US-CERT Bulletins

CISA Bulletins

Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

Vulnerability Summary for the Week of September 7, 2020

Author: CISA
Posted: September 14, 2020, 7:20 am
Original release date: September 14, 2020

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
cisco -- fxos A vulnerability in Cisco FXOS Software could allow an authenticated, local attacker with administrative credentials to cause a buffer overflow condition. The vulnerability is due to incorrect bounds checking of values that are parsed from a specific file. An attacker could exploit this vulnerabil...

Read More

Vulnerability Summary for the Week of August 31, 2020

Author: CISA
Posted: September 7, 2020, 7:05 am
Original release date: September 7, 2020

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
arr-flatten-unflatten_project -- arr-flatten-unflatten All versions of package arr-flatten-unflatten are vulnerable to Prototype Pollution via the constructor. 2020-09-01 7.5 CVE-2020-7713
CONFIRM
canonical -- checkinstall checkinstall 1.6.2, when used to create a package that contains...

Read More

Vulnerability Summary for the Week of August 24, 2020

Author: CISA
Posted: August 31, 2020, 7:22 am
Original release date: August 31, 2020

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
13enforme -- 13enforme_cms 13enforme CMS 1.0 has SQL Injection via the 'content.php' id parameter. 2020-08-27 7.5 CVE-2020-23979
MISC
cellopoint -- cellos Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attack...

Read More

Vulnerability Summary for the Week of August 17, 2020

Author: CISA
Posted: August 24, 2020, 6:48 am
Original release date: August 24, 2020

 

High Vulnerabilities

...
Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adobe -- acrobat_dc Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass. 2020-08-19 7.1 CVE-2020-9712
MISC
MISC

Read More

Vulnerability Summary for the Week of August 10, 2020

Author: CISA
Posted: August 17, 2020, 10:36 am
Original release date: August 17, 2020

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apache -- http_server Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE 2020-08-07 7.5 CVE-2020-11984
MLIST
MLIST
MLIST
MLIST
MLIST
MISC
MLIST
MLIST
GENTOO
CONFIRM
digitus -- da-70254_firmware DIGITUS DA-70254 4-Port Gigabit N...

Read More