CISA adds 9 vulnerabilities to Known Exploited Vulnerabilities Catalog (to include new Chrome zero-day)

The Cybersecurity and Infrastructure Security Agency (CISA) has added 9 vulnerabilities to its Known Exploited Vulnerabilities Catalog.

One of the recent Catalog additions include a Chrome ‘Type Confusion in V8’ vulnerability CVE-2022-1364 patched on Thursday April 14, 2022. Google also warned the zero-day was being exploited in the wild.

CISA also added an exploited vulnerability CVE-2022-22960 that affects VMware Workspace ONE Access, Identity Manager and vRealize Automation. This comes just a day after CISA added another Critical VMware Workspace ONE vulnerability CVE-2022-22954 to the Catalog.

VMware had released a security advisory (VMSA-2022-0011) for multiple Critical vulnerabilities on April 6, but was updated on April 13, 2022.

Moreover, a list of the most recently added exploited vulnerabilities include:

CVEVulnerability Name
CVE-2022-22960VMware Multiple Products Privilege Escalation Vulnerability
CVE-2022-1364Google Chromium V8 Type Confusion Vulnerability
CVE-2019-3929Crestron Multiple Products Command Injection Vulnerability
CVE-2019-16057D-Link DNS-320 Remote Code Execution Vulnerability
CVE-2018-7841Schneider Electric U.motion Builder SQL Injection Vulnerability
CVE-2016-4523Trihedral VTScada (formerly VTS) Denial-of-Service Vulnerability
CVE-2014-0780InduSoft Web Studio NTWebServer Directory Traversal Vulnerability
CVE-2010-5330Ubiquiti AirOS Command Injection Vulnerability
CVE-2007-3010Alcatel OmniPCX Enterprise Remote Code Execution Vulnerability

Readers can also check out the latest details on CISA’s Known Exploited Vulnerabilities Catalog.

Related Articles