This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2016-0752
Vendor: Rails
Product: Ruby on Rails
Added: 2022-03-25
Due Date: 2022-04-15
Description:
Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-4068
Vendor: Arcserve
Product: Unified Data Protection (UDP)
Added: 2022-03-25
Due Date: 2022-04-15
Description:
Directory traversal vulnerability in Arcserve UDP allows remote attackers to obtain sensitive information or cause a denial of service.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-3035
Vendor: TP-Link
Product: Multiple Archer Devices
Added: 2022-03-25
Due Date: 2022-04-15
Description:
Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-1427
Vendor: Elastic
Product: Elasticsearch
Added: 2022-03-25
Due Date: 2022-04-15
Description:
The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-1187
Vendor: D-Link and TRENDnet
Product: Multiple Devices
Added: 2022-03-25
Due Date: 2022-04-15
Description:
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2015-0666
Vendor: Cisco
Product: Prime Data Center Network Manager (DCNM)
Added: 2022-03-25
Due Date: 2022-04-15
Description:
Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) allows remote attackers to read arbitrary files.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2014-6332
Vendor: Microsoft
Product: Windows
Added: 2022-03-25
Due Date: 2022-04-15
Description:
OleAut32.dll in OLE in Microsoft Windows allows remote attackers to remotely execute code via a crafted web site.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2014-6324
Vendor: Microsoft
Product: Kerberos Key Distribution Center (KDC)
Added: 2022-03-25
Due Date: 2022-04-15
Description:
The Kerberos Key Distribution Center (KDC) in Microsoft allows remote authenticated domain users to obtain domain administrator privileges.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2014-6287
Vendor: Rejetto
Product: HTTP File Server (HFS)
Added: 2022-03-25
Due Date: 2022-04-15
Description:
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (HFS or HttpFileServer) allows remote attackers to execute arbitrary programs.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2014-3120
Vendor: Elastic
Product: Elasticsearch
Added: 2022-03-25
Due Date: 2022-04-15
Description:
Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2014-0130
Vendor: Rails
Product: Ruby on Rails
Added: 2022-03-25
Due Date: 2022-04-15
Description:
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted request.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2013-5223
Vendor: D-Link
Product: DSL-2760U
Added: 2022-03-25
Due Date: 2022-04-15
Description:
A cross-site scripting (XSS) vulnerability exists in the D-Link DSL-2760U gateway, allowing remote authenticated users to inject arbitrary web script or HTML.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2013-4810
Vendor: Hewlett Packard (HP)
Product: ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management
Added: 2022-03-25
Due Date: 2022-04-15
Description:
HP ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2013-2251
Vendor: Apache
Product: Struts
Added: 2022-03-25
Due Date: 2022-04-15
Description:
Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2012-1823
Vendor: PHP
Product: PHP
Added: 2022-03-25
Due Date: 2022-04-15
Description:
sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code.
Required Action:
Apply updates per vendor instructions.
CWEs: