CVE-2019-0344<\/a>\u00a0SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability<\/li>\n<\/ul>\n\n\n\nCVE-2023-25280<\/a> is an OS command injection vulnerability in D-Link DIR-820 router. Since March 2023, Unit 42 researchers have observed a variant of the Mirai botnet<\/a> spreading by targeting tens of flaws in D-Link, Zyxel, and Netgear devices, including CVE-2023-25280.<\/gwmw><\/p>\n\n\n\n
CVE-2020-15415<\/a> is an OS command injection vulnerability in DrayTek Multiple Vigor Routers. Since the second half of 2022, a variant of the Mirai bot<\/a>, tracked as V3G4, targeted IoT devices<\/strong><\/a> by exploiting tens of flaws, including CVE-2020-15415.<\/gwmw><\/p>\n\n\n\n
CVE-2019-0344<\/a> is a deserialization of untrusted data vulnerability. SAP Commerce Cloud<\/p>\n\n\n\n
CVE-2021-4043<\/a>\u00a0is a null pointer dereference vulnerability in Motion Spell GPAC.<\/p>\n\n\n\n
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities<\/a>, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.<\/gwmw><\/gwmw><\/gwmw><\/gwmw><\/gwmw><\/gwmw><\/p>\n\n\n\n
Experts also recommend private organizations review the Catalog<\/a> and address the vulnerabilities in their infrastructure.<\/p>\n\n\n\n
CISA orders federal agencies to fix this vulnerability by\u00a0October 21, 2024.<\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a><\/gwmw><\/gwmw><\/gwmw><\/p>\n\n\n\n
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a> \u2013<\/strong> hacking, CISA<\/a>)<\/strong><\/gwmw><\/gwmw><\/p>\n","protected":false},"excerpt":{"rendered":"
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds D-Link DIR-820 Router, DrayTek Multiple Vigor Router, Motion Spell GPAC, SAP Commerce Cloud bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added SonicWall SonicOS, ImageMagick\u00a0and Linux Kernel vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these […]<\/p>\n","protected":false},"author":1,"featured_media":106349,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3323,5,55],"tags":[4112,9508,9506,10918,687,841,1533],"class_list":["post-169189","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-breaking-news","category-hacking","category-security","tag-hacking","tag-hacking-news","tag-information-security-news","tag-it-information-security","tag-pierluigi-paganini","tag-security-affairs","tag-security-news"],"yoast_head":"\n杭州江阴科强工业胶带有限公司