Eight actively exploited bugs have been added to the US Cybersecurity & Infrastructure Security Agency’s Known Exploited Vulnerabilities Catalog. The bugs are as follows:
|CVE Number||CVE Title||Required Action Due Date|
|CVE-2022-22587||Apple IOMobileFrameBuffer Memory Corruption Vulnerability||2/11/2022|
|CVE-2021-20038||SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability||2/11/2022|
|CVE-2014-7169||GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability||7/28/2022|
|CVE-2014-6271||GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability||7/28/2022|
|CVE-2020-0787||Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability||7/28/2022|
|CVE-2014-1776||Microsoft Internet Explorer Use-After-Free Vulnerability||7/28/2022|
|CVE-2020-5722||Grandstream Networks UCM6200 Series SQL Injection Vulnerability||7/28/2022|
|CVE-2017-5689||Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability Privilege Escalation Vulnerability||7/28/2022|
Not all of them are new but all of them are still problematic. CISA says that all of the vulnerabilities have been actively used in attacks. Some of the vulnerabilities, like CVE-2022-22587, was patched by Apple last week in a security update.
In total there are 351 vulnerabilities on CISA’s list. You can find that here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.