CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
8.6
CVE-2020-3569 - Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability -
Action Due May 03, 2022 Target Vendor : Cisco
Description : Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-3569
7.5
CVE-2019-13608 - Citrix StoreFront Server XML External Entity (XXE) Processing Vulnerability -
Action Due May 03, 2022 Target Vendor : Citrix
Description : Citrix StoreFront Server contains an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-13608
6.5
CVE-2020-8193 - Citrix ADC, Gateway, and SD-WAN WANOP Appliance Authorization Bypass Vulnerability -
Action Due May 03, 2022 Target Vendor : Citrix
Description : Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an authorization bypass vulnerability that may allow unauthenticated access to certain URL endpoints. The attacker must have access to the NetScaler IP (NSIP) in order to perform exploitation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-8193
10.0
CVE-2020-6287 - SAP NetWeaver Missing Authentication for Critical Function Vulnerability -
Action Due May 03, 2022 Target Vendor : SAP
Description : SAP NetWeaver Application Server Java Platforms contains a missing authentication for critical function vulnerability allowing unauthenticated access to execute configuration tasks and create administrative users.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-6287
7.8
CVE-2019-2215 - Android Kernel Use-After-Free Vulnerability -
Action Due May 03, 2022 Target Vendor : Android
Description : Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an application to the Linux Kernel. This vulnerability was observed chained with CVE-2020-0041 and CVE-2020-0069 under exploit chain "AbstractEmu."
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-2215
9.3
CVE-2019-15752 - Docker Desktop Community Edition Privilege Escalation Vulnerability -
Action Due May 03, 2022 Target Vendor : Docker
Description : Docker Desktop Community Edition contains a vulnerability that may allow local users to escalate privileges by placing a trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-15752
9.8
CVE-2020-8657 - EyesOfNetwork Use of Hard-Coded Credentials Vulnerability -
Action Due May 03, 2022 Target Vendor : EyesOfNetwork
Description : EyesOfNetwork contains a use of hard-coded credentials vulnerability, as it uses the same API key by default. Exploitation allows an attacker to calculate or guess the admin access token.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-8657
8.8
CVE-2021-33742 - Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Microsoft
Description : Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-33742
9.3
CVE-2018-0798 - Microsoft Office Memory Corruption Vulnerability -
Action Due May 03, 2022 Target Vendor : Microsoft
Description : Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. This vulnerability is known to be chained with CVE-2018-0802.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0798
9.3
CVE-2018-0802 - Microsoft Office Memory Corruption Vulnerability -
Action Due May 03, 2022 Target Vendor : Microsoft
Description : Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. This vulnerability is known to be chained with CVE-2018-0798.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0802
9.3
CVE-2017-0199 - Microsoft Office and WordPad Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Microsoft
Description : Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-0199
8.8
CVE-2021-21193 - Google Chromium Blink Use-After-Free Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Google
Description : Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-21193
7.8
CVE-2021-36742 - Trend Micro Multiple Products Improper Input Validation Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Trend Micro
Description : Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://success.trendmicro.com/dcx/s/solution/000287819?language=en_US, https://success.trendmicro.com/dcx/s/solution/000287820?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2021-36742
8.8
CVE-2021-37975 - Google Chromium V8 Use-After-Free Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Google
Description : Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-37975
7.6
CVE-2019-1429 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability -
Action Due May 03, 2022 Target Vendor : Microsoft
Description : Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-1429
8.8
CVE-2020-6418 - Google Chromium V8 Type Confusion Vulnerability -
Action Due May 03, 2022 Target Vendor : Google
Description : Google Chromium V8 Engine contains a type confusion vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-6418
9.8
CVE-2019-16759 - vBulletin PHP Module Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : vBulletin
Description : The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-16759
7.5
CVE-2019-17558 - Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Apache
Description : The Apache Solr VelocityResponseWriter plug-in contains an unspecified vulnerability which can allow for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-17558
9.8
CVE-2020-17530 - Apache Struts Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Apache
Description : Forced Object-Graph Navigation Language (OGNL) evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-17530
7.8
CVE-2021-26858 - Microsoft Exchange Server Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Microsoft
Description : Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes : Reference CISA's ED 21-02 (https://www.cisa.gov/news-events/directives/ed-21-02-mitigate-microsoft-exchange-premises-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-02. https://nvd.nist.gov/vuln/detail/CVE-2021-26858