CISA Known Exploited Vulnerabilities (KEV)

CVE-2021-37975 - Google Chromium V8 Use-After-Free Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Google

Description : Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-37975

CVE-2020-6418 - Google Chromium V8 Type Confusion Vulnerability -

Action Due May 03, 2022 Target Vendor : Google

Description : Google Chromium V8 Engine contains a type confusion vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-6418

CVE-2021-30554 - Google Chromium WebGL Use-After-Free Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Google

Description : Google Chromium WebGL contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-30554

CVE-2021-21206 - Google Chromium Blink Use-After-Free Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Google

Description : Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-21206

CVE-2021-38000 - Google Chromium Intents Improper Input Validation Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Google

Description : Google Chromium Intents contains an improper input validation vulnerability that allows a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-38000

CVE-2021-38003 - Google Chromium V8 Memory Corruption Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Google

Description : Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-38003

CVE-2021-21224 - Google Chromium V8 Type Confusion Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Google

Description : Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-21224

CVE-2021-21193 - Google Chromium Blink Use-After-Free Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Google

Description : Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-21193

CVE-2021-21220 - Google Chromium V8 Improper Input Validation Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Google

Description : Google Chromium V8 Engine contains an improper input validation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-21220

CVE-2020-4430 - IBM Data Risk Manager Directory Traversal Vulnerability -

Action Due May 03, 2022 Target Vendor : IBM

Description : IBM Data Risk Manager contains a directory traversal vulnerability that could allow a remote authenticated attacker to traverse directories and send a specially crafted URL request to download arbitrary files from the system.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-4430

CVE-2020-4428 - IBM Data Risk Manager Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : IBM

Description : IBM Data Risk Manager contains an unspecified vulnerability which could allow a remote, authenticated attacker to execute commands on the system.�

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-4428

CVE-2019-4716 - IBM Planning Analytics Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : IBM

Description : IBM Planning Analytics is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-4716

CVE-2016-3715 - ImageMagick Arbitrary File Deletion Vulnerability -

Action Due May 03, 2022 Target Vendor : ImageMagick

Description : ImageMagick contains an unspecified vulnerability that could allow users to delete files by using ImageMagick's 'ephemeral' pseudo protocol, which deletes files after reading.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-3715

CVE-2021-31979 - Microsoft Windows Kernel Privilege Escalation Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Microsoft

Description : Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-31979

CVE-2020-15505 - Ivanti MobileIron Multiple Products Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Ivanti

Description : Ivanti MobileIron's Core & Connector, Sentry, and Monitor and Reporting Database (RDB) products contain an unspecified vulnerability that allows for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-15505

CVE-2021-30116 - Kaseya Virtual System/Server Administrator (VSA) Information Disclosure Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Kaseya

Description : Kaseya Virtual System/Server Administrator (VSA) contains an information disclosure vulnerability allowing an attacker to obtain the sessionId that can be used to execute further attacks against the system.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-30116

CVE-2020-7961 - Liferay Portal Deserialization of Untrusted Data Vulnerability -

Action Due May 03, 2022 Target Vendor : Liferay

Description : Liferay Portal contains a deserialization of untrusted data vulnerability that allows remote attackers to execute code via JSON web services.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-7961

CVE-2021-23874 - McAfee Total Protection (MTP) Improper Privilege Management Vulnerability -

Action Due Nov 17, 2021 Target Vendor : McAfee

Description : McAfee Total Protection (MTP) contains an improper privilege management vulnerability that allows a local user to gain elevated privileges and execute code, bypassing MTP self-defense.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-23874

CVE-2021-22506 - Micro Focus Access Manager Information Leakage Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Micro Focus

Description : Micro Focus Access Manager contains an information leakage vulnerability resulting from a SAML service provider redirection issue when the Assertion Consumer Service URL is used.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-22506

CVE-2021-22502 - Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Micro Focus

Description : Micro Focus Operation Bridge Report (OBR) contains an unspecified vulnerability that allows for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-22502