
The US CISA has added nine new flaws to its collection of actively exploited vulnerabilities, including two recently patched zero-days impacting Google Chrome and Adobe Commerce/Magento Open Source.
The Chrome vulnerability (CVE-2022-0609) is a high severity use after free bug that can let attackers execute arbitrary code or escape the browser’s security sandbox on computers running unpatched Chrome versions addressed in Chrome 98.0.4758.102.
Adobe released an emergency update to fix a critical flaw (CVE-2022-24086) exploited in the wild “in very limited attacks” to gain remote code execution using exploits targeting Adobe Commerce and Magento Open-Source versions 2.4.3-p1/2.3.7-p2.
CVE Number | CVE Title | Remediation Due Date |
CVE-2022-24086 | Adobe Commerce and Magento Open-Source Improper Input Validation Vulnerability | 3/1/2022 |
CVE-2022-0609 | Google Chrome Use-After-Free Vulnerability | 3/1/2022 |
CVE-2019-0752 | Microsoft Internet Explorer Type Confusion Vulnerability | 8/15/2022 |
CVE-2018-8174 | Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability | 8/15/2022 |
CVE-2018-20250 | WinRAR Absolute Path Traversal Vulnerability | 8/15/2022 |
CVE-2018-15982 | Adobe Flash Player Use-After-Free Vulnerability | 8/15/2022 |
CVE-2017-9841 | PHPUnit Command Injection Vulnerability | 8/15/2022 |
CVE-2014-1761 | Microsoft Word Memory Corruption Vulnerability | 8/15/2022 |
CVE-2013-3906 | Microsoft Graphics Component Memory Corruption Vulnerability | 8/15/2022 |
The complete list of nine flaws added today to CISA’s Known Exploited Vulnerabilities Catalog includes a mix of old and new bugs, ranging from 2013 to 2022.