All the vulnerabilities added now are from 2014 to 2021, with the latest one being a Windows SAM bug, that if exploited would allow anyone to access the core registry files. Though patches or workarounds for all these vulnerabilities are available, system admins are delaying in applying them. Also Read- CISA Listed 17 New Actively Exploited Vulnerabilities
CISA Vulnerabilities Catalog
The US Cybersecurity & Infrastructure Security Agency has just added a bunch of security vulnerabilities to its growing list Known Exploited Vulnerabilities Catalog, which now has about 367 in total number. All these are spotted between 2014 to 2021, and as below; The latest one among them is the CVE-2021-36934, which is a Microsoft Windows SAM (Security Accounts Manager) vulnerability, which if exploited by a hacker will allow him to access the Registry database. Affecting both Windows 10 and 11 OS, this vulnerability can let hackers extract password hashes and gain administrator privileges. Though Microsoft acknowledged this and released a patch in July 2021, many system admins are delaying it to patch. Next up is the CVE-2015-2051 – an RCE bug affecting D-Link DIR-645 routers, which is still being vulnerable and exploited by hackers. Also, the CVE-2020-0796 is another security flaw that received a maximum severity score. It’s about the SMBv3 mishandling maliciously crafted compressed data packets, and letting the exploiter execute code remotely. This is said to be wormable in attack nature, thus being riskier.
