This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2019-9670
Vendor: Synacor
Product: Zimbra Collaboration Suite (ZCS)
Added: 2022-01-10
Due Date: 2022-07-10
Description:
Synacor Zimbra Collaboration Suite (ZCS) contains an improper restriction of XML external entity (XXE) vulnerability in the mailboxd component.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2018-13382
Vendor: Fortinet
Product: FortiOS and FortiProxy
Added: 2022-01-10
Due Date: 2022-07-10
Description:
An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2018-13383
Vendor: Fortinet
Product: FortiOS and FortiProxy
Added: 2022-01-10
Due Date: 2022-07-10
Description:
A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-1579
Vendor: Palo Alto Networks
Product: PAN-OS
Added: 2022-01-10
Due Date: 2022-07-10
Description:
Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-10149
Vendor: Exim
Product: Mail Transfer Agent (MTA)
Added: 2022-01-10
Due Date: 2022-07-10
Description:
Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-7450
Vendor: IBM
Product: WebSphere Application Server and Server Hypervisor Edition
Added: 2022-01-10
Due Date: 2022-07-10
Description:
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-1000486
Vendor: Primetek
Product: Primefaces Application
Added: 2022-01-10
Due Date: 2022-07-10
Description:
Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-7609
Vendor: Elastic
Product: Kibana
Added: 2022-01-10
Due Date: 2022-07-10
Description:
Kibana contain an arbitrary code execution flaw in the Timelion visualizer.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-27860
Vendor: FatPipe
Product: WARP, IPVPN, and MPVPN software
Added: 2022-01-10
Due Date: 2022-01-24
Description:
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-43890
Vendor: Microsoft
Product: Windows
Added: 2021-12-15
Due Date: 2021-12-29
Description:
Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability.
Required Action:
Apply updates per vendor instructions.
CVE-2021-4102
Vendor: Google
Product: Chromium V8
Added: 2021-12-15
Due Date: 2021-12-29
Description:
Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-44515
Vendor: Zoho
Product: Desktop Central
Added: 2021-12-10
Due Date: 2021-12-24
Description:
Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.
Required Action:
Apply updates per vendor instructions.
CVE-2019-13272
Vendor: Linux
Product: Kernel
Added: 2021-12-10
Due Date: 2022-06-10
Description:
Kernel/ptrace.c in Linux kernel mishandles contains an improper privilege management vulnerability that allows local users to obtain root access.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-35394
Vendor: Realtek
Product: Jungle Software Development Kit (SDK)
Added: 2021-12-10
Due Date: 2021-12-24
Description:
RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-7238
Vendor: Sonatype
Product: Nexus Repository Manager
Added: 2021-12-10
Due Date: 2022-06-10
Description:
Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution.
Required Action:
Apply updates per vendor instructions.