Security News > 2022 > February > US govt: Here are another 15 security bugs under attack right now

The US government has added 15 vulns under active attack to a little-known but very useful public database: its Known Exploited Vulnerabilities catalogue.

Building on numerous advisory notes over the past few years warning of currently exploited tools, the Cybersecurity and Infrastructure Security Agency now maintains a public list of vulnerabilities that are, or have been, actively exploited.

Other vulns include years-old remote code execution flaws in Oracle Weblogic and a variety of Windows and Microsoft privilege escalation and code execution issues - along with a vuln in continuous delivery platform Jenkins.

CISA provides these public warnings in order to have vulnerable software updated, while Britain's National Cyber Security Centre keeps all of its vuln notifications behind closed doors through its Cyber Security Information Sharing Partnership.

Australia, like America, maintains a public alerts page - but no CISA-style database in public.

While there are arguments to be made about whether publishing vuln notifications just draws baddies' attention to their contents, in today's world with entire economies dependent upon timely patching of critical vulns, more information in public about things that need urgent patching can only be a public good.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/02/11/cisa_database/