This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2016-0189
Vendor: Microsoft
Product: Internet Explorer
Added: 2022-03-28
Due Date: 2022-04-18
Description:
The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2016-0151
Vendor: Microsoft
Product: Client-Server Run-time Subsystem (CSRSS)
Added: 2022-03-28
Due Date: 2022-04-18
Description:
The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2016-0040
Vendor: Microsoft
Product: Windows
Added: 2022-03-28
Due Date: 2022-04-18
Description:
The kernel in Microsoft Windows allows local users to gain privileges via a crafted application.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-2426
Vendor: Microsoft
Product: Windows
Added: 2022-03-28
Due Date: 2022-04-18
Description:
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-2419
Vendor: Microsoft
Product: Internet Explorer
Added: 2022-03-28
Due Date: 2022-04-18
Description:
JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-1770
Vendor: Microsoft
Product: Office
Added: 2022-03-28
Due Date: 2022-04-18
Description:
Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2013-3660
Vendor: Microsoft
Product: Win32k
Added: 2022-03-28
Due Date: 2022-04-18
Description:
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft does not properly initialize a pointer for the next object in a certain list, which allows local users to gain privileges.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2013-2729
Vendor: Adobe
Product: Reader and Acrobat
Added: 2022-03-28
Due Date: 2022-04-18
Description:
Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2013-2551
Vendor: Microsoft
Product: Internet Explorer
Added: 2022-03-28
Due Date: 2022-04-18
Description:
Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute remote code via a crafted web site that triggers access to a deleted object.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2013-2465
Vendor: Oracle
Product: Java SE
Added: 2022-03-28
Due Date: 2022-04-18
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to 2D
Required Action:
Apply updates per vendor instructions.
CVE-2013-1690
Vendor: Mozilla
Product: Firefox and Thunderbird
Added: 2022-03-28
Due Date: 2022-04-18
Description:
Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service (DoS) or possibly execute malicious code via a crafted web site.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2012-5076
Vendor: Oracle
Product: Java SE
Added: 2022-03-28
Due Date: 2022-04-18
Description:
The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
Required Action:
Apply updates per vendor instructions.
CVE-2012-2539
Vendor: Microsoft
Product: Word
Added: 2022-03-28
Due Date: 2022-04-18
Description:
Microsoft Word allows attackers to execute remote code or cause a denial-of-service (DoS) via crafted RTF data.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2012-2034
Vendor: Adobe
Product: Flash Player
Added: 2022-03-28
Due Date: 2022-04-18
Description:
Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service (DoS).
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2012-0518
Vendor: Oracle
Product: Fusion Middleware
Added: 2022-03-28
Due Date: 2022-04-18
Description:
Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via Unknown vectors
Required Action:
Apply updates per vendor instructions.
CWEs: