This document contains important information regarding F-Secure Radar System Scan. We strongly recommend that you read this entire document to check for changes that may affect your service.
Product updates
This section lists the changes implemented for Radar System Scan.
Version 63911, released 7, Oct 2019
[RADAR-14924] – Cisco Adaptive Security Appliance Software 20191002 Multiple Vulnerabilities
[RADAR-14949] – OTRS before 7.0.12, 6.0.23, 5.0.38 XSS (OSA-2019-13)
[RADAR-14938] – IBM MQ AMQP Listeners are vulnerable to a session fixation attack (CVE-2019-4227)
[RADAR-14923] – Umbraco 7.3.8 SQL Injection Vulnerability
[RADAR-14639] – Cisco NX-OS 20190828 Multiple Vulnerabilities
[RADAR-14922] – Information disclosure vulnerability in WebSphere Application Server (CVE-2019-4441)
[RADAR-14920] – Cisco Email Security Appliance Filter Bypass Vulnerability
Version 63859, released 3, Oct 2019
[RADAR-14890] – Insufficient URL decoding flaw in categorizing macro location in LibreOffice
[RADAR-14863] – GLPI through 9.4.3 Account takeover
[RADAR-14894] – Atlassian Bamboo before 5.7.0 Open Redirect Vulnerability
[RADAR-14893] – pfSense 2.4.4-p3/through 2.4.4-p3 Multiple Vulnerabilities
[RADAR-14900] – Information disclosure and a bypass security vulnerability in WebSphere Application Server
[RADAR-14872] – Cisco IOS / IOS XE / IOS XR/ NX-OS 20190925 Multiple Vulnerabilities
Version 63825, released 2, Oct 2019
[RADAR-14892] – IBM MQ denial of service attack caused by a memory leak in the clustering code
[RADAR-14886] – Exim RCE using a heap-based buffer overflow
[RADAR-14891] – DotNetNuke (DNN) before 9.4.0 Cross-Site Scripting
[RADAR-14871] – MediaWiki through 1.33.0 information disclosure
Version 63783, released 30, Sep 2019
[RADAR-13975] – Missing Jira vulnerabilities
[RADAR-14797] – Multiple vulnerabilities in IBM WebSphere Application Server (Sep 16, 2019)
[RADAR-14873] – IBM MQ command server is vulnerable to a denial of service attack caused by specially crafted PCF messages (CVE-2019-4378)
[RADAR-14848] – Joomla! before 3.9.12 Cross-Site Scripting Vulnerability
[RADAR-14870] – Jenkins before 2.197 and 2.176.4 Multiple Vulnerabilities
[RADAR-14850] – Security updates available for ColdFusion | APSB19-47
[RADAR-14849] – vBulletin 5.x through 5.5.4 remote command execution
[RADAR-14853] – pfSense 2.3.4 through 2.4.4-p3 Remote Code Injection
Version 63690, released 24, Sep 2019
[RADAR-14817] – Google Chrome 77 is Missing September 2019 Security Update II
[RADAR-14819] – Atlassian Bitbucket Argument Injection Vulnerability
[RADAR-14823] – VMware ESXi, Workstation and Horizon Client use-after-free and denial of service vulnerabilities (VMSA-2019-0014)
[RADAR-14818] – Template injection in Jira importers plugin (CVE-2019-15001)
[RADAR-14661] – EternalBlue not detected on Windows Server 2012R2
Version 63605, released 18, Sep 2019
[RADAR-14494] – ManageEngine AssetExplorer before 6208 XXE
[RADAR-14493] – ManageEngine Application Manager before 14300 SQL injection
[RADAR-14799] – Vmware ESXi 6.0, 6.5, 6.7 Multiple Vulnerabilities (VMSA-2019-0013)
[RADAR-14787] – ManageEngine AssetExplorer before 6503 Multiple Vulnerabilities
[RADAR-14786] – Notepad++ before 7.7 Multiple Vulnerabilities
[RADAR-14801] – Privileges manipulation in Micro Focus Data Protector 10.xx
[RADAR-14765] – Teamviewer 14.2.2558 Insufficiently Protected Administrator Credentials
[RADAR-14779] – phpMyAdmin through 4.9.0.1 Cross-Site Request Forgery
[RADAR-14760] – Atlassian JIRA Multiple Vulnerabilities (12-08-2019)
[RADAR-14747] – Core FTP 2.2 Build 1935 Buffer Overflow
[RADAR-14746] – Liferay Portal through 7.2.0 GA1 XSS
[RADAR-14758] – Google Chrome 77 is Missing September 2019 Security Update
[RADAR-14757] – OpenSSL 20190910 Multiple Vulnerabilities
[RADAR-14652] – PHP before 7.1.32, 7.2.22, 7.3.9 Multiple Vulnerabilities
[RADAR-14629] – IBM Informix Dynamic Server 12.1 Multiple Vulnerabilities
Version 63415, released 10, Sep 2019
[RADAR-14738] – LibreOffice before 6.2.7/6.3.1 Multiple Vulnerabilities
[RADAR-14731] – Asterisk Denial of Service Vulnerabilities (AST-2019-004, AST-2019-005)
[RADAR-14705] – Exim before 4.92.2 Privilege Escalation Vulnerability
[RADAR-14716] – WordPress before 5.2.3 Multiple Vulnerabilities
[RADAR-14732] – XSS vulnerability allowing RCE in TeamCity
[RADAR-14691] – Aruba Mobility Controller Multiple Remote Code Execution Vulnerabilities
[RADAR-14690] – Foxit Reader upgrade package Security Bypass Vulnerability
[RADAR-14667] – MongoDB before 3.4.22, 4.0.11, 4.1.14, 3.6.14 Multiple Vulnerabilities
[RADAR-14613] – ManageEngine ServiceDesk Plus before 10511 CSRF Vulnerability
[RADAR-14608] – MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 delete arbitrary files
[RADAR-8253] – Oracle GlassFish Server Multiple Vulnerabilities
[RADAR-14551] – email.utils.parseaddr mistakenly parse an email in Python
[RADAR-14536] – Vulnerabilities from Open-Xchange Security Advisory 2019-08-15
Version 63339, released 4, Sep 2019
[RADAR-14642] – Update Nmap to 7.80
[RADAR-14681] – Samba before 4.9.13, 4.10.8 Privilege Escalation Vulnerability
[RADAR-14643] – Local File Disclosure via Word Export in Confluence Server – CVE-2019-3394
[RADAR-14645] – OpenCms 10.5.4 and 10.5.5 Multiple Vulnerabilities
[RADAR-14623] – XSS and Information Disclosure Vulnerabilities in ProxySG
[RADAR-14641] – Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability
[RADAR-14640] – Jenkins Security Advisory 2019-08-28
[RADAR-14600] – osCommerce 2.3.4.1 incomplete ‘.htaccess’ for blacklist filtering
[RADAR-14599] – Ignite Realtime Openfire before 4.4.1 XSS
[RADAR-14606] – rpc.cgi in Webmin through 1.920 Remote Code Execution
[RADAR-14607] – xmlrpc.cgi in Webmin through 1.930 XXE
[RADAR-14598] – Atlassian JIRA (26-08-2019) Multiple Vulnerabilities
[RADAR-14554] – Roundcube Webmail through 1.3.9 Homograph attack
[RADAR-14535] – Zabbix through 4.4.0alpha1 User Enumeration
[RADAR-14632] – Fortinet FortiOS Directory Traversal Vulnerability real check (CVE-2018-13379)
[RADAR-14495] – ManageEngine ServiceDesk Plus before 10510 Multiple Vulnerabilities
[RADAR-14478] – VMware ESXi and Workstation out-of-bounds read/write Vulnerabilities
[RADAR-14419] – ManageEngine ServiceDesk Plus before 10509 Multiple Vulnerabilities
[RADAR-14411] – MariaDB before 5.5.65, 10.4.7, 10.3.17, 10.2.26, 10.1.41 Multiple Vulnerabilities
[RADAR-13807] – urlsplit does not handle NFKC normalization in Python
[RADAR-14255] – Oracle Fusion Middleware is Missing July 2019 Critical Patch
[RADAR-14407] – Cisco Nexus 9000 Series ACI Mode Switch Software Link Layer Discovery Protocol Buffer Overflow Vulnerability
Version 63237, released 29, Aug 2019
[RADAR-14628] – IBM MQ is vulnerable to a denial of service attack within the error logging function
[RADAR-14631] – Multiple jQuery vulnerabilities in Ruby
[RADAR-14595] – Cisco IOS XE NGWC Legacy Wireless Device Manager GUI Cross-Site Request Forgery Vulnerability
Version 63213, released 28, Aug 2019
[RADAR-14603] – Google Chrome 76 is Missing August 2019 Security Update II
[RADAR-14610] – Cybozu Garoon vulnerable to SQL injection
[RADAR-14596] – Arbitrary File Read on Pulse Secure SSL VPN realcheck (CVE-2019-11510)
Version 63163, released 22, Aug 2019
[RADAR-14490] – User enumeration in the login.jsp resource in Atlassian JIRA
[RADAR-14486] – Webmin before 1.930 Command Injection Vulnerability
[RADAR-14482] – Atlassian JIRA (12-08-2019) Multiple Vulnerabilities
[RADAR-14479] – IBM MQ clients are vulnerable to a denial of service attack caused by consuming specifically crafted messages
[RADAR-14477] – Symantec Encryption Desktop (SED) Privilege Escalation
[RADAR-14476] – PostgreSQL before 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 Multiple Vulnerabilities
[RADAR-14469] – Cisco Adaptive Security Appliance Software 20190807 Multiple Vulnerabilities
[RADAR-14417] – PHP before 7.1.31, 7.2.21, 7.3.8 Multiple Vulnerabilities
[RADAR-14553] – Webmin 1.890 remotely execute commands
[RADAR-14552] – Stored XSS Vulnerability in Timeline in MantisBT before 2.21.2
[RADAR-14522] – LibreOffice before 6.2.6/6.3.0 Multiple Vulnerabilities
[RADAR-14511] – Foreman before 1.15.6 Access Control Vulnerability
[RADAR-10810] – System scan interferences with Windows server services
[RADAR-14541] – TrustedRoots file not found
Version 63104, released 19, Aug 2019
[RADAR-14505] – Hardening com_contact contact form in Joomla before 3.9.11
[RADAR-14471] – Cisco IOS XR 20190807 Multiple Vulnerabilities
[RADAR-14472] – Google Chrome 76 is Missing August 2019 Security Update
Version 63013, released 8, Aug 2019
[RADAR-14409] – Apache Subversion svnserve Multiple Vulnerabilities
[RADAR-14416] – Django before 2.2.4, 2.1.11 and 1.11.23 Multiple Vulnerabilities
[RADAR-14408] – Symantec Endpoint Protection Privilege Escalation (SYMSA1487)
[RADAR-14410] – Atlassian JIRA before 8.3.0, 8.2.3 jQuery Vulnerability
[RADAR-14398] – Umbraco before 7.15.1 and 8.1.1 Privilege Escalation Vulnerability
[RADAR-14206] – Fix the false detection of e107 CMS CSRF vulnerability
Version 62955, released 1, Aug 2019
[RADAR-12891] – Improve SSL performance
[RADAR-14404] – Elasticsearch before 7.2.1 and 6.8.2 Race Condition Vulnerability
[RADAR-14395] – Clickjacking vulnerability in WebSphere Application Server Admin Center (CVE-2019-4285)
[RADAR-14402] – Google Chrome 76 is Missing July 2019 Security Update
[RADAR-14403] – OpenSSL before 1.0.2t, 1.1.0l and 1.1.1d Security Restrictions Bypass Vulnerability
[RADAR-14400] – ManageEngine ServiceDesk Plus before 10502 Multiple Vulnerabilities
[RADAR-14405] – PowerDNS Security Advisory 2019-06: Denial of service via crafted zone records
[RADAR-14256] – Oracle WebLogic Server is Missing July 2019 Critical Patch
[RADAR-14257] – Oracle PeopleSoft is Missing July 2019 Critical Patch
Version 62893, released 30 Jul, 2019
[RADAR-13762] – WordPress plugins 2019-06 Multiple Vulnerabilities
[RADAR-14387] – IBM Websphere MQ plugins threw an exception: Input string was not in a correct format.
Version 62877, released 29, Jul 2019
[RADAR-12800] – XAMPP 5.6.8 Cross Site Scripting / SQL Injection
[RADAR-13544] – OX App Suite 7.8.4 and earlier Multiple Vulnerabilities
[RADAR-14325] – Arbitrary file copy vulnerability in ProFTPD up to 1.3.5b
[RADAR-14326] – MikroTik’s RouterOS CVE-2019-13954, CVE-2019-13955 vulnerabilities
[RADAR-14322] – IBM Spectrum Protect Multiple Vulnerabilities (Jul 19, 2019)
[RADAR-14151] – Drupal modules 2019-07 Multiple Vulnerabilities
[RADAR-13809] – Incorrect validation of path in http.cookiejar in Python
[RADAR-14037] – ManageEngine ServiceDesk Plus before build 10506 Multiple Vulnerabilities
[RADAR-14034] – MikroTik routers through 6.44.3 DoS
[RADAR-14259] – LibreOffice before 6.2.5 Multiple Vulnerabilities
[RADAR-14189] – Multiple Cross-Site Scripting vulnerabilities in Zoho ManageEngine ServiceDesk Plus and AssetExplorer
[RADAR-12547] – SmarterTools SmarterMail Multiple Vulnerabilities
[RADAR-11887] – ManageEngine ADManager Self-XSS and HTML injection vulnerability
Version 62785, released 24, Jul 2019
[RADAR-13776] – Foxit PhantomPDF and Foxit Reader Multiple Vulnerabilities before 9.5
[RADAR-12319] – Foxit Reader before 9.4 / Foxit PhantomPDF before 9.4 and 8.3.9 Multiple Vulns
Version 62761, released 23, Jul 2019
[RADAR-13365] – Security updates in Foxit PhantomPDF 8.3.10
[RADAR-13490] – Google Chrome CVE-2019-5825 + CVE-2019-5826 Multiple Vulnerabilities
[RADAR-13571] – Email folding function Denial of Service in Python
[RADAR-14303] – Exim 4.85 to 4.92 CVE-2019-13917 Vulnerability
[RADAR-14300] – PuTTY before 0.72 Multiple Vulnerabilities
[RADAR-14180] – Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7 Multiple Vulnerabilities
[RADAR-14179] – Sitecore 9.0 rev 171002 Persistent Cross-Site Scripting
[RADAR-14158] – XAMPP 1.7.0 XSS
[RADAR-14153] – PHP 7.x misparses fsockopen calls
[RADAR-13996] – IBM Spectrum Protect Multiple Vulnerabilities (Jun 29, 2019)
[RADAR-13791] – Cookie domain check returns incorrect results in Python
[RADAR-14036] – ssl.match_hostname() ignores extra string after whitespace in IPv4 address in Python
[RADAR-14030] – McAfee ePolicy Orchestrator (ePO) before 5.10.0 update 4 Insufficient Transport Layer Protection
[RADAR-14029] – Cisco Firepower Management Center RSS Cross-Site Scripting Vulnerabilities
[RADAR-14110] – Python Default Directory Vulnerability
[RADAR-14053] – Security updates available in Foxit Reader 9.6 and Foxit PhantomPDF 9.6
[RADAR-14006] – IBM DB2 Multiple Vulnerabilities (June 27, 2019)
[RADAR-14277] – Drupal 8.7.4 Access bypass (SA-CORE-2019-008)
[RADAR-14278] – Jenkins Security Advisory 2019-07-17
[RADAR-14279] – ManageEngine ADManager Plus/ADSelfService Plus/DesktopCentral Privilege Escalation Vulnerability
[RADAR-14254] – Oracle Database Server is Missing July 2019 Critical Patch
[RADAR-14212] – Security updates available in Foxit PhantomPDF 8.3.11
[RADAR-14195] – GLPI 9.3.1 Multiple Vulnerabilities
Version 62616, released 16, Jul 2019
[RADAR-14178] – Redis before 3.2.13, 4.0.14 and 5.0.4 Multiple Vulnerabilities
[RADAR-14177] – Asterisk Denial of Service Vulnerabilities (AST-2019-002, AST-2019-003)
[RADAR-14163] – CVE-2019-11581 – Template injection in various resources in Atlassian Jira
[RADAR-14162] – Atlassian Bitbucket jackson-databind CVE-2018-14721 vulnerability
[RADAR-14155] – GLPI CVE-2019-13239 + CVE-2019-13240 Vulnerabilities
[RADAR-14152] – Cisco Adaptive Security Appliance Software (ASA) Software Cryptographic TLS and SSL Driver Denial of Service Vulnerability
[RADAR-14150] – Joomla! before 3.9.9 Remote Code Execution Vulnerability
[RADAR-14033] – JetBrains TeamCity Multiple Vulnerabilities (Q1 2019)
Version 62534, released 9, Jul 2019
[RADAR-14031] – Subrion CMS before 4.1.4 XSS
[RADAR-14109] – Squid through 4.7 XSS
Version 62510, released 8, Jul 2019
[RADAR-14041] – DNN (aka DotNetNuke) 9.2.x Multiple Vulnerabilities
[RADAR-14027] – Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability
[RADAR-14026] – Cisco Jabber for Windows DLL Preloading Vulnerability
[RADAR-14023] – Cisco Web Security Appliance Multiple Vulnerabilities (20190703)
[RADAR-14024] – Cisco Email Security Appliance Multiple Vulnerabilities (20190703)
[RADAR-14025] – Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability
[RADAR-8770] – Magento CVE-2015-8707 Information Disclosure
[RADAR-6365] – Magento Security Patches advisories
[RADAR-6941] – Magento before 2.0.10 and 2.1.2 Multiple Vulnerabilities
Version 62317, released 25, Jun 2019
[RADAR-13788] – dotCMS 5.1.1 Open Redirection / Cross Site Scripting
Version 62305, released 24, Jun 2019
[RADAR-13922] – PowerDNS Authoritative Server before 4.0.8 and 4.1.10 Multiple Vulnerabilities
[RADAR-13908] – Cisco Wide Area Application Services Software HTTPS Proxy Authentication Bypass Vulnerability
[RADAR-13911] – CVE-2019-10164: Stack-based buffer overflow via setting a password in PostgreSQL
[RADAR-13915] – CVE-2019-6471: A race condition when discarding malformed packets can cause BIND to exit with an assertion failure
[RADAR-13916] – ManageEngine AssetExplorer before 6501 XSS
[RADAR-13895] – Oracle Weblogic CVE-2019-2729 Remote Code Execution Vulnerability
[RADAR-13891] – Samba before 4.10.4 and 4.9.8 Multiple Vulnerabilities
[RADAR-13879] – OrangeHRM 4.3.1 and before Command Injection
[RADAR-13883] – Multiple Zoho ManageEngine products local privilege escalation
[RADAR-13878] – Fabric OS firmware is affected by vulnerabilities in OpenSSL and OpenSSH
[RADAR-13873] – Concrete5 8.4.3 Cross-site Scripting
[RADAR-13864] – IBM Domino 9 are affected by Open Source James Clark Expat Vulnerabilities (CVE-2013-0340, CVE-2013-0341)
[RADAR-13845] – Webmin through 1.910 Remote Command Execution
[RADAR-13804] – Cisco IOS XR Software Secure Shell Authentication Vulnerability
[RADAR-13763] – pfSense through 2.4.4-p3 Multiple Vulnerability
[RADAR-13795] – WordPress < 2.0.2 Multiple Cross-Site Scripting (XSS) Vulnerabilities
[RADAR-8252] – NTP before 4.2.7p112 , 4.2.7p42, 4.2.8p5 Multiple Vulns
Version 62225, released 18, June 2019
[RADAR-11267] – WordPress plugins 2018-09 multiple vulnerabilities
[RADAR-11872] – WordPress plugins 2018-11 multiple vulnerabilities
[RADAR-13805] – vtiger CRM through 7.0.1 Cross-Site Scripting (XSS) vulnerability
[RADAR-13810] – SQL Injection Possible By Publisher Role in dotCMS before 5.1.6 (SI-53)
[RADAR-13836] – Joomla! before 3.9.7 Multiple Vulnerabilities
[RADAR-13837] – Adobe ColdFusion APSB19-27
[RADAR-13844] – Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability
[RADAR-13846] – ipswitch WS_FTP Server before 8.6.1 Multiple Vulnerabilities
[RADAR-13850] – Google Chrome 75 is Missing June 2019 Security Update II
[RADAR-13823] – Port scan in System Scan cannot be stopped
Version 62149, released 12, June 2019
[RADAR-13478] – WordPress plugins 2019-05 Multiple Vulnerabilities (26)
[RADAR-13622] – HPESBHF03917 rev.1 – HPE Integrated Lights-Out (iLO 4 and iLO 5) Multiple Vulnerabilities
[RADAR-13787] – ManageEngine ServiceDesk Plus 9.3 Multiple Vulnerabilities
Version 62134, released 11, June 2019
[RADAR-13792] – phpMyAdmin before 4.8.6/4.9.0 Multiple Vulnerabilities (PMASA-2019-3, PMASA-2019-4)
Version 62113, released 6, June 2019
[RADAR-13789] – CVE-2019-6469: BIND Supported Preview Edition can exit with an assertion failure if ECS is in use
[RADAR-13774] – Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 ACE
[RADAR-13786] – Google Chrome 75 is Missing June 2019 Security Update
[RADAR-13775] – Exim 4.87 to 4.91 CVE-2019-10149 Vulnerability
[RADAR-13679] – Microsoft RDP Remote Code Execution Vulnerability(CVE-2019-0708) BlueKeep
[RADAR-8523] – WordPress plugins 2017-09 multiple vulnerabilities
Version 62094, released 5, June 2019
[RADAR-13769] – Django before 2.2.2, 2.1.9 and 1.11.21 AdminURLFieldWidget XSS
[RADAR-13773] – IceWarp Mail Server through 10.4.4 local file inclusion vulnerability
[RADAR-13777] – OTRS before 7.0.5 Information Disclosure (OSA-2019-03)
[RADAR-10405] – WordPress plugins 2018-05 multiple vulnerabilities
Version 62079, released 4, June 2019
[RADAR-13744] – pfSense 2.4.4-p3 XSS
[RADAR-13748] – OTRS before 7.0.8, 6.0.19, 5.0.36 Multiple Vulnerabilities (2019-08, 2019-09)
[RADAR-13728] – PHP before 7.1.30, 7.2.19 and 7.3.6 Multiple Vulnerabilities
[RADAR-13639] – pfSense (20-05-2019) Multiple Vulnerabilities
[RADAR-13638] – McAfee Agent updates fix OpenSSL vulnerabilities (CVE-2019-1559)
[RADAR-13637] – Incorrect access control pfsense before 2.4.4-p3
[RADAR-13361] – Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability
[RADAR-13582] – Drupal modules 2019-05 multiple vulnerabilities (5)
[RADAR-13101] – User Privilege Escalation Possible In Velocity Code in dotCMS (SI-51)
[RADAR-7910] – IBM Domino TLS server Diffie-Hellman key validation vulnerability
[RADAR-10681] – WordPress plugins 2018-06 multiple vulnerabilities (13)
[RADAR-10208] – WordPress plugins 2018-04 multiple vulnerabilities (17)
[RADAR-10155] – Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52 multiple vulnerabilities
Version 62029, released 30, May 2019
[RADAR-13690] – Vtiger CRM 6.5.0 SQL injection
[RADAR-13170] – WordPress plugins 2019-04 Multiple Vulnerabilities
[RADAR-10921] – WordPress plugins 2018-07 multiple vulnerabilities
Version 62009, released 29, May 2019
[RADAR-13691] – ManageEngine ADSelfService Plus 5.x through 5704 Cross-Site Scripting Vulnerability
[RADAR-13672] – ManageEngine Application Manager 12.3 and 13.1 Multiple Vulnerabilities
[RADAR-13653] – Liferay Portal before 7.1 CE GA4 (7.1.3) Multiple Vulnerabilities
[RADAR-13270] – Apache Axis 1.4 Server-Side Request Forgery
[RADAR-13543] – dotCMS 5.1.1 Multiple Vulnerabilities
[RADAR-13223] – Drupal modules 2019-04 multiple vulnerabilities
[RADAR-9326] – Cisco NX-OS 20171129 Multiple Vulnerabilities
Version 61975, released 27, May 2019
[RADAR-13674] – Multiple vulnerabilities in IBM Java Runtime affect IBM MQ
[RADAR-13669] – OTRS before 7.0.7 Information Disclosure Vulnerability
[RADAR-13673] – Asterisk 13.10.0 Denial of Service Vulnerability (AST-2016-006)
[RADAR-13662] – Crowd – pdkinstall development plugin incorrectly enabled – CVE-2019-11580
[RADAR-13660] – WordPress 4.7.2 Information Disclosure Vulnerability
[RADAR-13661] – IBM MQ CVE-2019-4039 and CVE-2019-4078 Vulnerabilities
[RADAR-13648] – ManageEngine ServiceDesk Plus CVE-2019-12252 and CVE-2019-12189 Vulnerabilities
[RADAR-13650] – Atlassian JIRA (22-05-2019) Multiple Vulnerabilities (3)
[RADAR-13584] – Cisco NX-OS 20190515 Multiple Vulnerabilities (28)
[RADAR-13592] – Remote code execution in WebSphere Application Server ND (CVE-2019-4279)
[RADAR-13482] – Cisco NX-OS 20190501 Multiple Vulnerabilities (7)
Version 61894, released 20, May 2019
[RADAR-13372] – Cybozu Garoon before 4.10.1 Multiple Vulnerabilities (6)
[RADAR-13583] – Cisco IOS XR 20190515 Multiple Vulnerabilities
[RADAR-13560] – IBM MQ RDQM vulnerable to a denial of service attack (CVE-2018-1084)
[RADAR-13593] – ManageEngine Applications Manager before 14180 build Multiple Vulnerabilities
[RADAR-13600] – Apache Tomcat XSS in SSI printenv
Version 61858, released 16, May 2019
[RADAR-13572] – TIBCO Spotfire Server (May 14, 2019) Multiple Vulnerabilities
[RADAR-13570] – VMware Workstation/ESXi Mitigations for Microarchitectural Data Sampling (MDS) Vulnerabilities
[RADAR-13562] – Bitbucket Server jQuery prototype pollution
[RADAR-13559] – CST-7060 Pingback vulnerability in Blogs in Liferay
[RADAR-13407] – BIND (24 April 2019) Multiple Vulnerabilities
[RADAR-13569] – VMware Workstation DLL-hijacking issue (VMSA-2019-0007)
[RADAR-6110] – Adobe Creative Cloud Desktop Application detection
Version 61842, released 15, May 2019
[RADAR-13557] – Cisco IOS XE Software Web UI Command Injection Vulnerability
[RADAR-13565] – Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum
[RADAR-13533] – PostgreSQL before 11.3, 10.8, 9.6.13, 9.5.17, and 9.4.22 Multiple Vulnerabilities
[RADAR-11632] – Adobe FrameMaker detection
Version 61832, released 14, May 2019
[RADAR-13510] – CVE-2019-9847 Executable hyperlink targets executed unconditionally on activation in LibreOffice
[RADAR-13481] – Cisco Adaptive Security Appliance 20190501 Multiple Vulnerabilities
[RADAR-13398] – Jetty 7.x to 9.x Multiple Vulnerabilities
Version 61817, released 13, May 2019
[RADAR-13491] – ManageEngine ServiceDesk Plus before build 10020 Multiple Vulnerabilities
[RADAR-13480] – Apache Archiva before 2.2.4 Multiple Vulnerabilities
[RADAR-13516] – Drupal before 7.67, 8.6.16 and 8.7.1 path traversal (SA-CORE-2019-007)
[RADAR-13517] – Subrion CMS 4.2.1 Cross Site Scripting
[RADAR-13483] – Cisco Web Security Appliance (WSA) 20190501 Multiple Vulnerabilities
[RADAR-13484] – Cisco Email Security Appliance Filter Bypass Vulnerability
[RADAR-13507] – Joomla! before 3.9.6 Multiple Vulnerabilities
[RADAR-13528] – EoL plugin for VMware Workstation / Player
[RADAR-13487] – Atlassian Jira before 7.13.2 and 8.0.2 XSS
[RADAR-13485] – Atlassian Jira before version 7.13.1 XSS
[RADAR-13486] – PHP before 7.1.29, 7.2.18 and 7.3.5 Multiple Vulnerabilities
[RADAR-13489] – Google Chrome 74 is Missing April 2019 Security Update
[RADAR-13503] – TYPO3 before 8.7.25 and 9.5.6 Multiple Vulnerabilities
[RADAR-13488] – Alkacon OpenCMS through 10.5.4 Multiple Vulnerabilities
[RADAR-13449] – Information disclosure in the BrowseProjects.jspa resource in JIRA
[RADAR-13447] – CVE-2019-3845: Lack of access control around Qpid message broker in Foreman
[RADAR-13420] – ManageEngine ServiceDesk Plus before build 10018 Multiple Vulnerabilities
[RADAR-13448] – Security Advisory 2019-04, 2019-05 and 2019-06 for OTRS
[RADAR-13456] – XSS in the listApplicationLinks resource of the Application links plugin in Atlassian products
[RADAR-13348] – Oracle Fusion Middleware is Missing April 2019 Critical Patch
[RADAR-13351] – Oracle PeopleSoft is Missing April 2019 Critical Patch
[RADAR-13350] – Oracle Sun is Missing April 2019 Critical Patch
[RADAR-12643] – Modify Splunk detection
Fixed issues
[RADAR-13092] – SSL cipher suite enumeration infinite loop
[RADAR-10512] – Oracle Enterprise Manager not detected
Version 61748, released 29, April 2019
[RADAR-13421] – MariaDB Multiple Vulnerabilities (Apr 2019)
[RADAR-13393] – Google Chrome 74 is Missing April 2019 Security Update
[RADAR-13397] – Multiple vulnerabilities in IBM WAS (CVE-2019-0211 CVE-2019-0220)
[RADAR-13396] – Norton SEP and SEPM Multiple Vulnerabilities
[RADAR-13369] – ManageEngine Applications Manager 14 SQL Injection / Remote Code Execution
[RADAR-13347] – Oracle Database Server is Missing April 2019 Critical Patch
[RADAR-13349] – Oracle WebLogic Server is Missing April 2019 Critical Patch
Version 61736, released 25, April 2019
[RADAR-13399] – jQuery before 3.4.0 Cross-Site Scripting Vulnerability
[RADAR-13360] – Cisco IOS XR 20190417 Multiple Vulnerabilities
[RADAR-12524] – CVE-2019-0190: mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1
Version 61729, released 24, April 2019
[RADAR-13359] – Cisco Wireless LAN Controller 20190417 Multiple Vulnerabilities
[RADAR-13358] – Multiple Vulnerabilities in Drupal (SA-CORE-2019-005, SA-CORE-2019-006)
[RADAR-13363] – IBM Security Bulletin: IBM MQ vulnerable to a denial of service attack within the TLS key renegotiation functions (CVE-2019-4055)
[RADAR-13362] – Cisco Email Security Appliance Content Filter Bypass Vulnerability
[RADAR-13364] – Atlassian Confluence CVE-2019-3398 Path traversal vulnerability
[RADAR-13352] – DotNetNuke (DNN) before 9.3.1 Multiple Vulnerabilities
[RADAR-13335] – Zarafa WebAccess 7.2.0 XSS
[RADAR-13313] – DirectAdmin 1.561 and below Cross-Site Scripting
[RADAR-13282] – Juniper Junos 2019-04 Multiple Vulnerabilities (16)
[RADAR-12897] – Splunk Enterprise 7.2.4 Custom App Remote Code Execution
[RADAR-12849] – Multiple Vulnerabilities affect the IBM Spectrum Protect Server (Feb 26, 2019)
[RADAR-13061] – VMware Horizon View before 6.2.8, 7.8.0, 7.5.2 Information Disclosure
[RADAR-12967] – Liferay CE Portal Groovy-Console Remote Command Execution
Version 61723, released 18, April 2019
[RADAR-13332] – Subrion CMS 4.1.5 CSRF
[RADAR-13283] – Jenkins 2019-04-10 Multiple Vulnerabilities
[RADAR-13272] – Apache Tomcat CGI Servlet Arbitrary Code Execution Vulnerability
[RADAR-13322] – ManageEngine AssetExplorer before 6213 Privilege Escalation Vulnerability
[RADAR-13321] – VMware ESXi, Workstation and Player VMSA-2019-0006 Multiple Vulns
Version 61656, released 11, April 2019
[RADAR-13143] – VMware ESXi, Workstation/Player VMSA-2019-0005 Multiple Vulnerabilities
[RADAR-13228] – PHP before 7.1.28, 7.2.17 and 7.3.4 Multiple Vulnerabilities
[RADAR-7486] – WordPress Tribulant Slideshow Gallery 1.6.5 Cross-Site Scripting
[RADAR-7449] – WordPress Ad Widget plugin <= 2.11.0 – Authenticated Local File Inclusion (LFI)
[RADAR-8029] – All-in-One WP Migration <= 6.45 – Reflected Cross-Site Scripting
Version 61635, released 8, April 2019
[RADAR-13198] – IBM Db2 multiple buffer overflow which could allow a local malicious user to execute arbitrary code
[RADAR-13169] – PostgreSQL 9.3 through 11.2 Arbitrary Code Execution
[RADAR-13130] – Cisco IOS and IOS XE 20190327 Multiple Vulnerabilities
[RADAR-13056] – IBM UrbanCode Deploy: Publicly Disclosed Vulnerability Found By vFinder (CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2018-12536)
[RADAR-13174] – Apache HTTP before 2.4.39 Multiple Vulnerabilities
[RADAR-13145] – Magento before 2.3.1, 2.2.8 and 2.1.17 Multiple Vulnerabilities
Version 61594, released 2, April 2019
[RADAR-13128] – Potential denial of service in WebSphere Application Server Admin Console (CVE-2019-4080)
[RADAR-13129] – Jetty version 9.3.x and 9.4.x Denial of Service Vulnerability
[RADAR-12898] – Multiple vulnerabilities in RubyGems bundled by Ruby before 2.4.6, 2.5.4, 2.6.2
[RADAR-12876] – WordPress plugins 2019-03 multiple vulnerabilities
[RADAR-12856] – Drupal modules 2019-03 multiple vulnerabilities
[RADAR-12935] – Cisco NX-OS 20190306 Multiple Vulnerabilities
[RADAR-9740] – WordPress plugins 2018-02 multiple vulnerabilities
[RADAR-13060] – Improve detection for HP Data Protector under Linux / AIX
Version 61538, released 29, March 2019
[RADAR-13102] – Apache CouchDB 2.3.1 – Cross-Site Request Forgery / Cross-Site Scripting Vulnerabilities
[RADAR-13115] – GnuTLS before 3.6.7 Multiple Vulnerabilities (GNUTLS-SA-2019-03-27)
[RADAR-12961] – NTP CVE-2019-8936 Denial of Service Vulnerability
Version 61524, released 27, March 2019
[RADAR-13100] – ManageEngine ServiceDesk Plus CVE-2017-9362 and CVE-2017-9376 Vulnerabilities
[RADAR-13089] – Potential denial of service vulnerability in WebSphere Application Server (CVE-2019-4046)
[RADAR-13091] – Python 2.x through 2.7.16 and Python 3.x through 3.7.2 CRLF injection
[RADAR-13090] – Python 2.x through 2.7.16 Security Bypass Vulnerability
[RADAR-13099] – dropbearSSH before 2013.59 Improper Authentication Vulnerability
[RADAR-13048] – ManageEngine AssetExplorer before 6212 MIME-sniffing vulnerability
[RADAR-13049] – ManageEngine ServiceDesk Plus before 10015 Multiple XSS Vulnerabilities
Version 61491, released 25, March 2019
[RADAR-13057] – Atlassian JIRA before 7.13.1, 7.12.3, 8.0.0 moment.js regular expression Denial of Service
[RADAR-13055] – Drupal before 7.65, 8.5.14 and 8.6.13 Cross-Site Scripting – SA-CORE-2019-004
[RADAR-13066] – Request Tracker 4.1.13 through 4.4 Denial of Service Vulnerability
[RADAR-13063] – ManageEngine ADSelfService Plus 5.x through build 5704 Information Disclosure
[RADAR-13058] – Atlassian Confluence Server SSRF via WebDAV endpoint – CVE-2019-3395
[RADAR-13059] – Atlassian Confluence Server Remote code execution via Widget Connector macro – CVE-2019-3396
[RADAR-7832] – Easy WP SMTP before 1.2.5 XSS
Version 61447, released March 20, 2019
[RADAR-12871] – ManageEngine ADManager Plus before build 6659 Privilege Escalation Vulnerability
[RADAR-12978] – Adobe Digital Editions | APSB19-16
[RADAR-13015] – VMware Workstation update addresses elevation of privilege issues (VMSA-2019-0002)
[RADAR-13018] – IBM MQ Console has inadequate input validation (CVE-2018-1836)
[RADAR-13030] – PuTTY before 0.71 Multiple Vulnerabilities
[RADAR-13045] – PowerDNS Security Advisory 2019-03
Version 61426, released March 18, 2019
- [RADAR-12990] – Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection
- [RADAR-12991] – WordPress before 5.1.1 and 4.9.10 Remote Code Execution Vulnerability
- [RADAR-13004] – Security vulnerability in the IBM HTTP Server used by WebSphere Application Server (CVE-2018-17199)
- [RADAR-13005] – IBM Db2 is vulnerable to privilege escalation via loading libraries from an untrusted path (CVE-2019-4094)
- [RADAR-13006] – Bitbucket Server path traversal before 5.13.6
Version 61388, released March 13, 2019
- [RADAR-9529] – WordPress plugins 2018-01 multiple vulnerabilities (26)
- [RADAR-12352] – WordPress plugins 2019-01 multiple vulnerabilities (17)
- [RADAR-12943] – urlsplit does not handle NFKC normalization in Python
- [RADAR-12946] – dotCMS before 5.0.2 Open Redirection Vulnerability
- [RADAR-12956] – PHP before 7.1.27, 7.2.16 and 7.3.3 Multiple Vulnerabilities
- [RADAR-12971] – Potential Spoofing vulnerability in WebSphere Application Server (CVE-2018-1902)
Version 61369, released March 12, 2019
- [RADAR-12887] – pfSense 2.4.4 Multiple Vulnerabilities
- [RADAR-12899] – ManageEngine ServiceDesk Plus before build 10013 Multiple Vulnerabilities
- [RADAR-12936] – OpenSSL before 1.1.0k and 1.1.1c Information disclosure in ChaCha20-Poly1305 cipher
- [RADAR-12939] – Multiple Vulnerabilities in IBM Java SDK affect WebSphere Application Server January 2019 CPU
- [RADAR-12940] – Samba before 4.10 Denial of Service Vulnerability
- [RADAR-12947] – JBMC DirectAdmin 1.55 Cross-Site Request Forgery Vulnerability
- [RADAR-12955] – Open Ticket Request System before 6.0.17 and 7.0.5 Cross-Site Scripting Vulnerability
- [RADAR-12957] – Multiple buffer overflow vulnerabilities exist in IBM Db2 leading to privilege escalation (CVE-2018-1922, CVE-2018-1923, CVE-2018-1978, CVE-2018-1980, CVE-2019-4015, CVE-2019-4016)
- [RADAR-12958] – IBM MQ (Mar 8, 2019) Multiple Vulnerabilities
Version 61335, released March 7, 2019
- [RADAR-12916] – Liferay Portal before 7.1 CE GA3 (7.1.2) CST-7121 Vulnerability
- [RADAR-12917] – Cross-site scripting vulnerability in WebSphere Application Server Admin Console (CVE-2019-4030)
61324, released March 6, 2019Version
- [RADAR-9120] – WordPress plugins 2017-11 multiple vulnerabilities (22)
- [RADAR-11450] – CVE-2018-16514: MantisBT Reflected XSS in view_filters_page.php via core/filter_form_api.php
- [RADAR-11510] – WordPress plugins 2018-10 multiple vulnerabilities (13)
- [RADAR-12632] – PuTTY bug pscp-unsanitised-server-output
- [RADAR-12646] – Multiple Python vulnerabilities from python’s docs
- [RADAR-12655] – WordPress plugins 2019-02 multiple vulnerabilities (16)
- [RADAR-12709] – Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring
- [RADAR-12858] – Wireshark before 2.6.7 and 2.4.13 Multiple Vulnerabilities
- [RADAR-12872] – McAfee Agent (MA) 5.x Multiple Vulnerabilities
- [RADAR-12873] – Asterisk Remote crash vulnerability with SDP protocol violation (AST-2019-001)
- [RADAR-12885] – Adobe ColdFusion | APSB19-14
- [RADAR-12886] – Google Chrome 72 is Missing March 2019 Security Update
- [RADAR-12888] – Atlassian Crowd before 2.9.1 Session hijacking due to token identifier hash collision
Version 61271, released February 28, 2019
- [RADAR-11801] – Detector for Lenovo IMM Web interface
- [RADAR-12545] – Splunk Enterprise 7.2.3 Command Execution
- [RADAR-12657] – PHP before 5.6.40, 7.1.26, 7.2.14, and 7.3.1 Multiple Vulnerabilities
- [RADAR-12669] – Cisco Firepower Management Center Cross-Site Scripting Vulnerability
- [RADAR-12730] – Jenkins 2.150.2 – Remote Command Execution
- [RADAR-12786] – Cisco ASR 900 Series with IOS XE Aggregation Services Router Software Denial of Service Vulnerability
- [RADAR-12816] – Cisco Firepower Threat Defense Software SSL or TLS Denial of Service Vulnerability
- [RADAR-12839] – Various resource in the Crowd Demo Application CSRF
- [RADAR-12848] – OpenSSL before 1.0.2r 0-byte record padding oracle (CVE-2019-1559)
- [RADAR-12729] – Unable to get SSL certificate from Cisco WRV210 device
Version 61220, released February 25, 2019
- [RADAR-12654] – WinRAR before 5.70 Multiple Vulnerabilities
- [RADAR-12671] – Drupal modules 2019-02 multiple vulnerabilities
- [RADAR-12817] – Cisco IOS XR Software for Cisco Network Convergence System 1000 Series TFTP Directory Traversal Vulnerability
- [RADAR-12818] – Adobe Reader DC | APSB19-13
- [RADAR-12819] – Drupal core – Highly critical – Remote Code Execution – SA-CORE-2019-003
- [RADAR-12820] – MikroTik RouterOS before 6.43.12 and 6.42.12 intermediary vulnerability
- [RADAR-12824] – PHP before 5.6.39, 7.0.33, 7.1.25, and 7.2.13 Heap Buffer Overflow in phar_parse_pharfile
- [RADAR-12825] – Multiple BIND CVEs disclosed (CVE-2018-5744, CVE-2018-5745, CVE-2019-6465)
Version 61187, released February 21, 2019
- [RADAR-7950] – WordPress Backup to Dropbox plugin before 4.1 xss
- [RADAR-7957] – WordPress Slideshow plugin 2.2.8 through 2.2.21 Information Disclosure
- [RADAR-7984] – WordPress WP Jobs/Event List plugin Vulns
- [RADAR-8263] – WordPress plugins 2017-07 multiple vulnerabilities
- [RADAR-8402] – WordPress I Recommend This/Link-Library/AddToAny Share Buttons Multiple Vulns
- [RADAR-8860] – WordPress plugins 2017-10 multiple vulnerabilities
- [RADAR-12574] – Python X509 Certificate NULL Pointer Dereference Denial of Service Vulnerability
- [RADAR-12731] – Adobe ColdFusion | APSB19-10
- [RADAR-12762] – Reflected XSS in Bamboo before 6.8.0
- [RADAR-12798] – Elasticsearch improper permission issue when attaching a new name to an index (ESA-2019-04)
- [RADAR-12799] – WordPress before 5.0.3 Remote Code Execution Vulnerability
- [RADAR-12801] – Splunk Enterprise and Splunk Light Persistent Cross-Site Scripting in Splunk Web (SPL-138827, CVE-2019-5727)
- [RADAR-12807] – Liferay Portal before 7.1 CE GA3 (7.1.2) Multiple Vulnerabilities
Version 61171, released February 20, 2019
- [RADAR-12691] – Security Advisory for Adobe Reader DC | APSB19-07
- [RADAR-12708] – Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application Server
- [RADAR-12711] – Atlassian Bamboo before 6.8.0 Cross-Site Scripting Vulnerability
- [RADAR-12716] – Informational plugin for software with vulnerabilities in authenticated scans
- [RADAR-12717] – CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format() in Django before 2.1.6, 2.0.11 and 1.11.19
- [RADAR-12748] – Joomla! before 3.9.3 Multiple Vulnerabilities
- [RADAR-12749] – Atlassian Crowd before 3.2.7 and 3.3.4 Insufficient Session Expiration Vulnerability
- [RADAR-12750] – Adobe Flash Player | APSB19-06
- [RADAR-12752] – Apache Traffic Server vulnerability with sslheader plugin
- [RADAR-12755] – IBM Security Bulletin: Multiple Vulnerabilities in Apache Tomcat affects IBM UrbanCode Deploy (CVE-2018-11784)
- [RADAR-12761] – ManageEngine ServiceDesk Plus before build 10012 Multiple Vulnerabilities
- [RADAR-12777] – Zabbix open redirect vulnerability via the request parameter
- [RADAR-12778] – Weaker than expected security in WebSphere Application Server with SP800-131 transition mode (CVE-2018-1996)
- [RADAR-12779] – Core FTP Server 1.2 Build 589 User domain Denial of Service
- [RADAR-12780] – Google Chrome 72 is Missing February 2019 Security Update
- [RADAR-12781] – phpMyFAQ before 2.9.13 Bootstrap XSS
- [RADAR-12791] – Apache CouchDB 2.3.0 Cross-Site Scripting Vulnerability
- [RADAR-12732] – Wrong version detection in Samba Directory Access Control List Remote Integer Overflow Vulnerability
Version 61088, released February 11, 2019
- [RADAR-8431] – HPE Aruba devices detector and vulnerabilities
- [RADAR-3147] – [CVE-2015-1388] ArubaOS detection and vulnerabilities
- [RADAR-7840] – WordPress No External Links 3.5.17 Cross-Site Scripting
- [RADAR-8070] – WordPress Ultimate Product Catalogue plugin vulnerabilities
- [RADAR-12090] – CubeCart 6.2.2 Cross-Site Scripting
- [RADAR-12199] – Dell EMC iDRAC Multiple Vulnerabilities (CVE-2018-15774 and CVE-2018-15776)
- [RADAR-12534] – Drupal modules 2019-01 multiple vulnerabilities
- [RADAR-12668] – Cisco Web Security Appliance Decryption Policy Bypass Vulnerability
- [RADAR-12670] – IBM Security Bulletin: Potential denial of service in WebSphere Application Server (CVE-2018-10237)
- [RADAR-12672] – ManageEngine ServiceDesk Plus before build 10011 Multiple Vulnerabilities
- [RADAR-12673] – Atlassian Confluence Server before 6.13.1 and 6.14.0 Download a deleted page via word export
- [RADAR-12674] – Atlassian JIRA 7.x Multiple Vulnerabilities
Version 61045, released February 7, 2019
- [RADAR-6922] – IBM Tivoli Monitoring 6.2.3 FP1 through 6.3.0 FP7 Multiple Vulnerabilities
- [RADAR-12432] – Oracle Fusion Middleware is Missing January 2019 Critical Patch
- [RADAR-12434] – Oracle PeopleSoft is Missing January 2019 Critical Patch
- [RADAR-12652] – ManageEngine AssetExplorer before build 6210 Multiple Vulnerabilities
- [RADAR-12660] – ManageEngine Applications Manager before build 14040 SQL Injection Vulnerability
Version 61029, released February 6, 2019
- [RADAR-11950] – Apache OpenOffice before 4.1.6 Arithmetic overflow and wrap around during string length calculation
- [RADAR-12301] – Security Advisory for Vulnerabilities in QTS (NAS-201901-22)
- [RADAR-12384] – WinSCP before 5.14 TSCPFileSystem::SCPSink Arbitrary File Overwrite Vulnerability
- [RADAR-12479] – Open-Xchange Security Advisory 2019-01-18
- [RADAR-12535] – Cisco Firepower Management Center 20190123 Multiple Vulnerabilities
- [RADAR-12554] – Cross-Site Scripting via XML Vulnerability in DNN 9.1
- [RADAR-12555] – PHP before 5.6.40, 7.1.26, 7.2.14, and 7.3.1 heap-based buffer overflow
- [RADAR-12566] – Bumped nmap version to 7.70
- [RADAR-12567] – pfSense 2.4.4-p1 Cross-Site Scripting
- [RADAR-12573] – Google Chrome 72 is Missing January 2019 Security Update
- [RADAR-12584] – ManageEngine Applications Manager before 14030 build Multiple Vulnerabilities
- [RADAR-12585] – Cisco Jabber Client Framework Instant Message Cross-Site Scripting Vulnerability
- [RADAR-12589] – Google Chrome 62 is Missing November 2017 Security Update II
- [RADAR-12601] – OpenSSH 7.9 Multiple Vulnerabilities
- [RADAR-12631] – CVE-2018-16858 Directory traversal flaw in script execution in LibreOffice
- [RADAR-12644] – HPE iLO 5 Cross-Site Scripting (XSS)
- [RADAR-6824] – CVE-2014-0133 SPDY vulnerability should be reported only for HTTPS
Version 60956, released January 30, 2019
- [RADAR-11902] – Icecast detection
- [RADAR-12546] – Foxit PhantomPDF 9.2.0.9297 Multiple Vulnerabilities
- [RADAR-12553] – phpMyAdmin before 4.8.5 Multiple Vulnerabilities
- [RADAR-12568] – In Atlassian Crowd before 2.10.1 Various resources included the current remote directory password in their responses
Version 60943, released January 29, 2019
- [RADAR-11786] – Optimize system scan RAM consumption.
Version 60877, released January 24, 2019
- [RADAR-9534] – Zend Framework before 1.12.7 SQL injection
- [RADAR-12499] – PowerDNS Recursor 2019-01, 2019-02 Multiple Vulnerabilities
- [RADAR-12500] – MariaDB 2019-01 Multiple Vulnerabilities
- [RADAR-12503] – The bundled Atlassian Universal Plugin Manager plugin XXE – CVE-2018-20233
- [RADAR-12521] – TYPO3 before 8.7.23 and 9.5.4 Multiple Vulnerabilities
- [RADAR-12526] – CVE-2018-17199: mod_session_cookie does not respect expiry time
- [RADAR-12527] – Malicious SVN clients can crash mod_dav_svn in Subversion before 1.10.4 1.11.1
Version 60861, released January 22, 2019
- [RADAR-12431] – Oracle Database Server is Missing January 2019 Critical Patch
- [RADAR-12433] – Oracle WebLogic Server is Missing January 2019 Critical Patch
- [RADAR-12455] – TIBCO Spotfire Server 7.x Multiple Vulnerabilities
- [RADAR-12466] – ManageEngine ServiceDesk Plus before build 10009 Multiple Vulnerabilities
- [RADAR-12477] – Security Advisory 2019-01: Security Update for OTRS Framework (XSS before 7.0.4, 6.0.16, 5.0.34)
- [RADAR-12478] – Webmin 1.900 Remote Command Execution
Version 60844, released January 21, 2019
- [RADAR-6549] – Junos OS / ScreenOS missing vulnerabilities
- [RADAR-7524] – Multiple BestWebSoft Plugins – Authenticated Reflected GET Cross-Site Scripting
- [RADAR-7828] – WordPress 3 plugins multiple vulns
- [RADAR-7829] – Multiple Vulnerabilities in the IBM SDK Java Technology Edition affect IBM Domino
- [RADAR-10738] – Drupal modules 2018-06 multiple vulnerabilities
- [RADAR-11534] – Drupal modules 2018-10 multiple vulnerabilities
- [RADAR-11948] – Foxit Reader 9.3.0.10826 Multiple Vulnerabilities
- [RADAR-12109] – Drupal modules 2018-12 multiple vulnerabilities
- [RADAR-12253] – Compare security threat report with Radar coverage
- [RADAR-12258] – IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ
- [RADAR-12325] – Additionaly module path for Drupal 8
- [RADAR-12343] – Open-Xchange Security Advisory 2018-12-31
- [RADAR-12378] – Juniper Junos OS 2019-01 Multiple Vulnerabilities
- [RADAR-12379] – Cisco IOS and IOS XE / FMC / ESA Multiple Vulnerabilities
- [RADAR-12385] – OpenSSH 7.9 Security Bypass
- [RADAR-12388] – osCommerce 2.3.4.1 Multiple Vulnerabilities
- [RADAR-12419] – Webmin 1.890 Cross Site Scripting
- [RADAR-12420] – Umbraco CMS 7.12.4 – Authenticated Remote Code Execution
- [RADAR-12430] – Joomla! before 3.9.2 Multiple Vulnerabilities
- [RADAR-12451] – Jenkins before 2.160 and 2.150.2 Multiple Vulnerabilities (Security Advisory 2019-01-16)
- [RADAR-12453] – Drupal before 7.62, 8.5.9 and 8.6.6 Multiple Vulnerabilities (SA-CORE-2019-001|SA-CORE-2019-002)
- [RADAR-11787] – Fix false positives by checking content of the result instead of just its existence
Version 60767, released January 10, 2019
- [RADAR-12298] – ManageEngine AssetExplorer before 6209 Multiple Vulnerabilities
- [RADAR-12299] – ManageEngine ServiceDesk Plus before build 10005 Multiple Vulnerabilities
- [RADAR-12339] – YUNUCMS 1.1.8 XSS
- [RADAR-12360] – Adobe Digital Editions | APSB19-04
- [RADAR-12365] – Wireshark before 2.6.6, 2.4.12 Multiple Vulnerabilities
Version 60740, release January 8, 2018
- [RADAR-3823] – [CVE-2015-1814] CloudBees Jenkins detector and vulnerabilities
- [RADAR-7595] – IBM Domino server IMAP EXAMINE command stack buffer overflow
- [RADAR-7769] – WordPress Plugin WebDorado Gallery 1.3.29 – SQL Injection
- [RADAR-7962] – Multiple vulnerabilities affect IBM Tivoli Monitoring 6.3.0 through 6.3.0 FP7
- [RADAR-8247] – WP Hide & Security Enhancer <= 1.3.9.2 – Arbitrary File Download
- [RADAR-8549] – IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring
- [RADAR-8989] – IBM Security Bulletin: Multiple Vulnerabilities in the IBM SDK Java Technology Edition affect IBM Domino
- [RADAR-10092] – [CVE-2017-9267] Novell eDirectory before 9.0.3.1 Cryptographic Issue
- [RADAR-10378] – Sitecore Directory Traversal Vulnerability
- [RADAR-10903] – Core FTP LE 2.2 Buffer Overflow
- [RADAR-11605] – SugarCRM 6.5.26 xss
- [RADAR-12037] – Linux Kernel Aug 2017 – Sep 2018 Vulnerabilities affects ProxySG
- [RADAR-12038] – Security Advisory for XSS Vulnerability in Qsync Central (NAS-201811-29)
- [RADAR-12045] – OpenSSH Vulnerabilities Jan-Aug 2018 affects ProxySG (SYMSA1469)
- [RADAR-12046] – Apache Traffic Server before 8.0.1 Memory Leak
- [RADAR-12082] – ADSelfService Plus before 5701 XEE
- [RADAR-12117] – IBM Security Bulletin: Multiple Db2 vulnerabilities affect the IBM Spectrum Protect Server
- [RADAR-12131] – Foxit PhantomPDF and Reader Multiple Vulns
- [RADAR-12210] – Mikrotik RouterOS telnet arbitrary root file creation
- [RADAR-12219] – Apache CouchDB CVE-2018-17188: Remote Privilege Escalations (Affects all versions < 2.3.0)
- [RADAR-12225] – Memory Leak – traffic_ctl config reload in Apache Traffic Server
- [RADAR-12227] – Liferay Portal before 7.1 CE GA2 (7.1.1) RCE and Path Traversal Vulns
- [RADAR-12234] – Liferay Portal before 7.1 CE GA2 (7.1.1) Password reset token leaked to 3rd party sites
- [RADAR-12243] – Cisco Adaptive Security Appliance Software Privilege Escalation Vulnerability
- [RADAR-12289] – Adobe Reader DC APSB19-02
- [RADAR-12297] – MantisBT before 1.3.17 and 2.18.1 Potential object injection attack Vulnerability
- [RADAR-12305] – ManageEngine ADSelfService Plus before 5703 SSRF
- [RADAR-12327] – Apache CouchDB 2.3.0 Cross Site Request Forgery
- [RADAR-12338] – CVE-2019-3498: Content spoofing possibility in the default 404 page in Django before 2.1.5, 2.0.10, and 1.11.18
- [RADAR-12342] – MantisBT before 2.20.0 Multiple Bootstrap Vulnerabilities
- [RADAR-11724] – Radar system scan terminates if no common TLS algorithm is found
- [RADAR-12208] – TLS Poodle false positive
Version 60647, release December 18, 2018
- [RADAR-11895] – YUNUCMS 1.1.5 Multiple Vulnerabilities
- [RADAR-12083] – Perl before 5.26.3, 5.28.1 Multiple Vulns
- [RADAR-12091] – pfSense 2.4.4 Multiple Vulnerabilities
- [RADAR-12211] – ManageEngine Password Manager Pro before 9803 Information Disclosure
Version 60638, release December 17, 2018
- [RADAR-12108] – Elasticsearch information disclosure (ESA-2018-19)
- [RADAR-12126] – Adobe Reader DC | APSB18-41
- [RADAR-12167] – TYPO3 before 7.6.32, 8.7.21 and 9.5.2 Multiple Vulnerabilities
- [RADAR-12173] – IceWarp Mail Server 11.0.0.0 – Cross-Site Scripting
- [RADAR-12186] – Google Chrome 71 is Missing December 2018 Security Update II
- [RADAR-12187] – WordPress before 4.9.9 and 5.0.1 Multiple Vulns
- [RADAR-12197] – IBM Security Bulletin: IBM DB2 contains a denial of service vulnerability in scalar functions (CVE-2018-1977)
Version 60595, release December 13, 2018
- [RADAR-12100] – Jenkins Security Advisory 2018-12-05
- [RADAR-12111] – Adobe Flash Player | APSB18-42
- [RADAR-12116] – IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect the IBM Spectrum Protect Server (CVE-2018-1656, CVE-2018-12539)
- [RADAR-12118] – IBM Security Bulletin: IBM MQ Console could allow an attacker to execute a denial of service attack. (CVE-2018-1883)
- [RADAR-12128] – PHP 5.x and 7.x before 7.3.0 Denial of Service Vulnerability
- [RADAR-12129] – Cybozu Garoon before 4.10.1 access restriction bypass vulnerability
- [RADAR-12130] – ManageEngine Applications Manager before build 13980 Multiple Vulnerabilities
- [RADAR-12136] – IBM Security Bulletin: Potential information disclosure in WebSphere Application Server (CVE-2018-1957)
- [RADAR-12143] – Foreman before 1.18.3, 1.19.1, and 1.20.0 XSS
- [RADAR-12149] – GnuTLS RSA Decrypted PKCS#1 v1.5 Data Verification Information Disclosure Vulnerability
- [RADAR-12155] – ManageEngine ADSelfService Plus before 5702 XSS
- [RADAR-12156] – ManageEngine ServiceDesk Plus before build 10002 csrf
- [RADAR-12163] – Security Bulletin: Potential Remote code execution vulnerability in WebSphere Application Server (CVE-2018-1904)
- [RADAR-12164] – IBM Security Bulletin: Potential Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2018-1901)
- [RADAR-12165] – IBM Security Bulletin: Potential cross-site request forgery in WebSphere Application Server Admin Console (CVE-2018-1926)
- [RADAR-12166] – phpMyAdmin before 4.8.4 Multiple Vulns
- [RADAR-12170] – McAfee Security Bulletin – McAfee Agent update fixes a use after free vulnerability (CVE-2018-6703)
Version 59966, release October 16, 2018
New features and improvements:
- System scan will fill the Host header in HTTP requests with a name resolved using reverse DNS if the target was specified as an IP address and the “Virtual host” field is empty.
Version 59817, release October 1, 2018
New features and improvements:
- System scan is now available as a universal version that will run as 64-bit on 64-bit systems and as 32-bit on 32-bit systems. This should resolve at least some out-of-memory issues.
Version 58622, release May 30, 2018
New features and improvements:
- SUSE distribution supported in Linux Authenticated Scanning (RADAR-10192).
Version 58514, release May 24, 2018
New features and improvements:
- Significant performance improvements for web services scans. The majority of system scans, where the web servers were detected on a scanned target, are completed more than 20% faster (RADAR-8648).
Version 57587, release March 15, 2018
New features and improvements:
- Service detection is now performed for all ports simultaneously, which should give a significant scan time improvement for hosts with a high number of open ports.
Version 57555 , released March 13, 2018
New features and improvements:
- Detecting kernel updates applied by Ksplice Uptrack in Linux Authenticated Scanning.
Version 57142 , released February 15, 2018
New features and improvements:
- Replaced old port scanning engine with Nmap to reduce scan times and improve reliability.
Fixed issues:
- Numerous issues caused by the old engine.