CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
9.9
CVE-2019-1003030 - Jenkins Matrix Project Plugin Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Jenkins
Description :Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-1003030
9.3
CVE-2019-0903 - Microsoft GDI Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Microsoft
Description :A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-0903
9.3
CVE-2018-8414 - Microsoft Windows Shell Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Microsoft
Description :A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-8414
7.6
CVE-2018-8373 - Microsoft Scripting Engine Memory Corruption Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Microsoft
Description :A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-8373
9.8
CVE-2018-14839 - LG N1A1 NAS Remote Command Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : LG
Description :LG N1A1 NAS 3718.510 is affected by a remote code execution vulnerability.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-14839
10.0
CVE-2016-10174 - NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability -
Action Due Apr 15, 2022 Target Vendor : NETGEAR
Description :The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2016-10174
7.5
CVE-2016-0752 - Ruby on Rails Directory Traversal Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Rails
Description :Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2016-0752
9.4
CVE-2015-4068 - Arcserve Unified Data Protection (UDP) Directory Traversal Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Arcserve
Description :Directory traversal vulnerability in Arcserve UDP allows remote attackers to obtain sensitive information or cause a denial of service.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2015-4068
7.8
CVE-2015-3035 - TP-Link Multiple Archer Devices Directory Traversal Vulnerability -
Action Due Apr 15, 2022 Target Vendor : TP-Link
Description :Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2015-3035
10.0
CVE-2020-25223 - Sophos SG UTM Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Sophos
Description :A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-25223
9.0
CVE-2017-6334 - NETGEAR DGN2200 Devices OS Command Injection Vulnerability -
Action Due Apr 15, 2022 Target Vendor : NETGEAR
Description :dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-6334
10.0
CVE-2017-6316 - Citrix Multiple Products Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Citrix
Description :A vulnerability has been identified in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition that could result in an unauthenticated, remote attacker being able to execute arbitrary code as a root user. This vulnerability also affects XenMobile Server.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-6316
10.0
CVE-2017-3881 - Cisco IOS and IOS XE Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Cisco
Description :A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-3881
8.1
CVE-2017-12617 - Apache Tomcat Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Apache
Description :When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-12617
8.1
CVE-2017-12615 - Apache Tomcat on Windows Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Apache
Description :When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 25, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-12615
9.3
CVE-2017-0146 - Microsoft Windows SMB Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Microsoft
Description :The SMBv1 server in Microsoft Windows allows remote attackers to perform remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 25, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-0146
9.3
CVE-2014-6332 - Microsoft Windows Object Linking & Embedding (OLE) Automation Array Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Microsoft
Description :OleAut32.dll in OLE in Microsoft Windows allows remote attackers to remotely execute code via a crafted web site.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2014-6332
9.0
CVE-2014-6324 - Microsoft Kerberos Key Distribution Center (KDC) Privilege Escalation Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Microsoft
Description :The Kerberos Key Distribution Center (KDC) in Microsoft allows remote authenticated domain users to obtain domain administrator privileges.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2014-6324
7.8
CVE-2019-0841 - Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability -
Action Due Apr 05, 2022 Target Vendor : Microsoft
Description :A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 15, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-0841
7.8
CVE-2019-1064 - Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability -
Action Due Apr 05, 2022 Target Vendor : Microsoft
Description :A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 15, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-1064