October 3, 2023

CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. With this addition, the catalog numbers surpasses 1000 vulnerabilities

  • CVE-2022-22265 Samsung Mobile Devices Use-After-Free Vulnerability
  • CVE-2014-8361 Realtek SDK Improper Input Validation Vulnerability
  • CVE-2017-6884 Zyxel EMG2926 Routers Command Injection Vulnerability
  • CVE-2021-3129 Laravel Ignition File Upload Vulnerability
  • CVE-2022-31459 Owl Labs Meeting Owl Inadequate Encryption Strength Vulnerability
  • CVE-2022-31461 Owl Labs Meeting Owl Missing Authentication for Critical Function Vulnerability
  • CVE-2022-31462 Owl Labs Meeting Owl Use of Hard-coded Credentials Vulnerability
  • CVE-2022-31463 Owl Labs Meeting Owl Improper Authentication Vulnerability

CISA sets the due date for remediation these vulnerabilities 9th October 2023 for all government agencies.

Other vulnerabilities added to the catalog in this month

  • CVE-2023-33246 – Apache RocketMQ Command Execution Vulnerability
  • CVE-2023-41064 – Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability
  • CVE-2023-41061 – Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability
  • CVE-2023-36761 – Microsoft Word Information Disclosure Vulnerability
  • CVE-2023-36802 – Microsoft Streaming Service Proxy Privilege Escalation Vulnerability
  • CVE-2023-35674 – Android Framework Privilege Escalation Vulnerability
  • CVE-2023-20269 – Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability
  • CVE-2023-4863 – Google Chromium WebP Heap-Based Buffer Overflow Vulnerability
  • CVE-2023-26369 – Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability

Leave a Reply

%d bloggers like this: