CISA Known Exploited Vulnerabilities Catalog
9.8
CVE-2019-19781 - Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Citrix
Description : Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
9.8
CVE-2019-11634 - Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Citrix
Description : Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local drives.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
9.8
CVE-2020-29557 - D-Link DIR-825 R1 Devices Buffer Overflow Vulnerability -
Action Due May 03, 2022 Target Vendor : D-Link
Description : D-Link DIR-825 R1 devices contain a buffer overflow vulnerability in the web interface that may allow for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
9.8
CVE-2020-25506 - D-Link DNS-320 Device Command Injection Vulnerability -
Action Due May 03, 2022 Target Vendor : D-Link
Description : D-Link DNS-320 device contains a command injection vulnerability in the sytem_mgr.cgi component that may allow for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
7.5
CVE-2018-15811 - DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability -
Action Due May 03, 2022 Target Vendor : DotNetNuke (DNN)
Description : DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
7.5
CVE-2018-18325 - DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability -
Action Due May 03, 2022 Target Vendor : DotNetNuke (DNN)
Description : DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. This CVE ID resolves an incomplete patch for CVE-2018-15811.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
8.8
CVE-2017-9822 - DotNetNuke (DNN) Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : DotNetNuke (DNN)
Description : DotNetNuke (DNN) contains a vulnerability that may allow for remote code execution via cookie deserialization.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
7.8
CVE-2019-15752 - Docker Desktop Community Edition Privilege Escalation Vulnerability -
Action Due May 03, 2022 Target Vendor : Docker
Description : Docker Desktop Community Edition contains a vulnerability that may allow local users to escalate privileges by placing a trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
9.8
CVE-2020-8515 - Multiple DrayTek Vigor Routers Web Management Page Vulnerability -
Action Due May 03, 2022 Target Vendor : DrayTek
Description : DrayTek Vigor3900, Vigor2960, and Vigor300B routers contain an unspecified vulnerability that allows for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
9.8
CVE-2018-7600 - Drupal Core Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Drupal
Description : Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
10.0
CVE-2021-22205 - GitLab Community and Enterprise Editions Remote Code Execution Vulnerability -
Action Due Nov 17, 2021 Target Vendor : GitLab
Description : GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
9.8
CVE-2018-6789 - Exim Buffer Overflow Vulnerability -
Action Due May 03, 2022 Target Vendor : Exim
Description : Exim contains a buffer overflow vulnerability in the base64d function part of the SMTP listener that may allow for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
9.8
CVE-2020-8657 - EyesOfNetwork Use of Hard-Coded Credentials Vulnerability -
Action Due May 03, 2022 Target Vendor : EyesOfNetwork
Description : EyesOfNetwork contains a use of hard-coded credentials vulnerability, as it uses the same API key by default. Exploitation allows an attacker to calculate or guess the admin access token.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
7.8
CVE-2020-8655 - EyesOfNetwork Improper Privilege Management Vulnerability -
Action Due May 03, 2022 Target Vendor : EyesOfNetwork
Description : EyesOfNetwork contains an improper privilege management vulnerability that may allow a user to run commands as root via a crafted Nmap Scripting Engine (NSE) script to nmap7.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
9.8
CVE-2020-5902 - F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : F5
Description : F5 BIG-IP Traffic Management User Interface (TMUI) contains a remote code execution vulnerability in undisclosed pages.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
9.8
CVE-2021-22986 - F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability -
Action Due Nov 17, 2021 Target Vendor : F5
Description : F5 BIG-IP and BIG-IQ Centralized Management contain a remote code execution vulnerability in the iControl REST interface that allows unauthenticated attackers with network access to execute system commands, create or delete files, and disable services.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
9.8
CVE-2021-35464 - ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability -
Action Due Nov 17, 2021 Target Vendor : ForgeRock
Description : ForgeRock Access Management (AM) Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints (/ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFrame) to execute code in the context of the current user (unless ForgeRock AM is running as root user, which the vendor does not recommend).
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
6.5
CVE-2019-5591 - Fortinet FortiOS Default Configuration Vulnerability -
Action Due May 03, 2022 Target Vendor : Fortinet
Description : Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the Lightweight Directory Access Protocol (LDAP) server.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
9.8
CVE-2020-12812 - Fortinet FortiOS SSL VPN Improper Authentication Vulnerability -
Action Due May 03, 2022 Target Vendor : Fortinet
Description : Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication (FortiToken) if they change the case in their username.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
9.8
CVE-2018-13379 - Fortinet FortiOS SSL VPN Path Traversal Vulnerability -
Action Due May 03, 2022 Target Vendor : Fortinet
Description : Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known