This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2018-1273
Vendor: VMware Tanzu
Product: Spring Data Commons
Added: 2022-03-25
Due Date: 2022-04-15
Description:
Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2018-11138
Vendor: Quest
Product: KACE System Management Appliance
Added: 2022-03-25
Due Date: 2022-04-15
Description:
The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2018-0147
Vendor: Cisco
Product: Secure Access Control System (ACS)
Added: 2022-03-25
Due Date: 2022-04-15
Description:
A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2018-0125
Vendor: Cisco
Product: VPN Routers
Added: 2022-03-25
Due Date: 2022-04-15
Description:
A vulnerability in the web interface of the Cisco VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as root and gain full control of an affected system.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-6334
Vendor: NETGEAR
Product: DGN2200 Devices
Added: 2022-03-25
Due Date: 2022-04-15
Description:
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2017-6316
Vendor: Citrix
Product: NetScaler SD-WAN Enterprise, CloudBridge Virtual WAN, and XenMobile Server
Added: 2022-03-25
Due Date: 2022-04-15
Description:
A vulnerability has been identified in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition that could result in an unauthenticated, remote attacker being able to execute arbitrary code as a root user. This vulnerability also affects XenMobile Server.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-3881
Vendor: Cisco
Product: IOS and IOS XE
Added: 2022-03-25
Due Date: 2022-04-15
Description:
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-12617
Vendor: Apache
Product: Tomcat
Added: 2022-03-25
Due Date: 2022-04-15
Description:
When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-12615
Vendor: Apache
Product: Tomcat
Added: 2022-03-25
Due Date: 2022-04-15
Description:
When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-0146
Vendor: Microsoft
Product: Windows
Added: 2022-03-25
Due Date: 2022-04-15
Description:
The SMBv1 server in Microsoft Windows allows remote attackers to perform remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2016-7892
Vendor: Adobe
Product: Flash Player
Added: 2022-03-25
Due Date: 2022-04-15
Description:
Adobe Flash Player has an exploitable use-after-free vulnerability in the TextField class.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2016-4171
Vendor: Adobe
Product: Flash Player
Added: 2022-03-25
Due Date: 2022-04-15
Description:
Unspecified vulnerability in Adobe Flash Player allows for remote code execution.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CVE-2016-1555
Vendor: NETGEAR
Product: Wireless Access Point (WAP) Devices
Added: 2022-03-25
Due Date: 2022-04-15
Description:
Multiple NETGEAR Wireless Access Point devices allows unauthenticated web pages to pass form input directly to the command-line interface. Exploitation allows for arbitrary code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2016-11021
Vendor: D-Link
Product: DCS-930L Devices
Added: 2022-03-25
Due Date: 2022-04-15
Description:
setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2016-10174
Vendor: NETGEAR
Product: WNR2000v5 Router
Added: 2022-03-25
Due Date: 2022-04-15
Description:
The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs: