September 27, 2022

TheCyberThrone

Thinking Security ! Always

US. CISA adds 10 Vulnerabilities to Known Exploited Catalog – August 2022

The U.S. CISA has added 10 new vulnerabilities to its Known Exploited Vulnerabilities Catalog with a deadline by September 15th 2022, including a high-severity security flaw CVE-2021-38406 with a CVSS score: of 7.8 impacting Delta Electronics industrial automation software.

According to the US agency, Delta Electronics DOPSoft 2 lacks proper validation of user-supplied data when parsing specific project files (improper input validation). An attacker can trigger the flaw to cause an out-of-bounds write and achieve code execution.

Advertisements

It is important to highlight that there are no security patches to fix this issue and that the impacted product is end-of-life.

CISA also added to the catalog a Sandbox Bypass Vulnerability, tracked as CVE-2021-31010 with a CVSS score: 7.5, in Apple iOS, macOS, and watchOS.

CVE-2021-38406Delta Electronics industrial automation software.
CVE-2021-31010Sandbox Bypass Vulnerability
CVE-2022-26352dotCMS Unrestricted Upload of File Vulnerability
CVE-2022-24706Apache CouchDB Insecure Default Initialization of Resource Vulnerability
CVE-2022-24112Apache APISIX Authentication Bypass Vulnerability
CVE-2022-22963VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability
CVE-2022-2294WebRTC Heap Buffer Overflow Vulnerability
CVE-2021-39226Grafana Authentication Bypass Vulnerability
CVE-2020-36193PEAR Archive_Tar Improper Link Resolution Vulnerability
CVE-2020-28949PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability
%d bloggers like this: