This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2020-5135
Vendor: SonicWall
Product: SonicOS
Added: 2022-03-15
Due Date: 2022-04-05
Description:
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-1405
Vendor: Microsoft
Product: Windows
Added: 2022-03-15
Due Date: 2022-04-05
Description:
A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation.
Required Action:
Apply updates per vendor instructions.
CVE-2019-1322
Vendor: Microsoft
Product: Windows
Added: 2022-03-15
Due Date: 2022-04-05
Description:
A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Required Action:
Apply updates per vendor instructions.
CVE-2019-1315
Vendor: Microsoft
Product: Windows
Added: 2022-03-15
Due Date: 2022-04-05
Description:
A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-1253
Vendor: Microsoft
Product: Windows
Added: 2022-03-15
Due Date: 2022-04-05
Description:
A privilege escalation vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-1132
Vendor: Microsoft
Product: Win32k
Added: 2022-03-15
Due Date: 2022-04-05
Description:
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
Required Action:
Apply updates per vendor instructions.
CVE-2019-1129
Vendor: Microsoft
Product: Windows
Added: 2022-03-15
Due Date: 2022-04-05
Description:
A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-1069
Vendor: Microsoft
Product: Task Scheduler
Added: 2022-03-15
Due Date: 2022-04-05
Description:
A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-1064
Vendor: Microsoft
Product: Windows
Added: 2022-03-15
Due Date: 2022-04-05
Description:
A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-0841
Vendor: Microsoft
Product: Windows
Added: 2022-03-15
Due Date: 2022-04-05
Description:
A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-0543
Vendor: Microsoft
Product: Windows
Added: 2022-03-15
Due Date: 2022-04-05
Description:
A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2018-8120
Vendor: Microsoft
Product: Win32k
Added: 2022-03-15
Due Date: 2022-04-05
Description:
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-0101
Vendor: Microsoft
Product: Windows
Added: 2022-03-15
Due Date: 2022-04-05
Description:
A privilege escalation vulnerability exists when the Windows Transaction Manager improperly handles objects in memory.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2016-3309
Vendor: Microsoft
Product: Windows
Added: 2022-03-15
Due Date: 2022-04-05
Description:
A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-2546
Vendor: Microsoft
Product: Win32k
Added: 2022-03-15
Due Date: 2022-04-05
Description:
The kernel-mode driver in Microsoft Windows OS and Server allows local users to gain privileges via a crafted application.
Required Action:
Apply updates per vendor instructions.
CWEs: