• Tech News
  • Fintech
  • Startup
  • Games
  • Ar & Vr
  • Reviews
  • How To
  • More
    • Mobile Tech
    • Pc & Laptop
    • Security
What's Hot

Oppo Find N5 review: Stellar foldable has one big problem

July 30, 2025

The Naked Gun review: Charged with man’s laughter

July 30, 2025

Samsung Galaxy Tab S10 FE+ review: A Galaxy Tab S10+ for less?

July 30, 2025
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
  • Fintech
  • Startup
  • Games
  • Ar & Vr
  • Reviews
  • How To
  • More
    • Mobile Tech
    • Pc & Laptop
    • Security
Behind The ScreenBehind The Screen
Home»Tech News»Six new vulnerabilities added to CISA catalogue
Tech News

Six new vulnerabilities added to CISA catalogue

September 16, 2022No Comments3 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Six new vulnerabilities added to CISA catalogue
Share
Facebook Twitter LinkedIn Pinterest Email

The US Cybersecurity and Infrastructure Safety Company (CISA) has added six new vulnerabilities to its Recognized Exploited Vulnerabilities Catalogue, together with CVEs in Code Aurora ACDB Audio Driver, Linux Kernel, Microsoft Home windows and Development Micro Apex One.

CISA’s catalogue serves as a focus designed for US authorities businesses to maintain their IT programs patched and secured in opposition to probably the most impactful vulnerabilities at the moment circulating. Compliance with the record is remitted for these organisations, however any safety staff at any organisation globally can profit from retaining updated with it.

The newly added vulnerabilities are as follows:

  • CVE-2022-40139 in Development Micro Apex One and Apex One as a Service. That is an improper validation vulnerability resulting in distant code execution (RCE);
  • CVE-2013-6282 in Linux Kernel. That is an improper enter validation vulnerability that would permit an utility to learn and write kernel reminiscence resulting in privilege escalation;
  • CVE-2013-2597 in Code Aurora ACDB Audio Driver, which is utilized in a number of third-party merchandise together with Android units. This can be a stack-based buffer overflow vulnerability permitting for privilege escalation;
  • CVE-2013-2596 in Linux Kernel. That is an integer overflow vulnerability resulting in privilege escalation;
  • CVE-2013-2094, in Linux Kernel. This can be a privilege escalation vulnerability ensuing from a failure by the kernel to verify all 64 bits of attr.config handed by consumer area;
  • CVE-2010-2568 in Microsoft Home windows, an RCE vulnerability arising from a state of affairs the place Home windows incorrectly parses shortcuts in such a approach that malicious code can execute if the working system shows the icon of a malicious shortcut file.
See also  Netflix makes it easier to find titles you've added to your list but haven't watched yet

US authorities our bodies have till Thursday 6 October to patch the brand new vulnerabilities. As already famous, different organisations aren’t certain to this schedule, however are suggested to behave shortly.

Commenting on the most recent additions to CISA’s record, Qualys’ UK chief technical safety officer, Paul Baird, stated: “Primarily based on proof of energetic exploitation, all these vulnerabilities are a frequent assault vector for malicious cyber actors and pose vital threat.

“What’s regarding me is that 4 of the CVEs posted as we speak are from 2013, and one is from 2010. Solely one of many new exploited vulnerabilities is a CVE from 2022. This exhibits that there are plenty of firms on the market which have issues round realizing their IT, retaining these IT property updated, or adequately mitigating these points in order that there isn’t any threat of exploitation.

“Patching recognized vulnerabilities is likely one of the finest methods to stop assaults, however many firms are discovering it exhausting to maintain up. Equally, finish of life programs must be changed or migrated if they’re nonetheless wanted for companies,” stated Baird.

The newest additions come only a day after CISA added two different probably critical vulnerabilities to its catalogue.

The primary of those, CVE-2022-37969, a privilege elevation vulnerability in Home windows Frequent Log File System Driver that impacts all variations of Home windows and, if efficiently exploited, an attacker might achieve system-level privileges. This was addressed by Microsoft in its September Patch Tuesday replace.

The second, CVE-2022-32197, is a vulnerability in Apple iOS, iPadOS and macOS, which – left unchecked – permits an utility to execute code with kernel privileges.

See also  NASA's moon rocket could launch as soon as August this year

Source link

added catalogue CISA vulnerabilities
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

LG C4 OLED review: Brighter with added AI

July 25, 2024

The Latest iPhone Update Just Added a Crucial New Feature

March 8, 2024

Netflix makes it easier to find titles you’ve added to your list but haven’t watched yet

May 23, 2023

Researchers who discovered new class of iOS bugs still exploring ‘huge range’ of ‘potential vulnerabilities’

February 22, 2023
Add A Comment

Comments are closed.

Editors Picks

Xiaomi’s Smart Band 8 Pro is a cheap and easy way to track health, control media and get notifications in an Apple Watch-style design

March 26, 2024

Getting power from poop, with Levidian’s Loop – DailyTech

August 17, 2022

Laid Off? Try The Cannabis Industry

February 1, 2023

Should You Cross-Border Shop for Apple’s Vision Pro?

January 20, 2024

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

Oppo Find N5 review: Stellar foldable has one big problem

The Naked Gun review: Charged with man’s laughter

Samsung Galaxy Tab S10 FE+ review: A Galaxy Tab S10+ for less?

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.fr - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.