This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2018-8406
Vendor: Microsoft
Product: DirectX Graphics Kernel (DXGKRNL)
Added: 2022-03-28
Due Date: 2022-04-18
Description:
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2018-8405
Vendor: Microsoft
Product: DirectX Graphics Kernel (DXGKRNL)
Added: 2022-03-28
Due Date: 2022-04-18
Description:
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-0213
Vendor: Microsoft
Product: Windows
Added: 2022-03-28
Due Date: 2022-04-18
Description:
Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.
Required Action:
Apply updates per vendor instructions.
CVE-2017-0059
Vendor: Microsoft
Product: Internet Explorer
Added: 2022-03-28
Due Date: 2022-04-18
Description:
Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-0037
Vendor: Microsoft
Product: Edge and Internet Explorer
Added: 2022-03-28
Due Date: 2022-04-18
Description:
Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2016-7201
Vendor: Microsoft
Product: Edge
Added: 2022-03-28
Due Date: 2022-04-18
Description:
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2016-7200
Vendor: Microsoft
Product: Edge
Added: 2022-03-28
Due Date: 2022-04-18
Description:
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2016-0189
Vendor: Microsoft
Product: Internet Explorer
Added: 2022-03-28
Due Date: 2022-04-18
Description:
The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2016-0151
Vendor: Microsoft
Product: Client-Server Run-time Subsystem (CSRSS)
Added: 2022-03-28
Due Date: 2022-04-18
Description:
The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2016-0040
Vendor: Microsoft
Product: Windows
Added: 2022-03-28
Due Date: 2022-04-18
Description:
The kernel in Microsoft Windows allows local users to gain privileges via a crafted application.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-2426
Vendor: Microsoft
Product: Windows
Added: 2022-03-28
Due Date: 2022-04-18
Description:
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-2419
Vendor: Microsoft
Product: Internet Explorer
Added: 2022-03-28
Due Date: 2022-04-18
Description:
JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-1770
Vendor: Microsoft
Product: Office
Added: 2022-03-28
Due Date: 2022-04-18
Description:
Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2013-3660
Vendor: Microsoft
Product: Win32k
Added: 2022-03-28
Due Date: 2022-04-18
Description:
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft does not properly initialize a pointer for the next object in a certain list, which allows local users to gain privileges.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2013-2729
Vendor: Adobe
Product: Reader and Acrobat
Added: 2022-03-28
Due Date: 2022-04-18
Description:
Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code.
Required Action:
Apply updates per vendor instructions.
CWEs: