CISA Known Exploited Vulnerabilities Catalog
9.8
CVE-2020-17463 - Fuel CMS SQL Injection Vulnerability -
Action Due Jun 10, 2022 Target Vendor : Fuel CMS
Description : FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
7.2
CVE-2020-8816 - Pi-Hole AdminLTE Remote Code Execution Vulnerability -
Action Due Jun 10, 2022 Target Vendor : Pi-hole
Description : Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
9.9
CVE-2019-10758 - MongoDB mongo-express Remote Code Execution Vulnerability -
Action Due Jun 10, 2022 Target Vendor : MongoDB
Description : mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
10.0
CVE-2021-44228 - Apache Log4j2 Remote Code Execution Vulnerability -
Action Due Dec 24, 2021 Target Vendor : Apache
Description : Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.
Action : For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available.
Known To Be Used in Ransomware Campaigns? : Known
7.8
CVE-2020-11261 - Qualcomm Multiple Chipsets Improper Input Validation Vulnerability -
Action Due Jun 01, 2022 Target Vendor : Qualcomm
Description : Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
9.1
CVE-2018-14847 - MikroTik Router OS Directory Traversal Vulnerability -
Action Due Jun 01, 2022 Target Vendor : MikroTik
Description : MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
9.8
CVE-2021-37415 - Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability -
Action Due Dec 15, 2021 Target Vendor : Zoho
Description : Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
9.0
CVE-2021-40438 - Apache HTTP Server-Side Request Forgery (SSRF) -
Action Due Dec 15, 2021 Target Vendor : Apache
Description : A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
9.8
CVE-2021-44077 - Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability -
Action Due Dec 15, 2021 Target Vendor : Zoho
Description : Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
7.8
CVE-2021-22204 - ExifTool Remote Code Execution Vulnerability -
Action Due Dec 01, 2021 Target Vendor : Perl
Description : Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
7.8
CVE-2021-40449 - Microsoft Windows Win32k Privilege Escalation Vulnerability -
Action Due Dec 01, 2021 Target Vendor : Microsoft
Description : Unspecified vulnerability allows for an authenticated user to escalate privileges.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
8.8
CVE-2021-42321 - Microsoft Exchange Server Remote Code Execution Vulnerability -
Action Due Dec 01, 2021 Target Vendor : Microsoft
Description : An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
7.8
CVE-2021-42292 - Microsoft Excel Security Feature Bypass -
Action Due Dec 01, 2021 Target Vendor : Microsoft
Description : A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
7.8
CVE-2021-36742 - Trend Micro Multiple Products Improper Input Validation Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Trend Micro
Description : Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://success.trendmicro.com/dcx/s/solution/000287819?language=en_US, https://success.trendmicro.com/dcx/s/solution/000287820?language=en_US
8.8
CVE-2021-36741 - Trend Micro Multiple Products Improper Input Validation Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Trend Micro
Description : Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows a remote attacker to upload files.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://success.trendmicro.com/dcx/s/solution/000287819?language=en_US, https://success.trendmicro.com/dcx/s/solution/000287820?language=en_US
7.5
CVE-2019-20085 - TVT NVMS-1000 Directory Traversal Vulnerability -
Action Due May 03, 2022 Target Vendor : TVT
Description : TVT devices utilizing NVMS-1000 software contain a directory traversal vulnerability via GET /.. requests.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
7.5
CVE-2020-5849 - Unraid Authentication Bypass Vulnerability -
Action Due May 03, 2022 Target Vendor : Unraid
Description : Unraid contains an authentication bypass vulnerability that allows attackers to gain access to the administrative interface. This CVE is chainable with CVE-2020-5847 for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
9.8
CVE-2020-5847 - Unraid Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Unraid
Description : Unraid contains a vulnerability due to the insecure use of the extract PHP function that can be abused to execute remote code as root. This CVE is chainable with CVE-2020-5849 for initial access.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
9.8
CVE-2019-16759 - vBulletin PHP Module Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : vBulletin
Description : The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
9.8
CVE-2020-17496 - vBulletin PHP Module Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : vBulletin
Description : The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. This CVE ID resolves an incomplete patch for CVE-2019-16759.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown