acm-header
Sign In

Communications of the ACM

ACM News

CISA Adds Google, Microsoft and QNAP Bugs to Exploited Vulnerabilities List


CISA logos.

Google’s CVE-2021-39793 – patched in March – affects Pixel devices and patches address an out-of-bounds write vulnerability “due to a logic error in the code that could lead to local escalation of privilege.”

Credit: CISA

The U.S. federal Cybersecurity and Infrastructure Security Agency (CISA) added eight vulnerabilities to its catalog of exploited bugs on Monday, with each given a remediation date of May 2.

All of the issues have patches or updates available except for CVE-2021-27852 – a deserialization of untrusted data vulnerability affecting Checkbox, a digital survey tool. Versions 7 and later of Checkbox Survey are not considered vulnerable to the issue but Version 6 and earlier are end-of-life and must be removed from agency networks, according to CISA.

From The Record
View Full Article

 


 

No entries found