skip to Main Content

Cybercrime, CISA: Threat actors are exploiting 15 new vulnerabilities

CISA: Threat actors are exploiting 15 new vulnerabilities. The flaws have been added to the “Known Exploited Vulnerabilities Catalog”

Cybercrime actors are exploiting 15 new vulnerabilities to hit targets. It has been denounced by the CISA cybersecurity experts who updated the “Known Exploited Vulnerabilities Catalog”. They are:

  • CVE-2021-22017 VMware vCenter Server Improper Access Control;
  • CVE-2021-36260 Hikvision Improper Input Validation;
  • CVE-2021-27860 FatPipe WARP, IPVPN, and MPVPN Privilege Escalation;
  • CVE-2020-6572 Google Chrome prior to 81.0.4044.92 Use-After-Free;
  • CVE-2019-1458 Microsoft Win32K Elevation of Privilege;
  • CVE-2013-3900 Microsoft WinVerify Trust Function Remote Code Execution;
  • CVE-2019-2725 Oracle WebLogic Server, Injection;
  • CVE-2019-9670 Synacor Zimbra Collaboration Suite Improper Restriction of XML External Entity Reference;
  • CVE-2018-13382 Fortinet FortiOS and FortiProxy Improper Authorization;
  • CVE-2018-13383 Fortinet FortiOS and FortiProxy Improper Authorization;
  • CVE-2019-1579 Palo Alto Networks PAN-OS Remote Code Execution;
  • CVE-2019-10149 Exim Mail Transfer Agent (MTA) Improper Input Validation;
  • CVE-2015-7450 IBM WebSphere Application Server and Server Hy Server Hypervisor Edition Remote Code Execution;
  • CVE-2017-1000486 Primetek Primefaces Application Remote Code Execution;
  • CVE-2019-7609 Elastic Kibana Remote Code Execution.
Back To Top