CISA Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.Y

    9.8

    CVSS31
    CVE-2018-13379 - Fortinet FortiOS SSL VPN Path Traversal Vulnerability -

    Action Due May 03, 2022 Target Vendor : Fortinet

    Description : Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Alert Date: Nov 03, 2021 | 1040 days ago

    8.8

    CVSS31
    CVE-2020-16010 - Google Chrome for Android UI Heap Buffer Overflow Vulnerability -

    Action Due May 03, 2022 Target Vendor : Google

    Description : Google Chrome for Android UI contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Nov 03, 2021 | 1040 days ago

    6.5

    CVSS31
    CVE-2020-15999 - Google Chrome FreeType Heap Buffer Overflow Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description : Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG images embedded into fonts. This vulnerability is part of an exploit chain with CVE-2020-17087 on Windows and CVE-2020-16010 on Android.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Nov 03, 2021 | 1040 days ago

    8.8

    CVSS31
    CVE-2021-21166 - Google Chromium Race Condition Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description : Google Chromium contains a race condition vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Nov 03, 2021 | 1040 days ago

    9.6

    CVSS31
    CVE-2020-16017 - Google Chrome Use-After-Free Vulnerability -

    Action Due May 03, 2022 Target Vendor : Google

    Description : Google Chrome contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Nov 03, 2021 | 1040 days ago

    6.5

    CVSS31
    CVE-2021-37976 - Google Chromium Information Disclosure Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description : Google Chromium contains an information disclosure vulnerability within the core memory component that allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Nov 03, 2021 | 1040 days ago

    8.8

    CVSS31
    CVE-2020-16009 - Google Chromium V8 Type Confusion Vulnerability -

    Action Due May 03, 2022 Target Vendor : Google

    Description : Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Nov 03, 2021 | 1040 days ago

    8.8

    CVSS31
    CVE-2021-30632 - Google Chromium V8 Out-of-Bounds Write Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description : Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Nov 03, 2021 | 1040 days ago

    8.8

    CVSS31
    CVE-2020-16013 - Google Chromium V8 Incorrect Implementation Vulnerabililty -

    Action Due May 03, 2022 Target Vendor : Google

    Description : Google Chromium V8 Engine contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Nov 03, 2021 | 1040 days ago

    9.6

    CVSS31
    CVE-2021-30633 - Google Chromium Indexed DB API Use-After-Free Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description : Google Chromium Indexed DB API contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Nov 03, 2021 | 1040 days ago

    8.8

    CVSS31
    CVE-2021-21148 - Google Chromium V8 Heap Buffer Overflow Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description : Google Chromium V8 Engine contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Nov 03, 2021 | 1040 days ago

    9.6

    CVSS31
    CVE-2021-37973 - Google Chromium Portals Use-After-Free Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description : Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Nov 03, 2021 | 1040 days ago

    8.8

    CVSS31
    CVE-2021-30551 - Google Chromium V8 Type Confusion Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description : Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Nov 03, 2021 | 1040 days ago

    8.8

    CVSS31
    CVE-2021-37975 - Google Chromium V8 Use-After-Free Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description : Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Nov 03, 2021 | 1040 days ago

    8.8

    CVSS31
    CVE-2020-6418 - Google Chromium V8 Type Confusion Vulnerability -

    Action Due May 03, 2022 Target Vendor : Google

    Description : Google Chromium V8 Engine contains a type confusion vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Nov 03, 2021 | 1040 days ago

    8.8

    CVSS31
    CVE-2021-30554 - Google Chromium WebGL Use-After-Free Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description : Google Chromium WebGL contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Nov 03, 2021 | 1040 days ago

    8.8

    CVSS31
    CVE-2021-21206 - Google Chromium Blink Use-After-Free Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description : Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Nov 03, 2021 | 1040 days ago

    6.1

    CVSS31
    CVE-2021-38000 - Google Chromium Intents Improper Input Validation Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description : Google Chromium Intents contains an improper input validation vulnerability that allows a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Nov 03, 2021 | 1040 days ago

    8.8

    CVSS31
    CVE-2021-38003 - Google Chromium V8 Memory Corruption Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description : Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Nov 03, 2021 | 1040 days ago

    8.8

    CVSS31
    CVE-2021-21224 - Google Chromium V8 Type Confusion Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description : Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Nov 03, 2021 | 1040 days ago
Showing 20 of 1162 Results

Filters