This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2012-0151
Vendor: Microsoft
Product: Windows
Added: 2022-06-08
Due Date: 2022-06-22
Description:
The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute code.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2011-2462
Vendor: Adobe
Product: Reader and Acrobat
Added: 2022-06-08
Due Date: 2022-06-22
Description:
The Universal 3D (U3D) component in Adobe Reader and Acrobat contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS).
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2011-0609
Vendor: Adobe
Product: Flash Player
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CVE-2010-2883
Vendor: Adobe
Product: Acrobat and Reader
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2010-2572
Vendor: Microsoft
Product: PowerPoint
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Microsoft PowerPoint contains a buffer overflow vulnerability that alllows for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2010-1297
Vendor: Adobe
Product: Flash Player
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2009-4324
Vendor: Adobe
Product: Acrobat and Reader
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2009-3953
Vendor: Adobe
Product: Acrobat and Reader
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2009-1862
Vendor: Adobe
Product: Acrobat and Reader, Flash Player
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS).
Required Action:
For Adobe Acrobat and Reader, apply updates per vendor instructions. For Adobe Flash Player, the impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2009-0563
Vendor: Microsoft
Product: Office
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via a Word document with a crafted tag containing an invalid length field.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2009-0557
Vendor: Microsoft
Product: Office
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Microsoft Office contains an object record corruption vulnerability that allows remote attackers to execute code via a crafted Excel file with a malformed record object.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2008-0655
Vendor: Adobe
Product: Acrobat and Reader
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times.
Required Action:
Apply updates per vendor instructions.
CVE-2007-5659
Vendor: Adobe
Product: Acrobat and Reader
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2006-2492
Vendor: Microsoft
Product: Word
Added: 2022-06-08
Due Date: 2022-06-22
Description:
Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2022-26134
Vendor: Atlassian
Product: Confluence Server/Data Center
Added: 2022-06-02
Due Date: 2022-06-06
Description:
Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code execution.
Required Action:
Immediately block all internet traffic to and from affected products AND apply the update per vendor instructions [https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html] OR remove the affected products by the due date on the right. Note: Once the update is successfully deployed, agencies can reassess the internet blocking rules.
CWEs: