This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2022-22674
Vendor: Apple
Product: macOS
Added: 2022-04-04
Due Date: 2022-04-25
Description:
macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-45382
Vendor: D-Link
Product: Multiple Routers
Added: 2022-04-04
Due Date: 2022-04-25
Description:
A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2022-26871
Vendor: Trend Micro
Product: Apex Central
Added: 2022-03-31
Due Date: 2022-04-21
Description:
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2022-1040
Vendor: Sophos
Product: Firewall
Added: 2022-03-31
Due Date: 2022-04-21
Description:
An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-34484
Vendor: Microsoft
Product: Windows
Added: 2022-03-31
Due Date: 2022-04-21
Description:
Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-28799
Vendor: QNAP
Product: Network Attached Storage (NAS)
Added: 2022-03-31
Due Date: 2022-04-21
Description:
QNAP NAS running HBS 3 contains an improper authorization vulnerability which can allow remote attackers to log in to a device.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-21551
Vendor: Dell
Product: dbutil Driver
Added: 2022-03-31
Due Date: 2022-04-21
Description:
Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service (DoS), or information disclosure.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2018-10562
Vendor: Dasan
Product: Gigabit Passive Optical Network (GPON) Routers
Added: 2022-03-31
Due Date: 2022-04-21
Description:
Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2018-10561
Vendor: Dasan
Product: Gigabit Passive Optical Network (GPON) Routers
Added: 2022-03-31
Due Date: 2022-04-21
Description:
Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2022-1096
Vendor: Google
Product: Chromium V8
Added: 2022-03-28
Due Date: 2022-04-18
Description:
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2022-0543
Vendor: Redis
Product: Debian-specific Redis Servers
Added: 2022-03-28
Due Date: 2022-04-18
Description:
Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-38646
Vendor: Microsoft
Product: Office
Added: 2022-03-28
Due Date: 2022-04-18
Description:
Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.
Required Action:
Apply updates per vendor instructions.
CVE-2021-34486
Vendor: Microsoft
Product: Windows
Added: 2022-03-28
Due Date: 2022-04-18
Description:
Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-26085
Vendor: Atlassian
Product: Confluence Server
Added: 2022-03-28
Due Date: 2022-04-18
Description:
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-20028
Vendor: SonicWall
Product: Secure Remote Access (SRA)
Added: 2022-03-28
Due Date: 2022-04-18
Description:
SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs: