This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2020-14871
Vendor: Oracle
Product: Solaris and Zettabyte File System (ZFS)
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Oracle Solaris and Oracle ZFS Storage Appliance Kit contain an unspecified vulnerability causing high impacts to confidentiality, integrity, and availability of affected systems.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-4852
Vendor: Oracle
Product: WebLogic Server
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Oracle WebLogic Server contains a deserialization of untrusted data vulnerability within Apache Commons, which can allow for for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-14750
Vendor: Oracle
Product: WebLogic Server
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Oracle WebLogic Server contains an unspecified vulnerability allowing an unauthenticated attacker to perform remote code execution. This vulnerability is related to CVE-2020-14882.
Required Action:
Apply updates per vendor instructions.
CVE-2020-14882
Vendor: Oracle
Product: WebLogic Server
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Oracle WebLogic Server contains an unspecified vulnerability, which is assessed to allow for remote code execution, based on this vulnerability being related to CVE-2020-14750.
Required Action:
Apply updates per vendor instructions.
CVE-2020-14883
Vendor: Oracle
Product: WebLogic Server
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Oracle WebLogic Server contains an unspecified vulnerability in the Console component with high impacts to confidentilaity, integrity, and availability.
Required Action:
Apply updates per vendor instructions.
CVE-2020-8644
Vendor: PlaySMS
Product: PlaySMS
Added: 2021-11-03
Due Date: 2022-05-03
Description:
PlaySMS contains a server-side template injection vulnerability that allows for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-18935
Vendor: Progress
Product: Telerik UI for ASP.NET AJAX
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context of the w3wp.exe process.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-22893
Vendor: Ivanti
Product: Pulse Connect Secure
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-8243
Vendor: Ivanti
Product: Pulse Connect Secure
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-22900
Vendor: Ivanti
Product: Pulse Connect Secure
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-22894
Vendor: Ivanti
Product: Pulse Connect Secure
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciously crafted meeting room.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-8260
Vendor: Ivanti
Product: Pulse Connect Secure
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-22899
Vendor: Ivanti
Product: Pulse Connect Secure
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-11510
Vendor: Ivanti
Product: Pulse Connect Secure
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-11539
Vendor: Ivanti
Product: Pulse Connect Secure and Pulse Policy Secure
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands.
Required Action:
Apply updates per vendor instructions.
CWEs: