This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2017-12615
Vendor: Apache
Product: Tomcat
Added: 2022-03-25
Due Date: 2022-04-15
Description:
When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-0146
Vendor: Microsoft
Product: Windows
Added: 2022-03-25
Due Date: 2022-04-15
Description:
The SMBv1 server in Microsoft Windows allows remote attackers to perform remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2016-7892
Vendor: Adobe
Product: Flash Player
Added: 2022-03-25
Due Date: 2022-04-15
Description:
Adobe Flash Player has an exploitable use-after-free vulnerability in the TextField class.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2016-4171
Vendor: Adobe
Product: Flash Player
Added: 2022-03-25
Due Date: 2022-04-15
Description:
Unspecified vulnerability in Adobe Flash Player allows for remote code execution.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CVE-2016-1555
Vendor: NETGEAR
Product: Wireless Access Point (WAP) Devices
Added: 2022-03-25
Due Date: 2022-04-15
Description:
Multiple NETGEAR Wireless Access Point devices allows unauthenticated web pages to pass form input directly to the command-line interface. Exploitation allows for arbitrary code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2016-11021
Vendor: D-Link
Product: DCS-930L Devices
Added: 2022-03-25
Due Date: 2022-04-15
Description:
setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2016-10174
Vendor: NETGEAR
Product: WNR2000v5 Router
Added: 2022-03-25
Due Date: 2022-04-15
Description:
The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2016-0752
Vendor: Rails
Product: Ruby on Rails
Added: 2022-03-25
Due Date: 2022-04-15
Description:
Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-4068
Vendor: Arcserve
Product: Unified Data Protection (UDP)
Added: 2022-03-25
Due Date: 2022-04-15
Description:
Directory traversal vulnerability in Arcserve UDP allows remote attackers to obtain sensitive information or cause a denial of service.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-3035
Vendor: TP-Link
Product: Multiple Archer Devices
Added: 2022-03-25
Due Date: 2022-04-15
Description:
Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-1427
Vendor: Elastic
Product: Elasticsearch
Added: 2022-03-25
Due Date: 2022-04-15
Description:
The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-1187
Vendor: D-Link and TRENDnet
Product: Multiple Devices
Added: 2022-03-25
Due Date: 2022-04-15
Description:
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2015-0666
Vendor: Cisco
Product: Prime Data Center Network Manager (DCNM)
Added: 2022-03-25
Due Date: 2022-04-15
Description:
Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) allows remote attackers to read arbitrary files.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2014-6332
Vendor: Microsoft
Product: Windows
Added: 2022-03-25
Due Date: 2022-04-15
Description:
OleAut32.dll in OLE in Microsoft Windows allows remote attackers to remotely execute code via a crafted web site.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2014-6324
Vendor: Microsoft
Product: Kerberos Key Distribution Center (KDC)
Added: 2022-03-25
Due Date: 2022-04-15
Description:
The Kerberos Key Distribution Center (KDC) in Microsoft allows remote authenticated domain users to obtain domain administrator privileges.
Required Action:
Apply updates per vendor instructions.
CWEs: