This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2016-3715
Vendor: ImageMagick
Product: ImageMagick
Added: 2021-11-03
Due Date: 2022-05-03
Description:
ImageMagick contains an unspecified vulnerability that could allow users to delete files by using ImageMagick's 'ephemeral' pseudo protocol, which deletes files after reading.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2016-3718
Vendor: ImageMagick
Product: ImageMagick
Added: 2021-11-03
Due Date: 2022-05-03
Description:
ImageMagick contains an unspecified vulnerability that allows attackers to perform server-side request forgery (SSRF) via a crafted image.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-15505
Vendor: Ivanti
Product: MobileIron Multiple Products
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Ivanti MobileIron's Core & Connector, Sentry, and Monitor and Reporting Database (RDB) products contain an unspecified vulnerability that allows for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-30116
Vendor: Kaseya
Product: Virtual System/Server Administrator (VSA)
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Kaseya Virtual System/Server Administrator (VSA) contains an information disclosure vulnerability allowing an attacker to obtain the sessionId that can be used to execute further attacks against the system.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-7961
Vendor: Liferay
Product: Liferay Portal
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Liferay Portal contains a deserialization of untrusted data vulnerability that allows remote attackers to execute code via JSON web services.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-23874
Vendor: McAfee
Product: McAfee Total Protection (MTP)
Added: 2021-11-03
Due Date: 2021-11-17
Description:
McAfee Total Protection (MTP) contains an improper privilege management vulnerability that allows a local user to gain elevated privileges and execute code, bypassing MTP self-defense.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-22506
Vendor: Micro Focus
Product: Micro Focus Access Manager
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Micro Focus Access Manager contains an information leakage vulnerability resulting from a SAML service provider redirection issue when the Assertion Consumer Service URL is used.
Required Action:
Apply updates per vendor instructions.
CVE-2021-22502
Vendor: Micro Focus
Product: Operation Bridge Reporter (OBR)
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Micro Focus Operation Bridge Report (OBR) contains an unspecified vulnerability that allows for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2014-1812
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploits the vulnerability could decrypt the passwords and use them to elevate privileges on the domain.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-38647
Vendor: Microsoft
Product: Open Management Infrastructure (OMI)
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2016-0167
Vendor: Microsoft
Product: Win32k
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation via a crafted application
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-0878
Vendor: Microsoft
Product: Edge and Internet Explorer
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-31955
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Windows Kernel contains an unspecified vulnerability that allows for information disclosure. Successful exploitation allows attackers to read the contents of kernel memory from a user-mode process.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-1647
Vendor: Microsoft
Product: Defender
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Defender contains an unspecified vulnerability that allows for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-33739
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.