This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2019-16057
Vendor: D-Link
Product: DNS-320 Storage Device
Added: 2022-04-15
Due Date: 2022-05-06
Description:
The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2018-7841
Vendor: Schneider Electric
Product: U.motion Builder
Added: 2022-04-15
Due Date: 2022-05-06
Description:
A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2016-4523
Vendor: Trihedral
Product: VTScada (formerly VTS)
Added: 2022-04-15
Due Date: 2022-05-06
Description:
The WAP interface in Trihedral VTScada (formerly VTS) allows remote attackers to cause a denial-of-service (DoS).
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2014-0780
Vendor: InduSoft
Product: Web Studio
Added: 2022-04-15
Due Date: 2022-05-06
Description:
InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2010-5330
Vendor: Ubiquiti
Product: AirOS
Added: 2022-04-15
Due Date: 2022-05-06
Description:
Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2007-3010
Vendor: Alcatel
Product: OmniPCX Enterprise
Added: 2022-04-15
Due Date: 2022-05-06
Description:
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2022-22954
Vendor: VMware
Product: Workspace ONE Access and Identity Manager
Added: 2022-04-14
Due Date: 2022-05-05
Description:
VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2022-24521
Vendor: Microsoft
Product: Windows
Added: 2022-04-13
Due Date: 2022-05-04
Description:
Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2018-7602
Vendor: Drupal
Product: Core
Added: 2022-04-13
Due Date: 2022-05-04
Description:
A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site.
Required Action:
Apply updates per vendor instructions.
CVE-2018-20753
Vendor: Kaseya
Product: Virtual System/Server Administrator (VSA)
Added: 2022-04-13
Due Date: 2022-05-04
Description:
Kaseya VSA RMM allows unprivileged remote attackers to execute PowerShell payloads on all managed devices.
Required Action:
Apply updates per vendor instructions.
CVE-2015-5123
Vendor: Adobe
Product: Flash Player
Added: 2022-04-13
Due Date: 2022-05-04
Description:
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2015-5122
Vendor: Adobe
Product: Flash Player
Added: 2022-04-13
Due Date: 2022-05-04
Description:
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2015-3113
Vendor: Adobe
Product: Flash Player
Added: 2022-04-13
Due Date: 2022-05-04
Description:
Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2015-2502
Vendor: Microsoft
Product: Internet Explorer
Added: 2022-04-13
Due Date: 2022-05-04
Description:
Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-0313
Vendor: Adobe
Product: Flash Player
Added: 2022-04-13
Due Date: 2022-05-04
Description:
Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs: