CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
9.4
CVE-2015-4068 - Arcserve Unified Data Protection (UDP) Directory Traversal Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Arcserve
Description :Directory traversal vulnerability in Arcserve UDP allows remote attackers to obtain sensitive information or cause a denial of service.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2015-4068
7.8
CVE-2015-3035 - TP-Link Multiple Archer Devices Directory Traversal Vulnerability -
Action Due Apr 15, 2022 Target Vendor : TP-Link
Description :Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2015-3035
10.0
CVE-2020-25223 - Sophos SG UTM Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Sophos
Description :A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-25223
9.0
CVE-2017-6334 - NETGEAR DGN2200 Devices OS Command Injection Vulnerability -
Action Due Apr 15, 2022 Target Vendor : NETGEAR
Description :dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-6334
10.0
CVE-2017-6316 - Citrix Multiple Products Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Citrix
Description :A vulnerability has been identified in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition that could result in an unauthenticated, remote attacker being able to execute arbitrary code as a root user. This vulnerability also affects XenMobile Server.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-6316
10.0
CVE-2017-3881 - Cisco IOS and IOS XE Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Cisco
Description :A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-3881
8.1
CVE-2017-12617 - Apache Tomcat Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Apache
Description :When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-12617
8.1
CVE-2017-12615 - Apache Tomcat on Windows Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Apache
Description :When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 25, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-12615
9.3
CVE-2017-0146 - Microsoft Windows SMB Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Microsoft
Description :The SMBv1 server in Microsoft Windows allows remote attackers to perform remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 25, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-0146
9.3
CVE-2016-7892 - Adobe Flash Player Use-After-Free Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Adobe
Description :Adobe Flash Player has an exploitable use-after-free vulnerability in the TextField class.
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2016-7892
10.0
CVE-2016-4171 - Adobe Flash Player Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Adobe
Description :Unspecified vulnerability in Adobe Flash Player allows for remote code execution.
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2016-4171
10.0
CVE-2016-1555 - NETGEAR Multiple WAP Devices Command Injection Vulnerability -
Action Due Apr 15, 2022 Target Vendor : NETGEAR
Description :Multiple NETGEAR Wireless Access Point devices allows unauthenticated web pages to pass form input directly to the command-line interface. Exploitation allows for arbitrary code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2016-1555
9.0
CVE-2016-11021 - D-Link DCS-930L Devices OS Command Injection Vulnerability -
Action Due Apr 15, 2022 Target Vendor : D-Link
Description :setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command.
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2016-11021
9.3
CVE-2009-0927 - Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Adobe
Description :Stack-based buffer overflow in Adobe Reader and Adobe Acrobat allows remote attackers to execute arbitrary code.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2009-0927
9.8
CVE-2009-1151 - phpMyAdmin Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : phpMyAdmin
Description :Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2009-1151
10.0
CVE-2014-6287 - Rejetto HTTP File Server (HFS) Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Rejetto
Description :The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (HFS or HttpFileServer) allows remote attackers to execute arbitrary programs.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2014-6287
9.0
CVE-2014-6324 - Microsoft Kerberos Key Distribution Center (KDC) Privilege Escalation Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Microsoft
Description :The Kerberos Key Distribution Center (KDC) in Microsoft allows remote authenticated domain users to obtain domain administrator privileges.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2014-6324
9.3
CVE-2014-6332 - Microsoft Windows Object Linking & Embedding (OLE) Automation Array Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Microsoft
Description :OleAut32.dll in OLE in Microsoft Windows allows remote attackers to remotely execute code via a crafted web site.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2014-6332
7.8
CVE-2019-0841 - Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability -
Action Due Apr 05, 2022 Target Vendor : Microsoft
Description :A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 15, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-0841
7.8
CVE-2019-1064 - Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability -
Action Due Apr 05, 2022 Target Vendor : Microsoft
Description :A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 15, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-1064