This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2007-5659
Vendor: Adobe
Product: Acrobat and Reader
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2006-2492
Vendor: Microsoft
Product: Word
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2022-26134
Vendor: Atlassian
Product: Confluence Server/Data Center
Added: 2022-06-02
Due Date: 2022-06-06
Description:
Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code execution.
Required Action:
Immediately block all internet traffic to and from affected products AND apply the update per vendor instructions [https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html] OR remove the affected products by the due date on the right. Note: Once the update is successfully deployed, agencies can reassess the internet blocking rules.
CWEs:
CVE-2019-3010
Vendor: Oracle
Product: Solaris
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Oracle Solaris component: XScreenSaver contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CVE-2016-3393
Vendor: Microsoft
Product: Windows
Added: 2022-05-25
Due Date: 2022-06-15
Description:
A remote code execution vulnerability exists due to the way the Windows GDI component handles objects in the memory. An attacker who successfully exploits this vulnerability could take control of the affected system.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2016-7256
Vendor: Microsoft
Product: Windows
Added: 2022-05-25
Due Date: 2022-06-15
Description:
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits this vulnerability could take control of the affected system.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2016-1010
Vendor: Adobe
Product: Flash Player and AIR
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Integer overflow vulnerability in Adobe Flash Player and AIR allows attackers to execute code.
Required Action:
The impacted products are end-of-life and should be disconnected if still in use.
CWEs:
CVE-2016-0984
Vendor: Adobe
Product: Flash Player and AIR
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows attackers to execute code.
Required Action:
The impacted products are end-of-life and should be disconnected if still in use.
CWEs:
CVE-2016-0034
Vendor: Microsoft
Product: Silverlight
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Microsoft Silverlight mishandles negative offsets during decoding, which allows attackers to execute remote code or cause a denial-of-service (DoS).
Required Action:
The impacted products are end-of-life and should be disconnected if still in use.
CWEs:
CVE-2015-0310
Vendor: Adobe
Product: Flash Player
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Adobe Flash Player does not properly restrict discovery of memory addresses, which allows attackers to bypass the address space layout randomization (ASLR) protection mechanism.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2015-0016
Vendor: Microsoft
Product: Windows
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Directory traversal vulnerability in the TS WebProxy (TSWbPrxy) component in Microsoft Windows allows remote attackers to escalate privileges.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-0071
Vendor: Microsoft
Product: Internet Explorer
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Microsoft Internet Explorer allows remote attackers to bypass the address space layout randomization (ASLR) protection mechanism via a crafted web site.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-2360
Vendor: Microsoft
Product: Win32k
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Win32k.sys in the kernel-mode drivers in Microsoft Windows allows local users to gain privileges or cause denial-of-service (DoS).
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-2425
Vendor: Microsoft
Product: Internet Explorer
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-1769
Vendor: Microsoft
Product: Windows
Added: 2022-05-25
Due Date: 2022-06-15
Description:
A privilege escalation vulnerability exists when the Windows Mount Manager component improperly processes symbolic links.
Required Action:
Apply updates per vendor instructions.
CWEs: