CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
- CVE-2022-22265 Samsung Mobile Devices Use-After-Free Vulnerability
- CVE-2014-8361 Realtek SDK Improper Input Validation Vulnerability
- CVE-2017-6884 Zyxel EMG2926 Routers Command Injection Vulnerability
- CVE-2021-3129 Laravel Ignition File Upload Vulnerability
- CVE-2022-31459 Owl Labs Meeting Owl Inadequate Encryption Strength Vulnerability
- CVE-2022-31461 Owl Labs Meeting Owl Missing Authentication for Critical Function Vulnerability
- CVE-2022-31462 Owl Labs Meeting Owl Use of Hard-coded Credentials Vulnerability
- CVE-2022-31463 Owl Labs Meeting Owl Improper Authentication Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column—which will sort by descending dates.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: