The U.S. Cybersecurity and Infrastructure Security Agency has added seven new Linux-related vulnerabilities to its catalog and warned that they’re being actively exploited.
The vulnerabilities are described as frequent attack vectors for malicious cyber actors and pose significant risks to federal enterprises. Although the vulnerabilities listed are new to CISA’s database, most of the vulnerabilities are old, with one dating back to 2010.
The vulnerabilities include CVE-2023-25717, a multiple Ruckus Wireless Products cross-site forgery request and remote code execution vulnerability; CVE-2021-3560, a Red Hat Polkit incorrect authorization vulnerability; CVE-2014-0196, a Linux Kernel race condition vulnerability; CVE-2010-3904, a Linux Kernel improper input validation vulnerability; CVE-2015-5317, a Jenkins user interface information disclosure vulnerability; CVE-2016-3427, an Oracle Java SE and JRockit unspecified vulnerability; and CVE-2016-8735, an Apache Tomcat RCE vulnerability.
The vulnerabilities were added to CISA’s Known Exploited Vulnerabilities catalog, a “living list” of known Common Vulnerabilities and Exposure that carry significant…
