CISA Updates Its List Of Exploited Flaws

CISA has updated its list of known exploited vulnerabilities with 15 new security issues and is asking federal agencies to identify and fix the security issues in their systems.

Of the 15 flaws, four are from 2021 and one is from 2020. The rests are flaws from more than two years ago and the oldest is from 2013.

The 2021 flaws include VMware vCenter Server Improper Access Control Vulnerability (CVE-2021-22017), Hikvision Improper Input Validation Vulnerability (CVE-2021-36260), FatPipe WARP, IPVPN, and MPVPN Privilege Escalation vulnerability (CVE-2021-27860).

2020 bugs include Google Chrome before 81.0.4044.92 Use-After-Free Vulnerability CVE-2020-6572.

The 2019 flaws include Microsoft Win32K Elevation of Privilege Vulnerability (CVE-2019-1458), Elastic Kibana Remote Code Execution Vulnerability (CVE-2019-7609), Oracle WebLogic Server, Injection Vulnerability (CVE-2019-2725), Synacor Zimbra Collaboration Suite Improper Restriction of XML External Entity Reference Vulnerability (CVE-2019-9670), Exim Mail Transfer Agent (MTA) Improper Input Validation Vulnerability (CVE-2021-10149), and Palo Alto Networks PAN-OS Remote Code Execution Vulnerability (CVE-2019-1579).

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web