This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2009-1862
Vendor: Adobe
Product: Acrobat and Reader, Flash Player
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS).
Required Action:
For Adobe Acrobat and Reader, apply updates per vendor instructions. For Adobe Flash Player, the impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2009-0563
Vendor: Microsoft
Product: Office
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via a Word document with a crafted tag containing an invalid length field.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2009-0557
Vendor: Microsoft
Product: Office
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Microsoft Office contains an object record corruption vulnerability that allows remote attackers to execute code via a crafted Excel file with a malformed record object.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2008-0655
Vendor: Adobe
Product: Acrobat and Reader
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times.
Required Action:
Apply updates per vendor instructions.
CVE-2007-5659
Vendor: Adobe
Product: Acrobat and Reader
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2006-2492
Vendor: Microsoft
Product: Word
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2022-26134
Vendor: Atlassian
Product: Confluence Server/Data Center
Added: 2022-06-02
Due Date: 2022-06-06
Description:
Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code execution.
Required Action:
Immediately block all internet traffic to and from affected products AND apply the update per vendor instructions [https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html] OR remove the affected products by the due date on the right. Note: Once the update is successfully deployed, agencies can reassess the internet blocking rules.
CWEs:
CVE-2019-3010
Vendor: Oracle
Product: Solaris
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Oracle Solaris component: XScreenSaver contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CVE-2016-3393
Vendor: Microsoft
Product: Windows
Added: 2022-05-25
Due Date: 2022-06-15
Description:
A remote code execution vulnerability exists due to the way the Windows GDI component handles objects in the memory. An attacker who successfully exploits this vulnerability could take control of the affected system.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2016-7256
Vendor: Microsoft
Product: Windows
Added: 2022-05-25
Due Date: 2022-06-15
Description:
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits this vulnerability could take control of the affected system.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2016-1010
Vendor: Adobe
Product: Flash Player and AIR
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Integer overflow vulnerability in Adobe Flash Player and AIR allows attackers to execute code.
Required Action:
The impacted products are end-of-life and should be disconnected if still in use.
CWEs:
CVE-2016-0984
Vendor: Adobe
Product: Flash Player and AIR
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows attackers to execute code.
Required Action:
The impacted products are end-of-life and should be disconnected if still in use.
CWEs:
CVE-2016-0034
Vendor: Microsoft
Product: Silverlight
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Microsoft Silverlight mishandles negative offsets during decoding, which allows attackers to execute remote code or cause a denial-of-service (DoS).
Required Action:
The impacted products are end-of-life and should be disconnected if still in use.
CWEs:
CVE-2015-0310
Vendor: Adobe
Product: Flash Player
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Adobe Flash Player does not properly restrict discovery of memory addresses, which allows attackers to bypass the address space layout randomization (ASLR) protection mechanism.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2015-0016
Vendor: Microsoft
Product: Windows
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Directory traversal vulnerability in the TS WebProxy (TSWbPrxy) component in Microsoft Windows allows remote attackers to escalate privileges.
Required Action:
Apply updates per vendor instructions.
CWEs: