[CDP-development] CISA - Update to Known Exploited Vulnerabilities Catalog

MASSE, THERESA theresa.masse at cisa.dhs.gov
Fri Dec 10 15:41:12 PST 2021 

FYSA


[cid:image001.png at 01D7EDE0.A275B800]

CISA has updated the known exploited vulnerabilities catalog<https://www.cisa.gov/known-exploited-vulnerabilities-catalog> based on reliable evidence that threat actors are actively using these vulnerabilities to exploit public or private organizations.

The catalog update reflects the following additions:

CVE Number
CVE Title
CVE-2021-44228<https://nvd.nist.gov/vuln/detail/CVE-2021-44228>
Apache Log4j2 Remote Code Execution
CVE-2021-44515
Zoho Corp. Desktop Central Authentication Bypass Vulnerability
CVE-2021-44168​
Fortinet FortiOS Arbitrary File Download
CVE-2021-35394​<https://nvd.nist.gov/vuln/detail/CVE-2021-35394>
Realtek Jungle SDK Remote Code Execution
CVE-2020-8816​<https://nvd.nist.gov/vuln/detail/CVE-2020-8816>
Pi-Hole AdminLTE Remote Code Execution
CVE-2020-17463​<https://nvd.nist.gov/vuln/detail/CVE-2020-17463>
Fuel CMS SQL Injection Vulnerability
CVE-2019-7238​<https://nvd.nist.gov/vuln/detail/CVE-2019-7238>
Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability
CVE-2019-13272​<https://nvd.nist.gov/vuln/detail/cve-2019-13272>
Linux Kernel Improper Privilege Management Vulnerability
CVE-2019-10758<https://nvd.nist.gov/vuln/detail/CVE-2019-10758>
MongoDB mongo-express Remote Code Execution
CVE-2019-0193​<https://nvd.nist.gov/vuln/detail/CVE-2019-0193>
Apache Solr DataImportHandler Code Injection Vulnerability
CVE-2017-17562<https://nvd.nist.gov/vuln/detail/cve-2017-17562>
Embedthis GoAhead Remote Code Execution
CVE-2017-12149<https://nvd.nist.gov/vuln/detail/CVE-2017-12149>
Red Hat Jboss Application Server Remote Code Execution
CVE-2010-1871<https://nvd.nist.gov/vuln/detail/CVE-2010-1871>
Red Hat Linux JBoss Seam 2 Remote Code Execution


Please see the helpful link below:
Sign up for automated alerts anytime a vulnerability is added.<https://www.cisa.gov/known-exploited-vulnerabilities> 
  
Please contact CISA (via the reporting portal<https://us-cert.cisa.gov/report> or by phone at 1-888-282-0870) to report an intrusion or to request either technical assistance or additional resources for incident response.  


Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image002.png at 01D7EDDC.4526AEB0]


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20211210/fc5d36f7/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 52900 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20211210/fc5d36f7/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 16152 bytes
Desc: image002.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20211210/fc5d36f7/attachment-0003.png>

More information about the CDP-development mailing list