skip to Main Content

US CISA, 15 new vulnerabilities exploited by cybercrime actors

The US CISA: 15 new vulnerabilities exploited by cybercrime actors. The flaws have been added to the Known Exploited Vulnerabilities Catalog as a frequent attack vector

15 new vulnerabilities are actively exploited by cybercrime actors. It has been denounced by the US CISA cybersecurity experts, who added the bunch to its Known Exploited Vulnerabilities Catalog. These types of flaws are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise. Those are:

  • VE-2021-36934 – Microsoft Windows SAM Local Privilege Escalation;
  • CVE-2020-0796 – Microsoft SMBv3 Remote Code Execution;
  • CVE-2018-1000861 – Jenkins Stapler Web Framework Deserialization of Untrusted Data;
  • CVE-2017-9791 – Apache Struts 1 Improper Input Validation;
  • CVE-2017-8464 – Microsoft Windows Shell (.lnk) Remote Code Execution;
  • CVE-2017-10271 – Oracle Corporation WebLogic Server Remote Code Execution;
  • CVE-2017-0263 – Microsoft Win32k Privilege Escalation;
  • CVE-2017-0262 – Microsoft Office Remote Code Execution;
  • CVE-2017-0145 – Microsoft SMBv1 Remote Code Execution;
  • CVE-2017-0144 – Microsoft SMBv1 Remote Code Execution;
  • CVE-2016-3088 – Apache ActiveMQ Improper Input Validation;
  • CVE-2015-2051 – D-Link DIR-645 Router Remote Code Execution;
  • CVE-2015-1635 – Microsoft HTTP.sys Remote Code Execution;
  • CVE-2015-1130 – Apple OS X Authentication Bypass;
  • CVE-2014-4404 – Apple OS X Heap-Based Buffer Overflow.
Back To Top