CISA Warning: Hackers are exploiting these 36 “significant” cybersecurity vulnerabilities – so patch now
The Cybersecurity Infrastructure and Security Agency (CISA) has released 36 significant vulnerabilities that need immediate attention. As a result, you will need to check the following apps.
| cveID | vendorProject | product |
| CVE-2021-38163 | SAP | NetWeaver |
| CVE-2016-2386 | SAP | NetWeaver |
| CVE-2016-2388 | SAP | NetWeaver |
| CVE-2022-31460 | Owl Labs | Meeting Owl Pro and Whiteboard Owl |
| CVE-2019-7195 | QNAP | Photo Station |
| CVE-2019-7194 | QNAP | Photo Station |
| CVE-2019-7193 | QNAP | QTS |
| CVE-2019-7192 | QNAP | Photo Station |
| CVE-2019-5825 | Chromium V8 Engine | |
| CVE-2019-15271 | Cisco | RV Series Routers |
| CVE-2018-6065 | Chromium V8 Engine | |
| CVE-2018-4990 | Adobe | Acrobat and Reader |
| CVE-2018-17480 | Chromium V8 Engine | |
| CVE-2018-17463 | Chromium V8 Engine | |
| CVE-2017-6862 | NETGEAR | Multiple Devices |
| CVE-2017-5070 | Chromium V8 Engine | |
| CVE-2017-5030 | Chromium V8 Engine | |
| CVE-2016-5198 | Chromium V8 Engine | |
| CVE-2016-1646 | Chromium V8 Engine | |
| CVE-2013-1331 | Microsoft | Office |
| CVE-2012-5054 | Adobe | Flash Player |
| CVE-2012-4969 | Microsoft | Internet Explorer |
| CVE-2012-1889 | Microsoft | XML Core Services |
| CVE-2012-0767 | Adobe | Flash Player |
| CVE-2012-0754 | Adobe | Flash Player |
| CVE-2012-0151 | Microsoft | Windows |
| CVE-2011-2462 | Adobe | Acrobat and Reader |
| CVE-2011-0609 | Adobe | Flash Player |
| CVE-2010-2883 | Adobe | Reader and Acrobat |
| CVE-2010-2572 | Microsoft | PowerPoint |
| CVE-2010-1297 | Adobe | Flash Player |
| CVE-2009-4324 | Adobe | Acrobat and Reader |
| CVE-2009-3953 | Adobe | Acrobat and Reader |
| CVE-2009-1862 | Adobe | Acrobat and Reader, Flash Player |
| CVE-2009-0563 | Microsoft | Office |
| CVE-2009-0557 | Microsoft | Office |
| CVE-2008-0655 | Adobe | Acrobat and Reader |
| CVE-2007-5659 | Adobe | Acrobat and Reader |
| CVE-2006-2492 | Microsoft | Word |
CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation as part of their vulnerability management practice. Microsoft patching is not enough. If you are unsure of your Vulnerability Management Program, contact Aavex to discuss our CyberSec Vulnerability Management System, with Continuous Vulnerability Scanning and optional patch implementation and management. Call 888-361-6495 or set up a meeting by clicking here.