CISA Known Exploited Vulnerabilities (KEV)

  1. Home
  2. CISA KEV
Threat Intelligence

CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.

    7.8

    HIGH
    CVE-2019-1215 - Microsoft Windows Privilege Escalation Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description :Microsoft Windows contains an unspecified vulnerability due to the way ws2ifsl.sys (Winsock) handles objects in memory, allowing for privilege escalation. Successful exploitation allows an attacker to execute code with elevated privileges.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-1215

    Alert Date: Nov 03, 2021 | 1631 days ago

    7.5

    HIGH
    CVE-2021-36942 - Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Microsoft

    Description :Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-36942

    Alert Date: Nov 03, 2021 | 1631 days ago

    7.8

    HIGH
    CVE-2019-0797 - Microsoft Win32k Privilege Escalation Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description :Microsoft Win32k contains a privilege escalation vulnerability when the Win32k component fails to properly handle objects in memory. Successful exploitation allows an attacker to execute code in kernel mode.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-0797

    Alert Date: Nov 03, 2021 | 1631 days ago

    7.6

    HIGH
    CVE-2018-8653 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description :Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-8653

    Alert Date: Nov 03, 2021 | 1631 days ago

    5.5

    MEDIUM
    CVE-2016-3718 - ImageMagick Server-Side Request Forgery (SSRF) Vulnerability -

    Action Due May 03, 2022 Target Vendor : ImageMagick

    Description :ImageMagick contains an unspecified vulnerability that allows attackers to perform server-side request forgery (SSRF) via a crafted image.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2016-3718

    Alert Date: Nov 03, 2021 | 1631 days ago

    9.8

    CRITICAL
    CVE-2020-15505 - Ivanti MobileIron Multiple Products Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Ivanti

    Description :Ivanti MobileIron's Core & Connector, Sentry, and Monitor and Reporting Database (RDB) products contain an unspecified vulnerability that allows for remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-15505

    Alert Date: Nov 03, 2021 | 1631 days ago

    9.3

    HIGH
    CVE-2017-8759 - Microsoft .NET Framework Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description :Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-8759

    Alert Date: Nov 03, 2021 | 1631 days ago

    8.8

    HIGH
    CVE-2021-40444 - Microsoft MSHTML Remote Code Execution Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Microsoft

    Description :Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-40444

    Alert Date: Nov 03, 2021 | 1631 days ago

    7.8

    HIGH
    CVE-2019-0859 - Microsoft Win32k Privilege Escalation Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description :Microsoft Win32k fails to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-0859

    Alert Date: Nov 03, 2021 | 1631 days ago

    8.8

    HIGH
    CVE-2021-26411 - Microsoft Internet Explorer Memory Corruption Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Microsoft

    Description :Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-26411

    Alert Date: Nov 03, 2021 | 1631 days ago

    10.0

    CRITICAL
    CVE-2020-1350 - Microsoft Windows DNS Server Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description :Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :Reference CISA's ED 20-03 (https://www.cisa.gov/news-events/directives/ed-20-03-mitigate-windows-dns-server-remote-code-execution-vulnerability-july-2020-patch-tuesday) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 20-03. https://nvd.nist.gov/vuln/detail/CVE-2020-1350

    Alert Date: Nov 03, 2021 | 1631 days ago

    7.8

    HIGH
    CVE-2021-28310 - Microsoft Win32k Privilege Escalation Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Microsoft

    Description :Microsoft Windows Win32k contains an unspecified vulnerability that allows for privilege escalation.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-28310

    Alert Date: Nov 03, 2021 | 1631 days ago

    9.0

    CRITICAL
    CVE-2020-1040 - Microsoft Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description :Microsoft Hyper-V RemoteFX vGPU contains an improper input validation vulnerability due to the host server failing to properly validate input from an authenticated user on a guest operating system. Successful exploitation allows for remote code execution on the host operating system.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-1040

    Alert Date: Nov 03, 2021 | 1631 days ago

    7.8

    HIGH
    CVE-2019-0803 - Microsoft Win32k Privilege Escalation Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description :Microsoft Win32k contains an unspecified vulnerability due to it failing to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-0803

    Alert Date: Nov 03, 2021 | 1631 days ago

    6.6

    MEDIUM
    CVE-2021-31207 - Microsoft Exchange Server Security Feature Bypass Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Microsoft

    Description :Microsoft Exchange Server contains an unspecified vulnerability that allows for security feature bypass.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-31207

    Alert Date: Nov 03, 2021 | 1631 days ago

    5.5

    MEDIUM
    CVE-2021-30657 - Apple macOS Unspecified Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Apple

    Description :Apple macOS contains an unspecified logic issue in System Preferences that may allow a malicious application to bypass Gatekeeper checks.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-30657

    Alert Date: Nov 03, 2021 | 1631 days ago

    8.8

    HIGH
    CVE-2021-30663 - Apple Multiple Products WebKit Integer Overflow Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Apple

    Description :Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain an integer overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-30663

    Alert Date: Nov 03, 2021 | 1631 days ago

    8.8

    HIGH
    CVE-2021-30761 - Apple iOS WebKit Memory Corruption Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Apple

    Description :Apple iOS WebKit contains a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-30761

    Alert Date: Nov 03, 2021 | 1631 days ago

    9.1

    CRITICAL
    CVE-2020-4428 - IBM Data Risk Manager Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : IBM

    Description :IBM Data Risk Manager contains an unspecified vulnerability which could allow a remote, authenticated attacker to execute commands on the system.�

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-4428

    Alert Date: Nov 03, 2021 | 1631 days ago

    10.0

    CRITICAL
    CVE-2019-4716 - IBM Planning Analytics Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : IBM

    Description :IBM Planning Analytics is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-4716

    Alert Date: Nov 03, 2021 | 1631 days ago
Showing 20 of 1581 Results

Filters