This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2019-1253
Vendor: Microsoft
Product: Windows
Added: 2022-03-15
Due Date: 2022-04-05
Description:
A privilege escalation vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-1132
Vendor: Microsoft
Product: Win32k
Added: 2022-03-15
Due Date: 2022-04-05
Description:
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
Required Action:
Apply updates per vendor instructions.
CVE-2019-1129
Vendor: Microsoft
Product: Windows
Added: 2022-03-15
Due Date: 2022-04-05
Description:
A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-1069
Vendor: Microsoft
Product: Task Scheduler
Added: 2022-03-15
Due Date: 2022-04-05
Description:
A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-1064
Vendor: Microsoft
Product: Windows
Added: 2022-03-15
Due Date: 2022-04-05
Description:
A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-0841
Vendor: Microsoft
Product: Windows
Added: 2022-03-15
Due Date: 2022-04-05
Description:
A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-0543
Vendor: Microsoft
Product: Windows
Added: 2022-03-15
Due Date: 2022-04-05
Description:
A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2018-8120
Vendor: Microsoft
Product: Win32k
Added: 2022-03-15
Due Date: 2022-04-05
Description:
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-0101
Vendor: Microsoft
Product: Windows
Added: 2022-03-15
Due Date: 2022-04-05
Description:
A privilege escalation vulnerability exists when the Windows Transaction Manager improperly handles objects in memory.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2016-3309
Vendor: Microsoft
Product: Windows
Added: 2022-03-15
Due Date: 2022-04-05
Description:
A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-2546
Vendor: Microsoft
Product: Win32k
Added: 2022-03-15
Due Date: 2022-04-05
Description:
The kernel-mode driver in Microsoft Windows OS and Server allows local users to gain privileges via a crafted application.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2022-26486
Vendor: Mozilla
Product: Firefox
Added: 2022-03-07
Due Date: 2022-03-21
Description:
Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2022-26485
Vendor: Mozilla
Product: Firefox
Added: 2022-03-07
Due Date: 2022-03-21
Description:
Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-21973
Vendor: VMware
Product: vCenter Server and Cloud Foundation
Added: 2022-03-07
Due Date: 2022-03-21
Description:
VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosure.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-8218
Vendor: Pulse Secure
Product: Pulse Connect Secure
Added: 2022-03-07
Due Date: 2022-09-07
Description:
A code injection vulnerability exists in Pulse Connect Secure that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.
Required Action:
Apply updates per vendor instructions.
CWEs: