December 2, 2022

TheCyberThrone

Thinking Security ! Always

CISA Adds 66 Vulnerabilities to Known Exploited Catalog

The U.S. CISA has added 66 vulnerabilities to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies must address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Advertisements

Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure. The new vulnerabilities added to the catalog must be addressed by federal agencies by April 15, 2022.

One of the 66 flaws added to the catalog is the recently discovered Windows CVE-2022-21999 vulnerability, which is a Windows Print Spooler Elevation of Privilege bug. Microsoft addressed this bug with the release of the February 2022 Patch Tuesday updates.

Another issue added to the catalog, tracked as CVE-2022-26318, is an arbitrary code execution in WatchGuard Firebox and XTM Appliances. CISA also added the CVE-2022-26143 vulnerability affecting Mitel MiCollab and MiVoice Business Express that can be exploited by a threat actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial-of-service condition on the affected system.

Advertisements
CVE IDProductVulnerability Name
CVE-2022-26318Firebox and XTM AppliancesWatchGuard Firebox and XTM Appliances Arbitrary Code Execution
CVE-2022-26143MiCollab, MiVoice Business ExpressMiCollab, MiVoice Business Express Access Control Vulnerability
CVE-2022-21999WindowsMicrosoft Windows Print Spooler Privilege Escalation Vulnerability
CVE-2021-42237XPSitecore XP Remote Command Execution Vulnerability
CVE-2021-22941ShareFileCitrix ShareFile Improper Access Control Vulnerability
CVE-2020-9377DIR-610 DevicesD-Link DIR-610 Devices Remote Command Execution
CVE-2020-9054Multiple Network-Attached Storage (NAS) DevicesZyxel Multiple NAS Devices OS Command Injection Vulnerability
CVE-2020-7247OpenSMTPDOpenSMTPD Remote Code Execution Vulnerability
CVE-2020-5410Spring Cloud Configuration (Config) ServerVMware Tanzu Spring Cloud Config Directory Traversal Vulnerability
CVE-2020-25223SG UTMSophos SG UTM Remote Code Execution Vulnerability
CVE-2020-2506HelpdeskQNAP Helpdesk Improper Access Control Vulnerability
CVE-2020-2021PAN-OSPalo Alto PAN-OS Authentication Bypass Vulnerability
CVE-2020-1956KylinApache Kylin OS Command Injection Vulnerability
CVE-2020-1631Junos OSJuniper Junos OS Path Traversal Vulnerability
CVE-2019-6340CoreDrupal Core Remote Code Execution Vulnerability
CVE-2019-2616BI Publisher (Formerly XML Publisher)Oracle BI Publisher Unauthorized Access Vulnerability
CVE-2019-16920Multiple RoutersD-Link Multiple Routers Command Injection Vulnerability
CVE-2019-15107WebminWebmin Command Injection Vulnerability
CVE-2019-12991SD-WAN and NetScalerCitrix SD-WAN and NetScaler Command Injection Vulnerability
CVE-2019-12989SD-WAN and NetScalerCitrix SD-WAN and NetScaler SQL Injection Vulnerability
CVE-2019-11043FastCGI Process Manager (FPM)PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability
CVE-2019-10068XperienceKentico Xperience Deserialization of Untrusted Data Vulnerability
CVE-2019-1003030Matrix Project PluginJenkins Matrix Project Plugin Remote Code Execution Vulnerability
CVE-2019-0903Graphics Device Interface (GDI)Microsoft GDI Remote Code Execution Vulnerability
CVE-2018-8414WindowsMicrosoft Windows Shell Remote Code Execution Vulnerability
CVE-2018-8373Internet Explorer Scripting EngineMicrosoft Scripting Engine Memory Corruption Vulnerability
CVE-2018-6961SD-WAN EdgeVMware SD-WAN Edge by VeloCloud Command Injection Vulnerability
CVE-2018-14839N1A1 NASLG N1A1 NAS Remote Command Execution Vulnerability
CVE-2018-1273Spring Data CommonsVMware Tanzu Spring Data Commons Property Binder Vulnerability
CVE-2018-11138KACE System Management ApplianceQuest KACE System Management Appliance Remote Command Execution Vulnerability
CVE-2018-0147Secure Access Control System (ACS)Cisco Secure Access Control System Java Deserialization Vulnerability
CVE-2018-0125VPN RoutersCisco VPN Routers Remote Code Execution Vulnerability
CVE-2017-6334DGN2200 DevicesNETGEAR DGN2200 Devices OS Command Injection Vulnerability
CVE-2017-6316NetScaler SD-WAN Enterprise, CloudBridge Virtual WAN, and XenMobile ServerCitrix Multiple Products Remote Code Execution Vulnerability
CVE-2017-3881IOS and IOS XECisco IOS and IOS XE Remote Code Execution Vulnerability
CVE-2017-12617TomcatApache Tomcat Remote Code Execution Vulnerability
CVE-2017-12615TomcatApache Tomcat on Windows Remote Code Execution Vulnerability
CVE-2017-0146WindowsMicrosoft Windows SMB Remote Code Execution Vulnerability
CVE-2016-7892Flash PlayerAdobe Flash Player Use-After-Free Vulnerability
CVE-2016-4171Flash PlayerAdobe Flash Player Remote Code Execution Vulnerability
CVE-2016-1555Wireless Access Point (WAP) DevicesNETGEAR Multiple WAP Devices Command Injection Vulnerability
CVE-2016-11021DCS-930L DevicesD-Link DCS-930L Devices OS Command Injection Vulnerability
CVE-2016-10174WNR2000v5 RouterNETGEAR WNR2000v5 Router Buffer Overflow Vulnerability
CVE-2016-0752Ruby on RailsRuby on Rails Directory Traversal Vulnerability
CVE-2015-4068Unified Data Protection (UDP)Arcserve Unified Data Protection (UDP) Directory Traversal Vulnerability
CVE-2015-3035Multiple Archer DevicesTP-Link Multiple Archer Devices Directory Traversal Vulnerability
CVE-2015-1427ElasticsearchElasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability
CVE-2015-1187Multiple DevicesD-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability
CVE-2015-0666Prime Data Center Network Manager (DCNM)Cisco Prime Data Center Network Manager (DCNM) Directory Traversal Vulnerability
CVE-2014-6332Windows Object Linking and Embedding (OLE)Microsoft Windows OLE Automation Array Remote Code Execution Vulnerability
CVE-2014-6324Kerberos Key Distribution Center (KDC)Microsoft Kerberos Key Distribution Center (KDC) Privilege Escalation Vulnerability
CVE-2014-6287HTTP File Server (HFS)Rejetto HTTP File Server (HFS) Remote Code Execution Vulnerability
CVE-2014-3120ElasticsearchElasticsearch Remote Code Execution Vulnerability
CVE-2014-0130Ruby on RailsRuby on Rails Directory Traversal Vulnerability
CVE-2013-5223DSL-2760UD-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability
CVE-2013-4810ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle ManagementHP Multiple Products Remote Code Execution Vulnerability
CVE-2013-2251StrutsApache Struts Improper Input Validation Vulnerability
CVE-2012-1823PHPPHP-CGI Query String Parameter Vulnerability
CVE-2010-4345EximExim Privilege Escalation Vulnerability
CVE-2010-4344EximExim Heap-Based Buffer Overflow Vulnerability
CVE-2010-3035IOS XRCisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability
CVE-2010-2861ColdFusionAdobe ColdFusion Directory Traversal Vulnerability
CVE-2009-2055IOS XRCisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability
CVE-2009-1151phpMyAdminphpMyAdmin Remote Code Execution Vulnerability
CVE-2009-0927Reader and AcrobatAdobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability
CVE-2005-2773OpenView Network Node ManagerHP OpenView Network Node Manager Remote Code Execution Vulnerability

%d bloggers like this: