US-CERT Bulletins

CISA Bulletins

Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

Vulnerability Summary for the Week of July 26, 2021

Author: CISA
Posted: August 2, 2021, 11:05 am
Original release date: August 2, 2021

 

High Vulnerabilities

...
Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
naviwebs -- navigatecms In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `products-order` through a post request, which results in arbitrary sql query execution in the backend database. 2021-07-26 7.5 CVE-2021-37473
MISC
MISC
MISC

Read More

Vulnerability Summary for the Week of July 19, 2021

Author: CISA
Posted: July 26, 2021, 10:44 am
Original release date: July 26, 2021

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
dlink -- dir-3040_firmware A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability. 2021-07-16 7.5 CVE-2021-...

Read More

Vulnerability Summary for the Week of July 12, 2021

Author: CISA
Posted: July 19, 2021, 10:50 am
Original release date: July 19, 2021

 

High Vulnerabilities

...
Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
echobh -- sharecare Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities when processing remote input from both authenticated and unauthenticated users, leading to the ability to bypass authentication, exfiltrate Structured Query Language (SQL) records, and manipulate data. 2021-07-13 7.5

Read More

Vulnerability Summary for the Week of July 5, 2021

Author: CISA
Posted: July 12, 2021, 12:18 pm
Original release date: July 12, 2021

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
artware_cms_project -- artware_cms ARTWARE CMS parameter of image upload function does not filter the type of upload files which allows remote attackers can upload arbitrary files without logging in, and further execute code unrestrictedly. 2021-07-07 7.5 CVE-2021-32538
CONFIRM
beardev -- joo...

Read More

Vulnerability Summary for the Week of June 28, 2021

Author: CISA
Posted: July 5, 2021, 11:06 am
Original release date: July 5, 2021

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adobe -- after_effects Adobe After Effects version 18.1 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An unauthenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction. 2021-06...

Read More