CISA Known Exploited Vulnerabilities (KEV)
7.5
CVE-2014-0160 - OpenSSL Information Disclosure Vulnerability -
Action Due May 25, 2022 Target Vendor : OpenSSL
Description : The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2014-0160
9.3
CVE-2019-8506 - Apple Multiple Products Type Confusion Vulnerability -
Action Due May 25, 2022 Target Vendor : Apple
Description : A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-8506
7.0
CVE-2022-21919 - Microsoft Windows User Profile Service Privilege Escalation Vulnerability -
Action Due May 16, 2022 Target Vendor : Microsoft
Description : Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-21919
7.8
CVE-2022-0847 - Linux Kernel Privilege Escalation Vulnerability -
Action Due May 16, 2022 Target Vendor : Linux
Description : Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of "Dirty Pipe."
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-0847
7.8
CVE-2021-41357 - Microsoft Win32k Privilege Escalation Vulnerability -
Action Due May 16, 2022 Target Vendor : Microsoft
Description : Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-41357
9.9
CVE-2019-1003029 - Jenkins Script Security Plugin Sandbox Bypass Vulnerability -
Action Due May 16, 2022 Target Vendor : Jenkins
Description : Jenkins Script Security Plugin contains a protection mechanism failure, allowing an attacker to bypass the sandbox.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-1003029
10.0
CVE-2022-29464 - WSO2 Multiple Products Unrestrictive Upload of File Vulnerability -
Action Due May 16, 2022 Target Vendor : WSO2
Description : Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-29464
7.0
CVE-2022-26904 - Microsoft Windows User Profile Service Privilege Escalation Vulnerability -
Action Due May 16, 2022 Target Vendor : Microsoft
Description : Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-26904
7.8
CVE-2021-40450 - Microsoft Win32k Privilege Escalation Vulnerability -
Action Due May 16, 2022 Target Vendor : Microsoft
Description : Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-40450
6.1
CVE-2018-6882 - Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability -
Action Due May 10, 2022 Target Vendor : Zimbra
Description : Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that might allow remote attackers to inject arbitrary web script or HTML.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-6882
9.8
CVE-2019-3568 - WhatsApp VOIP Stack Buffer Overflow Vulnerability -
Action Due May 10, 2022 Target Vendor : Meta Platforms
Description : A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-3568
7.8
CVE-2022-22718 - Microsoft Windows Print Spooler Privilege Escalation Vulnerability -
Action Due May 10, 2022 Target Vendor : Microsoft
Description : Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-22718
8.8
CVE-2022-1364 - Google Chromium V8 Type Confusion Vulnerability -
Action Due May 06, 2022 Target Vendor : Google
Description : Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-1364
10.0
CVE-2019-3929 - Crestron Multiple Products Command Injection Vulnerability -
Action Due May 06, 2022 Target Vendor : Crestron
Description : Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-3929
10.0
CVE-2019-16057 - D-Link DNS-320 Remote Code Execution Vulnerability -
Action Due May 06, 2022 Target Vendor : D-Link
Description : The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution.
Action : The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-16057
9.8
CVE-2018-7841 - Schneider Electric U.motion Builder SQL Injection Vulnerability -
Action Due May 06, 2022 Target Vendor : Schneider Electric
Description : A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered.
Action : The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-7841
7.5
CVE-2016-4523 - Trihedral VTScada (formerly VTS) Denial-of-Service Vulnerability -
Action Due May 06, 2022 Target Vendor : Trihedral
Description : The WAP interface in Trihedral VTScada (formerly VTS) allows remote attackers to cause a denial-of-service (DoS).
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-4523
9.8
CVE-2014-0780 - InduSoft Web Studio NTWebServer Directory Traversal Vulnerability -
Action Due May 06, 2022 Target Vendor : InduSoft
Description : InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2014-0780
9.8
CVE-2010-5330 - Ubiquiti AirOS Command Injection Vulnerability -
Action Due May 06, 2022 Target Vendor : Ubiquiti
Description : Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2010-5330
10.0
CVE-2007-3010 - Alcatel OmniPCX Enterprise Remote Code Execution Vulnerability -
Action Due May 06, 2022 Target Vendor : Alcatel
Description : masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2007-3010