This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2022-22954
Vendor: VMware
Product: Workspace ONE Access and Identity Manager
Added: 2022-04-14
Due Date: 2022-05-05
Description:
VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2022-24521
Vendor: Microsoft
Product: Windows
Added: 2022-04-13
Due Date: 2022-05-04
Description:
Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2018-7602
Vendor: Drupal
Product: Core
Added: 2022-04-13
Due Date: 2022-05-04
Description:
A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site.
Required Action:
Apply updates per vendor instructions.
CVE-2018-20753
Vendor: Kaseya
Product: Virtual System/Server Administrator (VSA)
Added: 2022-04-13
Due Date: 2022-05-04
Description:
Kaseya VSA RMM allows unprivileged remote attackers to execute PowerShell payloads on all managed devices.
Required Action:
Apply updates per vendor instructions.
CVE-2015-5123
Vendor: Adobe
Product: Flash Player
Added: 2022-04-13
Due Date: 2022-05-04
Description:
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2015-5122
Vendor: Adobe
Product: Flash Player
Added: 2022-04-13
Due Date: 2022-05-04
Description:
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2015-3113
Vendor: Adobe
Product: Flash Player
Added: 2022-04-13
Due Date: 2022-05-04
Description:
Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2015-2502
Vendor: Microsoft
Product: Internet Explorer
Added: 2022-04-13
Due Date: 2022-05-04
Description:
Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-0313
Vendor: Adobe
Product: Flash Player
Added: 2022-04-13
Due Date: 2022-05-04
Description:
Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2015-0311
Vendor: Adobe
Product: Flash Player
Added: 2022-04-13
Due Date: 2022-05-04
Description:
Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CVE-2014-9163
Vendor: Adobe
Product: Flash Player
Added: 2022-04-13
Due Date: 2022-05-04
Description:
Stack-based buffer overflow in Adobe Flash Player allows attackers to execute code remotely.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CVE-2022-23176
Vendor: WatchGuard
Product: Firebox and XTM
Added: 2022-04-11
Due Date: 2022-05-02
Description:
WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access.
Required Action:
Apply updates per vendor instructions.
CVE-2021-42287
Vendor: Microsoft
Product: Active Directory
Added: 2022-04-11
Due Date: 2022-05-02
Description:
Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-42278
Vendor: Microsoft
Product: Active Directory
Added: 2022-04-11
Due Date: 2022-05-02
Description:
Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-39793
Vendor: Google
Product: Pixel
Added: 2022-04-11
Due Date: 2022-05-02
Description:
Google Pixel contains a possible out-of-bounds write due to a logic error in the code that could lead to local escalation of privilege.
Required Action:
Apply updates per vendor instructions.
CWEs: