CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
9.8
CVE-2017-9791 - Apache Struts 1 Improper Input Validation Vulnerability -
Action Due Aug 10, 2022 Target Vendor : Apache
Description :The Struts 1 plugin in Apache Struts might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-9791
9.3
CVE-2017-8464 - Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability -
Action Due Aug 10, 2022 Target Vendor : Microsoft
Description :Windows Shell in multiple versions of Microsoft Windows allows local users or remote attackers to execute arbitrary code via a crafted .LNK file
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-8464
9.8
CVE-2016-3088 - Apache ActiveMQ Improper Input Validation Vulnerability -
Action Due Aug 10, 2022 Target Vendor : Apache
Description :The Fileserver web application in Apache ActiveMQ allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2016-3088
10.0
CVE-2015-2051 - D-Link DIR-645 Router Remote Code Execution Vulnerability -
Action Due Aug 10, 2022 Target Vendor : D-Link
Description :D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2015-2051
10.0
CVE-2015-1635 - Microsoft HTTP.sys Remote Code Execution Vulnerability -
Action Due Aug 10, 2022 Target Vendor : Microsoft
Description :Microsoft HTTP protocol stack (HTTP.sys) contains a vulnerability that allows for remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2015-1635
7.8
CVE-2015-1130 - Apple OS X Authentication Bypass Vulnerability -
Action Due Aug 10, 2022 Target Vendor : Apple
Description :The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2015-1130
9.3
CVE-2014-4404 - Apple OS X Heap-Based Buffer Overflow Vulnerability -
Action Due Aug 10, 2022 Target Vendor : Apple
Description :Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2014-4404
7.5
CVE-2017-10271 - Oracle Corporation WebLogic Server Remote Code Execution Vulnerability -
Action Due Aug 10, 2022 Target Vendor : Oracle
Description :Oracle Corporation WebLogic Server contains a vulnerability that allows for remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Feb 10, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-10271
7.8
CVE-2017-0263 - Microsoft Win32k Privilege Escalation Vulnerability -
Action Due Aug 10, 2022 Target Vendor : Microsoft
Description :Microsoft Win32k contains a privilege escalation vulnerability due to the Windows kernel-mode driver failing to properly handle objects in memory.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-0263
9.3
CVE-2017-0262 - Microsoft Office Remote Code Execution Vulnerability -
Action Due Aug 10, 2022 Target Vendor : Microsoft
Description :A remote code execution vulnerability exists in Microsoft Office.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-0262
9.3
CVE-2017-0145 - Microsoft SMBv1 Remote Code Execution Vulnerability -
Action Due Aug 10, 2022 Target Vendor : Microsoft
Description :The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Feb 10, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-0145
9.3
CVE-2017-0144 - Microsoft SMBv1 Remote Code Execution Vulnerability -
Action Due Aug 10, 2022 Target Vendor : Microsoft
Description :The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Feb 10, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-0144
7.8
CVE-2022-21882 - Microsoft Win32k Privilege Escalation Vulnerability -
Action Due Feb 18, 2022 Target Vendor : Microsoft
Description :Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2022-21882
7.8
CVE-2020-0787 - Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability -
Action Due Jul 28, 2022 Target Vendor : Microsoft
Description :Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this vulnerability to execute arbitrary code with system-level privileges.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Jan 28, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-0787
10.0
CVE-2022-22587 - Apple Memory Corruption Vulnerability -
Action Due Feb 11, 2022 Target Vendor : Apple
Description :Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2022-22587
9.8
CVE-2021-20038 - SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability -
Action Due Feb 11, 2022 Target Vendor : SonicWall
Description :SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Jan 28, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-20038
10.0
CVE-2020-5722 - Grandstream Networks UCM6200 Series SQL Injection Vulnerability -
Action Due Jul 28, 2022 Target Vendor : Grandstream
Description :Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. Exploitation can allow for code execution as root.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-5722
10.0
CVE-2017-5689 - Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability Privilege Escalation Vulnerability -
Action Due Jul 28, 2022 Target Vendor : Intel
Description :Intel products contain a vulnerability which can allow attackers to perform privilege escalation.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-5689
10.0
CVE-2014-1776 - Microsoft Internet Explorer Memory Corruption Vulnerability -
Action Due Jul 28, 2022 Target Vendor : Microsoft
Description :Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code in the context of the current user.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-021?redirectedfrom=MSDN; https://nvd.nist.gov/vuln/detail/CVE-2014-1776
10.0
CVE-2014-6271 - GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability -
Action Due Jul 28, 2022 Target Vendor : GNU
Description :GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2014-6271