CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
9.8
CVE-2022-1040 - Sophos Firewall Authentication Bypass Vulnerability -
Action Due Apr 21, 2022 Target Vendor : Sophos
Description :An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2022-1040
7.8
CVE-2021-34484 - Microsoft Windows User Profile Service Privilege Escalation Vulnerability -
Action Due Apr 21, 2022 Target Vendor : Microsoft
Description :Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-34484
10.0
CVE-2021-28799 - QNAP NAS Improper Authorization Vulnerability -
Action Due Apr 21, 2022 Target Vendor : QNAP
Description :QNAP NAS running HBS 3 contains an improper authorization vulnerability which can allow remote attackers to log in to a device.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 31, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-28799
8.8
CVE-2021-21551 - Dell dbutil Driver Insufficient Access Control Vulnerability -
Action Due Apr 21, 2022 Target Vendor : Dell
Description :Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service (DoS), or information disclosure.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-21551
8.8
CVE-2022-1096 - Google Chromium V8 Type Confusion Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Google
Description :Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2022-1096
7.8
CVE-2010-4398 - Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability -
Action Due Apr 21, 2022 Target Vendor : Microsoft
Description :Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control (UAC) feature.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2010-4398
7.8
CVE-2011-2005 - Microsoft Ancillary Function Driver (afd.sys) Improper Input Validation Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Microsoft
Description :afd.sys in the Ancillary Function Driver in Microsoft Windows does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2011-2005
7.8
CVE-2018-8405 - Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Microsoft
Description :An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 28, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-8405
7.8
CVE-2013-3660 - Microsoft Win32k Privilege Escalation Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Microsoft
Description :The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft does not properly initialize a pointer for the next object in a certain list, which allows local users to gain privileges.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2013-3660
10.0
CVE-2022-0543 - Debian-specific Redis Server Lua Sandbox Escape Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Redis
Description :Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2022-0543
7.8
CVE-2021-38646 - Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Microsoft
Description :Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 28, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-38646
7.8
CVE-2021-34486 - Microsoft Windows Event Tracing Privilege Escalation Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Microsoft
Description :Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-34486
5.3
CVE-2021-26085 - Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Atlassian
Description :Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 28, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-26085
9.8
CVE-2021-20028 - SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability -
Action Due Apr 18, 2022 Target Vendor : SonicWall
Description :SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection.
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 28, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-20028
7.5
CVE-2019-7483 - SonicWall SMA100 Directory Traversal Vulnerability -
Action Due Apr 18, 2022 Target Vendor : SonicWall
Description :In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-7483
7.8
CVE-2018-8440 - Microsoft Windows Privilege Escalation Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Microsoft
Description :An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 28, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-8440
7.8
CVE-2018-8406 - Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Microsoft
Description :An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 28, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-8406
7.3
CVE-2017-0213 - Microsoft Windows Privilege Escalation Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Microsoft
Description :Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 28, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-0213
4.3
CVE-2017-0059 - Microsoft Internet Explorer Information Disclosure Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Microsoft
Description :Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-0059
8.1
CVE-2017-0037 - Microsoft Edge and Internet Explorer Type Confusion Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Microsoft
Description :Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-0037