This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2013-7331
Vendor: Microsoft
Product: Internet Explorer
Added: 2022-05-25
Due Date: 2022-06-15
Description:
An information disclosure vulnerability exists in Internet Explorer which allows resources loaded into memory to be queried. This vulnerability could allow an attacker to detect anti-malware applications.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2013-3993
Vendor: IBM
Product: InfoSphere BigInsights
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Certain APIs within BigInsights can take invalid input that might allow attackers unauthorized access to read, write, modify, or delete data.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2013-3896
Vendor: Microsoft
Product: Silverlight
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Microsoft Silverlight does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2013-2423
Vendor: Oracle
Product: Java Runtime Environment (JRE)
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Unspecified vulnerability in hotspot for Java Runtime Environment (JRE) allows remote attackers to affect integrity.
Required Action:
Apply updates per vendor instructions.
CVE-2013-0431
Vendor: Oracle
Product: Java Runtime Environment (JRE)
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle allows remote attackers to bypass the Java security sandbox.
Required Action:
Apply updates per vendor instructions.
CVE-2013-0422
Vendor: Oracle
Product: Java Runtime Environment (JRE)
Added: 2022-05-25
Due Date: 2022-06-15
Description:
A vulnerability in the way Java restricts the permissions of Java applets could allow an attacker to execute commands on a vulnerable system.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2013-0074
Vendor: Microsoft
Product: Silverlight
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Microsoft Silverlight does not properly validate pointers during HTML object rendering, which allows remote attackers to execute code via a crafted Silverlight application.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CVE-2012-1710
Vendor: Oracle
Product: Fusion Middleware
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Designer.
Required Action:
Apply updates per vendor instructions.
CVE-2010-1428
Vendor: Red Hat
Product: JBoss
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Unauthenticated access to the JBoss Application Server Web Console (/web-console) is blocked by default. However, it was found that this block was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker could use this flaw to gain access to sensitive information.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2010-0840
Vendor: Oracle
Product: Java Runtime Environment (JRE)
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) in Java SE component allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors.
Required Action:
Apply updates per vendor instructions.
CVE-2010-0738
Vendor: Red Hat
Product: JBoss
Added: 2022-05-25
Due Date: 2022-06-15
Description:
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2018-8611
Vendor: Microsoft
Product: Windows
Added: 2022-05-24
Due Date: 2022-06-14
Description:
A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2018-19953
Vendor: QNAP
Product: Network Attached Storage (NAS)
Added: 2022-05-24
Due Date: 2022-06-14
Description:
A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2018-19949
Vendor: QNAP
Product: Network Attached Storage (NAS)
Added: 2022-05-24
Due Date: 2022-06-14
Description:
A command injection vulnerability affecting QNAP NAS File Station could allow remote attackers to run commands.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2018-19943
Vendor: QNAP
Product: Network Attached Storage (NAS)
Added: 2022-05-24
Due Date: 2022-06-14
Description:
A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.
Required Action:
Apply updates per vendor instructions.
CWEs: