This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2015-4495
Vendor: Mozilla
Product: Firefox
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-8651
Vendor: Adobe
Product: Flash Player
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Integer overflow in Adobe Flash Player allows attackers to execute code.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2015-6175
Vendor: Microsoft
Product: Windows
Added: 2022-05-25
Due Date: 2022-06-15
Description:
The kernel in Microsoft Windows contains a vulnerability that allows local users to gain privileges via a crafted application.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-1671
Vendor: Microsoft
Product: Windows
Added: 2022-05-25
Due Date: 2022-06-15
Description:
A remote code execution vulnerability exists when components of Windows, .NET Framework, Office, Lync, and Silverlight fail to properly handle TrueType fonts.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2014-4148
Vendor: Microsoft
Product: Windows
Added: 2022-05-25
Due Date: 2022-06-15
Description:
A remote code execution vulnerability exists when the Windows kernel-mode driver improperly handles TrueType fonts.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2014-8439
Vendor: Adobe
Product: Flash Player
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Adobe Flash Player has a vulnerability in the way it handles a dereferenced memory pointer which could lead to code execution.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2014-4123
Vendor: Microsoft
Product: Internet Explorer
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Microsoft Internet Explorer contains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2014-0546
Vendor: Adobe
Product: Reader and Acrobat
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Adobe Reader and Acrobat on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context.
Required Action:
Apply updates per vendor instructions.
CVE-2014-2817
Vendor: Microsoft
Product: Internet Explorer
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Microsoft Internet Explorer cotains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2014-4077
Vendor: Microsoft
Product: Input Method Editor (IME) Japanese
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Microsoft Input Method Editor (IME) Japanese is a keyboard with Japanese characters that can be enabled on Windows systems as it is included by default (with the default set as disabled). IME Japanese contains an unspecified vulnerability when IMJPDCT.EXE (IME for Japanese) is installed which allows attackers to bypass a sandbox and perform privilege escalation.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2014-3153
Vendor: Linux
Product: Kernel
Added: 2022-05-25
Due Date: 2022-06-15
Description:
The futex_requeue function in kernel/futex.c in Linux kernel does not ensure that calls have two different futex addresses, which allows local users to gain privileges.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2013-7331
Vendor: Microsoft
Product: Internet Explorer
Added: 2022-05-25
Due Date: 2022-06-15
Description:
An information disclosure vulnerability exists in Internet Explorer which allows resources loaded into memory to be queried. This vulnerability could allow an attacker to detect anti-malware applications.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2013-3993
Vendor: IBM
Product: InfoSphere BigInsights
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Certain APIs within BigInsights can take invalid input that might allow attackers unauthorized access to read, write, modify, or delete data.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2013-3896
Vendor: Microsoft
Product: Silverlight
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Microsoft Silverlight does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2013-2423
Vendor: Oracle
Product: Java Runtime Environment (JRE)
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Unspecified vulnerability in hotspot for Java Runtime Environment (JRE) allows remote attackers to affect integrity.
Required Action:
Apply updates per vendor instructions.