Seven actively abused Linux-related security flaws, most of which are years old, have been added by the Cybersecurity and Infrastructure Security Agency to its Known Exploited Vulnerabilities catalog, according to SiliconAngle.
Included in the newly added vulnerabilities are a multiple cross-site forgery request and remote code execution vulnerability in Ruckus Wireless Products, tracked as CVE-2023-25717; an incorrect authorization flaw in Red Hat Polkit, tracked as CVE-2021-3560; an Apache Tomcat RCE, tracked as CVE-2016-8735; an Oracle Java SE and JRockit unspecified bug, tracked as CVE-2016-3427; a user interface information disclosure flaw in Jenkins, tracked as CVE-2015-5317; a Linux Kernel race condition bug, tracked as CVE-2014-0196; and an improper input validation flaw in Linux Kernel, tracked as CVE-2010-3904.
The recent inclusion of a 13-year-old vulnerability in CISA's KEV catalog has been noted as unusual by Vulcan Cyber Senior Technical Engineer Mike Parkin, while Viakoo CEO Bud Broomhead said that the newly added flaws indicate increased targeting of open source software, IoT, and industrial control systems in attacks.