[CDP-development] Managing the Significant Risk of Known Exploited Vulnerabilities – New Vulnerabilities Added to Repository

MASSE, THERESA theresa.masse at cisa.dhs.gov
Mon Jan 10 12:31:35 PST 2022 

FYSA


[cid:image003.png at 01D8061E.005FBF10]

CISA has updated the known exploited vulnerabilities catalog<https://www.cisa.gov/known-exploited-vulnerabilities-catalog> based on reliable evidence that threat actors are actively using these vulnerabilities to exploit public or private organizations.

The catalog update reflects the following additions:
CVE Number
CVE Title
CVE-2021-22017
VMware vCenter Server Improper Access Control
CVE-2021-36260
Hikvision Improper Input Validation
CVE-2020-6572​
Google Chrome Prior to 81.0.4044.92 Use-After-Free
CVE-2019-1458
Microsoft Win32K Elevation of Privilege
CVE-2013-3900​
Microsoft WinVerifyTrust function Remote Code Execution
CVE-2019-2725
Oracle WebLogic Server, Injection
CVE-2019-9670
Synacor Zimbra Collaboration Suite Improper Restriction of XML External Entity Reference
CVE-2018-13382
Fortinet FortiOS and FortiProxy Improper Authorization
CVE-2018-13383
Fortinet FortiOS and FortiProxy Out-of-bounds Write
CVE-2019-1579
Palo Alto Networks PAN-OS Remote Code Execution
CVE-2019-10149
Exim Mail Transfer Agent (MTA) Improper Input Validation
CVE-2015-7450
IBM WebSphere Application Server and Server Hypervisor Edition Code Injection.
CVE-2017-1000486
Primetek Primefaces Remote Code Execution
CVE-2019-7609
Kibana Arbitrary Code Execution
CVE-2021-27860
FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit


Please see the helpful link below:
Sign up for automated alerts anytime a vulnerability is added.<https://www.cisa.gov/known-exploited-vulnerabilities> 

Please contact CISA (via the reporting portal<https://us-cert.cisa.gov/report> or by phone at 1-888-282-0870) to report an intrusion or to request either technical assistance or additional resources for incident response.


Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image002.png at 01D8061D.ED38A3C0]


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220110/85bde909/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 104125 bytes
Desc: image005.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220110/85bde909/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.jpg
Type: image/jpeg
Size: 5129 bytes
Desc: image006.jpg
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220110/85bde909/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 16152 bytes
Desc: image002.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220110/85bde909/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 103799 bytes
Desc: image003.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220110/85bde909/attachment-0005.png>

More information about the CDP-development mailing list