Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cisaCISACISA:88950AD3AEDA1ACA038AD96EE5152D39
HistoryFeb 15, 2022 - 12:00 a.m.

CISA Adds Nine Known Exploited Vulnerabilities to Catalog

2022-02-1500:00:00
us-cert.cisa.gov
417

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

CISA has added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.

CVE Number CVE Title Remediation Due Date
CVE-2022-24086 Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability 3/1/2022
CVE-2022-0609 Google Chrome Use-After-Free Vulnerability 3/1/2022
CVE-2019-0752 Microsoft Internet Explorer Type Confusion Vulnerability 8/15/2022
CVE-2018-8174 Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability 8/15/2022
CVE-2018-20250 WinRAR Absolute Path Traversal Vulnerability 8/15/2022
CVE-2018-15982 Adobe Flash Player Use-After-Free Vulnerability 8/15/2022
CVE-2017-9841 PHPUnit Command Injection Vulnerability 8/15/2022
CVE-2014-1761 Microsoft Word Memory Corruption Vulnerability 8/15/2022
CVE-2013-3906 Microsoft Graphics Component Memory Corruption Vulnerability 8/15/2022

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

We recently updated our anonymous product survey; we’d welcome your feedback.

Related

talosblog 2
malwarebytes 12
thn 19
attackerkb 8
zdt 8
threatpost 6
prion 8
fireeye 3
cisa_kev 9
checkpoint_advisories 10
cve 7
mskb 1
canvas 1
redhat 1
nessus 7
openvas 6
symantec 5
metasploit 2
packetstorm 5
msrc 1
seebug 3
githubexploit 6
saint 4
osv 9
redhatcve 1
ubuntucve 3
securityvulns 1
github 6
cnvd 2
krebs 1
myhack58 1
zdi 4
securelist 1
wpvulndb 2
qualysblog 1
wpexploit 2
nuclei 1
hackread 1
mscve 3
impervablog 2
hackerone 1
friendsofphp 1
debiancve 2
gentoo 1
veracode 2
trellix 2
exploitdb 2
alpinelinux 1
gitlab 9
hivepro 2
schneier 1
talosblog
talosblog
Welcome Spelevo: New exploit kit full of old tricks
2019-06-27 13:27:21
What the continued escalation of tensions in the Middle East means for security
2020-01-09 10:13:06
malwarebytes
malwarebytes
Malvertising campaigns come back in full swing
2020-09-09 17:07:14
Underminer exploit kit improves in its latest iteration
2018-12-21 21:34:24
Exploit kits: spring 2019 review
2019-05-14 15:57:05
thn
thn
RIG Exploit Kit Now Infects Victims' PCs With Dridex Instead of Raccoon Stealer
2022-06-22 05:41:00
Patched WinRAR Bug Still Under Active Attack—Thanks to No Auto-Updates
2019-03-15 08:00:00
Elfin Hacking Group Targets Multiple U.S. and Saudi Arabian Firms
2019-03-28 08:18:00
attackerkb
attackerkb
CVE-2018-20250
2019-02-05 00:00:00
Microsoft Tagged Image File Format Heap Overflow
2013-11-06 00:00:00
CVE-2018-15982
2019-01-18 00:00:00
zdt
zdt
WinRAR 5.61 - Path Traversal Exploit
2019-03-18 00:00:00
Adobe Flash ActiveX Plugin 28.0.0.137 - Remote Code Execution Exploit
2018-12-24 00:00:00
Microsoft Tagged Image File Format (TIFF) Integer Overflow
2013-11-27 00:00:00
threatpost
threatpost
Cybercriminals Have a Heyday with WinRAR Bug in Fresh Campaigns
2019-03-27 15:26:00
Critical WinRAR Flaw Found Actively Being Exploited
2019-02-26 14:51:04
Fallout EK Retools for a Fresh New 2019 Look
2019-01-18 19:58:10
prion
prion
Path traversal
2019-02-05 20:29:00
Double free
2019-01-18 17:29:00
Design/Logic Flaw
2013-11-06 15:55:00
fireeye
fireeye
WinRAR Zero-day Abused in Multiple Campaigns
2019-03-26 15:30:00
Fallout Exploit Kit Used in Malvertising Campaign to Deliver GandCrab Ransomware
2018-09-06 11:00:00
Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents
2020-05-07 00:00:00
cisa_kev
cisa_kev
WinRAR Absolute Path Traversal Vulnerability
2022-02-15 00:00:00
Microsoft Graphics Component Memory Corruption Vulnerability
2022-02-15 00:00:00
Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability
2022-02-15 00:00:00
checkpoint_advisories
checkpoint_advisories
RARLAB WinRaR ACE Format Input Validation Remote Code Execution (CVE-2018-20250)
2019-02-13 00:00:00
Adobe Flash Player Use After Free (APSB18-42: CVE-2018-15982)
2018-12-05 00:00:00
Microsoft Office Embedded TIFF Image Remote Code Execution (CVE-2013-3906)
2013-11-06 00:00:00
cve
cve
CVE-2018-20250
2019-02-05 20:29:00
CVE-2018-15982
2019-01-18 17:29:00
CVE-2013-3906
2013-11-06 15:55:00
mskb
mskb
MS13-096: Vulnerability in Microsoft Graphics component could allow remote code execution: December 10, 2013
2013-12-10 00:00:00
canvas
canvas
Immunity Canvas: ADOBE_FLASH_METADATA_UAF
2019-01-18 17:29:00
redhat
redhat
(RHSA-2018:3795) Critical: flash-plugin security update
2018-12-06 13:57:42
nessus
nessus
MS KB2896666: Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (deprecated)
2013-11-06 00:00:00
MS13-096: Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (2908005)
2013-12-11 00:00:00
RHEL 6 : flash-plugin (RHSA-2018:3795)
2018-12-07 00:00:00
openvas
openvas
Microsoft Lync Remote Code Execution Vulnerability (2908005)
2013-12-11 00:00:00
Microsoft Lync Attendee Remote Code Execution Vulnerability (2908005)
2013-12-11 00:00:00
Microsoft Office Remote Code Execution Vulnerability (2908005)
2013-12-11 00:00:00
symantec
symantec
Multiple Microsoft Products CVE-2013-3906 Remote Code Execution Vulnerability
2013-11-05 00:00:00
Adobe Flash Player CVE-2018-15982 Use After Free Remote Code Execution Vulnerability
2018-12-05 00:00:00
Microsoft Word CVE-2014-1761 Remote Memory Corruption Vulnerability
2014-03-24 00:00:00
metasploit
metasploit
MS13-096 Microsoft Tagged Image File Format (TIFF) Integer Overflow
2013-11-22 08:25:09
MS14-017 Microsoft Word RTF Object Confusion
2014-04-08 18:44:20
packetstorm
packetstorm
Microsoft Tagged Image File Format (TIFF) Integer Overflow
2013-11-27 00:00:00
RARLAB WinRAR ACE Format Input Validation Remote Code Execution
2019-04-24 00:00:00
MS14-017 Microsoft Word RTF Object Confusion
2014-04-09 00:00:00
msrc
msrc
CVE-2013-3906: a graphics vulnerability exploited through Word documents
2013-11-05 08:00:00
seebug
seebug
Microsoft Tagged Image File Format (TIFF) Integer Overflow
2014-07-01 00:00:00
MS14-017 Microsoft Word RTF Object Confusion
2014-07-01 00:00:00
Microsoft Word RTF文件解析错误代码执行漏洞
2014-03-25 00:00:00
githubexploit
githubexploit
Exploit for CVE-2022-24086
2022-02-16 08:50:33
Exploit for Improper Input Validation in Adobe Commerce
2022-02-20 13:52:31
Exploit for Improper Input Validation in Adobe Commerce
2022-03-15 05:11:23
saint
saint
Microsoft Word RTF Object Confusion
2014-07-24 00:00:00
Microsoft Word RTF Object Confusion
2014-07-24 00:00:00
Microsoft Word RTF Object Confusion
2014-07-24 00:00:00
osv
osv
CVE-2022-24086
2022-02-16 17:15:13
BIT-magento-2022-24086
2024-03-06 10:57:11
Magento improper input validation vulnerability
2022-02-17 00:00:29
redhatcve
redhatcve
CVE-2018-15982
2018-12-05 19:19:27
ubuntucve
ubuntucve
CVE-2018-15982
2019-01-18 00:00:00
CVE-2017-9841
2017-06-27 00:00:00
CVE-2022-0609
2022-04-05 00:00:00
securityvulns
securityvulns
Microsoft Office memory corruption
2014-03-25 00:00:00
github
github
Magento improper input validation vulnerability
2022-02-17 00:00:29
PrestaShop module ps_facetedsearch might be vulnerable from CVE-2017-9841
2020-01-07 17:20:47
PrestaShop gamification module ZIP archives were vulnerable from CVE-2017-9841
2020-01-08 03:10:44
cnvd
cnvd
Adobe Commerce Input Validation Error Vulnerability (CNVD-2022-22100)
2022-02-15 00:00:00
Google Chrome Animation code execution vulnerability
2022-02-16 00:00:00
krebs
krebs
Microsoft Patch Tuesday, May 2018 Edition
2018-05-08 20:38:16
myhack58
myhack58
The Windows VBScript Engine RCE vulnerability of CVE-2018-8174 analysis and use-vulnerability and early warning-the black bar safety net
2018-11-08 00:00:00
zdi
zdi
Microsoft Windows VBScript Class_Terminate Use-After-Free Remote Code Execution Vulnerability
2018-06-05 00:00:00
Microsoft Windows VBScript Class_Terminate Use-After-Free Remote Code Execution Vulnerability
2018-06-26 00:00:00
Microsoft Windows VBScript Class_Terminate Invalid Object Access Remote Code Execution Vulnerability
2018-06-26 00:00:00
securelist
securelist
CactusPete APT group’s updated Bisonal backdoor
2020-08-13 10:00:09
wpvulndb
wpvulndb
Multiple Plugins - Unauthenticated RCE via PHPUnit
2017-08-26 00:00:00
Product Lister for Walmart <= 1.0.0 - Unauthenticated RCE via Outdated PHPUnit
2020-03-25 00:00:00
qualysblog
qualysblog
Risk Fact #4: Malware in your Cloud means Exploitation is underway
2023-08-29 08:02:57
wpexploit
wpexploit
Multiple Plugins - Unauthenticated RCE via PHPUnit
2017-08-26 00:00:00
Product Lister for Walmart <= 1.0.0 - Unauthenticated RCE via Outdated PHPUnit
2020-03-25 00:00:00
nuclei
nuclei
PHPUnit - Remote Code Execution
2020-08-07 08:02:28
hackread
hackread
New backdoor malware hits Slack and Github platforms
2019-03-08 15:56:09
mscve
mscve
Windows VBScript Engine Remote Code Execution Vulnerability
2018-05-08 07:00:00
Scripting Engine Memory Corruption Vulnerability
2019-04-09 07:00:00
Chromium: CVE-2022-0609 Use after free in Animation
2022-02-16 08:00:00
impervablog
impervablog
CrimeOps of the KashmirBlack Botnet – Part I
2020-10-22 13:07:28
The Resurrection of PHPUnit RCE Vulnerability
2020-02-18 18:27:41
hackerone
hackerone
8x8: Exposed PHP dependencies at ██.8x8.com
2021-03-22 17:56:43
friendsofphp
friendsofphp
RCE vulnerability in phpunit
2016-11-13 17:52:50
debiancve
debiancve
CVE-2017-9841
2017-06-27 17:29:00
CVE-2022-0609
2022-04-05 00:15:00
gentoo
gentoo
PHPUnit: Remote code execution
2017-11-19 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2017-06-28 01:33:54
Use After Free
2022-02-20 05:48:53
trellix
trellix
The Bug Report - February 2022 Edition
2022-03-02 00:00:00
The Bug Report - February 2022 Edition
2022-03-02 00:00:00
exploitdb
exploitdb
Microsoft - Tagged Image File Format &#039;.TIFF&#039; Integer Overflow (Metasploit)
2013-12-03 00:00:00
Microsoft Word - RTF Object Confusion (MS14-017) (Metasploit)
2014-04-10 00:00:00
alpinelinux
alpinelinux
CVE-2022-0609
2022-04-05 00:15:00
gitlab
gitlab
Use after free in Animation
2022-02-22 00:00:00
Use after free in Animation
2022-02-22 00:00:00
Use after free in Animation
2022-02-22 00:00:00
hivepro
hivepro
North Korean state-sponsored threat actor Lazarus Group exploiting Chrome Zero-day vulnerability
2022-03-25 14:16:43
First zero-day vulnerability of Google Chrome this year actively exploited in wild
2022-02-15 14:31:12
schneier
schneier
Chrome Zero-Day from North Korea
2022-03-31 11:13:50

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON
Related for CISA:88950AD3AEDA1ACA038AD96EE5152D39
talosblog2malwarebytes12thn19attackerkb8zdt8threatpost6prion8fireeye3cisa_kev9checkpoint_advisories10cve7mskb1canvas1redhat1nessus7openvas6symantec5metasploit2packetstorm5msrc1seebug3githubexploit6saint4osv9redhatcve1ubuntucve3securityvulns1github6cnvd2krebs1myhack581zdi4securelist1wpvulndb2qualysblog1wpexploit2nuclei1hackread1mscve3impervablog2hackerone1friendsofphp1debiancve2gentoo1veracode2trellix2exploitdb2alpinelinux1gitlab9hivepro2schneier1