This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2019-11581
Vendor: Atlassian
Product: Jira Server and Data Center
Added: 2022-03-07
Due Date: 2022-09-07
Description:
Atlassian Jira Server and Data Center contain a server-side template injection vulnerability which can allow for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-6077
Vendor: NETGEAR
Product: Wireless Router DGN2200
Added: 2022-03-07
Due Date: 2022-09-07
Description:
NETGEAR DGN2200 wireless routers contain a vulnerability that allows for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2016-6277
Vendor: NETGEAR
Product: Multiple Routers
Added: 2022-03-07
Due Date: 2022-09-07
Description:
NETGEAR confirmed multiple routers allow unauthenticated web pages to pass form input directly to the command-line interface, permitting remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2013-0631
Vendor: Adobe
Product: ColdFusion
Added: 2022-03-07
Due Date: 2022-09-07
Description:
Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2013-0629
Vendor: Adobe
Product: ColdFusion
Added: 2022-03-07
Due Date: 2022-09-07
Description:
Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2013-0625
Vendor: Adobe
Product: ColdFusion
Added: 2022-03-07
Due Date: 2022-09-07
Description:
Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2009-3960
Vendor: Adobe
Product: BlazeDS
Added: 2022-03-07
Due Date: 2022-09-07
Description:
Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure.
Required Action:
Apply updates per vendor instructions.
CVE-2022-20708
Vendor: Cisco
Product: Small Business RV160, RV260, RV340, and RV345 Series Routers
Added: 2022-03-03
Due Date: 2022-03-17
Description:
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2022-20703
Vendor: Cisco
Product: Small Business RV160, RV260, RV340, and RV345 Series Routers
Added: 2022-03-03
Due Date: 2022-03-17
Description:
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2022-20701
Vendor: Cisco
Product: Small Business RV160, RV260, RV340, and RV345 Series Routers
Added: 2022-03-03
Due Date: 2022-03-17
Description:
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2022-20700
Vendor: Cisco
Product: Small Business RV160, RV260, RV340, and RV345 Series Routers
Added: 2022-03-03
Due Date: 2022-03-17
Description:
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2022-20699
Vendor: Cisco
Product: Small Business RV160, RV260, RV340, and RV345 Series Routers
Added: 2022-03-03
Due Date: 2022-03-17
Description:
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-41379
Vendor: Microsoft
Product: Windows
Added: 2022-03-03
Due Date: 2022-03-17
Description:
Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-1938
Vendor: Apache
Product: Tomcat
Added: 2022-03-03
Due Date: 2022-03-17
Description:
Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited.
Required Action:
Apply updates per vendor instructions.
CVE-2020-11899
Vendor: Treck TCP/IP stack
Product: IPv6
Added: 2022-03-03
Due Date: 2022-03-17
Description:
The Treck TCP/IP stack contains an IPv6 out-of-bounds read vulnerability.
Required Action:
Apply updates per vendor instructions.
CWEs: