[Security Vulnerability Alert] CISA adds 7 known vulnerabilities exploited by hackers to the KEV directory (2026/03/02-2026/03/08)

 
2026/3/11 ~ 2026/9/11
View Count:20

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202603-00000007

[Content Description]
【CVE-2026-22719】Broadcom VMware Aria Operations Command Injection Vulnerability (CVSS v3.1: 8.1)
【Exploited by Ransomware: Unknown】 A command injection vulnerability exists in Broadcom VMware Aria Operations. An unverified attacker could exploit this vulnerability to execute arbitrary commands, potentially leading to remote code execution during support product migration.

【CVE-2026-21385】Qualcomm Multiple Chipsets Memory Corruption Vulnerability (CVSS v3.1: 7.8)
【Exploited by Ransomware: Unknown】 Multiple Qualcomm chipsets contain a memory corruption vulnerability during memory configuration alignment.

【CVE-2017-7921】Hikvision Multiple Products Improper Authentication Vulnerability (CVSS v3.1: 9.8)
【Exploited by Ransomware: Unknown】 Multiple Hikvision products contain an improper authentication vulnerability, which malicious users could exploit to escalate system privileges and access sensitive information.

【CVE-2021-22681】Rockwell Multiple Products Insufficient Protected Credentials Vulnerability (CVSS v3.1: 9.8)
【Exploited by Ransomware: Unknown】 Multiple Rockwell products contain an insufficient credential protection vulnerability. A set of keys in Studio 5000 Logix Designer software may be discovered, and this key is used to authenticate communication between the Logix controller and Rockwell Automation design software. If this vulnerability is successfully exploited, unauthorized applications could connect to the Logix controller.

【CVE-2023-43000】Apple Multiple Products Use-After-Free Vulnerability (CVSS v3.1: 8.8)
【Exploited by Ransomware: Unknown】 A use-after-free vulnerability exists in Apple macOS, iOS, iPadOS, and Safari 16.6. This vulnerability could lead to memory corruption when the system processes maliciously crafted web page content.

【CVE-2021-30952】Apple Multiple Products Integer Overflow or Wraparound Vulnerability (CVSS v3.1: 8.8)
【Exploited by Ransomware: Unknown】 An integer overflow or wraparound vulnerability exists in Apple tvOS, macOS, Safari, iPadOS, and watchOS. This vulnerability could lead to arbitrary code execution when the system processes maliciously crafted web page content.

【CVE-2023-41974】Apple iOS and iPadOS Use-After-Free Vulnerability (CVSS v3.1: 7.8)
【Exploitation by Ransomware: Unknown】 Apple iOS and iPadOS contain a use-after-free vulnerability that could allow applications to execute arbitrary code with kernel privileges.

[Affected Platforms]
【CVE-2026-22719】Please refer to the official list of affected versions.
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947

【CVE-2026-21385】Please refer to the official list of affected versions.
https://docs.qualcomm.com/securitybulletin/march-2026-bulletin.html

【CVE-2017-7921】Please refer to the official list of affected versions.
https://www.hikvision.com/us-en/support/document-center/special-notices/privilege-escalating-vulnerability-in-certain-hikvision-ip-cameras/

【CVE-2021-22681】Please refer to the official list of affected versions. [CVE-2023-43000] Please refer to the official affected versions listed below:
https://www.cisa.gov/news-events/ics-advisories/icsa-21-056-03

【CVE-2023-43000】Please refer to the official affected versions listed below:
https://support.apple.com/en-us/120324
https://support.apple.com/en-us/120331
https://support.apple.com/en-us/120338

【CVE-2021-30952】Please refer to the official affected versions listed below:
https://support.apple.com/en-us/HT212975
https://support.apple.com/en-us/HT212976
https://support.apple.com/en-us/HT212978 [https://support.apple.com/en-us/HT212980
https://support.apple.com/en-us/HT212982

【CVE-2023-41974】Please refer to the affected versions listed in the official documentation.
https://support.apple.com/en-us/HT213938

[Recommended Actions]
【CVE-2026-22719】An official patch update has been released for this vulnerability. Please update to the relevant version.
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947

【CVE-2026-21385】Official updates have been released to fix the vulnerability. Please update to the relevant version.
https://docs.qualcomm.com/securitybulletin/march-2026-bulletin.html

【CVE-2017-7921】Official updates have been released to fix the vulnerability. Please update to the relevant version.
https://www.hikvision.com/us-en/support/document-center/special-notices/privilege-escalating-vulnerability-in-certain-hikvision-ip-cameras/

【CVE-2021-22681】Official updates have been released to fix the vulnerability. Please update to the relevant version.
https://www.cisa.gov/news-events/ics-advisories/icsa-21-056-03

【CVE-2023-43000】Official updates have been released to fix the vulnerability. Please update to the relevant version.
https://support.apple.com/en-us/120324
https://support.apple.com/en-us/120331
https://support.apple.com/en-us/120338

【CVE-2021-30952】 Official updates have been released to fix the vulnerability. Please update to the relevant version.
https://support.apple.com/en-us/HT212975
https://support.apple.com/en-us/HT212976
https://support.apple.com/en-us/HT212978
https://support.apple.com/en-us/HT212980
https://support.apple.com/en-us/HT212982

【CVE-2023-41974】 An official update has been released to fix the vulnerability. Please update to the relevant version.
https://support.apple.com/en-us/HT213938

Files
None
【Back】
Top↑