CISA Known Exploited Vulnerabilities (KEV)

  1. Home
  2. CISA KEV
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.Y

    9.6

    CRITICAL
    CVE-2020-16017 - Google Chrome Use-After-Free Vulnerability -

    Action Due May 03, 2022 Target Vendor : Google

    Description : Google Chrome contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-16017

    Alert Date: Nov 03, 2021 | 1402 days ago

    6.5

    MEDIUM
    CVE-2021-37976 - Google Chromium Information Disclosure Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description : Google Chromium contains an information disclosure vulnerability within the core memory component that allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-37976

    Alert Date: Nov 03, 2021 | 1402 days ago

    8.8

    HIGH
    CVE-2020-16009 - Google Chromium V8 Type Confusion Vulnerability -

    Action Due May 03, 2022 Target Vendor : Google

    Description : Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-16009

    Alert Date: Nov 03, 2021 | 1402 days ago

    8.8

    HIGH
    CVE-2021-30632 - Google Chromium V8 Out-of-Bounds Write Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description : Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-30632

    Alert Date: Nov 03, 2021 | 1402 days ago

    9.6

    CRITICAL
    CVE-2021-30633 - Google Chromium Indexed DB API Use-After-Free Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description : Google Chromium Indexed DB API contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-30633

    Alert Date: Nov 03, 2021 | 1402 days ago

    8.8

    HIGH
    CVE-2021-21148 - Google Chromium V8 Heap Buffer Overflow Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description : Google Chromium V8 Engine contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-21148

    Alert Date: Nov 03, 2021 | 1402 days ago

    8.8

    HIGH
    CVE-2021-30551 - Google Chromium V8 Type Confusion Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description : Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-30551

    Alert Date: Nov 03, 2021 | 1402 days ago

    8.8

    HIGH
    CVE-2021-37975 - Google Chromium V8 Use-After-Free Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description : Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-37975

    Alert Date: Nov 03, 2021 | 1402 days ago

    8.8

    HIGH
    CVE-2020-6418 - Google Chromium V8 Type Confusion Vulnerability -

    Action Due May 03, 2022 Target Vendor : Google

    Description : Google Chromium V8 Engine contains a type confusion vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-6418

    Alert Date: Nov 03, 2021 | 1402 days ago

    8.8

    HIGH
    CVE-2021-30554 - Google Chromium WebGL Use-After-Free Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description : Google Chromium WebGL contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-30554

    Alert Date: Nov 03, 2021 | 1402 days ago

    8.8

    HIGH
    CVE-2021-21206 - Google Chromium Blink Use-After-Free Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description : Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-21206

    Alert Date: Nov 03, 2021 | 1402 days ago

    6.1

    MEDIUM
    CVE-2021-38000 - Google Chromium Intents Improper Input Validation Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description : Google Chromium Intents contains an improper input validation vulnerability that allows a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-38000

    Alert Date: Nov 03, 2021 | 1402 days ago

    8.8

    HIGH
    CVE-2021-38003 - Google Chromium V8 Memory Corruption Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description : Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-38003

    Alert Date: Nov 03, 2021 | 1402 days ago

    8.8

    HIGH
    CVE-2021-21224 - Google Chromium V8 Type Confusion Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description : Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-21224

    Alert Date: Nov 03, 2021 | 1402 days ago

    8.8

    HIGH
    CVE-2021-21193 - Google Chromium Blink Use-After-Free Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description : Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-21193

    Alert Date: Nov 03, 2021 | 1402 days ago

    8.8

    HIGH
    CVE-2021-21220 - Google Chromium V8 Improper Input Validation Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description : Google Chromium V8 Engine contains an improper input validation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-21220

    Alert Date: Nov 03, 2021 | 1402 days ago

    4.3

    MEDIUM
    CVE-2020-4430 - IBM Data Risk Manager Directory Traversal Vulnerability -

    Action Due May 03, 2022 Target Vendor : IBM

    Description : IBM Data Risk Manager contains a directory traversal vulnerability that could allow a remote authenticated attacker to traverse directories and send a specially crafted URL request to download arbitrary files from the system.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-4430

    Alert Date: Nov 03, 2021 | 1402 days ago

    9.1

    CRITICAL
    CVE-2020-4428 - IBM Data Risk Manager Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : IBM

    Description : IBM Data Risk Manager contains an unspecified vulnerability which could allow a remote, authenticated attacker to execute commands on the system.�

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-4428

    Alert Date: Nov 03, 2021 | 1402 days ago

    10.0

    CRITICAL
    CVE-2019-4716 - IBM Planning Analytics Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : IBM

    Description : IBM Planning Analytics is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-4716

    Alert Date: Nov 03, 2021 | 1402 days ago

    5.8

    MEDIUM
    CVE-2016-3715 - ImageMagick Arbitrary File Deletion Vulnerability -

    Action Due May 03, 2022 Target Vendor : ImageMagick

    Description : ImageMagick contains an unspecified vulnerability that could allow users to delete files by using ImageMagick's 'ephemeral' pseudo protocol, which deletes files after reading.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-3715

    Alert Date: Nov 03, 2021 | 1402 days ago
Showing 20 of 1416 Results

Filters