This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2012-1889
Vendor: Microsoft
Product: XML Core Services
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2012-0767
Vendor: Adobe
Product: Flash Player
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Adobe Flash Player contains a XSS vulnerability that allows remote attackers to inject web script or HTML.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2012-0754
Vendor: Adobe
Product: Flash Player
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2012-0151
Vendor: Microsoft
Product: Windows
Added: 2022-06-08
Due Date: 2022-06-22
Description:
The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute code.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2011-2462
Vendor: Adobe
Product: Reader and Acrobat
Added: 2022-06-08
Due Date: 2022-06-22
Description:
The Universal 3D (U3D) component in Adobe Reader and Acrobat contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS).
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2011-0609
Vendor: Adobe
Product: Flash Player
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CVE-2010-2883
Vendor: Adobe
Product: Acrobat and Reader
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2010-2572
Vendor: Microsoft
Product: PowerPoint
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Microsoft PowerPoint contains a buffer overflow vulnerability that alllows for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2010-1297
Vendor: Adobe
Product: Flash Player
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2009-4324
Vendor: Adobe
Product: Acrobat and Reader
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2009-3953
Vendor: Adobe
Product: Acrobat and Reader
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2009-1862
Vendor: Adobe
Product: Acrobat and Reader, Flash Player
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS).
Required Action:
For Adobe Acrobat and Reader, apply updates per vendor instructions. For Adobe Flash Player, the impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2009-0563
Vendor: Microsoft
Product: Office
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via a Word document with a crafted tag containing an invalid length field.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2009-0557
Vendor: Microsoft
Product: Office
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Microsoft Office contains an object record corruption vulnerability that allows remote attackers to execute code via a crafted Excel file with a malformed record object.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2008-0655
Vendor: Adobe
Product: Acrobat and Reader
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times.
Required Action:
Apply updates per vendor instructions.