The Cybersecurity and Infrastructure Security Agency (CISA) has added two new Common Vulnerabilities and Exposures (CVEs) listings to its already extensive website catalog of CVEs, the agency said in a Twitter posting on Nov.28.
“2 new CVEs have been added to @CISAgov’s Known Exploited Vulnerabilities Catalog to start out the week. Reduce your exposure to #cyberattacks and mitigate,” CISA said.
The first of the two products that was listed with a vulnerability was Fusion Middleware by Oracle with an unspecified vulnerability name.
According to the catalog “Oracle Fusion Middleware Access Manager allows an unauthenticated attacker with network access via HTTP to takeover the Access Manager product.”
The second of the two vulnerabilities comes from the Google Chromium product.
“Google Chromium GPU contains a heap buffer overflow vulnerability that allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge,” the catalog listing states.