This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2019-3010
Vendor: Oracle
Product: Solaris
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Oracle Solaris component: XScreenSaver contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CVE-2016-3393
Vendor: Microsoft
Product: Windows
Added: 2022-05-25
Due Date: 2022-06-15
Description:
A remote code execution vulnerability exists due to the way the Windows GDI component handles objects in the memory. An attacker who successfully exploits this vulnerability could take control of the affected system.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2016-7256
Vendor: Microsoft
Product: Windows
Added: 2022-05-25
Due Date: 2022-06-15
Description:
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits this vulnerability could take control of the affected system.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2016-1010
Vendor: Adobe
Product: Flash Player and AIR
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Integer overflow vulnerability in Adobe Flash Player and AIR allows attackers to execute code.
Required Action:
The impacted products are end-of-life and should be disconnected if still in use.
CWEs:
CVE-2016-0984
Vendor: Adobe
Product: Flash Player and AIR
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows attackers to execute code.
Required Action:
The impacted products are end-of-life and should be disconnected if still in use.
CWEs:
CVE-2016-0034
Vendor: Microsoft
Product: Silverlight
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Microsoft Silverlight mishandles negative offsets during decoding, which allows attackers to execute remote code or cause a denial-of-service (DoS).
Required Action:
The impacted products are end-of-life and should be disconnected if still in use.
CWEs:
CVE-2015-0310
Vendor: Adobe
Product: Flash Player
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Adobe Flash Player does not properly restrict discovery of memory addresses, which allows attackers to bypass the address space layout randomization (ASLR) protection mechanism.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2015-0016
Vendor: Microsoft
Product: Windows
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Directory traversal vulnerability in the TS WebProxy (TSWbPrxy) component in Microsoft Windows allows remote attackers to escalate privileges.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-0071
Vendor: Microsoft
Product: Internet Explorer
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Microsoft Internet Explorer allows remote attackers to bypass the address space layout randomization (ASLR) protection mechanism via a crafted web site.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-2360
Vendor: Microsoft
Product: Win32k
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Win32k.sys in the kernel-mode drivers in Microsoft Windows allows local users to gain privileges or cause denial-of-service (DoS).
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-2425
Vendor: Microsoft
Product: Internet Explorer
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-1769
Vendor: Microsoft
Product: Windows
Added: 2022-05-25
Due Date: 2022-06-15
Description:
A privilege escalation vulnerability exists when the Windows Mount Manager component improperly processes symbolic links.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-4495
Vendor: Mozilla
Product: Firefox
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-8651
Vendor: Adobe
Product: Flash Player
Added: 2022-05-25
Due Date: 2022-06-15
Description:
Integer overflow in Adobe Flash Player allows attackers to execute code.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2015-6175
Vendor: Microsoft
Product: Windows
Added: 2022-05-25
Due Date: 2022-06-15
Description:
The kernel in Microsoft Windows contains a vulnerability that allows local users to gain privileges via a crafted application.
Required Action:
Apply updates per vendor instructions.
CWEs: