FYSA
[cid:image001.png@01D7EDE0.A275B800]
CISA has updated the known exploited vulnerabilities
catalog<https://www.cisa.gov/known-exploited-vulnerabilities-catalog> based on
reliable evidence that threat actors are actively using these vulnerabilities
to exploit public or private organizations.
The catalog update reflects the following additions:
CVE Number
CVE Title
CVE-2021-44228<https://nvd.nist.gov/vuln/detail/CVE-2021-44228>
Apache Log4j2 Remote Code Execution
CVE-2021-44515
Zoho Corp. Desktop Central Authentication Bypass Vulnerability
CVE-2021-44168
Fortinet FortiOS Arbitrary File Download
CVE-2021-35394<https://nvd.nist.gov/vuln/detail/CVE-2021-35394>
Realtek Jungle SDK Remote Code Execution
CVE-2020-8816<https://nvd.nist.gov/vuln/detail/CVE-2020-8816>
Pi-Hole AdminLTE Remote Code Execution
CVE-2020-17463<https://nvd.nist.gov/vuln/detail/CVE-2020-17463>
Fuel CMS SQL Injection Vulnerability
CVE-2019-7238<https://nvd.nist.gov/vuln/detail/CVE-2019-7238>
Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability
CVE-2019-13272<https://nvd.nist.gov/vuln/detail/cve-2019-13272>
Linux Kernel Improper Privilege Management Vulnerability
CVE-2019-10758<https://nvd.nist.gov/vuln/detail/CVE-2019-10758>
MongoDB mongo-express Remote Code Execution
CVE-2019-0193<https://nvd.nist.gov/vuln/detail/CVE-2019-0193>
Apache Solr DataImportHandler Code Injection Vulnerability
CVE-2017-17562<https://nvd.nist.gov/vuln/detail/cve-2017-17562>
Embedthis GoAhead Remote Code Execution
CVE-2017-12149<https://nvd.nist.gov/vuln/detail/CVE-2017-12149>
Red Hat Jboss Application Server Remote Code Execution
CVE-2010-1871<https://nvd.nist.gov/vuln/detail/CVE-2010-1871>
Red Hat Linux JBoss Seam 2 Remote Code Execution
Please see the helpful link below:
Sign up for automated alerts anytime a vulnerability is
added.<https://www.cisa.gov/known-exploited-vulnerabilities>
Please contact CISA (via the reporting portal<https://us-cert.cisa.gov/report>
or by phone at 1-888-282-0870) to report an intrusion or to request either
technical assistance or additional resources for incident response.
Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse@xxxxxxxxxxxx<mailto:theresa.masse@xxxxxxxxxxxx>
[cid:image002.png@01D7EDDC.4526AEB0]