US. CISA adds 10 Vulnerabilities to Known Exploited Catalog – August 2022
Share this:
The U.S. CISA has added 10 new vulnerabilities to its Known Exploited Vulnerabilities Catalog with a deadline by September 15th 2022, including a high-severity security flaw CVE-2021-38406 with a CVSS score: of 7.8 impacting Delta Electronics industrial automation software.
According to the US agency, Delta Electronics DOPSoft 2 lacks proper validation of user-supplied data when parsing specific project files (improper input validation). An attacker can trigger the flaw to cause an out-of-bounds write and achieve code execution.
It is important to highlight that there are no security patches to fix this issue and that the impacted product is end-of-life.
CISA also added to the catalog a Sandbox Bypass Vulnerability, tracked as CVE-2021-31010 with a CVSS score: 7.5, in Apple iOS, macOS, and watchOS.
| CVE-2021-38406 | Delta Electronics industrial automation software. |
| CVE-2021-31010 | Sandbox Bypass Vulnerability |
| CVE-2022-26352 | dotCMS Unrestricted Upload of File Vulnerability |
| CVE-2022-24706 | Apache CouchDB Insecure Default Initialization of Resource Vulnerability |
| CVE-2022-24112 | Apache APISIX Authentication Bypass Vulnerability |
| CVE-2022-22963 | VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability |
| CVE-2022-2294 | WebRTC Heap Buffer Overflow Vulnerability |
| CVE-2021-39226 | Grafana Authentication Bypass Vulnerability |
| CVE-2020-36193 | PEAR Archive_Tar Improper Link Resolution Vulnerability |
| CVE-2020-28949 | PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability |
