Active threat advisories and known exploited vulnerabilities.

Critical CVE-2022-22960 VMware · Multiple Products Added Apr 15, 2022

VMware Multiple Products Privilege Escalation Vulnerability

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-1364 Google · Chromium V8 Added Apr 15, 2022

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-3929 Crestron · Multiple Products Added Apr 15, 2022

Crestron Multiple Products Command Injection Vulnerability

Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-16057 D-Link · DNS-320 Storage Device Added Apr 15, 2022

D-Link DNS-320 Remote Code Execution Vulnerability

The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2018-7841 Schneider Electric · U.motion Builder Added Apr 15, 2022

Schneider Electric U.motion Builder SQL Injection Vulnerability

A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2016-4523 Trihedral · VTScada (formerly VTS) Added Apr 15, 2022

Trihedral VTScada (formerly VTS) Denial-of-Service Vulnerability

The WAP interface in Trihedral VTScada (formerly VTS) allows remote attackers to cause a denial-of-service (DoS).

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2014-0780 InduSoft · Web Studio Added Apr 15, 2022

InduSoft Web Studio NTWebServer Directory Traversal Vulnerability

InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2010-5330 Ubiquiti · AirOS Added Apr 15, 2022

Ubiquiti AirOS Command Injection Vulnerability

Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2007-3010 Alcatel · OmniPCX Enterprise Added Apr 15, 2022

Alcatel OmniPCX Enterprise Remote Code Execution Vulnerability

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-22954 VMware · Workspace ONE Access and Identity Manager Added Apr 14, 2022

VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability

VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-24521 Microsoft · Windows Added Apr 13, 2022

Microsoft Windows CLFS Driver Privilege Escalation Vulnerability

Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2018-7602 Drupal · Core Added Apr 13, 2022

Drupal Core Remote Code Execution Vulnerability

A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2018-20753 Kaseya · Virtual System/Server Administrator (VSA) Added Apr 13, 2022

Kaseya VSA Remote Code Execution Vulnerability

Kaseya VSA RMM allows unprivileged remote attackers to execute PowerShell payloads on all managed devices.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2015-5123 Adobe · Flash Player Added Apr 13, 2022

Adobe Flash Player Use-After-Free Vulnerability

Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2015-5122 Adobe · Flash Player Added Apr 13, 2022

Adobe Flash Player Use-After-Free Vulnerability

Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2015-3113 Adobe · Flash Player Added Apr 13, 2022

Adobe Flash Player Heap-Based Buffer Overflow Vulnerability

Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2015-2502 Microsoft · Internet Explorer Added Apr 13, 2022

Microsoft Internet Explorer Memory Corruption Vulnerability

Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2015-0313 Adobe · Flash Player Added Apr 13, 2022

Adobe Flash Player Use-After-Free Vulnerability

Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2015-0311 Adobe · Flash Player Added Apr 13, 2022

Adobe Flash Player Remote Code Execution Vulnerability

Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2014-9163 Adobe · Flash Player Added Apr 13, 2022

Adobe Flash Player Stack-Based Buffer Overflow Vulnerability

Stack-based buffer overflow in Adobe Flash Player allows attackers to execute code remotely.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-23176 WatchGuard · Firebox and XTM Added Apr 11, 2022

WatchGuard Firebox and XTM Privilege Escalation Vulnerability

WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2021-42287 Microsoft · Active Directory Added Apr 11, 2022

Microsoft Active Directory Domain Services Privilege Escalation Vulnerability

Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2021-42278 Microsoft · Active Directory Added Apr 11, 2022

Microsoft Active Directory Domain Services Privilege Escalation Vulnerability

Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2021-39793 Google · Pixel Added Apr 11, 2022

Google Pixel Out-of-Bounds Write Vulnerability

Google Pixel contains a possible out-of-bounds write due to a logic error in the code that could lead to local escalation of privilege.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2021-27852 Checkbox · Checkbox Survey Added Apr 11, 2022

Checkbox Survey Deserialization of Untrusted Data Vulnerability

Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed