Google Announces New Rating System for Android and Device Vulnerability Reports


The agency added seven new vulnerabilities to its KEV catalog on Friday: Ruckus AP remote code execution (CVE-2023-25717), Red Hat Polkit privilege escalation (CVE-2021-3560), Linux kernel privilege escalations (CVE-2014-0196 and CVE-2010-3904), Jenkins UI information disclosure (CVE-2015-5317), Apache Tomcat remote code execution (CVE-2016-8735), and an Oracle Java SE and JRockit issue (CVE-2016-3427).

The Ruckus product vulnerability has been exploited by a DDoS botnet named AndoryuBot. 

However, there do not appear to be any public reports describing exploitation of the other vulnerabilities added to CISA’s catalog. Technical details and proof-of-concept (PoC) exploits are available, which is not surprising considering that some of them have been known for a decade. 

Read more…