This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2021-31755
Vendor: Tenda
Product: AC11 Router
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Tenda AC11 devices contain a stack buffer overflow vulnerability in /goform/setmac which allows attackers to execute code via a crafted post request.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-10987
Vendor: Tenda
Product: AC1900 Router AC15 Model
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Tenda AC1900 Router AC15 Model contains an unspecified vulnerability that allows remote attackers to execute system commands via the deviceName POST parameter.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2018-14558
Vendor: Tenda
Product: AC7, AC9, and AC10 Routers
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Successful exploitation allows an attacker to execute OS commands via a crafted goform/setUsbUnload request.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2018-20062
Vendor: ThinkPHP
Product: noneCms
Added: 2021-11-03
Due Date: 2022-05-03
Description:
ThinkPHP "noneCms" contains an unspecified vulnerability that allows for remote code execution through crafted use of the filter parameter.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-9082
Vendor: ThinkPHP
Product: ThinkPHP
Added: 2021-11-03
Due Date: 2022-05-03
Description:
ThinkPHP contains an unspecified vulnerability that allows for remote code execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-18187
Vendor: Trend Micro
Product: OfficeScan
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Trend Micro OfficeScan contains a directory traversal vulnerability by extracting files from a zip file to a specific folder on the OfficeScan server, leading to remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-8467
Vendor: Trend Micro
Product: Apex One and OfficeScan
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Trend Micro Apex One and OfficeScan contain an unspecified vulnerability within a migration tool component that allows for remote code execution.
Required Action:
Apply updates per vendor instructions.
CVE-2020-8468
Vendor: Trend Micro
Product: Apex One, OfficeScan and Worry-Free Business Security Agents
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agent client components.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-24557
Vendor: Trend Micro
Product: Apex One, OfficeScan, and Worry-Free Business Security
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Trend Micro Apex One, OfficeScan, and Worry-Free Business Security on Microsoft Windows contain an improper access control vulnerability that may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function, and attain privilege escalation.
Required Action:
Apply updates per vendor instructions.
CVE-2020-8599
Vendor: Trend Micro
Product: Apex One and OfficeScan
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login.
Required Action:
Apply updates per vendor instructions.
CVE-2021-36742
Vendor: Trend Micro
Product: Apex One, Apex One as a Service, and Worry-Free Business Security
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-36741
Vendor: Trend Micro
Product: Apex One, Apex One as a Service, and Worry-Free Business Security
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows a remote attacker to upload files.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-20085
Vendor: TVT
Product: NVMS-1000
Added: 2021-11-03
Due Date: 2022-05-03
Description:
TVT devices utilizing NVMS-1000 software contain a directory traversal vulnerability via GET /.. requests.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-5849
Vendor: Unraid
Product: Unraid
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Unraid contains an authentication bypass vulnerability that allows attackers to gain access to the administrative interface. This CVE is chainable with CVE-2020-5847 for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-5847
Vendor: Unraid
Product: Unraid
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Unraid contains a vulnerability due to the insecure use of the extract PHP function that can be abused to execute remote code as root. This CVE is chainable with CVE-2020-5849 for initial access.
Required Action:
Apply updates per vendor instructions.