This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2019-0604
Vendor: Microsoft
Product: SharePoint
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft SharePoint fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run remote code in the context of the SharePoint application pool and the SharePoint server farm account.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-0646
Vendor: Microsoft
Product: .NET Framework
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft .NET Framework contains an improper input validation vulnerability that allows for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-0808
Vendor: Microsoft
Product: Win32k
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Win32k contains a privilege escalation vulnerability due to the component failing to properly handle objects in memory. Successful exploitation allows an attacker to run code in kernel mode.
Required Action:
Apply updates per vendor instructions.
CVE-2021-26857
Vendor: Microsoft
Product: Exchange Server
Added: 2021-11-03
Due Date: 2021-04-16
Description:
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-1147
Vendor: Microsoft
Product: .NET Framework, SharePoint, Visual Studio
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft .NET Framework, Microsoft SharePoint, and Visual Studio contain a remote code execution vulnerability when the software fails to check the source markup of XML file input. Successful exploitation allows an attacker to execute code in the context of the process responsible for deserialization of the XML content.
Required Action:
Apply updates per vendor instructions.
CVE-2019-1214
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Windows Common Log File System (CLFS) driver improperly handles objects in memory which can allow for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CVE-2016-3235
Vendor: Microsoft
Product: Office
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Office Object Linking & Embedding (OLE) dynamic link library (DLL) contains a side loading vulnerability due to it improperly validating input before loading libraries. Successful exploitation allows for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-0863
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Windows Error Reporting (WER) contains a privilege escalation vulnerability due to the way it handles files, allowing for code execution in kernel mode.
Required Action:
Apply updates per vendor instructions.
CVE-2021-36955
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CVE-2021-38648
Vendor: Microsoft
Product: Open Management Infrastructure (OMI)
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-6819
Vendor: Mozilla
Product: Firefox and Thunderbird
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Mozilla Firefox and Thunderbird contain a race condition vulnerability when running the nsDocShell destructor under certain conditions. The race condition creates a use-after-free vulnerability, causing unspecified impacts.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-6820
Vendor: Mozilla
Product: Firefox and Thunderbird
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Mozilla Firefox and Thunderbird contain a race condition vulnerability when handling a ReadableStream under certain conditions. The race condition creates a use-after-free vulnerability, causing unspecified impacts.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-17026
Vendor: Mozilla
Product: Firefox and Thunderbird
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Mozilla Firefox and Thunderbird contain a type confusion vulnerability due to incorrect alias information in the IonMonkey JIT compiler when setting array elements.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-15949
Vendor: Nagios
Product: Nagios XI
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Nagios XI contains a remote code execution vulnerability in which a user can modify the check_plugin executable and insert malicious commands to execute as root.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-26919
Vendor: NETGEAR
Product: JGS516PE Devices
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Netgear JGS516PE devices contain a missing function level access control vulnerability.
Required Action:
Apply updates per vendor instructions.