CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
10.0
CVE-2021-21985 - VMware vCenter Server Improper Input Validation Vulnerability -
Action Due Nov 17, 2021 Target Vendor : VMware
Description :VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-21985
10.0
CVE-2021-21972 - VMware vCenter Server Remote Code Execution Vulnerability -
Action Due Nov 17, 2021 Target Vendor : VMware
Description :VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to port 443 to execute commands with unrestricted privileges on the underlying operating system.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-21972
9.8
CVE-2020-3952 - VMware vCenter Server Information Disclosure Vulnerability -
Action Due May 03, 2022 Target Vendor : VMware
Description :VMware vCenter Server contains an information disclosure vulnerability in the VMware Directory Service (vmdir) when the Platform Services Controller (PSC) does not correctly implement access controls. Successful exploitation allows an attacker with network access to port 389 to extract sensitive information.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-3952
9.8
CVE-2018-20062 - ThinkPHP "noneCms" Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : ThinkPHP
Description :ThinkPHP "noneCms" contains an unspecified vulnerability that allows for remote code execution through crafted use of the filter parameter.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-20062
10.0
CVE-2018-14558 - Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability -
Action Due May 03, 2022 Target Vendor : Tenda
Description :Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Successful exploitation allows an attacker to execute OS commands via a crafted goform/setUsbUnload request.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-14558
10.0
CVE-2020-10987 - Tenda AC1900 Router AC15 Model Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Tenda
Description :Tenda AC1900 Router AC15 Model contains an unspecified vulnerability that allows remote attackers to execute system commands via the deviceName POST parameter.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-10987
10.0
CVE-2021-31755 - Tenda AC11 Router Stack Buffer Overflow Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Tenda
Description :Tenda AC11 devices contain a stack buffer overflow vulnerability in /goform/setmac which allows attackers to execute code via a crafted post request.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-31755
7.5
CVE-2021-20022 - SonicWall Email Security Unrestricted Upload of File Vulnerability -
Action Due Nov 17, 2021 Target Vendor : SonicWall
Description :SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20023 to achieve privilege escalation.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-20022
7.5
CVE-2019-7481 - SonicWall SMA100 SQL Injection Vulnerability -
Action Due May 03, 2022 Target Vendor : SonicWall
Description :SonicWall SMA100 contains a SQL injection vulnerability allowing an unauthenticated user to gain read-only access to unauthorized resources.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-7481
9.8
CVE-2020-7961 - Liferay Portal Deserialization of Untrusted Data Vulnerability -
Action Due May 03, 2022 Target Vendor : Liferay
Description :Liferay Portal contains a deserialization of untrusted data vulnerability that allows remote attackers to execute code via JSON web services.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-7961
10.0
CVE-2021-30116 - Kaseya Virtual System/Server Administrator (VSA) Information Disclosure Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Kaseya
Description :Kaseya Virtual System/Server Administrator (VSA) contains an information disclosure vulnerability allowing an attacker to obtain the sessionId that can be used to execute further attacks against the system.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-30116
9.8
CVE-2020-15505 - Ivanti MobileIron Multiple Products Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Ivanti
Description :Ivanti MobileIron's Core & Connector, Sentry, and Monitor and Reporting Database (RDB) products contain an unspecified vulnerability that allows for remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-15505
9.8
CVE-2021-20021 - SonicWall Email Security Improper Privilege Management Vulnerability -
Action Due Nov 17, 2021 Target Vendor : SonicWall
Description :SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20022 and CVE-2021-20023 to achieve privilege escalation.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-20021
9.0
CVE-2020-10199 - Sonatype Nexus Repository Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Sonatype
Description :Sonatype Nexus Repository contains an unspecified vulnerability that allows for remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-10199
7.8
CVE-2016-3643 - SolarWinds Virtualization Manager Privilege Escalation Vulnerability -
Action Due May 03, 2022 Target Vendor : SolarWinds
Description :SolarWinds Virtualization Manager allows for privilege escalation through leveraging a misconfiguration of sudo.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2016-3643
9.8
CVE-2020-4427 - IBM Data Risk Manager Security Bypass Vulnerability -
Action Due May 03, 2022 Target Vendor : IBM
Description :IBM Data Risk Manager contains a security bypass vulnerability that could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-4427
4.3
CVE-2020-4430 - IBM Data Risk Manager Directory Traversal Vulnerability -
Action Due May 03, 2022 Target Vendor : IBM
Description :IBM Data Risk Manager contains a directory traversal vulnerability that could allow a remote authenticated attacker to traverse directories and send a specially crafted URL request to download arbitrary files from the system.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-4430
8.8
CVE-2021-30563 - Google Chromium V8 Type Confusion Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Google
Description :Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-30563
8.8
CVE-2021-38003 - Google Chromium V8 Memory Corruption Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Google
Description :Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-38003
8.4
CVE-2021-1905 - Qualcomm Multiple Chipsets Use-After-Free Vulnerability -
Action Due May 03, 2022 Target Vendor : Qualcomm
Description :Multiple Qualcomm Chipsets contain a use after free vulnerability due to improper handling of memory mapping of multiple processes simultaneously.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-1905