CISA adds 9 vulnerabilities to Known Exploited Vulnerabilities Catalog (to include new Adobe and Chrome zero-days)

The Cybersecurity and Infrastructure Security Agency (CISA) has added 9 vulnerabilities to its Known Exploited Vulnerabilities Catalog. The issues include recently patched Adobe and Chrome zero-days.

The recent Google Chrome security update 98.0.4758.102 released this week includes a fix for zero-day vulnerability CVE-2022-0609 exploited in the wild. CISA also added the the same Chrome High severity vulnerability to the Known Exploited Vulnerabilities Catalog on February 15, 2022.

CISA also added another zero-day vulnerability CVE-2022-24086 to the catalog that affects Adobe Commerce and Magento Open Source with reported exploits in the wild.

In addition, CISA added the following 7 additional exploited vulnerabilities to the Catalog on February 15:

CVE NumberVulnerability Title
CVE-2019-0752Microsoft Internet Explorer Type Confusion Vulnerability
CVE-2018-8174Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability
CVE-2018-20250WinRAR Absolute Path Traversal Vulnerability
CVE-2018-15982Adobe Flash Player Use-After-Free Vulnerability
CVE-2017-9841PHPUnit Command Injection Vulnerability
CVE-2014-1761Microsoft Word Memory Corruption Vulnerability
CVE-2013-3906Microsoft Graphics Component Memory Corruption Vulnerability

Of special note, the Windows VBScript vulnerability CVE-2018-8174 was patched in May of 2018 and was identified by Security firm Verint as one of the “top 20 vulnerabilities to patch now” (most under attack in 2019). Moreover, BabyShark malware campaign used exploit code targeting this vulnerability starting in April 2019.

Related Articles