US-CERT Bulletins

CISA Bulletins

Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

Vulnerability Summary for the Week of February 15, 2021

Author: CISA
Posted: February 22, 2021, 1:14 pm
Original release date: February 22, 2021

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
accellion -- fta Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later. 2021-02-16 7.2 CVE-2021-27102
MISC
MISC
accellion -- fta Accellion FTA 9_12_370 and earlier is affected by OS command ex...

Read More

Vulnerability Summary for the Week of February 8, 2021

Author: CISA
Posted: February 15, 2021, 12:03 pm
Original release date: February 15, 2021

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adobe -- acrobat Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted jpeg file. An unauthenticated attacker could leverage this vulnerability to achieve arbitra...

Read More

Vulnerability Summary for the Week of February 1, 2021

Author: CISA
Posted: February 8, 2021, 11:28 am
Original release date: February 8, 2021

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
accel-ppp -- accel-ppp Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS server, which can lead to arbitrary code execution. 2021-02-01 7.5 CVE-2020-28194...

Read More

Vulnerability Summary for the Week of January 25, 2021

Author: CISA
Posted: February 1, 2021, 12:50 pm
Original release date: February 1, 2021

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
async-git_project -- async-git The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag. 2021-01-26 7.5 CVE-2021-3190
MISC
MISC
MISC
CONFIRM
caret -- caret A specially crafted Markdown documen...

Read More

Vulnerability Summary for the Week of January 18, 2021

Author: CISA
Posted: January 25, 2021, 12:38 pm
Original release date: January 25, 2021

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
arubanetworks -- airwave_glas...

Read More