Identified vulnerabilities (CVEs) in vulnscan

The following CVEs are identified by the vulnscan category of information. CVEs are either detected by an active, innocuous and non-instrusive check (check-based) or by specific version detection technics (version-based):

CVEs by product vendors

Adobe

CVE-2023-26359: Adobe ColdFusion - check-based
CVE-2023-26360: Adobe ColdFusion - check-based
CVE-2023-29298: Adobe ColdFusion - check-based

Apache

CVE-2023-27524: Apache Superset - version-based
CVE-2023-46604: Apache ActiveMQ - version-based - CISA KEV catalog

Atlassian

CVE-2022-26134: Atlassian Confluence - check-based - CISA KEV catalog, ANSSI TOP10
CVE-2023-22515: Atlassian Confluence - version-based - CISA KEV catalog
CVE-2023-22518: Atlassian Confluence - version-based - CISA KEV catalog

Cisco

CVE-2020-3187: Cisco ASA - check-based
CVE-2020-3259: Cisco ASA - check-based - CISA KEV catalog
CVE-2020-3580: Cisco ASA - check-based - CISA KEV catalog
CVE-2023-20198: Cisco IOS XE - check-based - CISA KEV catalog

Citrix

CVE-2019-19781: Citrix Gateway (shitrix) - check-based - CISA KEV catalog
CVE-2020-8193: Citrix Gateway - version-based - CISA KEV catalog
CVE-2020-8195: Citrix Gateway - version-based - CISA KEV catalog
CVE-2020-8196: Citrix Gateway - version-based - CISA KEV catalog
CVE-2020-8209: Citrix XenMobile Server - check-based
CVE-2022-27518: Citrix Gateway - version-based - CISA KEV catalog
CVE-2023-3519: Citrix Gateway - version-based - CISA KEV catalog
CVE-2023-4966: Citrix Gateway - version-based - CISA KEV catalog

ConnectWise Control

CVE-2024-1708: ConnectWise Control (ScreenConnect) - version-based
CVE-2024-1709: ConnectWise Control (ScreenConnect) - version-based - CISA KEV catalog

CrushFTP

CVE-2023-43177: CrushFTP CrushFTP - check-based

Exim

CVE-2010-4344: Exim Exim - version-based - CISA KEV catalog
CVE-2018-6789: Exim Exim - version-based - CISA KEV catalog
CVE-2019-10149: Exim Exim - version-based - CISA KEV catalog
CVE-2019-16928: Exim Exim - version-based - CISA KEV catalog

F5 Networks

CVE-2020-5902: F5 Networks BIGIP - check-based - CISA KEV catalog
CVE-2022-1388: F5 Networks BIGIP - check-based - CISA KEV catalog

Fortinet

CVE-2018-13379: Fortinet FortiGate - check-based - CISA KEV catalog
CVE-2022-40684: Fortinet FortiGate - check-based - CISA KEV catalog
CVE-2022-42475: Fortinet FortiGate - version-based - CISA KEV catalog
CVE-2023-25610: Fortinet FortiGate - version-based
CVE-2023-27997: Fortinet FortiGate - version-based - CISA KEV catalog
CVE-2023-48788: Fortinet FortiClient - version-based - CISA KEV catalog

Fortra

CVE-2023-0669: Fortra GoAnywhere MFT - version-based - CISA KEV catalog
CVE-2024-0204: Fortra GoAnywhere MFT - version-based

Gitlab Gitlab

CVE-2023-7028: Gitlab Gitlab - version-based

GLPI-Project

CVE-2022-35914: GLPI-Project GLPI - check-based - CISA KEV catalog, ANSSI TOP 10
CVE-2023-42802: GLPI-Project GLPI - version-based

IBM

CVE-2022-47986: IBM Aspera Faspex - version-based - CISA KEV catalog

Jenkins

CVE-2023-27898: Jenkins Jenkins (coreplague) - version-based

JetBrains

CVE-2023-42793: JetBrains TeamCity - version-based - CISA KEV catalog
CVE-2024-23917: JetBrains TeamCity - version-based
CVE-2024-27198: JetBrains TeamCity - version-based
CVE-2024-27199: JetBrains TeamCity - version-based

Joomla

CVE-2023-23752: Joomla Joomla! - check-based

Juniper

CVE-2023-36845: Juniper SRX - check-based

Metabase

CVE-2023-37470: Metabase Metabase - version-based
CVE-2023-38646: Metabase Metabase - version-based

Microsoft

CVE-2021-26855: Microsoft Exchange Server (proxylogon) - check-based + version-based - CISA KEV catalog, ANSSI TOP10
CVE-2021-31207: Microsoft Exchange Server (proxyshell) - check-based + version-based - CISA KEV catalog, ANSSI TOP10
CVE-2021-34473: Microsoft Exchange Server (proxyshell) - check-based + version-based - CISA KEV catalog, ANSSI TOP10
CVE-2021-34523: Microsoft Exchange Server (proxyshell) - check-based + version-based - CISA KEV catalog, ANSSI TOP10
CVE-2022-41040: Microsoft Exchange Server (proxynotshell) - version-based - CISA KEV catalog, ANSSI TOP10
CVE-2022-41082: Microsoft Exchange Server (proxynotshell) - version-based - CISA KEV catalog, ANSSI TOP10

MobileIron

NOTE: log4shell checks are only active for on-demand scans:

CVE-2021-44228: MobileIron Core (log4shell) - check-based - CISA KEV catalog, ANSSI TOP10
CVE-2023-35078: MobileIron Core - version-based - CISA KEV catalog
CVE-2023-35081: MobileIron Core - version-based - CISA KEV catalog

MOVEit

CVE-2023-34362: MOVEit MOVEit - version-based - CISA KEV catalog

NextGen

CVE-2023-43208: NextGen Mirth Connect - version-based

Oracle

CVE-2020-14882: Oracle Weblogic - check-based - CISA KEV catalog

ownCloud

CVE-2023-49103: ownCloud ownCloud - check-based - CISA KEV catalog

Paessler AG

CVE-2018-9276: Paessler AG PRTG Network Monitor - version-based

PaloAltoNetworks

CVE-2020-2021: PaloAltoNetworks GlobalProtect - version-based - CISA KEV catalog
CVE-2024-3400: PaloAltoNetworks GlobalProtect - version-based - CISA KEV catalog

PaperCut

CVE-2023-27350: PaperCut PaperCut - version-based - CISA KEV catalog
CVE-2023-27351: PaperCut PaperCut - version-based - CISA KEV catalog
CVE-2023-39143: PaperCut PaperCut - version-based

PulseSecure

CVE-2019-11510: PulseSecure Pulse Connect Secure - check-based - CISA KEV catalog
CVE-2023-46805: PulseSecure Pulse Connect Secure - check-based - CISA KEV catalog
CVE-2024-21887: PulseSecure Pulse Connect Secure - check-based - CISA KEV catalog
CVE-2024-21888: PulseSecure Pulse Connect Secure - check-based - CISA KEV catalog
CVE-2024-21893: PulseSecure Pulse Connect Secure - check-based - CISA KEV catalog

Qlik

CVE-2023-41265: Qlik Qlik Sense - check-based - CISA KEV catalog
CVE-2023-41266: Qlik Qlik Sense - check-based - CISA KEV catalog

Roundcube

CVE-2020-12640: Roundcube Webmail - version-based - CISA KEV catalog
CVE-2020-12641: Roundcube Webmail - version-based - CISA KEV catalog

SAP

CVE-2020-6287: SAP Netweaver Application Server Java (recon) - check-based - CISA KEV catalog

SonicWall

CVE-2019-7481: SonicWall SMA - version-based - CISA KEV catalog
CVE-2021-20028: SonicWall SMA - version-based - CISA KEV catalog
CVE-2021-20034: SonicWall SMA - version-based
CVE-2023-34123: SonicWall GMS - check-based
CVE-2023-34124: SonicWall GMS - check-based
CVE-2023-34133: SonicWall GMS - check-based
CVE-2023-34134: SonicWall GMS - check-based
CVE-2023-34137: SonicWall GMS - check-based

SolarWinds

CVE-2020-10148: SolarWinds Orion Platform (supernova) - check-based - CISA KEV catalog
CVE-2021-35211: SolarWinds Serv-U - version-based - CISA KEV catalog

Telerik

CVE-2019-18935: Telerik UI for ASP.NET AJAX - version-based - CISA KEV catalog

VMware

NOTE: log4shell checks are only active for on-demand scans:

CVE-2021-21972: VMware vCenter Server - check-based - CISA KEV catalog
CVE-2021-21973: VMware vCenter Server - check-based - CISA KEV catalog
CVE-2021-21985: VMware vCenter Server - check-based - CISA KEV catalog
CVE-2021-44228: VMware vCenter Server (log4shell) - check-based - CISA KEV catalog, ANSSI TOP10
CVE-2021-44228: VMware Horizon View (log4shell) - check-based - CISA KEV catalog, ANSSI TOP10
CVE-2022-22954: VMware Workspace ONE Access - check-based - CISA KEV catalog, ANSSI TOP10
CVE-UNKNOWN-20211201: VMware vCenter Server - check-based

Zimbra

CVE-2022-27925: Zimbra Collaboration Server - check-based - CISA KEV catalog, ANSSI TOP10
CVE-2022-37042: Zimbra Collaboration Server - check-based - CISA KEV catalog, ANSSI TOP10
CVE-2023-20032: Zimbra Collaboration Server - version-based

ZKoss

CVE-2022-36537: ZKoss ZK Framework - version-based - CISA KEV catalog

ZohoCorp

CVE-2021-40539: ZohoCorp ManageEngine ADSelfService Plus - check-based - CISA KEV catalog
CVE-2022-47966: ManageEngine ADManager Plus - version-based - CISA KEV catalog
CVE-2022-47966: ManageEngine ADSelfService Plus - version-based - CISA KEV catalog
CVE-2022-47966: ManageEngine ServiceDesk Plus - version-based - CISA KEV catalog
CVE-2022-47966: ManageEngine ServiceDesk Plus MSP - version-based - CISA KEV catalog
CVE-2022-47966: ManageEngine SupportCenter Plus - version-based - CISA KEV catalog
CVE-2022-47966: ManageEngine AssetExplorer - version-based - CISA KEV catalog