CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
8.8
CVE-2020-5735 - Amcrest Cameras and NVR Stack-based Buffer Overflow Vulnerability -
Action Due May 03, 2022 Target Vendor : Amcrest
Description :Amcrest cameras and NVR contain a stack-based buffer overflow vulnerability through port 37777 that allows an unauthenticated, remote attacker to crash the device and possibly execute code.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-5735
8.8
CVE-2017-6327 - Symantec Messaging Gateway Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Symantec
Description :Symantec Messaging Gateway contains an unspecified vulnerability which can allow for remote code execution. With the ability to perform remote code execution, an attacker may also desire to perform privilege escalating actions.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-6327
10.0
CVE-2020-12271 - Sophos SFOS SQL Injection Vulnerability -
Action Due May 03, 2022 Target Vendor : Sophos
Description :Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords).
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-12271
9.0
CVE-2019-15949 - Nagios XI Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Nagios
Description :Nagios XI contains a remote code execution vulnerability in which a user can modify the check_plugin executable and insert malicious commands to execute as root.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-15949
9.8
CVE-2020-25506 - D-Link DNS-320 Device Command Injection Vulnerability -
Action Due May 03, 2022 Target Vendor : D-Link
Description :D-Link DNS-320 device contains a command injection vulnerability in the sytem_mgr.cgi component that may allow for remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-25506
7.2
CVE-2021-22900 - Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability -
Action Due May 03, 2022 Target Vendor : Ivanti
Description :Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2021-22900
8.0
CVE-2019-11539 - Ivanti Pulse Connect Secure and Policy Secure Command Injection Vulnerability -
Action Due May 03, 2022 Target Vendor : Ivanti
Description :Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-11539
9.8
CVE-2019-16256 - SIMalliance Toolbox Browser Command Injection Vulnerability -
Action Due May 03, 2022 Target Vendor : SIMalliance
Description :SIMalliance Toolbox Browser contains an command injection vulnerability that could allow remote attackers to retrieve location and IMEI information or execute a range of other attacks by modifying the attack message.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-16256
10.0
CVE-2018-4939 - Adobe ColdFusion Deserialization of Untrusted Data Vulnerability -
Action Due May 03, 2022 Target Vendor : Adobe
Description :Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could allow for code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-4939
7.8
CVE-2019-2215 - Android Kernel Use-After-Free Vulnerability -
Action Due May 03, 2022 Target Vendor : Android
Description :Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an application to the Linux Kernel. This vulnerability was observed chained with CVE-2020-0041 and CVE-2020-0069 under exploit chain "AbstractEmu."
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-2215
7.8
CVE-2019-0211 - Apache HTTP Server Privilege Escalation Vulnerability -
Action Due May 03, 2022 Target Vendor : Apache
Description :Apache HTTP Server, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute code with the privileges of the parent process (usually root) by manipulating the scoreboard.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-0211
7.5
CVE-2019-17558 - Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Apache
Description :The Apache Solr VelocityResponseWriter plug-in contains an unspecified vulnerability which can allow for remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-17558
6.1
CVE-2021-1879 - Apple iOS, iPadOS, and watchOS WebKit Cross-Site Scripting (XSS) Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description :Apple iOS, iPadOS, and watchOS WebKit contain an unspecified vulnerability that allows for universal cross-site scripting (XSS) when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-1879
8.8
CVE-2021-30665 - Apple Multiple Products WebKit Memory Corruption Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description :Apple iOS, iPadOS, macOS, watchOS, and tvOS WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-30665
10.0
CVE-2021-34473 - Microsoft Exchange Server Remote Code Execution Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Microsoft
Description :Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-34473
9.8
CVE-2021-42258 - BQE BillQuick Web Suite SQL Injection Vulnerability -
Action Due Nov 17, 2021 Target Vendor : BQE
Description :BQE BillQuick Web Suite contains an SQL injection vulnerability when accessing the username parameter that may allow for unauthenticated, remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-42258
7.5
CVE-2018-0296 - Cisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability -
Action Due May 03, 2022 Target Vendor : Cisco
Description :Cisco Adaptive Security Appliance (ASA) contains an improper input validation vulnerability with HTTP URLs. Exploitation could allow an attacker to cause a denial-of-service (DoS) condition or information disclosure.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-0296
10.0
CVE-2018-15961 - Adobe ColdFusion Unrestricted File Upload Vulnerability -
Action Due May 03, 2022 Target Vendor : Adobe
Description :Adobe ColdFusion contains an unrestricted file upload vulnerability that could allow for code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-15961
9.8
CVE-2018-4878 - Adobe Flash Player Use-After-Free Vulnerability -
Action Due May 03, 2022 Target Vendor : Adobe
Description :Adobe Flash Player contains a use-after-free vulnerability that could allow for code execution.
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-4878
7.5
CVE-2019-13608 - Citrix StoreFront Server XML External Entity (XXE) Processing Vulnerability -
Action Due May 03, 2022 Target Vendor : Citrix
Description :Citrix StoreFront Server contains an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-13608