December 9, 2023

The US CISA has added nine new flaws to its collection of actively exploited vulnerabilities, including two recently patched zero-days impacting Google Chrome and Adobe Commerce/Magento Open Source.

The Chrome vulnerability (CVE-2022-0609) is a high severity use after free bug that can let attackers execute arbitrary code or escape the browser’s security sandbox on computers running unpatched Chrome versions addressed in Chrome 98.0.4758.102.

Adobe released an emergency update to fix a critical flaw (CVE-2022-24086) exploited in the wild “in very limited attacks” to gain remote code execution using exploits targeting Adobe Commerce and Magento Open-Source versions 2.4.3-p1/2.3.7-p2.

CVE Number CVE TitleRemediation Due Date
CVE-2022-24086Adobe Commerce and Magento Open-Source Improper Input Validation Vulnerability3/1/2022
CVE-2022-0609Google Chrome Use-After-Free Vulnerability3/1/2022
CVE-2019-0752Microsoft Internet Explorer Type Confusion Vulnerability8/15/2022
CVE-2018-8174Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability8/15/2022
CVE-2018-20250WinRAR Absolute Path Traversal Vulnerability8/15/2022
CVE-2018-15982Adobe Flash Player Use-After-Free Vulnerability8/15/2022
CVE-2017-9841PHPUnit Command Injection Vulnerability8/15/2022
CVE-2014-1761Microsoft Word Memory Corruption Vulnerability8/15/2022
CVE-2013-3906Microsoft Graphics Component Memory Corruption Vulnerability8/15/2022

The complete list of nine flaws added today to CISA’s Known Exploited Vulnerabilities Catalog includes a mix of old and new bugs, ranging from 2013 to 2022.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.