CVE-2017-9805 - Apache Struts Deserialization of Untrusted Data Vulnerability -

Action Due May 03, 2022 Target Vendor : Apache

Description : Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-9805

CVE-2020-0069 - Mediatek Multiple Chipsets Insufficient Input Validation Vulnerability -

Action Due May 03, 2022 Target Vendor : MediaTek

Description : Multiple MediaTek chipsets contain an insufficient input validation vulnerability and have missing SELinux restrictions in the Command Queue drivers ioctl handlers. This causes an out-of-bounds write leading to privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and CVE-2020-0041 under exploit chain "AbstractEmu."

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-0069

CVE-2019-2215 - Android Kernel Use-After-Free Vulnerability -

Action Due May 03, 2022 Target Vendor : Android

Description : Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an application to the Linux Kernel. This vulnerability was observed chained with CVE-2020-0041 and CVE-2020-0069 under exploit chain "AbstractEmu."

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-2215

CVE-2020-5735 - Amcrest Cameras and NVR Stack-based Buffer Overflow Vulnerability -

Action Due May 03, 2022 Target Vendor : Amcrest

Description : Amcrest cameras and NVR contain a stack-based buffer overflow vulnerability through port 37777 that allows an unauthenticated, remote attacker to crash the device and possibly execute code.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-5735

CVE-2018-15961 - Adobe ColdFusion Unrestricted File Upload Vulnerability -

Action Due May 03, 2022 Target Vendor : Adobe

Description : Adobe ColdFusion contains an unrestricted file upload vulnerability that could allow for code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-15961

CVE-2021-28550 - Adobe Acrobat and Reader Use-After-Free Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Adobe

Description : Adobe Acrobat and Reader contains a use-after-free vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-28550

CVE-2018-4939 - Adobe ColdFusion Deserialization of Untrusted Data Vulnerability -

Action Due May 03, 2022 Target Vendor : Adobe

Description : Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could allow for code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-4939

CVE-2021-21017 - Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Adobe

Description : Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-21017

CVE-2021-27101 - Accellion FTA SQL Injection Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Accellion

Description : Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to document_root.html.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-27101

CVE-2020-29583 - Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability -

Action Due May 03, 2022 Target Vendor : Zyxel

Description : Zyxel firewalls (ATP, USG, VM) and AP Controllers (NXC2500 and NXC5500) contain a use of hard-coded credentials vulnerability in an undocumented account ("zyfwp") with an unchangeable password.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-29583

CVE-2020-10189 - Zoho ManageEngine Desktop Central File Upload Vulnerability -

Action Due May 03, 2022 Target Vendor : Zoho

Description : Zoho ManageEngine Desktop Central contains a file upload vulnerability that allows for unauthenticated remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-10189

CVE-2021-40539 - Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Zoho

Description : Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-40539

CVE-2021-27561 - Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Yealink

Description : Yealink Device Management contains a server-side request forgery (SSRF) vulnerability that allows for unauthenticated remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-27561

CVE-2019-9978 - WordPress Social Warfare Plugin Cross-Site Scripting (XSS) Vulnerability -

Action Due May 03, 2022 Target Vendor : WordPress

Description : WordPress Social Warfare plugin contains a cross-site scripting (XSS) vulnerability that allows for remote code execution. This vulnerability affects Social Warfare and Social Warfare Pro.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-9978

CVE-2020-11738 - WordPress Snap Creek Duplicator Plugin File Download Vulnerability -

Action Due May 03, 2022 Target Vendor : WordPress

Description : WordPress Snap Creek Duplicator plugin contains a file download vulnerability when an administrator creates a new copy of their site that allows an attacker to download the generated files from their Wordpress dashboard. This vulnerability affects Duplicator and Dulplicator Pro.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-11738

CVE-2020-25213 - WordPress File Manager Plugin Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : WordPress

Description : WordPress File Manager plugin contains a remote code execution vulnerability that allows unauthenticated users to execute PHP code and upload malicious files on a target site.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-25213

CVE-2020-4006 - Multiple VMware Products Command Injection Vulnerability -

Action Due May 03, 2022 Target Vendor : VMware

Description : VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative configurator on port 8443 and a valid password for the configurator administrator account can execute commands with unrestricted privileges on the underlying operating system.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-4006

CVE-2021-21985 - VMware vCenter Server Improper Input Validation Vulnerability -

Action Due Nov 17, 2021 Target Vendor : VMware

Description : VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-21985

CVE-2021-21972 - VMware vCenter Server Remote Code Execution Vulnerability -

Action Due Nov 17, 2021 Target Vendor : VMware

Description : VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to port 443 to execute commands with unrestricted privileges on the underlying operating system.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-21972

CVE-2020-3952 - VMware vCenter Server Information Disclosure Vulnerability -

Action Due May 03, 2022 Target Vendor : VMware

Description : VMware vCenter Server contains an information disclosure vulnerability in the VMware Directory Service (vmdir) when the Platform Services Controller (PSC) does not correctly implement access controls. Successful exploitation allows an attacker with network access to port 389 to extract sensitive information.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-3952