This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2021-41357
Vendor: Microsoft
Product: Win32k
Added: 2022-04-25
Due Date: 2022-05-16
Description:
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CVE-2021-40450
Vendor: Microsoft
Product: Win32k
Added: 2022-04-25
Due Date: 2022-05-16
Description:
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CVE-2019-1003029
Vendor: Jenkins
Product: Script Security Plugin
Added: 2022-04-25
Due Date: 2022-05-16
Description:
Jenkins Script Security Plugin contains a protection mechanism failure, allowing an attacker to bypass the sandbox.
Required Action:
Apply updates per vendor instructions.
CVE-2018-6882
Vendor: Synacor
Product: Zimbra Collaboration Suite (ZCS)
Added: 2022-04-19
Due Date: 2022-05-10
Description:
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that might allow remote attackers to inject arbitrary web script or HTML.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-3568
Vendor: Meta Platforms
Product: WhatsApp
Added: 2022-04-19
Due Date: 2022-05-10
Description:
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2022-22718
Vendor: Microsoft
Product: Windows
Added: 2022-04-19
Due Date: 2022-05-10
Description:
Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CVE-2022-22960
Vendor: VMware
Product: Multiple Products
Added: 2022-04-15
Due Date: 2022-05-06
Description:
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2022-1364
Vendor: Google
Product: Chromium V8
Added: 2022-04-15
Due Date: 2022-05-06
Description:
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-3929
Vendor: Crestron
Product: Multiple Products
Added: 2022-04-15
Due Date: 2022-05-06
Description:
Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-16057
Vendor: D-Link
Product: DNS-320 Storage Device
Added: 2022-04-15
Due Date: 2022-05-06
Description:
The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2018-7841
Vendor: Schneider Electric
Product: U.motion Builder
Added: 2022-04-15
Due Date: 2022-05-06
Description:
A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2016-4523
Vendor: Trihedral
Product: VTScada (formerly VTS)
Added: 2022-04-15
Due Date: 2022-05-06
Description:
The WAP interface in Trihedral VTScada (formerly VTS) allows remote attackers to cause a denial-of-service (DoS).
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2014-0780
Vendor: InduSoft
Product: Web Studio
Added: 2022-04-15
Due Date: 2022-05-06
Description:
InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2010-5330
Vendor: Ubiquiti
Product: AirOS
Added: 2022-04-15
Due Date: 2022-05-06
Description:
Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2007-3010
Vendor: Alcatel
Product: OmniPCX Enterprise
Added: 2022-04-15
Due Date: 2022-05-06
Description:
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands.
Required Action:
Apply updates per vendor instructions.
CWEs: