CVE-2021-22005 - VMware vCenter Server File Upload Vulnerability -

Action Due Nov 17, 2021 Target Vendor : VMware

Description : VMware vCenter Server contains a file upload vulnerability in the Analytics service that allows a user with network access to port 443 to execute code.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-22005

CVE-2020-3950 - VMware Multiple Products Privilege Escalation Vulnerability -

Action Due May 03, 2022 Target Vendor : VMware

Description : VMware Fusion, Remote Console (VMRC) for Mac, and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries that allows attackers to escalate privileges to root.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-3950

CVE-2020-3992 - VMware ESXi OpenSLP Use-After-Free Vulnerability -

Action Due May 03, 2022 Target Vendor : VMware

Description : VMware ESXi OpenSLP contains a use-after-free vulnerability that allows an attacker residing in the management network with access to port 427 to perform remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-3992

CVE-2020-17496 - vBulletin PHP Module Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : vBulletin

Description : The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. This CVE ID resolves an incomplete patch for CVE-2019-16759.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-17496

CVE-2019-16759 - vBulletin PHP Module Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : vBulletin

Description : The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-16759

CVE-2020-5849 - Unraid Authentication Bypass Vulnerability -

Action Due May 03, 2022 Target Vendor : Unraid

Description : Unraid contains an authentication bypass vulnerability that allows attackers to gain access to the administrative interface. This CVE is chainable with CVE-2020-5847 for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-5849

CVE-2019-20085 - TVT NVMS-1000 Directory Traversal Vulnerability -

Action Due May 03, 2022 Target Vendor : TVT

Description : TVT devices utilizing NVMS-1000 software contain a directory traversal vulnerability via GET /.. requests.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-20085

CVE-2021-36741 - Trend Micro Multiple Products Improper Input Validation Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Trend Micro

Description : Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows a remote attacker to upload files.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://success.trendmicro.com/dcx/s/solution/000287819?language=en_US, https://success.trendmicro.com/dcx/s/solution/000287820?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2021-36741

CVE-2021-36742 - Trend Micro Multiple Products Improper Input Validation Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Trend Micro

Description : Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://success.trendmicro.com/dcx/s/solution/000287819?language=en_US, https://success.trendmicro.com/dcx/s/solution/000287820?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2021-36742

CVE-2020-8599 - Trend Micro Apex One and OfficeScan Authentication Bypass Vulnerability -

Action Due May 03, 2022 Target Vendor : Trend Micro

Description : Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-8599

CVE-2020-8468 - Trend Micro Multiple Products Content Validation Escape Vulnerability -

Action Due May 03, 2022 Target Vendor : Trend Micro

Description : Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agent client components.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-8468

CVE-2020-8467 - Trend Micro Apex One and OfficeScan Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Trend Micro

Description : Trend Micro Apex One and OfficeScan contain an unspecified vulnerability within a migration tool component that allows for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-8467

CVE-2019-18187 - Trend Micro OfficeScan Directory Traversal Vulnerability -

Action Due May 03, 2022 Target Vendor : Trend Micro

Description : Trend Micro OfficeScan contains a directory traversal vulnerability by extracting files from a zip file to a specific folder on the OfficeScan server, leading to remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-18187

CVE-2019-9082 - ThinkPHP Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : ThinkPHP

Description : ThinkPHP contains an unspecified vulnerability that allows for remote code execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-9082

CVE-2018-20062 - ThinkPHP "noneCms" Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : ThinkPHP

Description : ThinkPHP "noneCms" contains an unspecified vulnerability that allows for remote code execution through crafted use of the filter parameter.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-20062

CVE-2018-14558 - Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability -

Action Due May 03, 2022 Target Vendor : Tenda

Description : Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Successful exploitation allows an attacker to execute OS commands via a crafted goform/setUsbUnload request.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-14558

CVE-2020-10987 - Tenda AC1900 Router AC15 Model Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Tenda

Description : Tenda AC1900 Router AC15 Model contains an unspecified vulnerability that allows remote attackers to execute system commands via the deviceName POST parameter.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-10987

CVE-2021-31755 - Tenda AC11 Router Stack Buffer Overflow Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Tenda

Description : Tenda AC11 devices contain a stack buffer overflow vulnerability in /goform/setmac which allows attackers to execute code via a crafted post request.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-31755

CVE-2017-9248 - Progress Telerik UI for ASP.NET AJAX and Sitefinity Cryptographic Weakness Vulnerability -

Action Due May 03, 2022 Target Vendor : Progress

Description : Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys (Telerik.Web.UI.DialogParametersEncryptionKey and/or the MachineKey), perform cross-site-scripting (XSS) attacks, compromise the ASP.NET ViewState, and/or upload and download files.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-9248

CVE-2017-6327 - Symantec Messaging Gateway Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Symantec

Description : Symantec Messaging Gateway contains an unspecified vulnerability which can allow for remote code execution. With the ability to perform remote code execution, an attacker may also desire to perform privilege escalating actions.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-6327