CISA Bulletins
Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.
Vulnerability Summary for the Week of February 15, 2021
Author: CISA
Posted: February 22, 2021, 1:14 pm
Original release date: February 22, 2021
Read More
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| accellion -- fta | Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later. | 2021-02-16 | 7.2 |
CVE-2021-27102 MISC MISC |
| accellion -- fta | Accellion FTA 9_12_370 and earlier is affected by OS command ex... |
Read More
Vulnerability Summary for the Week of February 8, 2021
Author: CISA
Posted: February 15, 2021, 12:03 pm
Original release date: February 15, 2021
Read More
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- acrobat | Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted jpeg file. An unauthenticated attacker could leverage this vulnerability to achieve arbitra... |
Read More
Vulnerability Summary for the Week of February 1, 2021
Author: CISA
Posted: February 8, 2021, 11:28 am
Original release date: February 8, 2021
Read More
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| accel-ppp -- accel-ppp | Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS server, which can lead to arbitrary code execution. | 2021-02-01 | 7.5 | CVE-2020-28194... |
Read More
Vulnerability Summary for the Week of January 25, 2021
Author: CISA
Posted: February 1, 2021, 12:50 pm
Original release date: February 1, 2021
Read More
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| async-git_project -- async-git | The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag. | 2021-01-26 | 7.5 |
CVE-2021-3190 MISC MISC MISC CONFIRM |
| caret -- caret | A specially crafted Markdown documen... |
Read More
Vulnerability Summary for the Week of January 18, 2021
Author: CISA
Posted: January 25, 2021, 12:38 pm
Original release date: January 25, 2021
Read More
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| arubanetworks -- airwave_glas... |
Read More