This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2022-26486
Vendor: Mozilla
Product: Firefox
Added: 2022-03-07
Due Date: 2022-03-21
Description:
Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2022-26485
Vendor: Mozilla
Product: Firefox
Added: 2022-03-07
Due Date: 2022-03-21
Description:
Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-21973
Vendor: VMware
Product: vCenter Server and Cloud Foundation
Added: 2022-03-07
Due Date: 2022-03-21
Description:
VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosure.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-8218
Vendor: Pulse Secure
Product: Pulse Connect Secure
Added: 2022-03-07
Due Date: 2022-09-07
Description:
A code injection vulnerability exists in Pulse Connect Secure that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-11581
Vendor: Atlassian
Product: Jira Server and Data Center
Added: 2022-03-07
Due Date: 2022-09-07
Description:
Atlassian Jira Server and Data Center contain a server-side template injection vulnerability which can allow for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-6077
Vendor: NETGEAR
Product: Wireless Router DGN2200
Added: 2022-03-07
Due Date: 2022-09-07
Description:
NETGEAR DGN2200 wireless routers contain a vulnerability that allows for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2016-6277
Vendor: NETGEAR
Product: Multiple Routers
Added: 2022-03-07
Due Date: 2022-09-07
Description:
NETGEAR confirmed multiple routers allow unauthenticated web pages to pass form input directly to the command-line interface, permitting remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2013-0631
Vendor: Adobe
Product: ColdFusion
Added: 2022-03-07
Due Date: 2022-09-07
Description:
Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2013-0629
Vendor: Adobe
Product: ColdFusion
Added: 2022-03-07
Due Date: 2022-09-07
Description:
Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2013-0625
Vendor: Adobe
Product: ColdFusion
Added: 2022-03-07
Due Date: 2022-09-07
Description:
Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2009-3960
Vendor: Adobe
Product: BlazeDS
Added: 2022-03-07
Due Date: 2022-09-07
Description:
Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure.
Required Action:
Apply updates per vendor instructions.
CVE-2022-20708
Vendor: Cisco
Product: Small Business RV160, RV260, RV340, and RV345 Series Routers
Added: 2022-03-03
Due Date: 2022-03-17
Description:
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2022-20703
Vendor: Cisco
Product: Small Business RV160, RV260, RV340, and RV345 Series Routers
Added: 2022-03-03
Due Date: 2022-03-17
Description:
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2022-20701
Vendor: Cisco
Product: Small Business RV160, RV260, RV340, and RV345 Series Routers
Added: 2022-03-03
Due Date: 2022-03-17
Description:
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2022-20700
Vendor: Cisco
Product: Small Business RV160, RV260, RV340, and RV345 Series Routers
Added: 2022-03-03
Due Date: 2022-03-17
Description:
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).
Required Action:
Apply updates per vendor instructions.
CWEs: