The Cybersecurity and Infrastructure Security Agency (CISA) has added 9 vulnerabilities to its Known Exploited Vulnerabilities Catalog.
One of the recent Catalog additions include a Chrome ‘Type Confusion in V8’ vulnerability CVE-2022-1364 patched on Thursday April 14, 2022. Google also warned the zero-day was being exploited in the wild.
CISA also added an exploited vulnerability CVE-2022-22960 that affects VMware Workspace ONE Access, Identity Manager and vRealize Automation. This comes just a day after CISA added another Critical VMware Workspace ONE vulnerability CVE-2022-22954 to the Catalog.
VMware had released a security advisory (VMSA-2022-0011) for multiple Critical vulnerabilities on April 6, but was updated on April 13, 2022.
Moreover, a list of the most recently added exploited vulnerabilities include:
|CVE-2022-22960||VMware Multiple Products Privilege Escalation Vulnerability|
|CVE-2022-1364||Google Chromium V8 Type Confusion Vulnerability|
|CVE-2019-3929||Crestron Multiple Products Command Injection Vulnerability|
|CVE-2019-16057||D-Link DNS-320 Remote Code Execution Vulnerability|
|CVE-2018-7841||Schneider Electric U.motion Builder SQL Injection Vulnerability|
|CVE-2016-4523||Trihedral VTScada (formerly VTS) Denial-of-Service Vulnerability|
|CVE-2014-0780||InduSoft Web Studio NTWebServer Directory Traversal Vulnerability|
|CVE-2010-5330||Ubiquiti AirOS Command Injection Vulnerability|
|CVE-2007-3010||Alcatel OmniPCX Enterprise Remote Code Execution Vulnerability|
Readers can also check out the latest details on CISA’s Known Exploited Vulnerabilities Catalog.
- Google releases Chrome 100 security update with fix for zero-day vulnerability (CVE-2022-1364) exploited in the wild
- CISA adds Critical VMware Workspace ONE Access and Identity Manager vulnerability to Catalog of exploited vulnerabilities
- VMware releases Critical security updates (updated with known exploits for CVE-2022-22954)