POSTING DATE: 2026/01/14
[VULNERABILITY ALERT] CISA Adds 2 Known Exploited Vulnerabilities to KEV Catalog (2026/01/05-2026/01/11)
- Subject: [VULNERABILITY ALERT] CISA Adds 2 Known Exploited Vulnerabilities to KEV Catalog (2026/01/05-2026/01/11)
- Content Description:
- Forwarded from Taiwan Computer Emergency Response Team/Coordination Center Security Alert TWCERTCC-200-202601-00000006
- [CVE-2009-0556] Microsoft Office PowerPoint Code Injection Vulnerability (CVSS v3.1: 8.8)
- [Known to be exploited by ransomware: Unknown] Microsoft Office PowerPoint contains a code injection vulnerability. A remote attacker can trigger memory corruption via a PowerPoint file containing an OutlineTextRefAtom with an invalid index value, thereby executing arbitrary code.
- [CVE-2025-37164] Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability (CVSS v3.1: 10.0)
- [Known to be exploited by ransomware: Unknown] Hewlett Packard Enterprise (HPE) OneView contains a code injection vulnerability, allowing unauthenticated remote users to perform remote code execution.
- Affected Platforms:
- [CVE-2009-0556] Please refer to the affected versions listed by the official source: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017
- [CVE-2025-37164] Please refer to the affected versions listed by the official source: https://myenterpriselicense.hpe.com/cwp-ui/product-details/HPE_OV_CVE_37164_Z7550-98077/-/sw_free
- Recommended Actions:
- [CVE-2009-0556] The vendor has released security updates for this vulnerability; please update to the relevant versions: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017
- [CVE-2025-37164] The vendor has released security updates for this vulnerability; please update to the relevant versions: https://myenterpriselicense.hpe.com/cwp-ui/product-details/HPE_OV_CVE_37164_Z7550-98077/-/sw_free
Computer and Communication Center
Network Systems Division, Respectfully
