This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2018-7602
Vendor: Drupal
Product: Core
Added: 2022-04-13
Due Date: 2022-05-04
Description:
A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site.
Required Action:
Apply updates per vendor instructions.
CVE-2018-20753
Vendor: Kaseya
Product: Virtual System/Server Administrator (VSA)
Added: 2022-04-13
Due Date: 2022-05-04
Description:
Kaseya VSA RMM allows unprivileged remote attackers to execute PowerShell payloads on all managed devices.
Required Action:
Apply updates per vendor instructions.
CVE-2015-5123
Vendor: Adobe
Product: Flash Player
Added: 2022-04-13
Due Date: 2022-05-04
Description:
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2015-5122
Vendor: Adobe
Product: Flash Player
Added: 2022-04-13
Due Date: 2022-05-04
Description:
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2015-3113
Vendor: Adobe
Product: Flash Player
Added: 2022-04-13
Due Date: 2022-05-04
Description:
Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2015-2502
Vendor: Microsoft
Product: Internet Explorer
Added: 2022-04-13
Due Date: 2022-05-04
Description:
Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-0313
Vendor: Adobe
Product: Flash Player
Added: 2022-04-13
Due Date: 2022-05-04
Description:
Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2015-0311
Vendor: Adobe
Product: Flash Player
Added: 2022-04-13
Due Date: 2022-05-04
Description:
Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CVE-2014-9163
Vendor: Adobe
Product: Flash Player
Added: 2022-04-13
Due Date: 2022-05-04
Description:
Stack-based buffer overflow in Adobe Flash Player allows attackers to execute code remotely.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CVE-2022-23176
Vendor: WatchGuard
Product: Firebox and XTM
Added: 2022-04-11
Due Date: 2022-05-02
Description:
WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access.
Required Action:
Apply updates per vendor instructions.
CVE-2021-42287
Vendor: Microsoft
Product: Active Directory
Added: 2022-04-11
Due Date: 2022-05-02
Description:
Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-42278
Vendor: Microsoft
Product: Active Directory
Added: 2022-04-11
Due Date: 2022-05-02
Description:
Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-39793
Vendor: Google
Product: Pixel
Added: 2022-04-11
Due Date: 2022-05-02
Description:
Google Pixel contains a possible out-of-bounds write due to a logic error in the code that could lead to local escalation of privilege.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-27852
Vendor: Checkbox
Product: Checkbox Survey
Added: 2022-04-11
Due Date: 2022-05-02
Description:
Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code.
Required Action:
Versions 6 and earlier for this product are end-of-life and must be removed from agency networks. Versions 7 and later are not considered vulnerable.
CWEs:
CVE-2021-22600
Vendor: Linux
Product: Kernel
Added: 2022-04-11
Due Date: 2022-05-02
Description:
Linux Kernel contains a flaw in the packet socket (AF_PACKET) implementation which could lead to incorrectly freeing memory. A local user could exploit this for denial-of-service (DoS) or possibly for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CWEs: