CISA has updated its list of known exploited vulnerabilities with 15 new security issues and is asking federal agencies to identify and fix the security issues in their systems.
Of the 15 flaws, four are from 2021 and one is from 2020. The rests are flaws from more than two years ago and the oldest is from 2013.
The 2021 flaws include VMware vCenter Server Improper Access Control Vulnerability (CVE-2021-22017), Hikvision Improper Input Validation Vulnerability (CVE-2021-36260), FatPipe WARP, IPVPN, and MPVPN Privilege Escalation vulnerability (CVE-2021-27860).
2020 bugs include Google Chrome before 81.0.4044.92 Use-After-Free Vulnerability CVE-2020-6572.
The 2019 flaws include Microsoft Win32K Elevation of Privilege Vulnerability (CVE-2019-1458), Elastic Kibana Remote Code Execution Vulnerability (CVE-2019-7609), Oracle WebLogic Server, Injection Vulnerability (CVE-2019-2725), Synacor Zimbra Collaboration Suite Improper Restriction of XML External Entity Reference Vulnerability (CVE-2019-9670), Exim Mail Transfer Agent (MTA) Improper Input Validation Vulnerability (CVE-2021-10149), and Palo Alto Networks PAN-OS Remote Code Execution Vulnerability (CVE-2019-1579).