This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2013-0074
Vendor: Microsoft
Product: Silverlight
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Microsoft Silverlight does not properly validate pointers during HTML object rendering, which allows remote attackers to execute code via a crafted Silverlight application.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CVE-2012-1710
Vendor: Oracle
Product: Fusion Middleware
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Designer.
Required Action:
Apply updates per vendor instructions.
CVE-2010-1428
Vendor: Red Hat
Product: JBoss
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Unauthenticated access to the JBoss Application Server Web Console (/web-console) is blocked by default. However, it was found that this block was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker could use this flaw to gain access to sensitive information.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2010-0840
Vendor: Oracle
Product: Java Runtime Environment (JRE)
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) in Java SE component allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors.
Required Action:
Apply updates per vendor instructions.
CVE-2010-0738
Vendor: Red Hat
Product: JBoss
Added: 2022-05-25
Due Date: 2022-06-15
Description:
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2018-8611
Vendor: Microsoft
Product: Windows
Added: 2022-05-24
Due Date: 2022-06-14
Description:
A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2018-19953
Vendor: QNAP
Product: Network Attached Storage (NAS)
Added: 2022-05-24
Due Date: 2022-06-14
Description:
A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2018-19949
Vendor: QNAP
Product: Network Attached Storage (NAS)
Added: 2022-05-24
Due Date: 2022-06-14
Description:
A command injection vulnerability affecting QNAP NAS File Station could allow remote attackers to run commands.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2018-19943
Vendor: QNAP
Product: Network Attached Storage (NAS)
Added: 2022-05-24
Due Date: 2022-06-14
Description:
A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-0147
Vendor: Microsoft
Product: SMBv1 server
Added: 2022-05-24
Due Date: 2022-06-14
Description:
The SMBv1 server in Microsoft Windows allows remote attackers to obtain sensitive information from process memory via a crafted packet.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-0022
Vendor: Microsoft
Product: XML Core Services
Added: 2022-05-24
Due Date: 2022-06-14
Description:
Microsoft XML Core Services (MSXML) improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-0005
Vendor: Microsoft
Product: Windows
Added: 2022-05-24
Due Date: 2022-06-14
Description:
The Graphics Device Interface (GDI) in Microsoft Windows allows local users to gain privileges via a crafted application.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-0149
Vendor: Microsoft
Product: Internet Explorer
Added: 2022-05-24
Due Date: 2022-06-14
Description:
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial-of-service (DoS) via a crafted website.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-0210
Vendor: Microsoft
Product: Internet Explorer
Added: 2022-05-24
Due Date: 2022-06-14
Description:
A privilege escalation vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information.
Required Action:
Apply updates per vendor instructions.
CVE-2017-8291
Vendor: Artifex
Product: Ghostscript
Added: 2022-05-24
Due Date: 2022-06-14
Description:
Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile.
Required Action:
Apply updates per vendor instructions.
CWEs: