[CDP-development] CISA - Managing the Significant Risk of Known Exploited Vulnerabilities – New Vulnerabilities Added to Repository

Masse, Theresa theresa.masse at cisa.dhs.gov
Mon Mar 7 14:34:06 PST 2022 

FYSA

[cid:image002.png at 01D83230.656386B0]

CISA has updated the known exploited vulnerabilities catalog<https://www.cisa.gov/known-exploited-vulnerabilities-catalog> based on reliable evidence that threat actors are actively using these vulnerabilities to exploit public or private organizations. Please note, these entries are not part of last week's addition of 95 vulnerabilities; however, are known to be publicly exploited by APT and/or criminal actors.

The catalog update reflects the following additions:
CVE Number
CVE Title
CVE-2022-26486
Mozilla Firefox Use-After-Free Vulnerability
CVE-2022-26485
Mozilla Firefox Use-After-Free Vulnerability
CVE-2021-21973
VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability
CVE-2020-8218
Pulse Connect Secure Code Injection Vulnerability
CVE-2019-11581
Atlassian Jira Server and Data Center Server-Side Template Injection Vulnerability
CVE-2017-6077
NETGEAR DGN2200 Remote Code Execution Vulnerability
CVE-2016-6277
NETGEAR Multiple Routers Remote Code Execution Vulnerability
CVE-2013-0631
Adobe ColdFusion Information Disclosure Vulnerability
CVE-2013-0629
Adobe ColdFusion Directory Traversal Vulnerability
CVE-2013-0625
Adobe ColdFusion Authentication Bypass Vulnerability
CVE-2009-3960
Adobe BlazeDS Information Disclosure Vulnerability

Please see the helpful link below:
Sign up for automated alerts anytime a vulnerability is added.<https://www.cisa.gov/known-exploited-vulnerabilities> 
  

Please contact CISA Central (via the reporting portal<https://us-cert.cisa.gov/report> or by phone at 1-888-282-0870) to report an intrusion or to request either technical assistance or additional resources for incident response.

Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image005.png at 01D8322F.A397B5B0]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220307/b81b124e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 16152 bytes
Desc: image005.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220307/b81b124e/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 103799 bytes
Desc: image002.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220307/b81b124e/attachment-0003.png>

More information about the CDP-development mailing list