CISA Known Exploited Vulnerabilities Catalog
8.1
CVE-2018-11776 - Apache Struts Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Apache
Description : Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defined in underlying configurations and in same time, its upper package configuration have no or wildcard namespace. Or, using URL tag which doesn�t have value and action set and in same time, its upper package configuration have no or wildcard namespace.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
8.8
CVE-2021-30858 - Apple iOS, iPadOS, macOS Use-After-Free Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description : Apple iOS, iPadOS, and macOS WebKit contains a use-after-free vulnerability that may allow for code execution when processing maliciously crafted web content.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
7.5
CVE-2019-6223 - Apple iOS and macOS Group Facetime Vulnerability -
Action Due May 03, 2022 Target Vendor : Apple
Description : Apple iOS and macOS Group FaceTime contains an unspecified vulnerability where the call initiator can cause the recipient's Apple device to answer unknowingly or without user interaction.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
7.8
CVE-2021-30860 - Apple Multiple Products Integer Overflow Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description : Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerability is also known under the moniker of FORCEDENTRY.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
7.8
CVE-2020-27930 - Apple Multiple Products Memory Corruption Vulnerability -
Action Due May 03, 2022 Target Vendor : Apple
Description : Apple iOS, iPadOS, macOS, and watchOS FontParser contain a memory corruption vulnerability which may allow for code execution when processing maliciously crafted front.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
7.8
CVE-2021-30807 - Apple Multiple Products Memory Corruption Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description : Apple iOS, iPadOS, macOS, and watchOS IOMobileFrameBuffer contain a memory corruption vulnerability which may allow an application to execute code with kernel privileges.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
5.5
CVE-2020-27950 - Apple Multiple Products Memory Initialization Vulnerability -
Action Due May 03, 2022 Target Vendor : Apple
Description : Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
7.8
CVE-2020-27932 - Apple Multiple Products Type Confusion Vulnerability -
Action Due May 03, 2022 Target Vendor : Apple
Description : Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel privileges.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
8.8
CVE-2020-9818 - Apple iOS, iPadOS, and watchOS Out-of-Bounds Write Vulnerability -
Action Due May 03, 2022 Target Vendor : Apple
Description : Apple iOS, iPadOS, and watchOS Mail contains an out-of-bounds write vulnerability which may allow memory modification or application termination when processing a maliciously crafted mail message.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
4.3
CVE-2020-9819 - Apple iOS, iPadOS, and watchOS Memory Corruption Vulnerability -
Action Due May 03, 2022 Target Vendor : Apple
Description : Apple iOS, iPadOS, and watchOS Mail contains a memory corruption vulnerability that may allow heap corruption when processing a maliciously crafted mail message.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
8.8
CVE-2021-30762 - Apple iOS Use-After-Free Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description : Apple iOS WebKit contains a use-after-free vulnerability which may allow for code execution when processing maliciously crafted web content.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
7.0
CVE-2021-1782 - Apple Multiple Products Race Condition Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description : Apple iOS, iPadOs, macOS, watchOS, and tvOS contain a race condition vulnerability that may allow a malicious application to elevate privileges.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
9.8
CVE-2021-1870 - Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description : Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic issue which may allow a remote attacker to execute code.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
9.8
CVE-2021-1871 - Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description : Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic issue which may allow a remote attacker to execute code.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
6.1
CVE-2021-1879 - Apple iOS, iPadOS, and watchOS Cross-Site Scripting (XSS) Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description : Apple iOS, iPadOS, and watchOS WebKit contains a cross-site scripting (XSS) vulnerability when processing maliciously crafted web content.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
8.8
CVE-2021-30661 - Apple Multiple Products Use-After-Free Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description : Apple iOS, iPadOS, macOS, watchOS, tvOS, and Safari WebKit Storage contain a use-after-free vulnerability which may allow for code execution when processing maliciously crafted web content.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
8.8
CVE-2021-30666 - Apple iOS Buffer Overflow Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description : Apple iOS WebKit contains a buffer-overflow vulnerability which may allow for code execution when processing maliciously crafted web content.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
7.8
CVE-2021-30713 - Apple macOS Unspecified Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description : Apple macOS Transparency, Consent, and Control (TCC) contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
5.5
CVE-2021-30657 - Apple macOS Unspecified Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description : Apple macOS contains an unspecified logic issue in System Preferences that may allow a malicious application to bypass Gatekeeper checks.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
8.8
CVE-2021-30665 - Apple Multiple Products Memory Corruption Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description : Apple iOS, iPadOS, macOS, watchOS, and tvOS WebKit contain a memory corruption vulnerability which may allow for code execution when processing maliciously crafted web content.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown