CISA Known Exploited Vulnerabilities (KEV)

CVE-2021-26411 - Microsoft Internet Explorer Memory Corruption Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Microsoft

Description : Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-26411

CVE-2020-1350 - Microsoft Windows DNS Server Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : Reference CISA's ED 20-03 (https://www.cisa.gov/news-events/directives/ed-20-03-mitigate-windows-dns-server-remote-code-execution-vulnerability-july-2020-patch-tuesday) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 20-03. https://nvd.nist.gov/vuln/detail/CVE-2020-1350

CVE-2018-6789 - Exim Buffer Overflow Vulnerability -

Action Due May 03, 2022 Target Vendor : Exim

Description : Exim contains a buffer overflow vulnerability in the base64d function part of the SMTP listener that may allow for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-6789

CVE-2020-8515 - Multiple DrayTek Vigor Routers Web Management Page Vulnerability -

Action Due May 03, 2022 Target Vendor : DrayTek

Description : DrayTek Vigor3900, Vigor2960, and Vigor300B routers contain an unspecified vulnerability that allows for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-8515

CVE-2018-18325 - DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability -

Action Due May 03, 2022 Target Vendor : DotNetNuke (DNN)

Description : DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. This CVE ID resolves an incomplete patch for CVE-2018-15811.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-18325

CVE-2021-31199 - Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Microsoft

Description : Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-31199

CVE-2020-17087 - Microsoft Windows Kernel Privilege Escalation Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-17087

CVE-2016-3715 - ImageMagick Arbitrary File Deletion Vulnerability -

Action Due May 03, 2022 Target Vendor : ImageMagick

Description : ImageMagick contains an unspecified vulnerability that could allow users to delete files by using ImageMagick's 'ephemeral' pseudo protocol, which deletes files after reading.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-3715

CVE-2021-1498 - Cisco HyperFlex HX Data Platform Command Injection Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Cisco

Description : Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the tomcat8 user.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-1498

CVE-2021-42258 - BQE BillQuick Web Suite SQL Injection Vulnerability -

Action Due Nov 17, 2021 Target Vendor : BQE

Description : BQE BillQuick Web Suite contains an SQL injection vulnerability when accessing the username parameter that may allow for unauthenticated, remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-42258

CVE-2019-11580 - Atlassian Crowd and Crowd Data Center Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Atlassian

Description : Atlassian Crowd and Crowd Data Center contain a remote code execution vulnerability resulting from a pdkinstall development plugin being incorrectly enabled in release builds.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Feb 26, 2026

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-11580

CVE-2019-3398 - Atlassian Confluence Server and Data Center Path Traversal Vulnerability -

Action Due May 03, 2022 Target Vendor : Atlassian

Description : Atlassian Confluence Server and Data Center contain a path traversal vulnerability in the downloadallattachments resource that may allow a privileged, remote attacker to write files. Exploitation can lead to remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-3398

CVE-2020-14883 - Oracle WebLogic Server Unspecified Vulnerability -

Action Due May 03, 2022 Target Vendor : Oracle

Description : Oracle WebLogic Server contains an unspecified vulnerability in the Console component with high impacts to confidentilaity, integrity, and availability.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-14883

CVE-2020-4428 - IBM Data Risk Manager Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : IBM

Description : IBM Data Risk Manager contains an unspecified vulnerability which could allow a remote, authenticated attacker to execute commands on the system.�

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-4428

CVE-2020-2555 - Oracle Multiple Products Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Oracle

Description : Multiple Oracle products contain a remote code execution vulnerability that allows an unauthenticated attacker with network access via T3 or HTTP to takeover the affected system. Impacted Oracle products: Oracle Coherence in Fusion Middleware, Oracle Utilities Framework, Oracle Retail Assortment Planning, Oracle Commerce, Oracle Communications Diameter Signaling Router (DSR).

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-2555

CVE-2021-21206 - Google Chromium Blink Use-After-Free Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Google

Description : Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-21206

CVE-2020-27932 - Apple Multiple Products Type Confusion Vulnerability -

Action Due May 03, 2022 Target Vendor : Apple

Description : Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel privileges.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-27932

CVE-2020-27950 - Apple Multiple Products Memory Initialization Vulnerability -

Action Due May 03, 2022 Target Vendor : Apple

Description : Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-27950

CVE-2020-6820 - Mozilla Firefox And Thunderbird Use-After-Free Vulnerability -

Action Due May 03, 2022 Target Vendor : Mozilla

Description : Mozilla Firefox and Thunderbird contain a race condition vulnerability when handling a ReadableStream under certain conditions. The race condition creates a use-after-free vulnerability, causing unspecified impacts.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-6820

CVE-2017-9805 - Apache Struts Deserialization of Untrusted Data Vulnerability -

Action Due May 03, 2022 Target Vendor : Apache

Description : Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-9805