CISA、攻撃に利用されている脆弱性306件のリストを公開。各機関にパッチ適用を命令

news

米国のサイバーセキュリティ・インフラストラクチャセキュリティ庁(CISA)は、攻撃に利用されている脆弱性のカタログを作成し、米国の連邦政府機関に対し特定の期間および期限内に影響を受けるシステムにパッチを適用するよう法的な業務指示を出しました。

Known Exploited Vulnerabilities Catalog | CISA
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat acti...

このカタログには、現在306件の脆弱性が掲載されており、その中には2010年のものも含まれています。

この中には、シスコ、グーグル、マイクロソフト、アップル、オラクル、アドビ、アトラシアン、IBMなど大小さまざまな企業の製品に存在する脆弱性が含まれています。

今年公開された脆弱性(CVEコードがCVE-2021-*)については、CISAは米国の連邦民間機関に対し、2021年11月17日までにパッチを適用するよう命じています。

また、それ以前の脆弱性については、2022年5月3日までにシステムにパッチを適用することが求められています。

これらの脆弱性は、政府機関および連邦企業に重大なリスクをもたらすものです。

連邦政府の情報システムを保護し、サイバー攻撃の被害を減少させるためには、既知の脆弱性を積極的に修正することが不可欠です

CISAのディレクターであるジェン・イースタリー氏は、この命令は米国連邦機関にのみ対応を依頼するものであるが、同じ脆弱性が民間企業への攻撃にも使用されていることから、すべての組織が記載された脆弱性にパッチを当てるべきであると述べています。

また、新たな脆弱性が積極的に利用されるようになれば、データベースに新たに追加する予定であると述べており、さらにこの情報のRSSフィードが提供されているため、ITチームやセキュリティチームがデータベースへの新しいエントリーを監視できるようになっています。

Page Not Found | CISA

脆弱性リストは以下の通り

Citrix
CVEVendor/ProjectProductVulnerability NameDate Added to CatalogShort DescriptionActionDue DateNotes
CVE-2021-27104​AccellionFTAAccellion FTA OS Command Injection VulnerabilityNovember 3, 2021Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints.Apply updates per vendor instructions.November 17, 2021
CVE-2021-27102​AccellionFTAAccellion FTA OS Command Injection VulnerabilityNovember 3, 2021Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call.Apply updates per vendor instructions.November 17, 2021
CVE-2021-27101​AccellionFTAAccellion FTA SQL Injection VulnerabilityNovember 3, 2021Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html.Apply updates per vendor instructions.November 17, 2021
CVE-2021-27103​AccellionFTAAccellion FTA SSRF VulnerabilityNovember 3, 2021Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html.Apply updates per vendor instructions.November 17, 2021
CVE-2021-21017​AdobeAcrobat and ReaderAdobe Acrobat and Reader Heap-based Buffer Overflow VulnerabilityNovember 3, 2021Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Apply updates per vendor instructions.November 17, 2021
CVE-2021-28550​AdobeAcrobat and ReaderAdobe Acrobat and Reader Use-After-Free VulnerabilityNovember 3, 2021Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Apply updates per vendor instructions.November 17, 2021
CVE-2018-4939​AdobeColdFusionAdobe ColdFusion Deserialization of Untrusted Data vulnerabilityNovember 3, 2021Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution.Apply updates per vendor instructions.May 3, 2022
CVE-2018-15961​AdobeColdFusionAdobe ColdFusion RCENovember 3, 2021Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.Apply updates per vendor instructions.May 3, 2022
CVE-2018-4878​AdobeFlash PlayerAdobe Flash Player Use after Free vulnerabilityNovember 3, 2021A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.Apply updates per vendor instructions.May 3, 2022
CVE-2020-5735​AmcrestCameras and Network Video Recorder (NVR)Amcrest Camera and NVR Buffer Overflow VulnerabilityNovember 3, 2021Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code.Apply updates per vendor instructions.May 3, 2022
CVE-2019-2215AndroidAndroid OSAndroid “AbstractEmu” Root Access VulnerabilitiesNovember 3, 2021Apply updates per vendor instructions.May 3, 2022
CVE-2020-0041AndroidAndroid OSAndroid “AbstractEmu” Root Access VulnerabilitiesNovember 3, 2021Apply updates per vendor instructions.May 3, 2022
CVE-2020-0069AndroidAndroid OSAndroid “AbstractEmu” Root Access VulnerabilitiesNovember 3, 2021Apply updates per vendor instructions.May 3, 2022
CVE-2017-9805ApacheStrutsApache Struts Multiple Versions Remote Code ExecutionNovember 3, 2021The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 contains a vulnerability which can lead to RCE.Apply updates per vendor instructions.May 3, 2022
CVE-2021-42013ApacheHTTP ServerApache HTTP Server 2.4.49 and 2.4.50 Path TraversalNovember 3, 2021Apache HTTP server vulnerabilities allow an attacker to use a path traversal attack to map URLs to files outside the expected document root and perform RCE.Apply updates per vendor instructions.November 17, 2021
CVE-2021-41773ApacheHTTP ServerApache HTTP Server Path Traversal VulnerabilityNovember 3, 2021A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration “require all denied”, these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.Apply updates per vendor instructions.November 17, 2021
CVE-2019-0211​ApacheHTTP ServerApache HTTP Server scoreboard vulnerabilityNovember 3, 2022In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.Apply updates per vendor instructions.May 3, 2022
CVE-2016-4437​ApacheShiroApache Shiro 1.2.4 Cookie RememberME Deserial RCENovember 3, 2021Apache Shiro before 1.2.5, when a cipher key has not been configured for the “remember me” feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.Apply updates per vendor instructions.May 3, 2022
CVE-2019-17558​ApacheSolrApache Solr 5.0.0-8.3.1 Remote Code ExecutionNovember 3, 2021Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).Apply updates per vendor instructions.May 3, 2022
CVE-2020-17530ApacheStrutsApache Struts Forced OGNL Double Evaluation RCENovember 3, 2021Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 – Struts 2.5.25.Apply updates per vendor instructions.May 3, 2022
CVE-2017-5638​ApacheStrutsApache Struts Jakarta Multipart parser exception handling vulnerabilityNovember 3, 2021The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.Apply updates per vendor instructions.May 3, 2022
CVE-2018-11776ApacheStrutsApache Struts 2.3 to 2.3.34 and 2.5 to 2.5.16 Remote Code ExecutionNovember 3, 2021Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 contain a vulnerability which can allow for remote code execution.Apply updates per vendor instructions.May 3, 2022
CVE-2021-30858​AppleiOS and iPadOSApple Apple iOS and iPadOS Use-After-FreeNovember 3, 2021Apple iOS and iPadOS Arbitrary Code ExecutionApply updates per vendor instructions.November 17, 2021
CVE-2019-6223AppleFaceTimeApple FaceTime VulnerabilityNovember 3, 2021A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. The initiator of a Group FaceTime call may be able to cause the recipient to answer.Apply updates per vendor instructions.May 3, 2022
CVE-2021-30860​AppleiOSApple iOS “FORCEDENTRY” Remote Code ExecutionNovember 3, 2021Apply updates per vendor instructions.November 17, 2021
CVE-2020-27930AppleiOS and macOSApple iOS and macOS FontParser RCENovember 3, 2021A memory corruption issue was addressed with improved input validation. Processing a maliciously crafted font may lead to arbitrary code execution.Apply updates per vendor instructions.May 3, 2022
CVE-2021-30807​AppleiOS and macOSApple iOS and macOS IOMobileFrameBuffer Memory Corruption VulnerabilityNovember 3, 2021Apply updates per vendor instructions.November 17, 2021
CVE-2020-27950​AppleiOS and macOSApple iOS and macOS Kernel Memory Initialization VulnerabilityNovember 3, 2021A malicious application may be able to disclose kernel memory.Apply updates per vendor instructions.May 3, 2022
CVE-2020-27932​AppleiOS and macOSApple iOS and macOS Kernel Type Confusion VulnerabilityNovember 3, 2021A malicious application may be able to execute arbitrary code with kernel privileges.Apply updates per vendor instructions.May 3, 2022
CVE-2021-30860AppleiOSApple iOS iMessage Zero-click vulnerabilityNovember 3, 2021Processing a maliciously crafted PDF may lead to arbitrary code execution.Apply updates per vendor instructions.November 17, 2021
CVE-2020-9818AppleiOS MailApple iOS Mail OOB VulnerabilityNovember 3, 2021Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination.Apply updates per vendor instructions.May 3, 2022
CVE-2020-9819AppleiOS MailApple iOS Mail Heap Overflow VulnerabilityNovember 3, 2021Processing a maliciously crafted mail message may lead to heap corruption.Apply updates per vendor instructions.May 3, 2022
CVE-2021-30762​AppleiOSApple WebKit Browser Engine Use After Free VulnerabilityNovember 3, 2021Use after free issue. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a rep ort that this issue may have been actively exploited.Apply updates per vendor instructions.November 17, 2021
CVE-2021-1782AppleiOSApple iOS Privilege Escalation and Code Execution ChainNovember 3, 2021A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploitedApply updates per vendor instructions.November 17, 2021
CVE-2021-1870AppleiOSApple iOS Privilege Escalation and Code Execution ChainNovember 3, 2021A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.Apply updates per vendor instructions.November 17, 2021
CVE-2021-1871​AppleiOSApple iOS Privilege Escalation and Code Execution ChainNovember 3, 2021A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.Apply updates per vendor instructions.November 17, 2021
CVE-2021-1879​AppleiOSApple iOS Webkit Browser Engine XSSNovember 3, 2021Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited..Apply updates per vendor instructions.November 17, 2021
CVE-2021-30661AppleiOSApple iOS Webkit Storage Use-After-Free RCENovember 3, 2021Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.Apply updates per vendor instructions.November 17, 2021
CVE-2021-30666​AppleiOSApple iOS12.x Buffer OverflowNovember 3, 2021Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.Apply updates per vendor instructions.November 17, 2021
CVE-2021-30713​ApplemacOSApple macOS Input Validation ErrorNovember 3, 2021A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited..Apply updates per vendor instructions.November 17, 2021
CVE-2021-30657​ApplemacOSApple macOS Policy Subsystem Gatekeeper BypassNovember 3, 2021 A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited..Apply updates per vendor instructions.November 17, 2021
CVE-2021-30665​AppleSafariApple Safari Webkit Browser Engine Buffer Overflow VulnerabilityNovember 3, 2021Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.Apply updates per vendor instructions.November 17, 2021
CVE-2021-30663​AppleSafariApple Safari Webkit Browser Engine Integer Overflow VulnerabilityNovember 3, 2021Integer overflow. Processing maliciously crafted web content may lead to arbitrary code execution.Apply updates per vendor instructions.November 17, 2021
CVE-2021-30761​AppleiOSApple WebKit Browser Engine Memory Corruption VulnerabilityNovember 3, 2021Memory corruption issue. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.Apply updates per vendor instructions.November 17, 2021
CVE-2021-30869​AppleiOS, macOS, and iPadOSApple XNU Kernel Type ConfusionNovember 3, 2021Apple XNU kernel contains a type confusion vulnerability which allows a malicious application to execute arbitrary code with kernel privileges.Apply updates per vendor instructions.November 17, 2021
CVE-2020-9859AppleiOS and iPadOSApple 11-13.5 XNU Kernel VulnerabilityNovember 3, 2021A memory consumption issue was addressed with improved memory handling. An application may be able to execute arbitrary code with kernel privileges.Apply updates per vendor instructions.May 3, 2022
CVE-2021-20090​ArcadyanBuffalo WSR-2533DHPL2 and WSR-2533DHP3 firmwareArcadyan Buffalo Firmware Multiple Versions Path TraversalNovember 3, 2021A path traversal vulnerability in Arcadyan firmware could allow unauthenticated remote attackers to bypass authentication. It impacts many routers.Apply updates per vendor instructions.November 17, 2021
CVE-2021-27562​ArmArm Trusted FirmwareArm Trusted Firmware M through 1.2 Denial of ServiceNovember 3, 2021In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode. This vulnerability has known active exploitation against Yealink Device Management servers. It is assessed this product utilizes the affected Arm firmware.Apply updates per vendor instructions.November 17, 2021
CVE-2021-28664​ArmMali Graphics Processing Unit (GPU)Arm Mali GPU Kernel Boundary Error VulnerabilityNovember 3, 2021The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r8p0 through r30p0.Apply updates per vendor instructions.November 17, 2021
CVE-2021-28663​ArmMali Graphics Processing Unit (GPU)Arm Mali GPU Kernel Use-After-Free VulnerabilityNovember 3, 2021The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0.Apply updates per vendor instructions.November 17, 2021
CVE-2019-3398​AtlassianConfluenceAtlassian Confluence Path Traversal VulnerabilityNovember 3, 2021Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has ‘Admin’ permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability.Apply updates per vendor instructions.May 3, 2022
CVE-2021-26084​AtlassianConfluence ServerAtlassian Confluence Server < 6.13.23, 6.14.0 – 7.12.5 Arbitrary Code ExecutionNovember 3, 2021Atlassian Confluence Server The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5 contains an OGNL injection vulnerability which allows an attacker to execute arbitrary code.Apply updates per vendor instructions.November 17, 2021
CVE-2019-11580​AtlassianCrowd and Crowd Data CenterAtlassian Crowd and Crowd Data Center RCENovember 3, 2021Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5, from version 3.1.0 before 3.1.6, from version 3.2.0 before 3.2.8, from version 3.3.0 before 3.3.5, and from version 3.4.0 before 3.4.4 are affected by this vulnerability.Apply updates per vendor instructions.May 3, 2022
CVE-2019-3396​Atlassian Atlassian Confluence ServerRemote code execution via Widget Connector macro VulnerabilityNovember 3, 2021Allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.Apply updates per vendor instructions.May 3, 2022
CVE-2021-42258BQEBillQuick Web SuiteBQE BillQuick Web Suite Versions Prior to 22.0.9.1 (from 2018 through 2021) Remote Code ExecutionNovember 3, 2021BQE BillQuick Web Suite 2018 through 2021 prior to 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation.Apply updates per vendor instructions.November 17, 2021
CVE-2020-3452​CiscoAdaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)Cisco Adaptive Security Appliance and Cisco Fire Power Threat Defense directory traversal sensitive file readNovember 3, 2021A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.Apply updates per vendor instructions.May 3, 2022
CVE-2020-3580CiscoAdaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)Cisco ASA and FTD XSS VulnerabilitiesNovember 3, 2021Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations.Apply updates per vendor instructions.May 3, 2022
CVE-2021-1497CiscoHyperFlex HXCisco HyperFlex HX Command Injection VulnerabilitiesNovember 3, 2021Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.Apply updates per vendor instructions.November 17, 2021
CVE-2021-1498CiscoHyperFlex HXCisco HyperFlex HX Command Injection VulnerabilitiesNovember 3, 2021Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.Apply updates per vendor instructions.November 17, 2021
CVE-2018-0171​CiscoIOS and IOS XECisco IOS and IOS XE Software Smart Install Remote Code ExecutionNovember 3, 2021A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: Triggering a reload of the device, Allowing the attacker to execute arbitrary code on the device, Causing an indefinite loop on the affected device that triggers a watchdog crash. Cisco Bug IDs: CSCvg76186.Apply updates per vendor instructions.May 3, 2022
CVE-2020-3118​CiscoIOS XRCisco IOS XR Software Cisco Discovery Protocol Format String VulnerabilityNovember 3, 2021A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Apply updates per vendor instructions.May 3, 2022
CVE-2020-3566CiscoIOS XRCisco IOS XR Software DVMRP Memory Exhaustion VulnerabilityNovember 3, 2021A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols.Apply updates per vendor instructions.May 3, 2022
CVE-2020-3569CiscoIOS XRCisco IOS XR Software DVMRP Memory Exhaustion VulnerabilityNovember 3, 2021Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually crash. The memory consumption may negatively impact other processes that are running on the device. These vulnerabilities are due to the incorrect handling of IGMP packets. An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to immediately crash the IGMP process or cause memory exhaustion, resulting in other processes becoming unstable. These processes may include, but are not limited to, interior and exterior routing protocols.Apply updates per vendor instructions.May 3, 2022
CVE-2020-3161​CiscoIP PhonesCisco IP Phones Web Server DoS and RCENovember 3, 2021A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.Apply updates per vendor instructions.May 3, 2022
CVE-2019-1653​CiscoRV320 and RV325 RoutersCisco RV320 and RV325 Routers Improper Access Control Vulnerability (COVID-19-CTI list)November 3, 2021A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information.Apply updates per vendor instructions.May 3, 2022
CVE-2018-0296CiscoAdaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)Cisco Adaptive Security Appliance Firepower Threat Defense DoS/Directory Traversal vulnerabilityqNovember 3, 2021A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029.Apply updates per vendor instructions.May 3, 2022
CVE-2019-13608CitrixStoreFront ServerCitrix StoreFront Server Multiple Versions XML External Entity (XXE)November 3, 2021Citrix StoreFront Server contains a XXE processing vulnerability that could allow an unauthenticated attacker to retrieve potentially sensitive information.Apply updates per vendor instructions.May 3, 2022
CVE-2020-8193CitrixApplication Delivery Controller (ADC), Gateway, and SDWAN WANOPCitrix ADC, Citrix Gateway, Citrix SDWAN WANOP Unauthenticated Authorization BypassNovember 3, 2021Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.Apply updates per vendor instructions.May 3, 2022
CVE-2020-8195Application Delivery Controller (ADC), Gateway, and SDWAN WANOPCitrix ADC, Citrix Gateway, Citrix SDWAN WANOP Unauthenticated Authorization BypassNovember 3, 2021Application Delivery Controller (ADC), Gateway, and SDWAN WANOPApply updates per vendor instructions.May 3, 2022
CVE-2020-8196CitrixApplication Delivery Controller (ADC), Gateway, and SDWAN WANOPCitrix ADC, Citrix Gateway, Citrix SDWAN WANOP Unauthenticated Authorization BypassNovember 3, 2021Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.Apply updates per vendor instructions.May 3, 2022
CVE-2019-19781​CitrixApplication Delivery Controller (ADC) and GatewayCitrix Application Delivery Controller and Citrix Gateway VulnerabilityNovember 3, 2021Issue in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0 allowing Directory Traversal.Apply updates per vendor instructions.May 3, 2022
CVE-2019-11634CitrixWorkspace (for Windows)Citrix Workspace (for Windows) Prior to 1904 Improper Access ControlNovember 3, 2021Citrix Workspace app and Receiver for Windows prior to version 1904 contains an incorrect access control vulnerability which allows for code execution.Apply updates per vendor instructions.May 3, 2022
CVE-2020-29557​D-LinkDIR-825 R1D-Link DIR-825 R1 Through 3.0.1 Before 11/2020 Buffer OverflowNovember 3, 2021D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20 contain a vulnerability in the web interface allowing for remote code execution.Apply updates per vendor instructions.May 3, 2022
CVE-2020-25506​D-LinkDNS-320D-Link DNS-320 Command Injection RCE VulnerabilityNovember 3, 2021D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution.Apply updates per vendor instructions.May 3, 2022
CVE-2018-15811DNNDotNetNukeDotNetNuke 9.2-9.2.2 Encryption Algorithm VulnerabilityNovember 3, 2021DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.Apply updates per vendor instructions.May 3, 2022
CVE-2018-18325DNNDotNetNukeDotNetNuke 9.2-9.2.2 Encryption Algorithm VulnerabilityNovember 3, 2021DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.Apply updates per vendor instructions.May 3, 2022
CVE-2017-9822​DNNDotNetNuke (DNN)DotNetNuke before 9.1.1 Remote Code ExecutionNovember 3, 2021DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka “2017-08 (Critical) Possible remote code execution on DNN sites.”Apply updates per vendor instructions.May 3, 2022
CVE-2019-15752​DockerDesktop Community EditionDocker Desktop Community Edition Privilege EscalationNovember 3, 2021Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run ‘docker login’ to force the command.Apply updates per vendor instructions.May 3, 2022
CVE-2020-8515​DrayTekVigor Router(s)DrayTek Vigor Router VulnerabilityNovember 3, 2021DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI.Apply updates per vendor instructions.May 3, 2022
CVE-2018-7600​DrupalDrupalDrupal module configuration vulnerabilityNovember 3, 2021Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.Apply updates per vendor instructions.May 3, 2022
CVE-2021-22205ExifToolExifToolGitLab Community and Enterprise Editions From 11.9 Remote Code ExecutionNovember 3, 2021Anyone with the ability to upload an image that goes through the GitLab Workhorse could achieve RCE via a specially crafted file.Apply updates per vendor instructions.November 17, 2021
CVE-2018-6789​EximEximExim Buffer Overflow VulnerabilityNovember 3, 2021Issue in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.Apply updates per vendor instructions.May 3, 2022
CVE-2020-8657​EyesOfNetworkEyesOfNetworkEyesOfNetwork 5.3 Insufficient Credential ProtectionNovember 3, 2021Issue in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin access token.Apply updates per vendor instructions.May 3, 2022
CVE-2020-8655​EyesOfNetworkEyesOfNetworkEyesOfNetwork 5.3 Privilege Escalation VulnerabilityNovember 3, 2021Issue in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user to run arbitrary commands as root via a crafted NSE script for nmap 7.Apply updates per vendor instructions.May 3, 2022
CVE-2020-5902​F5BIG IPF5 BIG IP Traffic Management User Interface RCENovember 3, 2021In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Manage ment User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.Apply updates per vendor instructions.May 3, 2022
CVE-2021-22986​F5BIG-IPF5 iControl REST unauthenticated RCENovember 3, 2021The iControl REST interface has an unauthenticated remote command execution vulnerability.Apply updates per vendor instructions.November 17, 2021
CVE-2021-35464​ForgeRockAccess Management serverForgeRock Access Management Remote Code ExecutionNovember 3, 2021ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the server.Apply updates per vendor instructions.November 17, 2021
CVE-2019-5591​FortinetFortiOSFortinet FortiOS Default Configuration VulnerabilityNovember 3, 2021A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.Apply updates per vendor instructions.May 3, 2022
CVE-2020-12812​FortinetFortiOSFortinet FortiOS SSL VPN 2FA Authentication VulnerabilityNovember 3, 2021An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.Apply updates per vendor instructions.May 3, 2022
CVE-2018-13379​FortinetFortiOSFortinet FortiOS SSL VPN credential exposure vulnerabilityNovember 3, 2021An Improper Limitation of a Pathname to a Restricted Directory (“Path Traversal”) in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.Apply updates per vendor instructions.May 3, 2022
CVE-2020-16010GoogleChrome for AndroidGoogle Chrome for Android Heap Overflow VulnerabilityNovember 3, 2021Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.Apply updates per vendor instructions.May 3, 2022
CVE-2020-15999GoogleChromeGoogle Chrome FreeType Memory CorruptionNovember 3, 2021Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.Apply updates per vendor instructions.November 17, 2021
CVE-2021-21166​GoogleChromeGoogle Chrome Heap Buffer Overflow in WebAudio VulnerabilityNovember 3, 2021Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.Apply updates per vendor instructions.November 17, 2021
CVE-2020-16017GoogleChromeGoogle Chrome Site Isolation Component Use-After-Free RCE vulnerabilityNovember 3, 2021Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.Apply updates per vendor instructions.May 3, 2022
CVE-2020-16009​GoogleChromium V8Chromium V8 Implementation VulnerabilityNovember 3, 2021Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.Apply updates per vendor instructions.May 3, 2022
CVE-2021-37976GoogleChromeGoogle Chrome Information LeakageNovember 3, 2021Information disclosure in Google Chrome that exists due to excessive data output in core.Apply updates per vendor instructions.November 17, 2021
CVE-2020-16013GoogleChromium V8Chromium V8 Engine Incorrect Implementation vulnerabililtyNovember 3, 2021Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.Apply updates per vendor instructions.May 3, 2022
CVE-2021-30632GoogleChromeGoogle Chrome Out-of-bounds writeNovember 3, 2021Google Chrome out-of-bounds write that allows to execute arbitrary code on the target system.Apply updates per vendor instructions.November 17, 2021
CVE-2021-21148​GoogleChromium V8Chromium V8 JavaScript Rendering Engine Heap Buffer Overflow VulnerabilityNovember 3, 2021Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.Apply updates per vendor instructions.November 17, 2021
CVE-2021-30633​GoogleChromeGoogle Chrome Use-After-FreeNovember 3, 2021Google Chrome Use-After-Free vulnerabilityApply updates per vendor instructions.November 17, 2021
CVE-2021-30551​GoogleChromium V8Chromium V8 Engine Type ConfusionNovember 3, 2021Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.Apply updates per vendor instructions.November 17, 2021
CVE-2021-37973​GoogleChromeGoogle Chrome Use-After-FreeNovember 3, 2021Use-after-free weakness in Portals, Google’s new web page navigation system for Chrome. Successful exploitation can let attackers to execute code.Apply updates per vendor instructions.November 17, 2021
CVE-2020-6418​GoogleChromium V8Chromium V8 Engine Type Confusion VulnerabilityNovember 3, 2021Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.Apply updates per vendor instructions.May 3, 2022
CVE-2021-37975​GoogleChromeGoogle Chrome Use-After-FreeNovember 3, 2021Google Chrome use-after-free error within the V8 browser engine.Apply updates per vendor instructions.November 17, 2021
CVE-2021-30554​GoogleChromeGoogle Chrome WebGL Use after FreeNovember 3, 2021Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.Apply updates per vendor instructions.November 17, 2021
CVE-2021-21206​GoogleChromium BlinkChromium Blink Use-After-Free VulnerabilityNovember 3, 2021Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.Apply updates per vendor instructions.November 17, 2021
CVE-2021-38000GoogleChromium V8 EngineGoogle Chromium V8 Insufficient Input Validation VulnerabilityNovember 3, 2021Apply updates per vendor instructions.November 17, 2021
CVE-2021-38003GoogleChromium V8 EngineGoogle Chromium V8 Incorrect Implementation VulnerabilityNovember 3, 2021Apply updates per vendor instructions.November 17, 2021
CVE-2021-21224​GoogleChromium V8Chromium V8 JavaScript Engine Remote Code ExecutionNovember 3, 2021Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.Apply updates per vendor instructions.November 17, 2021
CVE-2021-21193​GoogleChromium V8Chromium V8 Engine Use-After-Free VulnerabilityNovember 3, 2021Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.Apply updates per vendor instructions.November 17, 2021
CVE-2021-21220​GoogleChromium V8Chromium V8 Engine Input Validation VulnerabilityNovember 3, 2021Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.Apply updates per vendor instructions.November 17, 2021
CVE-2021-30563​GoogleChromeGoogle Chrome Browser V8 Arbitrary Code ExecutionNovember 3, 2021Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.Apply updates per vendor instructions.November 17, 2021
CVE-2020-4430​IBMIBM Data Risk ManagerIBM Data Risk Manager Arbritary File DownloadNovember 3, 2021IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535.Apply updates per vendor instructions.May 3, 2022
CVE-2020-4427​IBMIBM Data Risk ManagerIBM Data Risk Manager Authentication BypassNovember 3, 2021IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532.Apply updates per vendor instructions.May 3, 2022
CVE-2020-4428​IBMIBM Data Risk ManagerIBM Data Risk Manager Command InjectionNovember 3, 2021IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533.Apply updates per vendor instructions.May 3, 2022
CVE-2019-4716​IBMIBM Planning AnalyticsIBM Planning Analytics configuration overwrite vulnerabilityNovember 3, 2021IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as “admin”, and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094.Apply updates per vendor instructions.May 3, 2022
CVE-2016-3715​ImageMagickImageMagickImageMagick Ephemeral Coder Arbitrary File Deletion VulnerabilityNovember 3, 2021The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.Apply updates per vendor instructions.May 3, 2022
CVE-2016-3718​ImageMagickImageMagickImageMagick SSRF VulnerabilityNovember 3, 2021The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.Apply updates per vendor instructions.May 3, 2022
CVE-2020-15505​IvantiMobileIron Core & ConnectorMobileIron Core, Connector, Sentry, and RDM RCENovember 3, 2021A remote code execution vulnerability that allows remote attackers to execute arbitrary code via unspecified vectors.Apply updates per vendor instructions.May 3, 2022
CVE-2021-30116KaseyaKaseya VSAKaseya VSA Remote Code ExecutionNovember 3, 2021Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021.Apply updates per vendor instructions.November 17, 2021
CVE-2020-7961​LifeRayLiferay PortalLiferay Portal prior to 7.2.1 CE GA2 RCENovember 3, 2021Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).Apply updates per vendor instructions.May 3, 2022
CVE-2021-23874​McAfeeMcAfee Total Protection (MTP)McAfee Total Protection MTP Arbitrary Process ExecutionNovember 3, 2021Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.Apply updates per vendor instructions.November 17, 2021
CVE-2021-22506​Micro FocusMicro Focus Access ManagerMicro Focus Access Manager Earlier Than 5.0 Information LeakageNovember 3, 2021Micro Focus Access Manager versions prior to 5.0 contain a vulnerability which allows for information leakage.Apply updates per vendor instructions.November 17, 2021
CVE-2021-22502​Micro FocusMicro Focus Operation Bridge Reporter (OBR)Micro Focus Operation Bridge Report (OBR) Server RCENovember 3, 2021Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server.Apply updates per vendor instructions.November 17, 2021
CVE-2014-1812​MicrosoftWindows Group PolicyMicrosoft Windows Group Policy Privilege EscalationNovember 3, 2021Allows remote authenticated users to obtain sensitive credential information and consequently gain privileges by leveraging access to the SYSVOL share, as exploited in the wild in May 2014, aka “Group Policy Preferences Password Elevation of Privilege Vulnerability.”Apply updates per vendor instructions.May 3, 2022
CVE-2021-38647​MicrosoftMicrosoft Azure Open Management Infrastructure (OMI)Microsoft Azure Open Management Infrastructure (OMI) Remote Code ExecutionNovember 3, 2021Azure Open Management Infrastructure Remote Code Execution VulnerabilityApply updates per vendor instructions.November 17, 2021
CVE-2016-0167​MicrosoftWindows KernelMicrosoft Windows Kernel ‘Win32k.sys’ Local Privilege Escalation VulnerabilityNovember 3, 2021The kernel-mode driver allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0143 and CVE-2016-0165.Apply updates per vendor instructions.May 3, 2022
CVE-2020-0878​MicrosoftMicrosoft Edge, Internet ExplorerMicrosoft Browser Memory Corruption VulnerabilityNovember 3, 2021A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory.Apply updates per vendor instructions.May 3, 2022
CVE-2021-31955​MicrosoftWindows KernelMicrosoft Windows Kernel Information Disclosure VulnerabilityNovember 3, 2021Windows Kernel Information Disclosure VulnerabilityApply updates per vendor instructions.November 17, 2021
CVE-2021-1647​MicrosoftMicrosoft DefenderMicrosoft Defender RCENovember 3, 2021Microsoft Defender Remote Code Execution VulnerabilityApply updates per vendor instructions.November 17, 2021
CVE-2016-0185​MicrosoftWindows Media CenterMicrosoft Windows Media Center RCE vulnerabilityNovember 3, 2021Media Center allows remote attackers to execute arbitrary code via a crafted Media Center link (aka .mcl) file, aka “Windows Media Center Remote Code Execution Vulnerability.”Apply updates per vendor instructions.May 3, 2022
CVE-2021-33739​MicrosoftMicrosoft Desktop Window Manager (DWM)Microsoft DWM Core Library Elevation of Privilege VulnerabilityNovember 3, 2021Microsoft Desktop Window Manager (DWM) Core Library Elevation of Privilege VulnerabilityApply updates per vendor instructions.November 17, 2021
CVE-2021-33742​MicrosoftWindows MSHTML PlatformMicrosoft Windows MSHTML Platform Remote Code Execution VulnerabilityNovember 3, 2021Windows MSHTML Platform Remote Code Execution VulnerabilityApply updates per vendor instructions.November 17, 2021
CVE-2020-0683​MicrosoftWindows InstallerMicrosoft Elevation of Privilege Installer VulnerabilityNovember 3, 2021An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka ‘Windows Installer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0686.Apply updates per vendor instructions.May 3, 2022
CVE-2020-17087​MicrosoftWindows KernelWindows Kernel Cryptography Driver Privilege EscalationNovember 3, 2021Windows Kernel Local Elevation of Privilege VulnerabilityApply updates per vendor instructions.May 3, 2022
CVE-2021-31956​MicrosoftWindows NTFS Microsoft Windows NTFS Elevation of Privilege VulnerabilityNovember 3, 2021Windows NTFS Elevation of Privilege VulnerabilityApply updates per vendor instructions.November 17, 2021
CVE-2021-31199MicrosoftMicrosoft Enhanced Cryptographic ProviderMicrosoft Enhanced Cryptographic Provider Elevation of Privilege VulnerabilitiesNovember 3, 2021Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2021-31201.Apply updates per vendor instructions.November 17, 2021
CVE-2021-33771​MicrosoftWindows KernelWindows Kernel Elevation of PrivilegeNovember 3, 2021Windows Kernel Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31979, CVE-2021-34514.Apply updates per vendor instructions.November 17, 2021
CVE-2020-0938MicrosoftWindows, Windows Adobe Type Manager LibraryMicrosoft Windows Type 1 Font Parsing Remote Code Execution VulnerabilityNovember 3, 2021A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format. This CVE ID is unique from CVE-2020-1020.Apply updates per vendor instructions.May 3, 2022
CVE-2021-31201MicrosoftMicrosoft Enhanced Cryptographic ProviderMicrosoft Enhanced Cryptographic Provider Elevation of Privilege VulnerabilitiesNovember 3, 2021Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2021-31199.Apply updates per vendor instructions.November 17, 2021
CVE-2021-31979​MicrosoftWindows KernelWindows Kernel Elevation of Privilege VulnerabilityNovember 3, 2021Windows Kernel Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33771, CVE-2021-34514.Apply updates per vendor instructions.November 17, 2021
CVE-2020-1020MicrosoftWindows, Windows Adobe Type Manager LibraryMicrosoft Windows Type 1 Font Parsing Remote Code Execution VulnerabilityNovember 3, 2021A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format. This CVE ID is unique from CVE-2020-0938.Apply updates per vendor instructions.May 3, 2022
CVE-2021-38645MicrosoftMicrosoft Azure Open Management Infrastructure (OMI)Microsoft Azure Open Management Infrastructure (OMI) Elevation of Privilege VulnerabilityNovember 3, 2021Open Management Infrastructure Elevation of Privilege VulnerabilityApply updates per vendor instructions.November 17, 2021
CVE-2020-17144MicrosoftMicrosoft Exchange ServerMicrosoft Exchange RCENovember 3, 2021Microsoft Exchange Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17142.Apply updates per vendor instructions.May 3, 2022
CVE-2020-0986​MicrosoftWindows KernelWindows Kernel Elevation of Privilege vulnerabilityNovember 3, 2021An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.Apply updates per vendor instructions.May 3, 2022
CVE-2021-36948​MicrosoftWindows Update Medic ServiceMicrosoft Windows Update Medic Service Elevation of PrivilegeNovember 3, 2021Windows Update Medic Service Elevation of Privilege VulnerabilityApply updates per vendor instructions.November 17, 2021
CVE-2021-38649MicrosoftMicrosoft Azure Open Management Infrastructure (OMI)Microsoft Azure Open Management Infrastructure (OMI) Elevation of Privilege VulnerabilityNovember 3, 2021Open Management Infrastructure Elevation of Privilege VulnerabilityApply updates per vendor instructions.November 17, 2021
CVE-2021-34523​MicrosoftMicrosoft Exchange ServerMicrosoft Exchange Server Elevation of Privilege VulnerabilityNovember 3, 2021Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2021-33768, CVE-2021-34470.Apply updates per vendor instructions.November 17, 2021
CVE-2017-7269​MicrosoftInternet Information Services (IIS)Windows Server 2003 R2 IIS WEBDAV buffer overflow RCE vulnerability (COVID-19-CTI list)November 3, 2021Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with “If: <http://” in a PROPFIND request.Apply updates per vendor instructions.May 3, 2022
CVE-2016-7255​MicrosoftWindows, Windows ServerMicrosoft Windows Vista, 7, 8.1, 10 and Windows Server 2008, 2012, and 2016 Win32k Privilege Escalation VulnerabilityNovember 3, 2021The kernel-mode drivers allow local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability”Apply updates per vendor instructions.May 3, 2022
CVE-2020-0688​MicrosoftMicrosoft Exchange ServerMicrosoft Exchange Server Key Validation VulnerabilityNovember 3, 2021A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka ‘Microsoft Exchange Memory Corruption Vulnerability’.Apply updates per vendor instructions.May 3, 2022
CVE-2017-0143​MicrosoftSMBv1 serverWindows SMBv1 Remote Code Execution VulnerabilityNovember 3, 2021The SMBv1 server allows remote attackers to execute arbitrary code via crafted packets, aka “Windows SMB Remote Code Execution Vulnerability.” This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.Apply updates per vendor instructions.May 3, 2022
CVE-2021-1732​MicrosoftWindows Win32kMicrosoft Windows Win32k Privilege EscalationNovember 3, 2021Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1698.Apply updates per vendor instructions.November 17, 2021
CVE-2019-0708​MicrosoftRemote Desktop Services“BlueKeep” Windows Remote Desktop RCE VulnerabilityNovember 3, 2021A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests.Apply updates per vendor instructions.May 3, 2022
C VE-2021-34473​MicrosoftMicrosoft Exchange ServerMicrosoft Exchange Server Remote Code Execution VulnerabilityNovember 3, 2021Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206.Apply updates per vendor instructions.November 17, 2021
CVE-2020-1464​MicrosoftWindowsWindows Spoofing VulnerabilityNovember 3, 2021A spoofing vulnerability exists when Windows incorrectly validates file signatures.Apply updates per vendor instructions.May 3, 2022
CVE-2019-0803​MicrosoftWindows Win32kWindows win32k Escalation Kernel VulnerabilityNovember 3, 2021An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0685, CVE-2019-0859.Apply updates per vendor instructions.May 3, 2022
CVE-2020-1040MicrosoftHyper-V RemoteFX vGPUHyper-V RemoteFX vGPU Remote Code Execution VulnerabilityNovember 3, 2021A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043.Apply updates per vendor instructions.May 3, 2022
CVE-2021-28310​MicrosoftWindows Win32kMicrosoft Windows Win32k Privilege Escalation VulnerabilityNovember 3, 2021Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-27072.Apply updates per vendor instructions.November 17, 2021
CVE-2021-34527MicrosoftWindows“PrintNightmare” – Microsoft Windows Print Spooler Remote Code Execution VulnerabilityNovember 3, 2021Windows Print Spooler Remote Code Execution VulnerabilityApply updates per vendor instructions.July 20, 2021Reference CISA’s ED 21-04 (https://cyber.dhs.gov/ed/21-04) for further guidance and requirements.
CVE-2021-31207​MicrosoftMicrosoft Exchange ServerMicrosoft Exchange Server Security Feature Bypass VulnerabilityNovember 3, 2021Microsoft Exchange Server Security Feature Bypass VulnerabilityApply updates per vendor instructions.November 17, 2021
CVE-2019-0859​MicrosoftWindows Win32kWindows win32k Escalation Kernel VulnerabilityNovember 3, 2021An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803.Apply updates per vendor instructions.May 3, 2022
CVE-2021-40444​MicrosoftMicrosoft MSHTMLMicrosoft Windows, Server (spec. IE) All Arbitrary Code ExecutionNovember 3, 2021Microsoft MSHTML Remote Code Execution VulnerabilityApply updates per vendor instructions.November 17, 2021
CVE-2020-1350​MicrosoftWindows Domain Name System Server“SigRed” – Windows DNS Server Remote Code Execution VulnerabilityNovember 3, 2021A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests.Apply updates per vendor instructions.July 24, 2020Reference CISA’s ED 20-03 (https://cyber.dhs.gov/ed/20-03/) for further guidance and requirements.
CVE-2021-26411​MicrosoftMicrosoft Edge, Internet ExplorerMicrosoft Internet Explorer and Edge Memory Corruption VulnerabilityNovember 3, 2021Internet Explorer Memory Corruption VulnerabilityApply updates per vendor instructions.November 17, 2021
CVE-2019-0797​MicrosoftWindows Win32kWindows win32k.sys Driver VulnerabilityNovember 3, 2021An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0808.Apply updates per vendor instructions.May 3, 2022
CVE-2017-8759MicrosoftMicrosoft .NET Framework.NET Framework Remote Code Execution vulnerabilityNovember 3, 2021Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application.Apply updates per vendor instructions.May 3, 2022
CVE-2018-8653​MicrosoftInternet Explorer Scripting EngineMicrosoft Internet Explorer Scripting Engine JScript Memory Corruption VulnerabilityNovember 3, 2021A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka “Scripting Engine Memory Corruption Vulnerability.” This CVE ID is unique from CVE-2018-8643.Apply updates per vendor instructions.May 3, 2022
CVE-2019-1215​MicrosoftWindows WinsockWindows Winsock (ws2ifsl.sys) vulnerabilityNovember 3, 2021An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303.Apply updates per vendor instructions.May 3, 2022
CVE-2021-36942​MicrosoftWindows Local Security Authority (LSA)Microsoft LSA SpoofingNovember 3, 2021Windows Local Security Authority (LSA) Spoofing Vulnerability “PetitPotam”Apply updates per vendor instructions.November 17, 2021
CVE-2017-11882MicrosoftMicrosoft OfficeMicrosoft Office 2007 – 2016 Backdoor Exploitation ChainNovember 3, 2021Allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka “Microsoft Office Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11884.Apply updates per vendor instructions.May 3, 2022
CVE-2018-0798MicrosoftM icrosoft OfficeMicrosoft Office 2007 – 2016 Backdoor Exploitation ChainNovember 3, 2021Allows a remote code execution vulnerability due to the way objects are handled in memory, aka “Microsoft Office Memory Corruption Vulnerability”.Apply updates per vendor instructions.May 3, 2022
CVE-2012-0158​MicrosoftMSCOMCTL.OCXMicrosoft MSCOMCTL.OCX RCE VulnerabilityNovember 3, 2021Allows remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers “system state” corruption, as exploited in the wild in April 2012, aka “MSCOMCTL.OCX RCE Vulnerability.Apply updates per vendor instructions.May 3, 2022
CVE-2018-0802​MicrosoftMicrosoft OfficeMicrosoft Office 2007 – 2016 Backdoor Exploitation ChainNovember 3, 2021Allows a remote code execution vulnerability due to the way objects are handled in memory, aka “Microsoft Office Memory Corruption Vulnerability”. This CVE is unique from CVE-2018-0797 and CVE-2018-0812.Apply updates per vendor instructions.May 3, 2022
CVE-2021-27085​MicrosoftInternet ExplorerInternet Explorer 11 RCENovember 3, 2021Internet Explorer Remote Code Execution VulnerabilityApply updates per vendor instructions.November 17, 2021
CVE-2019-0541​MicrosoftMSHTML engine Microsoft MSHTML Engine Remote Code Execution VulnerabilityNovember 3, 2021A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input, aka “MSHTML Engine Remote Code Execution Vulnerability.Apply updates per vendor instructions.May 3, 2022
CVE-2015-1641​MicrosoftMicrosoft OfficeMicrosoft Office Memory Corruption vulnerabilityNovember 3, 2021Allows remote attackers to execute arbitrary code via a crafted RTF document, aka “Microsoft Office Memory Corruption Vulnerability.”Apply updates per vendor instructions.May 3, 2022
CVE-2017-11882​MicrosoftMicrosoft OfficeMicrosoft Office memory corruption vulnerabilityNovember 3, 2021Allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka “Microsoft Office Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11884.Apply updates per vendor instructions.May 3, 2022
CVE-2020-0674MicrosoftInternet Explorer Scripting EngineInternet Explorer 9-11 Scripting Engine Memory Corruption VulnerabilityNovember 3, 2021A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.Apply updates per vendor instructions.May 3, 2022
CVE-2021-27059​MicrosoftMicrosoft OfficeMicrosoft Office RCENovember 3, 2021Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24108, CVE-2021-27057.Apply updates per vendor instructions.November 17, 2021
CVE-2019-1367MicrosoftInternet Explorer Scripting EngineInternet Explorer 9-11 Scripting Engine Memory Corruption VulnerabilityNovember 3, 2021A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. This CVE ID is unique from CVE-2019-1221.Apply updates per vendor instructions.May 3, 2022
CVE-2017-0199​MicrosoftWindows, Windows Server, Microsoft OfficeMicrosoft Office/WordPad Remote Code Execution Vulnerability with Windows APINovember 3, 2021Allows remote attackers to execute arbitrary code via a crafted document, aka “Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API.”Apply updates per vendor instructions.May 3, 2022
CVE-2020-1380​MicrosoftInternet ExplorerScripting Engine Memory Corruption VulnerabilityNovember 3, 2021A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-1555, CVE-2020-1570.Apply updates per vendor instructions.May 3, 2022
CVE-2019-1429MicrosoftInternet Explorer Scripting EngineInternet Explorer 9-11 Scripting Engine Memory Corruption VulnerabilityNovember 3, 2021A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428.Apply updates per vendor instructions.May 3, 2022
CVE-2017-11774​MicrosoftMicrosoft OutlookMicrosoft Outlook Security Feature Bypass VulnerabilityNovember 3, 2021Allows an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka “Microsoft Outlook Security Feature Bypass Vulnerability.”Apply updates per vendor instructions.May 3, 2022
CVE-2020-0968​MicrosoftInternet Explorer Scripting EngineInternet Explorer Scripting Engine Memory Corruption VulnerabilityNovember 3, 2021A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. This CVE ID is unique from CVE-2020-0970.Apply updates per vendor instructions.May 3, 2022
CVE-2020-1472​MicrosoftNetlogon Remote Protocol (MS-NRPC)NetLogon Elevation of Privilege VulnerabilityNovember 3, 2021An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka ‘Netlogon Elevation of Privilege Vulnerability’.Apply updates per vendor instructions.September 21, 2020Reference CISA’s ED 20-04 (https://cyber.dhs.gov/ed/20-04/) for further guidance and requirements.
CVE-2021-26855MicrosoftMicrosoft Exchange ServerMicrosoft OWA Exchange Control Panel (ECP) Exploit ChainNovember 3, 2021Micros oft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.Apply updates per vendor instructions.April 16, 2021Reference CISA’s ED 21-02 (https://cyber.dhs.gov/ed/21-02/) for further guidance and requirements.
CVE-2021-26858MicrosoftMicrosoft Exchange ServerMicrosoft OWA Exchange Control Panel (ECP) Exploit ChainNovember 3, 2021Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-27065, CVE-2021-27078.Apply updates per vendor instructions.April 16, 2021Reference CISA’s ED 21-02 (https://cyber.dhs.gov/ed/21-02/) for further guidance and requirements.
CVE-2021-27065​MicrosoftMicrosoft Exchange ServerMicrosoft OWA Exchange Control Panel (ECP) Exploit ChainNovember 3, 2021Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27078.Apply updates per vendor instructions.April 16, 2021Reference CISA’s ED 21-02 (https://cyber.dhs.gov/ed/21-02/) for further guidance and requirements.
CVE-2020-1054MicrosoftWindows Win32kMicrosoft Windows Win32k Privilege Escalation VulnerabilityNovember 3, 2021An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memoryApply updates per vendor instructions.May 3, 2022
CVE-2021-1675MicrosoftWindows Print SpoolerMicrosoft Print Spooler Remote Code ExecutionNovember 3, 2021Windows Print Spooler Elevation of Privilege VulnerabilityApply updates per vendor instructions.November 17, 2021
CVE-2021-34448​MicrosoftScripting EngineMicrosoft Scripting Engine Memory Corruption VulnerabilityNovember 3, 2021Scripting Engine Memory Corruption VulnerabilityApply updates per vendor instructions.November 17, 2021
CVE-2020-0601​MicrosoftWindows CryptoAPI Windows 10 API/ECC VulnerabilityNovember 3, 2021A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka ‘Windows CryptoAPI Spoofing Vulnerability’.Apply updates per vendor instructions.January 29, 2020Reference CISA’s ED 20-02 (https://cyber.dhs.gov/ed/20-02/) for further guidance and requirements.
CVE-2019-0604​MicrosoftSharePointMicrosoft SharePoint Remote Code Execution VulnerabilityNovember 3, 2021A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0594.Apply updates per vendor instructions.May 3, 2022
CVE-2020-0646​MicrosoftMicrosoft .NET FrameworkMicrosoft .NET Framework RCENovember 3, 2021A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ‘.NET Framework Remote Code Execution Injection Vulnerability’.Apply updates per vendor instructions.May 3, 2022
CVE-2019-0808​MicrosoftWindows Win32kWindows 7 win32k.sys Driver VulnerabilityNovember 3, 2021An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0797.Apply updates per vendor instructions.May 3, 2022
CVE-2021-26857​MicrosoftMicrosoft Exchange ServerMicrosoft Unified Messaging Deserialization VulnerabilityNovember 3, 2021Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.Apply updates per vendor instructions.April 16, 2021Reference CISA’s ED 21-02 (https://cyber.dhs.gov/ed/21-02/) for further guidance and requirements.
CVE-2020-1147​MicrosoftMicrosoft .NET Framework, Microsoft SharePoint, Visual StudioMicrosoft .NET Framework, SharePoint Server, and Visual Studio RCENovember 3, 2021A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input.Apply updates per vendor instructions.May 3, 2022
CVE-2019-1214​MicrosoftWindows Common Log File System (CLFS) driverWindows CLFS vulnerabilityNovember 3, 2021An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka ‘Windows Common Log File System Driver Elevation of Privilege Vulnerability’.Apply updates per vendor instructions.May 3, 2022
CVE-2016-3235​MicrosoftMicrosoft Visio/OfficeMicrosoft Visio/Office OLE DLL Side Loading vulnerabilityNovember 3, 2021Allows local users to gain privileges via a crafted application, aka “Microsoft Office OLE DLL Side Loading Vulnerability.”Apply updates per vendor instructions.May 3, 2022
CVE-2021-38647MicrosoftMicrosoft Azure Open Management Infrastructure (OMI)Microsoft Azure Open Management Infrastructure (OMI) Elevation of Privilege VulnerabilityNovember 3, 2021Azure Open Management Infrastructure Remote Code Execution VulnerabilityApply updates per vendor instructions.November 17, 2021
CVE-2019-0863​MicrosoftWindows Error Reporting (WER)Windows Error Reporting VulnerabilityNovember 3, 2021An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka ‘Windows Error Reporting Elevation of Privilege Vulnerability’.Apply updates per vendor instructions.May 3, 2022
CVE-2021-36955​MicrosoftWindows Common Log File System Driver Microsoft Windows Common Log File System Driver Privilege EscalationNovember 3, 2021Microsoft Windows Common Log File System Driver contains an unspecified vulnerability which allows for privilege escalation.Apply updates per vendor instructions.November 17, 2021
CVE-2021-38648MicrosoftMicrosoft Azure Open Management Infrastructure (OMI)Microsoft Azure Open Management Infrastructure (OMI) Elevation of Privilege VulnerabilityNovember 3, 2021Open Management Infrastructure Elevation of Privilege VulnerabilityApply updates per vendor instructions.November 17, 2021
CVE-2020-6819​MozillansDocShell destructorMozilla Firefox 74 and Firefox ESR 68.6 nsDocShell vulnerabilityNovember 3, 2021A race condition can cause a use-after-free when running the nsDocShell destructor. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.Apply updates per vendor instructions.May 3, 2022
CVE-2020-6820​MozillaReadableStreamMozilla Firefox 74 and Firefox ESR 68.6 ReadableStream vulnerabilityNovember 3, 2021A race condition can cause a use-after-free when handling a ReadableStream. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.Apply updates per vendor instructions.May 3, 2022
CVE-2019-17026​MozillaIonMonkey JIT compilerMozilla Firefox IonMonkey JIT compiler Type Confusion VulnerabilityNovember 3, 2021Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1Apply updates per vendor instructions.May 3, 2022
CVE-2019-15949​NagiosNagios XINagios XI Remote Code ExecutionNovember 3, 2021The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is executed as root via a passwordless sudo entry; the script executes check_plugin, which is owned by the nagios userApply updates per vendor instructions.May 3, 2022
CVE-2020-26919​NetgearNETGEAR JGS516PE devicesNetgear ProSAFE Plus JGS516PE RCE vulnerabilityNovember 3, 2021NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level.Apply updates per vendor instructions.May 3, 2022
CVE-2019-19356​NetisNetis WF2419Netis WF2419 Router Tracert RCE vulnerabilityNovember 3, 2021Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123Apply updates per vendor instructions.May 3, 2022
CVE-2020-2555​OracleOracle Coherence Oracle Coherence Deserialization RCENovember 3, 2021Allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle CoherenceApply updates per vendor instructions.May 3, 2022
CVE-2012-3152​OracleOracle Reports DeveloperOracle Reports Developer Arbitrary File Read and Upload vulnerabilityNovember 3, 2021Allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component.Apply updates per vendor instructions.May 3, 2022
CVE-2020-14871​OracleOracle Solaris Oracle Solaris Pluggable Authentication Module vulnerabilityNovember 3, 2021Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris.Apply updates per vendor instructions.May 3, 2022
CVE-2015-4852​OracleOracle WebLogic ServerOracle WebLogic Server RCENovember 3, 2021Allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar.Apply updates per vendor instructions.May 3, 2022
CVE-2020-14750OracleOracle WebLogic ServerOracle WebLogic Server RCENovember 3, 2021Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.Apply updates per vendor instructions.May 3, 2022
CVE-2020-14882OracleOracle WebLogic ServerOracle WebLogic Server RCENovember 3, 2021Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.Apply updates per vendor instructions.May 3, 2022
CVE-2020-14883OracleOracle WebLogic ServerOracle WebLogic Server RCENovember 3, 2021Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server.Apply updates per vendor instructions.May 3, 2022
CVE-2020-8644​PlaySMSPlaySMSPlaySMS Remote Code ExecutionNovember 3, 2021PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.Apply updates per vendor instructions.May 3, 2022
CVE-2019-18935​ProgessASP.NET AJAXProgress Telerik UI for ASP.NET deserialization bugNovember 3, 2021Contains a .NET deserialization vulnerability in the RadAsyncUpload function that can result in remote code execution.Apply updates per vendor instructions.May 3, 2022
CVE-2021-22893​PulsePulse Connect SecurePulse Connect Secure (PCS) Remote Code ExecutionNovember 3, 2021Vulnerability to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration featu res of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway.Apply updates per vendor instructions.April 23, 2021Reference CISA’s ED 21-03 (https://cyber.dhs.gov/ed/21-03/) for further guidance and requirements.
CVE-2020-8243​PulsePulse Connect SecurePulse Connect Secure Arbitrary Code ExecutionNovember 3, 2021A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution.Apply updates per vendor instructions.April 23, 2021Reference CISA’s ED 21-03 (https://cyber.dhs.gov/ed/21-03/) for further guidance and requirements.
CVE-2021-22900​PulsePulse Connect SecurePulse Connect Secure Arbitrary File Upload VulnerabilityNovember 3, 2021A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.Apply updates per vendor instructions.April 23, 2021Reference CISA’s ED 21-03 (https://cyber.dhs.gov/ed/21-03/) for further guidance and requirements.
CVE-2021-22894​PulsePulse Connect SecurePulse Connect Secure Collaboration Suite Remote Code ExecutionNovember 3, 2021A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room.Apply updates per vendor instructions.April 23, 2021Reference CISA’s ED 21-03 (https://cyber.dhs.gov/ed/21-03/) for further guidance and requirements.
CVE-2020-8260​PulsePulse Connect SecurePulse Connect Secure RCENovember 3, 2021A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.Apply updates per vendor instructions.April 23, 2021Reference CISA’s ED 21-03 (https://cyber.dhs.gov/ed/21-03/) for further guidance and requirements.
CVE-2021-22899​PulsePulse Connect SecurePulse Connect Secure Remote Code ExecutionNovember 3, 2021Allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature.Apply updates per vendor instructions.April 23, 2021Reference CISA’s ED 21-03 (https://cyber.dhs.gov/ed/21-03/) for further guidance and requirements.
CVE-2019-11510​PulsePulse Secure Pulse Connect Secure (PCS)Pulse Secure VPN arbitrary file reading vulnerability (COVID-19-CTI list)November 3, 2021An unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability.Apply updates per vendor instructions.April 23, 2021Reference CISA’s ED 21-03 (https://cyber.dhs.gov/ed/21-03/) for further guidance and requirements.
CVE-2019-11539Pulse SecureConnect Secure, Policy SecurePulse Secure Connect and Policy Secure Multiple Versions Code ExecutionNovember 3, 2021Pulse Secure’s Connect and Policy secure platforms contain a vulnerability in the admin web interface which allows an attacker to inject and execute commands.Apply updates per vendor instructions.May 3, 2022
CVE-2021-1906​QualcommSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon WearablesQualcomm Improper Error Handling VulnerabilityNovember 3, 2021Improper handling of address deregistration on failure can lead to new GPU address allocation failure.Apply updates per vendor instructions.November 17, 2021
CVE-2021-1905​QualcommSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon WearablesQualcomm Use-After-Free VulnerabilityNovember 3, 2021Possible use after free due to improper handling of memory mapping of multiple processes simultaneouslyApply updates per vendor instructions.May 3, 2022
CVE-2020-10221​rConfigrConfigrConfig RCENovember 3, 2021lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter.Apply updates per vendor instructions.May 3, 2022
CVE-2021-35395​RealtekJungle Software Development Kit (SDK)Realtek SDK Arbitrary Code ExecutionNovember 3, 2021Realtek Jungle SDK version v2.x up to v3.4.14B arbitrary code execution.Apply updates per vendor instructions.November 17, 2021
CVE-2017-16651​RoundcubeRoundcube WebmailRoundcube Webmail File Disclosure VulnerabilityNovember 3, 2021Allows unauthorized access to arbitrary files on the host’s filesystem, including configuration files. The issue is related to file-based attachment plugins and _task=settings&_action=upload-display&_from=timezone requests.Apply updates per vendor instructions.May 3, 2022
CVE-2020-11652​SaltStackSaltSaltStack directory traversal failure to sanitize untrusted inputNovember 3, 2021The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.Apply updates per vendor instructions.May 3, 2022
CVE-2020-11651​SaltStackSaltSaltStack Salt Authentication BypassNovember 3, 2021The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication.Apply updates per vendor instructions.May 3, 2022
CVE-2020-16846​SaltStackSaltSaltStack Through 3002 Shell Injection VulnerabilityNovember 3, 2021An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.Apply updates per vendor instructi ons.May 3, 2022
CVE-2018-2380​SAPSAP CRMSAP NetWeaver AS JAVA CRM RCENovember 3, 2021SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing “traverse to parent directory” are passed through to the file APIs.Apply updates per vendor instructions.May 3, 2022
CVE-2016-3976​SAPSAP NetWeaver AS JavaSAP NetWeaver AS Java Directory Traversal VulnerabilityNovember 3, 2021Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971.Apply updates per vendor instructions.May 3, 2022
CVE-2010-5326​SAPSAP NetWeaver Application Server Java platformsSAP NetWeaver AS JAVA RCENovember 3, 2021The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request.Apply updates per vendor instructions.May 3, 2022
CVE-2016-9563​SAPSAP NetWeaver AS JAVASAP NetWeaver AS JAVA XXE VulnerabilityNovember 3, 2021BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909.Apply updates per vendor instructions.May 3, 2022
CVE-2020-6287​SAPSAP NetWeaver AS JAVA (LM Configuration Wizard)SAP Netweaver JAVA remote unauthenticated access vulnerabilityNovember 3, 2021SAP NetWeaver AS JAVA (LM Configuration Wizard), versions – 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system.Apply updates per vendor instructions.May 3, 2022
CVE-2020-6207​SAPSAP Solution Manager (User Experience Monitoring)SAP Solution Manager Missing Authentication Check Complete Compromise of SMD Agents vulnerabilityNovember 3, 2021SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager.Apply updates per vendor instructions.May 3, 2022
​CVE-2016-3976SAPSAP NetWeaver AS JavaSAP NetWeaver AS Java 7.1 – 7.5 Directory Traversal VulnerabilityNovember 3, 2021Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971.Apply updates per vendor instructions.May 3, 2022
CVE-2019-16256​SIMallianceSIMalliance Toolbox (S@T) BrowserSIMalliance Toolbox (S@T) Browser Command and Control VulnerabilityNovember 3, 2021Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker.Apply updates per vendor instructions.May 3, 2022
CVE-2020-10148​SolarWindsSolarWinds Orion PlatformSolarWinds Orion API Authentication Bypass VulnerabilityNovember 3, 2021The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.Apply updates per vendor instructions.May 3, 2022
CVE-2021-35211​SolarWindsSolarWinds nServ-USolarWinds Serv-U Remote Memory Escape VulnerabilityNovember 3, 2021Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability.Apply updates per vendor instructions.November 17, 2021
CVE-2016-3643​SolarWindsSolarWinds Virtualization ManagerSolarWinds Virtualization Manager Privilege Escalation VulnerabilityNovember 3, 2021SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by “sudo cat /etc/passwd.”Apply updates per vendor instructions.May 3, 2022
CVE-2020-10199​SonatypeSonatype Nexus RepositoryNexus Repository Manager 3 Remote Code ExecutionNovember 3, 2021Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).Apply updates per vendor instructions.May 3, 2022
CVE-2021-20021SonicWallSonicWall Email SecuritySonicWall Email Security Privilege Escalation Exploit ChainNovember 3, 2021A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.Apply updates per vendor instructions.November 17, 2021
CVE-2021-20022SonicWallSonicWall Email SecuritySonicWall Email Security Privilege Escalation Exploit ChainNovember 3, 2021SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.Apply updates per vendor instructions.November 17, 2021
CVE-2017-7481SonicWallSMA1000SonicWall SMA100 9.0.0.3 and Earlier SQL InjectionNovember 3, 2021Vulnerability in SonicWall SMA100 versions 9.0.0.3 and earlier allow an unauthenticated user to gain read-only access to unauthorized resources.Apply updates per vendor instructions.May 3, 2022
CVE-2021-20023SonicWallSonicWall Email SecuritySonicWall Email Security Privilege Escalation Exploit ChainNovember 3, 2021SonicWall Email Security version 10.0.9.x c ontains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.Apply updates per vendor instructions.November 17, 2021
CVE-2021-20016​SonicWallSonicWall SSLVPN SMA100SonicWall SSL VPN SMA100 SQL Injection VulnerabilityNovember 3, 2021Allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information in SMA100 build version 10.x.Apply updates per vendor instructions.November 17, 2021
CVE-2020-12271​SophosSophos XG Firewall devicesSophos XG Firewall SQL Injection VulnerabilityNovember 3, 2021A SQL injection issue that causes affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone.Apply updates per vendor instructions.May 3, 2022
CVE-2020-10181​SumavisionSumavision Enhanced Multimedia Router (EMR)Sumavision EMR 3.0 CSRF VulnerabilityNovember 3, 2021goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrary users with elevated privileges (administrator) on a device, as demonstrated by a setString=new_user<*1*>administrator<*1*>123456 request.Apply updates per vendor instructions.May 3, 2022
CVE-2017-6327​SymantecSymantec Messaging GatewaySymantec Messaging Gateway RCENovember 3, 2021The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution.Apply updates per vendor instructions.May 3, 2022
CVE-2019-18988​TeamViewerTeamViewer DesktopTeamViewer Desktop Bypass Remote LoginNovember 3, 2021Allows a bypass of remote-login access control because the same key is used for different customers’ installations.Apply updates per vendor instructions.May 3, 2022
CVE-2017-9248​TelerikASP.NET AJAX and SitefinityTelerik UI for ASP.NET AJAX and Progress Sitefinity Cryptographic Weakness VulnNovember 3, 2021Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey.Apply updates per vendor instructions.May 3, 2022
CVE-2021-31755​TendaTenda AC11 devicesTenda AC11 Up to 02.03.01.104_CN Stack Buffer OverflowNovember 3, 2021Tenda AC11 devices with firmware through 02.03.01.104_CN contain a stack buffer overflow vulnerability in /goform/setmac which allows for arbitrary execution.Apply updates per vendor instructions.November 17, 2021
CVE-2020-10987​TendaTenda AC15 AC1900Tenda Router Code ExecutionNovember 3, 2021The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.Apply updates per vendor instructions.May 3, 2022
CVE-2018-14558​TendaTenda AC7, AC9, and AC10 devicesTenda Router Command Injection VulnerabilityNovember 3, 2021Issue on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the “formsetUsbUnload” function executes a dosystemCmd function with untrusted input.Apply updates per vendor instructions.May 3, 2022
CVE-2018-20062ThinkPHPNoneCmsThinkPHP Remote Code ExecutionNovember 3, 2021Issue in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string.Apply updates per vendor instructions.May 3, 2022
CVE-2019-9082ThinkPHPThinkPHPThinkPHP Remote Code ExecutionNovember 3, 2021ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.Apply updates per vendor instructions.May 3, 2022
CVE-2019-18187​Trend MicroTrend Micro OfficeScanTrend Micro Antivirus 0day Traversal VulnerabilityNovember 3, 2021Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE).Apply updates per vendor instructions.May 3, 2022
CVE-2020-8467​Trend MicroTrend Micro Apex One and OfficeScan XGTrend Micro Apex One (2019) and OfficeScan XG migration tool remote code execution vulnerabilityNovember 3, 2021A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE).Apply updates per vendor instructions.May 3, 2022
CVE-2020-8468​Trend MicroTrend Micro Apex One, OfficeScan XG and Worry-Free Business SecurityTrend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agent content validation escape vulnerabilityNovember 3, 2021Agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components.Apply updates per vendor instructions.May 3, 2022
CVE-2020-24557​Trend MicroTrend Micro Apex One and Worry-Free Business SecurityTrend Micro Apex One and OfficeScan XG Improper Access Control Privilege EscalationNovember 3, 2021A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalationApply updates per vendor instructions.May 3, 2022
CVE-2020-8599​Trend MicroTrend Micro Apex One and OfficeScan XG server Trend Micro Apex One and OfficeScan XG VulnerabilityNovember 3, 2021Server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login.Apply updates per vendor instructions.May 3, 2022
CVE-2021-36742Trend MicroTrend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business SecurityTrend Micro Systems Multiple Products Buffer Overflow – Arbitrary File UploadNovember 3, 2021An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.Apply updates per vendor instructions.November 17, 2021
CVE-2021-36741Trend MicroTrend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business SecurityTrend Micro Systems Multiple Products Buffer Overflow – Arbitrary File UploadNovember 3, 2021An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product’s management console in order to exploit this vulnerability.Apply updates per vendor instructions.November 17, 2021
CVE-2019-20085​TVTNVMS-1000TVT NVMS-1000 Directory TraversalNovember 3, 2021TVT NVMS-1000 devices allow GET /.. Directory TraversalApply updates per vendor instructions.May 3, 2022
CVE-2020-5849​UnraidUnraidUnraid 6.8.0 Authentication BypassNovember 3, 2021Unraid 6.8.0 allows authentication bypass.Apply updates per vendor instructions.May 3, 2022
CVE-2020-5847​UnraidUnraidUnraid 6.8.0 Remote Code ExecutionNovember 3, 2021Unraid through 6.8.0 allows Remote Code Execution.Apply updates per vendor instructions.May 3, 2022
CVE-2019-16759vBulletinvBulletinvBulletin PHP Module RCENovember 3, 2021vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.Apply updates per vendor instructions.May 3, 2022
CVE-2020-17496vBulletinvBulletinvBulletin PHP Module RCENovember 3, 2021vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.Apply updates per vendor instructions.May 3, 2022
CVE-2019-5544VMWareESXi, Horizon DaaS AppliancesVMWare ESXi/Horizon DaaS Appliances Heap-Overwrite VulnerabilityNovember 3, 2021OpenSLP as used in ESXi and the Horizon DaaS appliances have a heap overwrite issue. A malicious actor with network access to port 427 on an ESXi host or on any Horizon DaaS management appliance may be able to overwrite the heap of the OpenSLP service resulting in remote code execution.Apply updates per vendor instructions.May 3, 2022
CVE-2020-3992VMWareESXiOpenSLP as used in VMware ESXiNovember 3, 2021OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.Apply updates per vendor instructions.May 3, 2022
CVE-2020-3950​VMWareVMWare Fusion, VMware Remote Console for Mac, and Horizon Client for MacVMWare Privilege escalation vulnerabilityNovember 3, 2021Privilege escalation vulnerability due to improper use of setuid binaries.Apply updates per vendor instructions.May 3, 2022
CVE-2021-22005​VMWarevCenter ServerVMWare vCenter Server File UploadNovember 3, 2021VMWare vCenter Server file upload vulnerability in the vmware-analytics service that allows to execute code on vCenter Server.Apply updates per vendor instructions.November 17, 2021
CVE-2020-3952​VMWarevCenter ServerVMWare vCenter Server Info Disclosure VulnerabilityNovember 3, 2021Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.Apply updates per vendor instructions.May 3, 2022
CVE-2021-21972​VMWarevCenter ServerVMWare vCenter Server RCENovember 3, 2021The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.Apply updates per vendor instructions.November 17, 2021
CVE-2021-21985​VMWarevCenter ServerVMWare vCenter Server Remote Code ExecutionNovember 3, 2021The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.Apply updates per vendor instructions.November 17, 2021
CVE-2020-4006​VMWareVMWare Workspace One Access, Access Connector, Identity Manager, and Identity Manager ConnectorVMWare Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector Command Injection vulnerabilityNovember 3, 2021VMWare Work space One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.Apply updates per vendor instructions.May 3, 2022
CVE-2020-25213​WordPressFile ManagerWordPress File Manager RCENovember 3, 2021The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension.Apply updates per vendor instructions.May 3, 2022
CVE-2020-11738​WordPressSnap Creek DuplicatorWordPress Snap Creek Duplicator and Duplicator Pro plugins Directory TraversalNovember 3, 2021The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.Apply updates per vendor instructions.May 3, 2022
CVE-2019-9978​WordPressSocial-WarfareWordPress Social-Warfare plugin XSSNovember 3, 2021The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.Apply updates per vendor instructions.May 3, 2022
CVE-2021-27561​YealinkDevice Management PlatformYealink Device Management Server Pre-Authorization SSRFNovember 3, 2021Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authenticationApply updates per vendor instructions.November 17, 2021
CVE-2021-40539​ZohoManageEngine ADSelfServicePlusZoho Corp. ManageEngine ADSelfService Plus Version 6113 and Earlier Authentication BypassNovember 3, 2021Zoho ManageEngine ADSelfService Plus versions 6113 and earlier contain an authentication bypass vulnerability which allows for RCE.Apply updates per vendor instructions.November 17, 2021
CVE-2020-10189​ZohoManageEngine Desktop CentralZoho ManageEngine Desktop Central Remote Code Execution VulnerabilityNovember 3, 2021Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.Apply updates per vendor instructions.May 3, 2022
CVE-2019-8394​ZohoManageEngine ServiceDesk Plus (SDP)Zoho ManageEngine ServiceDesk Plus Arbitrary File Upload VulnerabilityNovember 3, 2021Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.Apply updates per vendor instructions.May 3, 2022
CVE-2020-29583​ZyXELUnified Security Gateway (USG)ZyXEL Unified Security Gateway Undocumented Administrator Account with Default CredentialsNovember 3, 2021Firmware version 4.60 of ZyXEL USG devices contains an undocumented account (zyfwp) with an unchangeable password.Apply updates per vendor instructions.May 3, 2022

Comments

タイトルとURLをコピーしました