CISA Known Exploited Vulnerabilities (KEV)
9.6
CVE-2020-16010 - Google Chrome for Android UI Heap Buffer Overflow Vulnerability -
Action Due May 03, 2022 Target Vendor : Google
Description : Google Chrome for Android UI contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-16010
10.0
CVE-2021-27104 - Accellion FTA OS Command Injection Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Accellion
Description : Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-27104
7.8
CVE-2021-27102 - Accellion FTA OS Command Injection Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Accellion
Description : Accellion FTA contains an OS command injection vulnerability exploited via a local web service call.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-27102