Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cisaCISACISA:128CACDAC4A49084B5132404C3E20B9D
HistoryMar 07, 2022 - 12:00 a.m.

CISA Adds 11 Known Exploited Vulnerabilities to Catalog

2022-03-0700:00:00
us-cert.cisa.gov
39

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

CISA has added 11 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise. **Note:**to view the newly added vulnerabilities in the catalog, click on the arrow on the of the β€œDate Added to Catalog” column, which will sort by descending dates.

CVE ID Vulnerability Name Due Date
CVE-2022-26486 Mozilla Firefox Use-After-Free Vulnerability 3/21/2022
CVE-2022-26485 Mozilla Firefox Use-After-Free Vulnerability 3/21/2022
CVE-2021-21973 VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability 3/21/2022
CVE-2020-8218 Pulse Connect Secure Code Injection Vulnerability 9/7/2022
CVE-2019-11581 Atlassian Jira Server and Data Center Server-Side Template Injection Vulnerability 9/7/2022
CVE-2017-6077 NETGEAR DGN2200 Remote Code Execution Vulnerability 9/7/2022
CVE-2016-6277 NETGEAR Multiple Routers Remote Code Execution Vulnerability 9/7/2022
CVE-2013-0631 Adobe ColdFusion Information Disclosure Vulnerability 9/7/2022
CVE-2013-0629 Adobe ColdFusion Directory Traversal Vulnerability 9/7/2022
CVE-2013-0625 Adobe ColdFusion Authentication Bypass Vulnerability 9/7/2022
CVE-2009-3960 Adobe BlazeDS Information Disclosure Vulnerability 9/7/2022

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

We recently updated our anonymous product survey; we’d welcome your feedback.

Related

threatpost 6
nessus 25
packetstorm 6
securityvulns 3
openvas 27
debian 5
suse 2
osv 5
ubuntu 1
redos 1
kaspersky 3
mageia 2
malwarebytes 1
altlinux 2
thn 6
mozilla 1
slackware 1
seebug 3
githubexploit 8
checkpoint_advisories 9
nuclei 3
cisa_kev 11
atlassian 2
attackerkb 12
prion 13
cve 13
d2 1
zdt 3
dsquare 1
myhack58 1
exploitpack 2
exploitdb 3
alpinelinux 2
redhatcve 2
fedora 1
debiancve 2
ubuntucve 2
veracode 2
hivepro 1
ibm 1
cert 1
cisa 1
rapid7blog 1
vmware 1
threatpost
threatpost
Adobe Patches Four ColdFusion Flaws Exploited in Wild
2013-01-15 20:06:17
Adobe ColdFusion Exploits in Wild; Patch Remains Week Away
2013-01-07 17:06:28
Critical Firefox Zero-Day Bugs Allow RCE, Sandbox Escape
2022-03-07 16:19:15
nessus
nessus
Adobe ColdFusion Multiple Vulnerabilities (APSB13-03) (credentialed check)
2013-05-21 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5314-1)
2022-03-06 00:00:00
Mozilla Firefox < 97.0.2
2022-03-07 00:00:00
packetstorm
packetstorm
Adobe ColdFusion APSB13-03 Command Execution
2013-04-10 00:00:00
Netgear R6400 Remote Code Execution
2019-12-17 00:00:00
Adobe XML Injection File Content Disclosure
2017-04-11 00:00:00
securityvulns
securityvulns
Adobe ColdFusion multiple security vulnerabilities
2013-01-14 00:00:00
Adobe multiple server application information leak
2010-02-25 00:00:00
Multiple Adobe Products - XML External Entity And XML Injection Vulnerabilities
2010-02-25 00:00:00
openvas
openvas
Adobe ColdFusion Multiple Vulnerabilities (APSB13-03)
2014-05-06 00:00:00
Debian: Security Advisory (DSA-5094-1)
2022-03-10 00:00:00
Mozilla Firefox Security Advisory (MFSA2022-09) - Mac OS X
2022-03-07 00:00:00
debian
debian
[SECURITY] [DLA 2933-1] firefox-esr security update
2022-03-07 10:36:48
[SECURITY] [DSA 5090-1] firefox-esr security update
2022-03-06 20:43:23
[SECURITY] [DSA 5094-1] thunderbird security update
2022-03-08 19:52:26
suse
suse
Security update for MozillaThunderbird (important)
2022-03-10 00:00:00
Security update for MozillaFirefox (important)
2022-03-09 00:00:00
osv
osv
thunderbird - security update
2022-03-08 00:00:00
firefox-esr - security update
2022-03-06 00:00:00
thunderbird - security update
2022-03-09 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2022-03-06 00:00:00
redos
redos
ROS-20220309-02
2022-03-09 00:00:00
kaspersky
kaspersky
KLA12469 Multiple vulnerabilities in Mozilla Firefox ESR
2022-03-05 00:00:00
KLA12470 Multiple vulnerabilities in Mozilla Firefox
2022-03-05 00:00:00
KLA12475 Multiple vulnerabilities in Mozilla Thunderbird
2022-03-05 00:00:00
mageia
mageia
Updated firefox packages fix security vulnerabilities
2022-03-06 13:40:17
Updated thunderbird packages fix security vulnerabilities
2022-03-08 21:56:13
malwarebytes
malwarebytes
Update now! Mozilla patches two actively exploited vulnerabilities
2022-03-07 20:25:18
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 91.6.1-alt1
2022-03-11 00:00:00
Security fix for the ALT Linux 10 package thunderbird version 91.6.2-alt1
2022-03-15 00:00:00
thn
thn
2 New Mozilla Firefox 0-Day Bugs Under Active Attack β€” Patch Your Browser ASAP!
2022-03-07 04:21:00
Security updates for available for Adobe Flash Player and ColdFusion vulnerabilities
2013-11-13 16:22:00
Security updates for available for Adobe Flash Player and ColdFusion vulnerabilities
2013-11-13 05:22:00
mozilla
mozilla
Security Vulnerabilities fixed in Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0 β€” Mozilla
2022-03-05 00:00:00
slackware
slackware
[slackware-security] mozilla-firefox
2022-03-05 20:04:04
seebug
seebug
Adobe ColdFusion APSB13-03 Remote Exploit
2014-07-01 00:00:00
Multiple Adobe Products XML External Entity And XML Injection Vulnerabilities
2010-02-22 00:00:00
Adobe ColdFusion ιͺŒθ―η»•θΏ‡ζΌζ΄ž(CVE-2013-0625)
2013-01-09 00:00:00
githubexploit
githubexploit
Exploit for Injection in Atlassian Jira Server
2021-05-04 06:30:47
Exploit for Injection in Atlassian Jira Server
2019-07-16 02:27:00
Exploit for Code Injection in Pulsesecure Pulse Connect Secure
2020-08-29 16:40:35
checkpoint_advisories
checkpoint_advisories
Atlassian Jira Server Remote Code Execution (CVE-2019-11581)
2019-07-17 00:00:00
Pulse Connect Secure Remote Code Execution (CVE-2020-8218)
2020-09-21 00:00:00
Adobe ColdFusion scheduleedit.cfm Authentication Bypass (CVE-2013-0625)
2013-02-19 00:00:00
nuclei
nuclei
Atlassian Jira Server-Side Template Injection
2020-12-05 08:51:54
VMware vSphere - Server-Side Request Forgery
2022-01-27 10:20:44
NETGEAR Routers - Remote Code Execution
2021-09-04 09:45:28
cisa_kev
cisa_kev
Atlassian Jira Server and Data Center Server-Side Template Injection Vulnerability
2022-03-07 00:00:00
VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability
2022-03-07 00:00:00
Pulse Connect Secure Code Injection Vulnerability
2022-03-07 00:00:00
atlassian
atlassian
CVE-2019-11581 - Template injection in various resources
2019-06-26 05:27:16
CVE-2019-11581 - Template injection in various resources
2019-06-26 05:27:16
attackerkb
attackerkb
CVE-2019-11581 β€” Atlassian JIRA Template injection vulnerability RCE
2019-08-09 00:00:00
CVE-2021-21973
2021-02-24 00:00:00
CVE-2009-3960
2010-02-15 00:00:00
prion
prion
Sql injection
2019-08-09 20:15:00
Code injection
2020-07-30 13:15:00
Xxe
2010-02-15 18:30:00
cve
cve
CVE-2019-11581
2019-08-09 20:15:00
CVE-2020-8218
2020-07-30 13:15:00
CVE-2021-21973
2021-02-24 17:15:00
d2
d2
DSquare Exploit Pack: D2SEC_ADOBE
2010-02-15 18:30:00
zdt
zdt
Adobe Multiple Products - XML Injection File Content Disclosure Exploit
2017-04-11 00:00:00
Netgear R7000 / R6400 cgi-bin Command Injection Exploit
2017-03-12 00:00:00
Netgear R6400 - Remote Code Execution Exploit
2019-12-17 00:00:00
dsquare
dsquare
Adobe XML External Entity File Disclosure
2012-02-01 00:00:00
myhack58
myhack58
Within the network roaming of how to use JavaScript on the router to execute arbitrary code-a vulnerability warning-the black bar safety net
2017-03-27 00:00:00
exploitpack
exploitpack
Netgear R6400 - Remote Code Execution
2019-12-17 00:00:00
Adobe (Multiple Products) - XML External Entity XML Injection
2010-02-22 00:00:00
exploitdb
exploitdb
Adobe ColdFusion APSB13-03 - Remote Multiple Vulnerabilities (Metasploit)
2013-04-10 00:00:00
Netgear R6400 - Remote Code Execution
2019-12-17 00:00:00
Adobe (Multiple Products) - XML External Entity / XML Injection
2010-02-22 00:00:00
alpinelinux
alpinelinux
CVE-2022-26485
2022-12-22 20:15:00
CVE-2022-26486
2022-12-22 20:15:00
redhatcve
redhatcve
CVE-2022-26486
2022-03-08 13:43:17
CVE-2022-26485
2022-03-08 13:43:18
fedora
fedora
[SECURITY] Fedora 35 Update: firefox-98.0-2.fc35
2022-03-11 14:48:17
debiancve
debiancve
CVE-2022-26485
2022-12-22 20:15:00
CVE-2022-26486
2022-12-22 20:15:00
ubuntucve
ubuntucve
CVE-2022-26486
2022-03-06 00:00:00
CVE-2022-26485
2022-03-06 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-03-06 15:56:59
Use After Free
2022-03-06 15:56:54
hivepro
hivepro
Two actively exploited Zero-Day vulnerabilities discovered in Mozilla Firefox
2022-03-08 11:40:39
ibm
ibm
Security Bulletin: Multiple vulnerabilities in VMware affect IBM Cloud Pak System
2021-10-05 12:18:32
cert
cert
Multiple Netgear routers are vulnerable to arbitrary command injection
2016-12-09 00:00:00
cisa
cisa
VMware Releases Multiple Security Updates
2021-02-24 00:00:00
rapid7blog
rapid7blog
VMware vCenter Server CVE-2021-21972 Remote Code Execution Vulnerability: What You Need to Know
2021-02-24 22:22:14
vmware
vmware
VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974)
2021-02-23 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON
Related for CISA:128CACDAC4A49084B5132404C3E20B9D
threatpost6nessus25packetstorm6securityvulns3openvas27debian5suse2osv5ubuntu1redos1kaspersky3mageia2malwarebytes1altlinux2thn6mozilla1slackware1seebug3githubexploit8checkpoint_advisories9nuclei3cisa_kev11atlassian2attackerkb12prion13cve13d21zdt3dsquare1myhack581exploitpack2exploitdb3alpinelinux2redhatcve2fedora1debiancve2ubuntucve2veracode2hivepro1ibm1cert1cisa1rapid7blog1vmware1