This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2021-21551
Vendor: Dell
Product: dbutil Driver
Added: 2022-03-31
Due Date: 2022-04-21
Description:
Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service (DoS), or information disclosure.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2018-10562
Vendor: Dasan
Product: Gigabit Passive Optical Network (GPON) Routers
Added: 2022-03-31
Due Date: 2022-04-21
Description:
Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2018-10561
Vendor: Dasan
Product: Gigabit Passive Optical Network (GPON) Routers
Added: 2022-03-31
Due Date: 2022-04-21
Description:
Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2022-1096
Vendor: Google
Product: Chromium V8
Added: 2022-03-28
Due Date: 2022-04-18
Description:
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2022-0543
Vendor: Redis
Product: Debian-specific Redis Servers
Added: 2022-03-28
Due Date: 2022-04-18
Description:
Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-38646
Vendor: Microsoft
Product: Office
Added: 2022-03-28
Due Date: 2022-04-18
Description:
Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.
Required Action:
Apply updates per vendor instructions.
CVE-2021-34486
Vendor: Microsoft
Product: Windows
Added: 2022-03-28
Due Date: 2022-04-18
Description:
Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-26085
Vendor: Atlassian
Product: Confluence Server
Added: 2022-03-28
Due Date: 2022-04-18
Description:
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-20028
Vendor: SonicWall
Product: Secure Remote Access (SRA)
Added: 2022-03-28
Due Date: 2022-04-18
Description:
SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2019-7483
Vendor: SonicWall
Product: SMA100
Added: 2022-03-28
Due Date: 2022-04-18
Description:
In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2018-8440
Vendor: Microsoft
Product: Windows
Added: 2022-03-28
Due Date: 2022-04-18
Description:
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).
Required Action:
Apply updates per vendor instructions.
CVE-2018-8406
Vendor: Microsoft
Product: DirectX Graphics Kernel (DXGKRNL)
Added: 2022-03-28
Due Date: 2022-04-18
Description:
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2018-8405
Vendor: Microsoft
Product: DirectX Graphics Kernel (DXGKRNL)
Added: 2022-03-28
Due Date: 2022-04-18
Description:
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-0213
Vendor: Microsoft
Product: Windows
Added: 2022-03-28
Due Date: 2022-04-18
Description:
Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.
Required Action:
Apply updates per vendor instructions.
CVE-2017-0059
Vendor: Microsoft
Product: Internet Explorer
Added: 2022-03-28
Due Date: 2022-04-18
Description:
Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site.
Required Action:
Apply updates per vendor instructions.
CWEs: