This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2017-0001
Vendor: Microsoft
Product: Graphics Device Interface (GDI)
Added: 2022-03-03
Due Date: 2022-03-24
Description:
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges
Required Action:
Apply updates per vendor instructions.
CVE-2016-8562
Vendor: Siemens
Product: SIMATIC CP
Added: 2022-03-03
Due Date: 2022-03-24
Description:
An improper privilege management vulnerability exists within the Siemens SIMATIC Communication Processor (CP) that allows a privileged attacker to remotely cause a denial of service.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2016-7855
Vendor: Adobe
Product: Flash Player
Added: 2022-03-03
Due Date: 2022-03-24
Description:
Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2016-7262
Vendor: Microsoft
Product: Excel
Added: 2022-03-03
Due Date: 2022-03-24
Description:
A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2016-7193
Vendor: Microsoft
Product: Office
Added: 2022-03-03
Due Date: 2022-03-24
Description:
Microsoft Office contains a memory corruption vulnerability which can allow for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2016-5195
Vendor: Linux
Product: Kernel
Added: 2022-03-03
Due Date: 2022-03-24
Description:
Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2016-4117
Vendor: Adobe
Product: Flash Player
Added: 2022-03-03
Due Date: 2022-03-24
Description:
An access of resource using incompatible type vulnerability exists within Adobe Flash Player that allows an attacker to perform remote code execution.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CVE-2016-1019
Vendor: Adobe
Product: Flash Player
Added: 2022-03-03
Due Date: 2022-03-24
Description:
Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CVE-2016-0099
Vendor: Microsoft
Product: Windows
Added: 2022-03-03
Due Date: 2022-03-24
Description:
A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-7645
Vendor: Adobe
Product: Flash Player
Added: 2022-03-03
Due Date: 2022-03-24
Description:
Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CVE-2015-5119
Vendor: Adobe
Product: Flash Player
Added: 2022-03-03
Due Date: 2022-03-24
Description:
A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2015-4902
Vendor: Oracle
Product: Java SE
Added: 2022-03-03
Due Date: 2022-03-24
Description:
Unspecified vulnerability in Oracle Java SE allows remote attackers to affect integrity via Unknown vectors related to deployment.
Required Action:
Apply updates per vendor instructions.
CVE-2015-3043
Vendor: Adobe
Product: Flash Player
Added: 2022-03-03
Due Date: 2022-03-24
Description:
A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2015-2590
Vendor: Oracle
Product: Java SE
Added: 2022-03-03
Due Date: 2022-03-24
Description:
An unspecified vulnerability exists within Oracle Java Runtime Environment that allows an attacker to perform remote code execution.
Required Action:
Apply updates per vendor instructions.
CVE-2015-2545
Vendor: Microsoft
Product: Office
Added: 2022-03-03
Due Date: 2022-03-24
Description:
Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image.
Required Action:
Apply updates per vendor instructions.
CWEs: