US-CERT Bulletins

CISA Bulletins

Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

Vulnerability Summary for the Week of May 3, 2021

Author: CISA
Posted: May 10, 2021, 10:50 am
Original release date: May 10, 2021

 

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

...
Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
ambarella -- oryx_rtsp_server

Read More

Vulnerability Summary for the Week of April 26, 2021

Author: CISA
Posted: May 3, 2021, 12:20 pm
Original release date: May 3, 2021

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
avaya -- session_border_controller_for_enterprise A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Ses...

Read More

Vulnerability Summary for the Week of April 19, 2021

Author: CISA
Posted: April 26, 2021, 11:37 am
Original release date: April 26, 2021

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adobe -- robohelp Adobe Robohelp version 2020.0.3 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with permissions to write to the file system could leverage this vulnerability to escalate privileges. 2021-04-19 9.3 CVE-2...

Read More

Vulnerability Summary for the Week of April 12, 2021

Author: CISA
Posted: April 19, 2021, 11:06 am
Original release date: April 19, 2021

 

High Vulnerabilities

...
Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
dreamreport -- dream_report A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability.

Read More

Vulnerability Summary for the Week of April 5, 2021

Author: CISA
Posted: April 12, 2021, 10:51 am
Original release date: April 12, 2021

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apple -- ipad_os An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. 2021-04-02 7.5 CVE-2021-1794
MISC
apple -- ipad_os An out-of-bounds write was addressed wi...

Read More