CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
8.4
CVE-2013-2597 - Code Aurora ACDB Audio Driver Stack-based Buffer Overflow Vulnerability -
Action Due Oct 06, 2022 Target Vendor : Code Aurora
Description :The Code Aurora audio calibration database (acdb) audio driver contains a stack-based buffer overflow vulnerability that allows for privilege escalation. Code Aurora is used in third-party products such as Qualcomm and Android.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://web.archive.org/web/20161226013354/https:/www.codeaurora.org/news/security-advisories/stack-based-buffer-overflow-acdb-audio-driver-cve-2013-2597; https://nvd.nist.gov/vuln/detail/CVE-2013-2597
8.4
CVE-2013-2094 - Linux Kernel Privilege Escalation Vulnerability -
Action Due Oct 06, 2022 Target Vendor : Linux
Description :Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perf_swevent_enabled array in sw_perf_event_destroy(). Explotation allows for privilege escalation.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8176cced706b5e5d15887584150764894e94e02f; https://nvd.nist.gov/vuln/detail/CVE-2013-2094
7.2
CVE-2022-40139 - Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability -
Action Due Oct 06, 2022 Target Vendor : Trend Micro
Description :Trend Micro Apex One and Apex One as a Service contain an improper validation of rollback mechanism components that could lead to remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://success.trendmicro.com/dcx/s/solution/000291528?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2022-40139
7.8
CVE-2022-37969 - Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability -
Action Due Oct 05, 2022 Target Vendor : Microsoft
Description :Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37969; https://nvd.nist.gov/vuln/detail/CVE-2022-37969
7.8
CVE-2022-32917 - Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability -
Action Due Oct 05, 2022 Target Vendor : Apple
Description :Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://support.apple.com/en-us/HT213445, https://support.apple.com/en-us/HT213444; https://nvd.nist.gov/vuln/detail/CVE-2022-32917
9.8
CVE-2022-26258 - D-Link DIR-820L Remote Code Execution Vulnerability -
Action Due Sep 29, 2022 Target Vendor : D-Link
Description :D-Link DIR-820L contains an unspecified vulnerability in Device Name parameter in /lan.asp which allows for remote code execution.
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10295; https://nvd.nist.gov/vuln/detail/CVE-2022-26258
9.6
CVE-2022-3075 - Google Chromium Mojo Insufficient Data Validation Vulnerability -
Action Due Sep 29, 2022 Target Vendor : Google
Description :Google Chromium Mojo contains an insufficient data validation vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html, https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3075; https://nvd.nist.gov/vuln/detail/CVE-2022-3075
10.0
CVE-2022-27593 - QNAP Photo Station Externally Controlled Reference Vulnerability -
Action Due Sep 29, 2022 Target Vendor : QNAP
Description :Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Sep 08, 2022
Notes :https://www.qnap.com/en/security-advisory/qsa-22-24; https://nvd.nist.gov/vuln/detail/CVE-2022-27593
5.5
CVE-2020-9934 - Apple iOS, iPadOS, and macOS Input Validation Vulnerability -
Action Due Sep 29, 2022 Target Vendor : Apple
Description :Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://support.apple.com/en-us/HT211288, https://support.apple.com/en-us/HT211289; https://nvd.nist.gov/vuln/detail/CVE-2020-9934
10.0
CVE-2018-7445 - MikroTik RouterOS Stack-Based Buffer Overflow Vulnerability -
Action Due Sep 29, 2022 Target Vendor : MikroTik
Description :In MikroTik RouterOS, a stack-based buffer overflow occurs when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://www.coresecurity.com/core-labs/advisories/mikrotik-routeros-smb-buffer-overflow#vendor_update, https://mikrotik.com/download; https://nvd.nist.gov/vuln/detail/CVE-2018-7445
10.0
CVE-2018-6530 - D-Link Multiple Routers OS Command Injection Vulnerability -
Action Due Sep 29, 2022 Target Vendor : D-Link
Description :Multiple D-Link routers contain an unspecified vulnerability that allows for execution of OS commands.
Action :The vendor D-Link published an advisory stating the fix under CVE-2018-20114 properly patches KEV entry CVE-2018-6530. If the device is still supported, apply updates per vendor instructions. If the affected device has since entered its end-of-life, it should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Known Detected Sep 08, 2022
Notes :https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10105; https://nvd.nist.gov/vuln/detail/CVE-2018-6530
9.8
CVE-2018-2628 - Oracle WebLogic Server Unspecified Vulnerability -
Action Due Sep 29, 2022 Target Vendor : Oracle
Description :Oracle WebLogic Server contains an unspecified vulnerability which can allow an unauthenticated attacker with T3 network access to compromise the server.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://www.oracle.com/security-alerts/cpuapr2018.html; https://nvd.nist.gov/vuln/detail/CVE-2018-2628
6.8
CVE-2011-4723 - D-Link DIR-300 Router Cleartext Storage of a Password Vulnerability -
Action Due Sep 29, 2022 Target Vendor : D-Link
Description :The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information.
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://www.dlink.com/uk/en/support/product/dir-300-wireless-g-router; https://nvd.nist.gov/vuln/detail/CVE-2011-4723
7.8
CVE-2011-1823 - Android OS Privilege Escalation Vulnerability -
Action Due Sep 29, 2022 Target Vendor : Android
Description :The vold volume manager daemon in Android kernel trusts messages from a PF_NETLINK socket, which allows an attacker to execute code and gain root privileges. This vulnerability is associated with GingerBreak and Exploit.AndroidOS.Lotoor.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://android.googlesource.com/platform/system/vold/+/c51920c82463b240e2be0430849837d6fdc5352e; https://nvd.nist.gov/vuln/detail/CVE-2011-1823
4.3
CVE-2018-13374 - Fortinet FortiOS and FortiADC Improper Access Control Vulnerability -
Action Due Sep 29, 2022 Target Vendor : Fortinet
Description :Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity test request to a rogue LDAP server.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Sep 08, 2022
Notes :https://www.fortiguard.com/psirt/FG-IR-18-157; https://nvd.nist.gov/vuln/detail/CVE-2018-13374
8.1
CVE-2017-5521 - NETGEAR Multiple Devices Exposure of Sensitive Information Vulnerability -
Action Due Sep 29, 2022 Target Vendor : NETGEAR
Description :Multiple NETGEAR devices are prone to admin password disclosure via simple crafted requests to the web management server.
Action :Apply updates per vendor instructions. If the affected device has since entered end-of-life, it should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability; https://nvd.nist.gov/vuln/detail/CVE-2017-5521
9.8
CVE-2022-26352 - dotCMS Unrestricted Upload of File Vulnerability -
Action Due Sep 15, 2022 Target Vendor : dotCMS
Description :dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage location. Exploitation allows for remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Aug 25, 2022
Notes :https://www.dotcms.com/security/SI-62; https://nvd.nist.gov/vuln/detail/CVE-2022-26352
10.0
CVE-2022-24706 - Apache CouchDB Insecure Default Initialization of Resource Vulnerability -
Action Due Sep 15, 2022 Target Vendor : Apache
Description :Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00; https://nvd.nist.gov/vuln/detail/CVE-2022-24706
9.8
CVE-2022-22963 - VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability -
Action Due Sep 15, 2022 Target Vendor : VMware Tanzu
Description :When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://tanzu.vmware.com/security/cve-2022-22963; https://nvd.nist.gov/vuln/detail/CVE-2022-22963
9.8
CVE-2022-24112 - Apache APISIX Authentication Bypass Vulnerability -
Action Due Sep 15, 2022 Target Vendor : Apache
Description :Apache APISIX contains an authentication bypass vulnerability that allows for remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://lists.apache.org/thread/lcdqywz8zy94mdysk7p3gfdgn51jmt94; https://nvd.nist.gov/vuln/detail/CVE-2022-24112