
January 9, 2017 TRA-2017-01 [R1] Liferay CE Portal /api/liferay Java Deserialization Blacklist Bypass Remote Code Execution Critical
December 11, 2016 TRA-2016-39 [R1] Hewlett Packard Network Automation RPCServlet Arbitrary Code Execution High
December 5, 2016 TRA-2016-38 [R1] Cisco Prime Collaboration Provisioning Restricted CLI Bypass Local Privilege Escalation Medium
November 29, 2016 TRA-2016-37 [R2] Dell SonicWALL /appliance/license.jsp Serial Number Disclosure Remote Privilege Escalation Medium
November 28, 2016 TRA-2016-36 [R1] ManageEngine OpManager NMS Server Multiple Vulnerabilities Critical
November 25, 2016 TRA-2016-35 [R1] WISE Server Commons Collection / FileUpload Java Deserialization Remote Command Execution Critical
November 16, 2016 TRA-2016-34 [R1] VMWare vRealize Operations Manager Appliance Multiple Vulnerabilities Chained Remote Code Execution High
November 1, 2016 TRA-2016-33 [R1] Oracle WebLogic Server Commons DiskFileItem Remote File Manipulation Critical
October 29, 2016 TRA-2016-32 [R1] HP System Management Homepage (SMH) Multiple Remote Stack Buffer Overflows High
October 21, 2016 TRA-2016-31 [R1] ManageEngine ADAudit Plus Obfuscated Cookie Password Disclosure Low
October 17, 2016 TRA-2016-30 [R1] Novell NetIQ Sentinel Commons DiskFileItem RMI Java Deserialization Remote File Creation / Manipulation Critical
October 6, 2016 TRA-2016-29 [R2] Citrix License Server / Flexera FlexNet Publisher lmadmin.exe 2F Packet Handling Remote DoS Medium
September 26, 2016 TRA-2016-28 [R2] CloudView NMS Multiple Remote Vulnerabilities High
September 22, 2016 TRA-2016-27 [R1] Hewlett Packard Network Automation RMI Registry Port Java Deserialization Remote Code Execution Critical
September 21, 2016 TRA-2016-26 [R1] HP LoadRunner Multiple Remote DoS High
September 14, 2016 TRA-2016-25 [R1] Red5 Server RMI Registry /red5 Java Deserialization Remote Code Execution Critical
August 18, 2016 TRA-2016-24 [R1] PowerFolder Multiple Remote Vulnerabilities Critical
August 12, 2016 TRA-2016-23 [R4] Apache Wicket DiskFileItem Java Deserialization Remote File Manipulation Medium
July 20, 2016 TRA-2016-22 [R2] Red Hat JBoss Operations Network /jboss-remoting-servlet-invoker/ServerInvokerServlet Jython Deserialization Remote Code Execution Critical
July 19, 2016 TRA-2016-21 [R1] Oracle WebLogic Server weblogic.corba.utils.MarshallObject Java Deserialization Remote Code Execution Critical
July 8, 2016 TRA-2016-20 [R2] Pivotal Spring Framework HttpInvokerServiceExporter readRemoteInvocation Method Untrusted Java Deserialization Critical
June 28, 2016 TRA-2016-19 [R1] Palo Alto Networks PAN-OS /api Multiple Parameter Handling Remote DoS Medium
June 27, 2016 TRA-2016-18 [R1] IBM iAccess for Windows i Navigator Encoded Windows Admin Password Local Disclosure Low
June 13, 2016 TRA-2016-17 [R2] HP Loadrunner / HP Performance Center Virtual Table Server (VTS) \web\admin\data.js Remote File Deletion High
June 13, 2016 TRA-2016-16 [R2] HP LoadRunner mchan.dll Shared Memory Object Name Construction Remote Stack Buffer Overflow High
May 17, 2016 TRA-2016-15 [R1] Ipswitch WhatsUp Gold WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection Medium
May 5, 2016 TRA-2016-14 [R1] HP System Management Homepage (SMH) mod_smh_config.so AddCertsToTrustCfgList() Function X.509 Certificate Subject Common Name Handling Remote DoS Low
May 3, 2016 TRA-2016-13 [R1] Core FTP Server Path Traversal Arbitrary File/Directory Access Medium
April 20, 2016 TRA-2016-12 [R3] Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution (LOBSTER) Critical
April 20, 2016 TRA-2016-11 [R1] Oracle MySQL Enterprise Monitor Multiple Library readObject() Function Java Object Deserialization Remote Code Execution High
April 19, 2016 TRA-2016-10 [R2] ManageEngine OpManager / Service Desk Multiple Vulnerabilities High
April 19, 2016 TRA-2016-09 [R1] Oracle WebLogic ClassFilter.class ServerChannelInputStream Bypass Java Deserialization Remote Code Execution Critical
April 15, 2016 TRA-2016-08 [R1] Cisco Unified Computing System - Multiple Vulnerabilities Medium
April 13, 2016 TRA-2016-07 [R1] Microsoft Windows 10 lsass.exe Empty SID Lookup Handling Remote DoS Medium
April 5, 2016 TRA-2016-06 [R1] Cisco Multiple Routers Fragmented IKEv2 Packet Handling Remote Integer Overflow High
March 29, 2016 TRA-2016-05 [R1] Barco ClickShare Multiple Script Remote Command Execution High
March 28, 2016 TRA-2016-04 [R2] Cisco IOS Smart Install Client Feature Config / Boot Image File List Upload Remote Code Execution High
March 24, 2016 TRA-2016-03 [R1] Microsoft Windows DNS Server dns.exe answerIQuery() Function Remote Buffer Overflow Medium
March 14, 2016 TRA-2016-02 [R1] HP Operations Manager i flex-messaging-core.jar XML External Entity (XXE) Injection Remote Information Disclosure Medium
February 17, 2016 TRA-2016-01 [R1] ManageEngine AssetExplorer /workorder/FileDownload.jsp fName Parameter Traversal Remote File Disclosure Medium
December 14, 2015 TRA-2015-07 [R1] ManageEngine Desktop Central /statusUpdate fileName Parameter Traversal Multiple Extension File Upload Remote Code Execution Critical
November 30, 2015 TRA-2014-04 [R1] NetMotion Mobility VPN nmdrv.sys TCP Connection Termination Handling Remote DoS High
November 30, 2015 TRA-2015-06 [R1] HP Client Automation / Accelerite Endpoint Management Core Server HPCA Management Agent (nvdkit.exe) Cleartext Credentials MiTM Disclosure Low
November 24, 2015 TRA-2015-05 [R1] FreeSWITCH parse_string() Function Multiple Vector Remote Heap Buffer Overflow Critical
October 21, 2015 TRA-2015-04 [R1] NTP Autokey Functionality Multiple Remote DoS High
October 15, 2015 TRA-2015-03 [R1] 3S CODESYS PLCWinNT Runtime Service NULL Pointer Dereference Remote DoS High
September 15, 2015 TRA-2015-02 [R2] Palo Alto Networks Panorama VM Appliance PAN-OS Firmware Signature Verification Bypass Arbitrary Code Execution High
August 24, 2015 TRA-2015-01 [R1] Microsoft Windows SMB v1 Service Principal Name Handling Remote Buffer Overflow High
May 14, 2014 TRA-2014-01 Juniper Junos Space MySQL Server Unspecified Hardcoded Credentials High
February 28, 2014 TRA-2014-02 Novell ZENworks Configuration Management (ZCM) PreBoot Service (novell-pbserv.exe) Remote Path Traversal File Access High
January 30, 2014 TRA-2014-03 3S CoDeSys Runtime Toolkit Unspecified NULL Pointer Dereference Remote DoS High
November 12, 2013 TRA-2013-08 Adobe ColdFusion CFIDE Directory Unspecified Reflected XSS Medium
September 3, 2013 TRA-2013-07 [R1] Cisco Prime Network Control System (NCS) / Wireless Control System (WCS) login.jsp requestUrl Parameter Reflected XSS Medium
July 24, 2013 TRA-2013-05 HP LoadRunner magentproc.exe SSL Connection Handling Buffer Overflow Remote Code Execution High
July 24, 2013 TRA-2013-06 HP LoadRunner XDR-encoded Data Handling Remote Buffer Overflow High
May 22, 2013 TRA-2013-10 3S CoDeSys Gateway Unspecified Use-after-free Arbitrary Code Execution Critical
May 14, 2013 TRA-2013-04 Adobe ColdFusion Unspecified Remote Code Execution Critical
April 19, 2013 TRA-2013-09 [R1] IBM InfoSphere Products /rdweb/getUsers.do Remote Account Information Remote Disclosure Medium
March 27, 2013 TRA-2013-03 Cisco IOS Smart Install Client Feature Malformed Config / Boot Image File Upload Remote Code Execution Critical
January 23, 2013 TRA-2013-02 [R1] WebYaST /host Configuration Path Handling Unauthenticated Host List Manipulation Medium
January 9, 2013 TRA-2013-01 Dell OpenManage Server Administrator /help/sm/en/Output/wwhelp/wwhimpl/js/html/index_main.htm topic Parameter DOM-based XSS Medium
August 29, 2012 TRA-2012-18 Novell File Reporter NFRAgent.exe VOL Element Tag Parsing Remote Overflow High
August 22, 2012 TRA-2012-17 [R1] McAfee Email and Web Security / Email Gateway Multiple Vulnerabilities Critical
July 20, 2012 TRA-2012-16 [R1] Symantec Web Gateway (SWG) Multiple Vulnerabilities #2 Critical
June 10, 2012 TRA-2012-05 Rocket U2 UniData unidata72 RPC Interface Call Parsing Arbitrary Command Execution Critical
May 19, 2012 TRA-2012-04 [R1] Symantec LiveUpdate Administrator Installation Directory Permission Weakness Local Privilege Escalation High
May 17, 2012 TRA-2012-03 [R1] Symantec Web Gateway (SWG) Multiple Vulnerabilities #1 Critical
May 9, 2012 TRA-2012-02 Apple Mac OS X SRP-Based Authentication Credential Verification Time Capsule Credential Information Disclosure Medium
May 3, 2012 TRA-2012-19 [R1] CiscoWorks Prime LAN Management Solution (LMS) Autologin.jsp URL Parameter HTTP Header Response Splitting Medium
January 10, 2012 TRA-2012-01 PHP Timezone Functionality php_date_parse_tzfile Cache strtotime Function Call Saturation Remote DoS Medium
November 11, 2011 TRA-2011-12 HP StorageWorks P4000 Virtual SAN Appliance Software Management Service Authentication Bypass Remote Command Execution High
November 3, 2011 TRA-2011-08 [R1] Dell KACE K2000 System Deployment Appliance Read-Only Account Default Credentials Remote Information Disclosure Medium
November 3, 2011 TRA-2011-09 [R1] Dell KACE K2000 System Deployment Appliance Task Processor Database Write Access Remote Privilege Escalation High
November 3, 2011 TRA-2011-10 [R1] Dell KACE K2000 System Deployment Appliance Multiple Reflected XSS Medium
November 3, 2011 TRA-2011-11 [R2] Dell KACE K2000 System Deployment Appliance Backdoor Admin Account Critical
October 11, 2011 TRA-2011-07 [R1] Microsoft Forefront Unified Access Gateway Multiple Vulnerabilities Medium
August 8, 2011 TRA-2011-06 [R2] HP OpenView Performance Insight sendEmail.jsp bgcolor Parameter Reflected XSS Medium
July 19, 2011 TRA-2011-05 [R1] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution Critical
May 31, 2011 TRA-2011-04 [R1] IBM Tivoli Management Framework Endpoint lcfd.exe opts Field Handling Remote Buffer Overflow High
April 26, 2011 TRA-2011-03 IBM solidDB rpc_test_svc Commands Handling NULL Dereference Remote DoS High
April 1, 2011 TRA-2011-02 IBM solidDB Password Hash Verification Bypass Remote Code Execution High
February 8, 2011 TRA-2011-01 [R1] Adobe ColdFusion Administrator Console login.cfm URI Handling Reflected XSS Medium
December 15, 2010 TRA-2010-05 HP Power Manager Management Server Login Form URL Parameter Buffer Overflow High
November 6, 2010 TRA-2010-04 [R1] FreeNAS exec_raw.php cmd Parameter Remote Command Execution Critical
October 13, 2010 TRA-2010-03 [R1] HP Multiple Products switchFWInstallStatus.jsp logfile Parameter Arbitrary File Access High
September 8, 2010 TRA-2010-02 [R1] phpMyAdmin Setup Script setup/frames/index.inc.php Verbose Server Name Stored XSS Medium
May 5, 2010 TRA-2010-01 HP Mercury LoadRunner Agent magentproc.exe Remote Arbitrary Code Execution Critical
December 16, 2009 TRA-2009-04 HP Storage OpenView Data Protector Backup Client Service MSG_PROTOCOL Command Remote Overflow Critical
November 10, 2009 TRA-2009-03 Movable Type /mt/mt-check.cgi System Information Disclosure Medium
April 14, 2009 TRA-2009-02 [R1] phpMyAdmin < Multiple Vulnerabilities Critical
March 19, 2009 TRA-2009-01 Adobe Acrobat getIcon() Function PDF Handling Overflow High
August 14, 2008 TRA-2008-01 Symantec Veritas Storage Foundation Scheduler Service (VxSchedService.exe) NULL NTLMSSP Authentication Bypass Critical
December 14, 2007 TRA-2007-12 HP-UX Software Distributor (SD) swagentd sw_rpc_agent_init Function Crafted DCE RPC Request Remote Overflow Critical
December 11, 2007 TRA-2007-11 Microsoft Windows Message Queuing MSMQ Message Handling Arbitrary Code Execution High
December 7, 2007 TRA-2007-10 Novell NetMail AntiVirus Agent (avirus.exe) Unspecified ASCII Iinteger Handling Remote Overflow Medium
December 6, 2007 TRA-2007-09 HP OpenView Network Node Manager (OV NNM) Multiple Remote Overflow Critical
October 10, 2007 TRA-2007-08 CA BrightStor ARCServe Backup Message Engine RPC Service Arbitrary Code Execution Critical
September 4, 2007 TRA-2007-07 MIT Kerberos 5 RPCSEC_GSS RPC Library (librpcsecgss) lib/rpc/svc_auth_gss.c svcauth_gss_validate Function Remote Overflow Critical
August 20, 2007 TRA-2007-06 EMC NetWorker Remote Exec Service (nsrexecd.exe) Remote Overflow High
July 25, 2007 TRA-2007-05 BakBone NetVault Reporter Manager Scheduler Client Multiple Remote Overflow Critical
July 20, 2007 TRA-2007-04 Panda AdminSecure Agent Crafted Packet Remote Overflow High
May 9, 2007 TRA-2007-03 CA Multiple Products inoweb Console Server Authentication Remote Overflow Critical
April 24, 2007 TRA-2007-02 CA BrightStor ARCserve Backup Media Server SUN RPC Service Remote Overflows Critical
April 18, 2007 TRA-2007-01 Novell GroupWise WebAccess GWINTER.exe Basic Authentication Base64 Decoding Overflow Critical
July 11, 2006 TRA-2006-01 Microsoft Windows Server Service SRV.SYS Crafted Request SMB Information Disclosure Medium
Try for Free Buy Now
Tenable.io FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free


Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try for Free Buy Now

Try Tenable.io Web Application Scanning


Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.



Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security


Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try for Free Contact Sales

Try Tenable Lumin


Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Try for Free Contact Sales

Try Tenable.cs

FREE FOR 30 DAYS Enjoy full access to detect and fix cloud infrastructure misconfigurations in the design, build and runtime phases of your software development lifecycle.

Buy Tenable.cs

Contact a Sales Representative to learn more about Cloud Security and how you can secure every step from code to cloud.