This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2017-6742
Vendor: Cisco
Product: IOS and IOS XE Software
Added: 2023-04-19
Due Date: 2023-05-10
Description:
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-8526
Vendor: Apple
Product: macOS
Added: 2023-04-17
Due Date: 2023-05-08
Description:
Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2023-2033
Vendor: Google
Product: Chromium V8
Added: 2023-04-17
Due Date: 2023-05-08
Description:
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2023-20963
Vendor: Android
Product: Framework
Added: 2023-04-13
Due Date: 2023-05-04
Description:
Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2023-29492
Vendor: Novi Survey
Product: Novi Survey
Added: 2023-04-13
Due Date: 2023-05-04
Description:
Novi Survey contains an insecure deserialization vulnerability that allows remote attackers to execute code on the server in the context of the service account.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2023-28252
Vendor: Microsoft
Product: Windows
Added: 2023-04-11
Due Date: 2023-05-02
Description:
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2023-28205
Vendor: Apple
Product: Multiple Products
Added: 2023-04-10
Due Date: 2023-05-01
Description:
Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2023-28206
Vendor: Apple
Product: iOS, iPadOS, and macOS
Added: 2023-04-10
Due Date: 2023-05-01
Description:
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-27876
Vendor: Veritas
Product: Backup Exec Agent
Added: 2023-04-07
Due Date: 2023-04-28
Description:
Veritas Backup Exec (BE) Agent contains a file access vulnerability that could allow an attacker to specially craft input parameters on a data management protocol command to access files on the BE Agent machine.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-27877
Vendor: Veritas
Product: Backup Exec Agent
Added: 2023-04-07
Due Date: 2023-04-28
Description:
Veritas Backup Exec (BE) Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-27878
Vendor: Veritas
Product: Backup Exec Agent
Added: 2023-04-07
Due Date: 2023-04-28
Description:
Veritas Backup Exec (BE) Agent contains a command execution vulnerability that could allow an attacker to use a data management protocol command to execute a command on the BE Agent machine.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-1388
Vendor: Microsoft
Product: Windows
Added: 2023-04-07
Due Date: 2023-04-28
Description:
Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2023-26083
Vendor: Arm
Product: Mali Graphics Processing Unit (GPU)
Added: 2023-04-07
Due Date: 2023-04-28
Description:
Arm Mali GPU Kernel Driver contains an information disclosure vulnerability that allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2022-27926
Vendor: Synacor
Product: Zimbra Collaboration Suite (ZCS)
Added: 2023-04-03
Due Date: 2023-04-24
Description:
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability by allowing an endpoint URL to accept parameters without sanitizing.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2013-3163
Vendor: Microsoft
Product: Internet Explorer
Added: 2023-03-30
Due Date: 2023-04-20
Description:
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs: