CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
7.8
CVE-2021-1732 - Microsoft Win32k Privilege Escalation Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Microsoft
Description :Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-1732
7.8
CVE-2019-0859 - Microsoft Win32k Privilege Escalation Vulnerability -
Action Due May 03, 2022 Target Vendor : Microsoft
Description :Microsoft Win32k fails to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-0859
7.8
CVE-2019-0211 - Apache HTTP Server Privilege Escalation Vulnerability -
Action Due May 03, 2022 Target Vendor : Apache
Description :Apache HTTP Server, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute code with the privileges of the parent process (usually root) by manipulating the scoreboard.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-0211
7.8
CVE-2019-1215 - Microsoft Windows Privilege Escalation Vulnerability -
Action Due May 03, 2022 Target Vendor : Microsoft
Description :Microsoft Windows contains an unspecified vulnerability due to the way ws2ifsl.sys (Winsock) handles objects in memory, allowing for privilege escalation. Successful exploitation allows an attacker to execute code with elevated privileges.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-1215
9.3
CVE-2012-0158 - Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Microsoft
Description :Microsoft MSCOMCTL.OCX contains an unspecified vulnerability that allows for remote code execution, allowing an attacker to take complete control of an affected system under the context of the current user.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2012-0158
9.8
CVE-2016-4437 - Apache Shiro Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Apache
Description :Apache Shiro contains a vulnerability which may allow remote attackers to execute code or bypass intended access restrictions via an unspecified request parameter when a cipher key has not been configured for the "remember me" feature.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2016-4437
7.5
CVE-2019-17558 - Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Apache
Description :The Apache Solr VelocityResponseWriter plug-in contains an unspecified vulnerability which can allow for remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-17558
10.0
CVE-2021-27104 - Accellion FTA OS Command Injection Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Accellion
Description :Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-27104
7.8
CVE-2021-27102 - Accellion FTA OS Command Injection Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Accellion
Description :Accellion FTA contains an OS command injection vulnerability exploited via a local web service call.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-27102
9.8
CVE-2021-27103 - Accellion FTA Server-Side Request Forgery (SSRF) Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Accellion
Description :Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-27103
8.8
CVE-2021-21017 - Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Adobe
Description :Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-21017
9.6
CVE-2021-28550 - Adobe Acrobat and Reader Use-After-Free Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Adobe
Description :Adobe Acrobat and Reader contains a use-after-free vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-28550
8.8
CVE-2021-30858 - Apple iOS, iPadOS, macOS Use-After-Free Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description :Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-30858
8.8
CVE-2021-30663 - Apple Multiple Products WebKit Integer Overflow Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description :Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain an integer overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-30663
10.0
CVE-2021-1497 - Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Cisco
Description :Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the root user.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-1497
9.8
CVE-2021-1498 - Cisco HyperFlex HX Data Platform Command Injection Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Cisco
Description :Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the tomcat8 user.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-1498
10.0
CVE-2018-0171 - Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Cisco
Description :Cisco IOS and IOS XE Software improperly validates packet data, allowing an unauthenticated, remote attacker to trigger a reload of an affected device, cause a denial-of-service (DoS) condition, or perform code execution on the affected device.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-0171
8.8
CVE-2020-3118 - Cisco IOS XR Software Discovery Protocol Format String Vulnerability -
Action Due May 03, 2022 Target Vendor : Cisco
Description :Cisco IOS XR improperly validates string input from certain fields in Cisco Discovery Protocol messages. Exploitation could allow an unauthenticated, adjacent attacker to execute code with administrative privileges or cause a reload on an affected device.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-3118
8.6
CVE-2020-3566 - Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability -
Action Due May 03, 2022 Target Vendor : Cisco
Description :Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-3566
8.6
CVE-2020-3569 - Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability -
Action Due May 03, 2022 Target Vendor : Cisco
Description :Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-3569