The Cybersecurity and Infrastructure Security Agency (CISA) has added 9 vulnerabilities to its Known Exploited Vulnerabilities Catalog.
One of the recent Catalog additions include a Chrome ‘Type Confusion in V8’ vulnerability CVE-2022-1364 patched on Thursday April 14, 2022. Google also warned the zero-day was being exploited in the wild.
CISA also added an exploited vulnerability CVE-2022-22960 that affects VMware Workspace ONE Access, Identity Manager and vRealize Automation. This comes just a day after CISA added another Critical VMware Workspace ONE vulnerability CVE-2022-22954 to the Catalog.
VMware had released a security advisory (VMSA-2022-0011) for multiple Critical vulnerabilities on April 6, but was updated on April 13, 2022.
Moreover, a list of the most recently added exploited vulnerabilities include:
| CVE | Vulnerability Name |
|---|---|
| CVE-2022-22960 | VMware Multiple Products Privilege Escalation Vulnerability |
| CVE-2022-1364 | Google Chromium V8 Type Confusion Vulnerability |
| CVE-2019-3929 | Crestron Multiple Products Command Injection Vulnerability |
| CVE-2019-16057 | D-Link DNS-320 Remote Code Execution Vulnerability |
| CVE-2018-7841 | Schneider Electric U.motion Builder SQL Injection Vulnerability |
| CVE-2016-4523 | Trihedral VTScada (formerly VTS) Denial-of-Service Vulnerability |
| CVE-2014-0780 | InduSoft Web Studio NTWebServer Directory Traversal Vulnerability |
| CVE-2010-5330 | Ubiquiti AirOS Command Injection Vulnerability |
| CVE-2007-3010 | Alcatel OmniPCX Enterprise Remote Code Execution Vulnerability |
Readers can also check out the latest details on CISA’s Known Exploited Vulnerabilities Catalog.
Related Articles
- Google releases Chrome 100 security update with fix for zero-day vulnerability (CVE-2022-1364) exploited in the wild
- CISA adds Critical VMware Workspace ONE Access and Identity Manager vulnerability to Catalog of exploited vulnerabilities
- VMware releases Critical security updates (updated with known exploits for CVE-2022-22954)