CISA Bulletins
Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.
Vulnerability Summary for the Week of November 15, 2021
Author: CISA
Posted: November 22, 2021, 12:03 pm
Original release date: November 22, 2021
Read More
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- after_effects | Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must o... |
Read More
Vulnerability Summary for the Week of November 8, 2021
Author: CISA
Posted: November 15, 2021, 12:05 pm
Original release date: November 15, 2021
Read More
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| airangel -- hsmx-app-25_firmware | Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Execution. | 2021-11-10 | 10 |
CVE-2021-40521 MISC MISC |
| asgaros -- asgaros_forum | The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a ... |
Read More
Vulnerability Summary for the Week of November 1, 2021
Author: CISA
Posted: November 8, 2021, 2:21 pm
Original release date: November 8, 2021
Read More
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| aaptjs_project -- aaptjs | An issue was discovered in the crunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | 2021-10-31 | 7.5 |
CVE-2020-36380 MISC |
| aaptjs_project -- aaptjs | An issue was discovered in the remove function in shenzhi... |
Read More
Vulnerability Summary for the Week of October 25, 2021
Author: CISA
Posted: November 1, 2021, 10:47 am
Original release date: November 1, 2021
Read More
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- storm | An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x ... |
Read More
Vulnerability Summary for the Week of October 18, 2021
Author: CISA
Posted: October 25, 2021, 11:07 am
Original release date: October 25, 2021
Read More
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- ops-cli | Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary code execution when the checkout_repo function is called on a maliciously crafted file. An attacker can leverage this to execute arbitrary code on the victim machine. | 2021... |
Read More