[oagitm] CISA - Update to Known Exploited Vulnerabilities Catalog

• From: "MASSE THERESA" <dmarc-noreply@xxxxxxxxxxxxx> ("theresa.masse")
• To: "oagitm@xxxxxxxxxxxxx" <oagitm@xxxxxxxxxxxxx>
• Date: Fri, 10 Dec 2021 23:40:36 +0000

FYSA


[cid:image001.png@01D7EDE0.A275B800]

CISA has updated the known exploited vulnerabilities 
catalog<https://www.cisa.gov/known-exploited-vulnerabilities-catalog> based on 
reliable evidence that threat actors are actively using these vulnerabilities 
to exploit public or private organizations.

The catalog update reflects the following additions:

CVE Number
CVE Title
CVE-2021-44228<https://nvd.nist.gov/vuln/detail/CVE-2021-44228>
Apache Log4j2 Remote Code Execution
CVE-2021-44515
Zoho Corp. Desktop Central Authentication Bypass Vulnerability
CVE-2021-44168​
Fortinet FortiOS Arbitrary File Download
CVE-2021-35394​<https://nvd.nist.gov/vuln/detail/CVE-2021-35394>
Realtek Jungle SDK Remote Code Execution
CVE-2020-8816​<https://nvd.nist.gov/vuln/detail/CVE-2020-8816>
Pi-Hole AdminLTE Remote Code Execution
CVE-2020-17463​<https://nvd.nist.gov/vuln/detail/CVE-2020-17463>
Fuel CMS SQL Injection Vulnerability
CVE-2019-7238​<https://nvd.nist.gov/vuln/detail/CVE-2019-7238>
Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability
CVE-2019-13272​<https://nvd.nist.gov/vuln/detail/cve-2019-13272>
Linux Kernel Improper Privilege Management Vulnerability
CVE-2019-10758<https://nvd.nist.gov/vuln/detail/CVE-2019-10758>
MongoDB mongo-express Remote Code Execution
CVE-2019-0193​<https://nvd.nist.gov/vuln/detail/CVE-2019-0193>
Apache Solr DataImportHandler Code Injection Vulnerability
CVE-2017-17562<https://nvd.nist.gov/vuln/detail/cve-2017-17562>
Embedthis GoAhead Remote Code Execution
CVE-2017-12149<https://nvd.nist.gov/vuln/detail/CVE-2017-12149>
Red Hat Jboss Application Server Remote Code Execution
CVE-2010-1871<https://nvd.nist.gov/vuln/detail/CVE-2010-1871>
Red Hat Linux JBoss Seam 2 Remote Code Execution


Please see the helpful link below:
Sign up for automated alerts anytime a vulnerability is 
added.<https://www.cisa.gov/known-exploited-vulnerabilities> 
  
Please contact CISA (via the reporting portal<https://us-cert.cisa.gov/report> 
or by phone at 1-888-282-0870) to report an intrusion or to request either 
technical assistance or additional resources for incident response.  


Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse@xxxxxxxxxxxx<mailto:theresa.masse@xxxxxxxxxxxx>

[cid:image002.png@01D7EDDC.4526AEB0]

Other related posts:

• » [oagitm] CISA - Update to Known Exploited Vulnerabilities Catalog - MASSE THERESA

1. Home
2. oagitm
3. Archive
4. 12-2021

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---