[CISA-2021:1210] CISA Adds 13 Known Exploited Vulnerabilities to Catalog
CISA has added 13 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
[CVE-2010-1871] Red Hat Linux JBoss Seam 2 Remote Code Execution Vulnerability
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Security Manager is not properly configured.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Red Hat
- Product: JBoss Seam 2
- Due Date: Fri Jun 10 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2010-1871
[CVE-2017-12149] Red Hat JBoss Application Server Remote Code Execution Vulnerability
The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Known
- Vendor: Red Hat
- Product: JBoss Application Server
- Due Date: Fri Jun 10 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2017-12149
[CVE-2017-17562] Embedthis GoAhead Remote Code Execution Vulnerability
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Embedthis
- Product: GoAhead
- Due Date: Fri Jun 10 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2017-17562
[CVE-2019-0193] Apache Solr DataImportHandler Code Injection Vulnerability
The optional Apache Solr module DataImportHandler contains a code injection vulnerability.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Apache
- Product: Solr
- Due Date: Fri Jun 10 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-0193
[CVE-2019-10758] MongoDB mongo-express Remote Code Execution Vulnerability
mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the toBSON
method.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: MongoDB
- Product: mongo-express
- Due Date: Fri Jun 10 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-10758
[CVE-2019-13272] Linux Kernel Improper Privilege Management Vulnerability
Kernel/ptrace.c in Linux kernel mishandles contains an improper privilege management vulnerability that allows local users to obtain root access.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Linux
- Product: Kernel
- Due Date: Fri Jun 10 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-13272
[CVE-2019-7238] Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability
Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Sonatype
- Product: Nexus Repository Manager
- Due Date: Fri Jun 10 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-7238
[CVE-2020-17463] Fuel CMS SQL Injection Vulnerability
FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Fuel CMS
- Product: Fuel CMS
- Due Date: Fri Jun 10 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-17463
[CVE-2020-8816] Pi-Hole AdminLTE Remote Code Execution Vulnerability
Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Pi-hole
- Product: AdminLTE
- Due Date: Fri Jun 10 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-8816
[CVE-2021-35394] Realtek Jungle SDK Remote Code Execution Vulnerability
RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Realtek
- Product: Jungle Software Development Kit (SDK)
- Due Date: Fri Dec 24 00:00:00 2021
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-35394
[CVE-2021-44168] Fortinet FortiOS Arbitrary File Download
Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Fortinet
- Product: FortiOS
- Due Date: Fri Dec 24 00:00:00 2021
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-44168
[CVE-2021-44228] Apache Log4j2 Remote Code Execution Vulnerability
Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.
- Action For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available.
- Known To Be Used in Ransomware Campaigns?: Known
- Vendor: Apache
- Product: Log4j2
- Due Date: Fri Dec 24 00:00:00 2021
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-44228
[CVE-2021-44515] Zoho Desktop Central Authentication Bypass Vulnerability
Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Zoho
- Product: Desktop Central
- Due Date: Fri Dec 24 00:00:00 2021
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-44515
- ID
- CISA-2021:1210
- Severity
- critical
- Severity from
- CVE-2021-44228
- URL
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- Published
-
2021-12-10T00:00:00
(2 years ago) - Modified
-
2021-12-10T00:00:00
(2 years ago) - Other Advisories
-
- ALAS-2019-1232
- ALAS-2021-1553
- ALAS2-2019-1232
- ALAS2-2021-1730
- ALAS2-2021-1731
- CISCO-SA-APACHE-LOG4J-QRUKNEBD
- DSA-4484-1
- DSA-5020-1
- ELSA-2019-2411
- ELSA-2019-4746
- FEDORA-2019-a95015e60f
- FEDORA-2021-5c9d12a93e
- FEDORA-2021-66d6c484f3
- FEDORA-2021-abbe24e41c
- FEDORA-2021-f0f501d01f
- FREEBSD:1EA05BB8-5D74-11EC-BB1E-001517A2E1A4
- FREEBSD:3FADD7E4-F8FB-45A0-A218-8FD6423C338F
- FREEBSD:4B1AC5A3-5BD4-11EC-8602-589CFC007716
- FREEBSD:515DF85A-5CD7-11EC-A16D-001517A2E1A4
- FREEBSD:93A1C9A7-5BEF-11EC-A47A-001517A2E1A4
- MAVEN:GHSA-3GM7-V7VW-866C
- MAVEN:GHSA-JFH8-C2JP-5V3Q
- MS:CVE-2021-44228
- NPM:GHSA-H47J-HC6X-H3QQ
- openSUSE-SU-2021:1577-1
- openSUSE-SU-2021:1586-1
- openSUSE-SU-2021:1601-1
- openSUSE-SU-2021:1613-1
- openSUSE-SU-2021:3999-1
- openSUSE-SU-2021:4094-1
- openSUSE-SU-2021:4107-1
- openSUSE-SU-2021:4109-1
- RHSA-2019:2405
- RHSA-2019:2411
- SSA:2019-202-01
- SUSE-SU-2019:2949-1
- SUSE-SU-2019:2984-1
- SUSE-SU-2019:3223-1
- SUSE-SU-2019:3224-1
- SUSE-SU-2019:3225-1
- SUSE-SU-2019:3228-1
- SUSE-SU-2019:3230-1
- SUSE-SU-2019:3232-1
- SUSE-SU-2019:3246-1
- SUSE-SU-2019:3247-1
- SUSE-SU-2019:3248-1
- SUSE-SU-2019:3249-1
- SUSE-SU-2019:3252-1
- SUSE-SU-2019:3258-1
- SUSE-SU-2019:3260-1
- SUSE-SU-2019:3261-1
- SUSE-SU-2019:3263-1
- SUSE-SU-2021:4096-1
- SUSE-SU-2021:4097-1
- USN-4093-1
- USN-4094-1
- USN-4095-1
- USN-4117-1
- USN-4118-1
- USN-5192-1
- USN-5192-2
- USN-5197-1
- VMSA-2021-0028.13
- VU:930724
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |