Identified vulnerabilities (CVEs) in vulnscan

The following CVEs are identified by the vulnscan category of information. CVEs are either detected by an active, innocuous and non-instrusive check (check-based) or by specific version detection technics (version-based):

CVEs by product vendors

Adobe

CVE-2023-26359: Adobe ColdFusion - check-based
CVE-2023-26360: Adobe ColdFusion - check-based
CVE-2023-29298: Adobe ColdFusion - check-based

Apache

CVE-2023-27524: Apache Superset - version-based
CVE-2023-46604: Apache ActiveMQ - version-based - CISA KEV catalog

Atlassian

CVE-2022-26134: Atlassian Confluence - check-based - CISA KEV catalog, ANSSI TOP10
CVE-2023-22515: Atlassian Confluence - version-based - CISA KEV catalog
CVE-2023-22518: Atlassian Confluence - version-based - CISA KEV catalog

Citrix

NOTE: this list is up-to-date with CISA KEV as of 2023-02-25.

CVE-2019-19781: Citrix Gateway (shitrix) - check-based - CISA KEV catalog
CVE-2020-8193: Citrix Gateway - version-based - CISA KEV catalog
CVE-2020-8195: Citrix Gateway - version-based - CISA KEV catalog
CVE-2020-8196: Citrix Gateway - version-based - CISA KEV catalog
CVE-2020-8209: Citrix XenMobile Server - check-based
CVE-2022-27518: Citrix Gateway - version-based - CISA KEV catalog
CVE-2023-3519: Citrix Gateway - version-based - CISA KEV catalog
CVE-2023-4966: Citrix Gateway - version-based - CISA KEV catalog

Exim

NOTE: this list is up-to-date with CISA KEV as of 2023-04-08.

CVE-2010-4344: Exim Exim - version-based - CISA KEV catalog
CVE-2018-6789: Exim Exim - version-based - CISA KEV catalog
CVE-2019-10149: Exim Exim - version-based - CISA KEV catalog
CVE-2019-16928: Exim Exim - version-based - CISA KEV catalog

F5 Networks

CVE-2020-5902: F5 Networks BIGIP - check-based - CISA KEV catalog
CVE-2022-1388: F5 Networks BIGIP - check-based - CISA KEV catalog

Fortinet

NOTE: this list is up-to-date with CISA KEV as of 2023-02-25.

CVE-2018-13379: Fortinet FortiGate - check-based - CISA KEV catalog
CVE-2022-40684: Fortinet FortiGate - check-based - CISA KEV catalog
CVE-2022-42475: Fortinet FortiGate - version-based - CISA KEV catalog
CVE-2023-25610: Fortinet FortiGate - version-based
CVE-2023-27997: Fortinet FortiGate - version-based - CISA KEV catalog

Fortra

CVE-2023-0669: Fortra GoAnywhere MFT - version-based - CISA KEV catalog

GLPI-Project

CVE-2022-35914: GLPI-Project GLPI - check-based - CISA KEV catalog, ANSSI TOP 10

IBM

CVE-2022-47986: IBM Aspera Faspex - version-based - CISA KEV catalog

Jenkins

CVE-2023-27898: Jenkins Jenkins (coreplague) - version-based

JetBrains

CVE-2023-42793: JetBrains TeamCity - version-based

Joomla

CVE-2023-23752: Joomla Joomla! - check-based

Juniper

CVE-2023-36845: Juniper SRX - check-based

Metabase

CVE-2023-37470: Metabase Metabase - version-based
CVE-2023-38646: Metabase Metabase - version-based

Microsoft

CVE-2021-26855: Microsoft Exchange Server (proxylogon) - check-based + version-based - CISA KEV catalog, ANSSI TOP10
CVE-2021-31207: Microsoft Exchange Server (proxyshell) - check-based + version-based - CISA KEV catalog, ANSSI TOP10
CVE-2021-34473: Microsoft Exchange Server (proxyshell) - check-based + version-based - CISA KEV catalog, ANSSI TOP10
CVE-2021-34523: Microsoft Exchange Server (proxyshell) - check-based + version-based - CISA KEV catalog, ANSSI TOP10
CVE-2022-41040: Microsoft Exchange Server (proxynotshell) - version-based - CISA KEV catalog, ANSSI TOP10
CVE-2022-41082: Microsoft Exchange Server (proxynotshell) - version-based - CISA KEV catalog, ANSSI TOP10
CVE-2023-21707: Microsoft Exchange Server - version-based

MobileIron

NOTE: log4shell checks are only active for on-demand scans:

CVE-2021-44228: MobileIron Core (log4shell) - check-based - CISA KEV catalog, ANSSI TOP10
CVE-2023-35078: MobileIron Core - version-based - CISA KEV catalog
CVE-2023-35081: MobileIron Core - version-based - CISA KEV catalog

NextGen

CVE-2023-43208: NextGen Mirth Connect - version-based

Oracle

CVE-2020-14882: Oracle Weblogic - check-based - CISA KEV catalog

ownCloud

CVE-2023-49103: ownCloud ownCloud - check-based

Paessler AG

CVE-2018-9276: Paessler AG PRTG Network Monitor - version-based

PaloAltoNetworks

CVE-2020-2021: PaloAltoNetworks GlobalProtect - version-based - CISA KEV catalog

PaperCut

CVE-2023-27350: PaperCut PaperCut - version-based - CISA KEV catalog
CVE-2023-27351: PaperCut PaperCut - version-based - CISA KEV catalog
CVE-2023-39143: PaperCut PaperCut - version-based

PulseSecure

CVE-2019-11510: PulseSecure Pulse Connect Secure - check-based - CISA KEV catalog

Roundcube

CVE-2020-12640: Roundcube Webmail - version-based - CISA KEV catalog
CVE-2020-12641: Roundcube Webmail - version-based - CISA KEV catalog

SAP

CVE-2020-6287: SAP Netweaver Application Server Java (recon) - check-based - CISA KEV catalog

SonicWall

CVE-2019-7481: SonicWall SMA - version-based - CISA KEV catalog
CVE-2021-20028: SonicWall SMA - version-based - CISA KEV catalog
CVE-2023-34123: SonicWall GMS - check-based
CVE-2023-34124: SonicWall GMS - check-based
CVE-2023-34133: SonicWall GMS - check-based
CVE-2023-34134: SonicWall GMS - check-based
CVE-2023-34137: SonicWall GMS - check-based

SolarWinds

CVE-2020-10148: SolarWinds Orion Platform (supernova) - check-based - CISA KEV catalog
CVE-2021-35211: SolarWinds Serv-U - version-based - CISA KEV catalog

VMware

NOTE: log4shell checks are only active for on-demand scans:

CVE-2021-21972: VMware vCenter Server - check-based - CISA KEV catalog
CVE-2021-21973: VMware vCenter Server - check-based - CISA KEV catalog
CVE-2021-21985: VMware vCenter Server - check-based - CISA KEV catalog
CVE-2021-44228: VMware vCenter Server (log4shell) - check-based - CISA KEV catalog, ANSSI TOP10
CVE-2021-44228: VMware Horizon View (log4shell) - check-based - CISA KEV catalog, ANSSI TOP10
CVE-2022-22954: VMware Workspace ONE Access - check-based - CISA KEV catalog, ANSSI TOP10
CVE-UNKNOWN-20211201: VMware vCenter Server - check-based

Zimbra

CVE-2022-27925: Zimbra Collaboration Server - check-based - CISA KEV catalog, ANSSI TOP10
CVE-2022-37042: Zimbra Collaboration Server - check-based - CISA KEV catalog, ANSSI TOP10
CVE-2023-20032: Zimbra Collaboration Server - version-based

ZKoss

CVE-2022-36537: ZKoss ZK Framework - version-based - CISA KEV catalog

ZohoCorp

CVE-2021-40539: ZohoCorp ManageEngine ADSelfService Plus - check-based - CISA KEV catalog
CVE-2022-47966: ManageEngine ADManager Plus - version-based - CISA KEV catalog
CVE-2022-47966: ManageEngine ADSelfService Plus - version-based - CISA KEV catalog
CVE-2022-47966: ManageEngine ServiceDesk Plus - version-based - CISA KEV catalog
CVE-2022-47966: ManageEngine ServiceDesk Plus MSP - version-based - CISA KEV catalog
CVE-2022-47966: ManageEngine SupportCenter Plus - version-based - CISA KEV catalog
CVE-2022-47966: ManageEngine AssetExplorer - version-based - CISA KEV catalog