This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2021-27561
Vendor: Yealink
Product: Device Management
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Yealink Device Management contains a server-side request forgery (SSRF) vulnerability that allows for unauthenticated remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-40539
Vendor: Zoho
Product: ManageEngine
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-10189
Vendor: Zoho
Product: ManageEngine
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Zoho ManageEngine Desktop Central contains a file upload vulnerability that allows for unauthenticated remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-8394
Vendor: Zoho
Product: ManageEngine
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Zoho ManageEngine ServiceDesk Plus (SDP) contains an unspecified vulnerability that allows remote users to upload files via login page customization.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-29583
Vendor: Zyxel
Product: Multiple Products
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Zyxel firewalls (ATP, USG, VM) and AP Controllers (NXC2500 and NXC5500) contain a use of hard-coded credentials vulnerability in an undocumented account ("zyfwp") with an unchangeable password.
Required Action:
Apply updates per vendor instructions.
CWEs: