CISA added a new vulnerability, CVE-2022-21882, to its Known Exploited Vulnerabilities Catalog. It is a privilege escalation vulnerability in Microsoft Win32k.

Sources: CISA Known Exploited Vulnerabilities Catalog, CISA

Cisco released security updates for RV series routers due to vulnerabilities found that could allow an attacker to gain control of affected systems.

Sources: Cisco Security, CISA

CISA released an ICS advisory that explains vulnerabilities in Airspan Networks Mimosa products.

Sources: CISA ICSA, CISA

Versions of FortiAuthenticator HA service contain an improper access control vulnerability.

Sources: Fortinet, NIST

Versions of IBM Security Verify Access could allow an attacker to authenticate as any user on the system.

Sources: IBM Security, IBM Support, NIST

Google released security updates for Chrome that address vulnerabilities an attacker could use to gain control of affected systems.

Sources: Google Chrome, CISA

Ivanti Service Manager is vulnerable to XSS through the appName parameter.

Sources: Ivanti, NIST

Versions of Samba contain vulnerabilities that could allow an attacker to gain control of affected systems.

Sources: Carnegie Mellon University, CISA

Multiple Huawei products are vulnerable to information exposure due to software not properly protecting certain information.

Sources: Huawei, NIST