CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
8.5
CVE-2021-27059 - Microsoft Office Remote Code Execution Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Microsoft
Description :Microsoft Office contains an unspecified vulnerability that allows for remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-27059
8.1
CVE-2020-0601 - Microsoft Windows CryptoAPI Spoofing Vulnerability -
Action Due May 03, 2022 Target Vendor : Microsoft
Description :Microsoft Windows CryptoAPI (Crypt32.dll) contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software. The vulnerability is also known under the moniker of CurveBall.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :Reference CISA's ED 20-02 (https://www.cisa.gov/news-events/directives/ed-20-02-mitigate-windows-vulnerabilities-january-2020-patch-tuesday) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 20-02. https://nvd.nist.gov/vuln/detail/CVE-2020-0601
9.3
CVE-2016-0185 - Microsoft Windows Media Center Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Microsoft
Description :Microsoft Windows Media Center contains a remote code execution vulnerability when Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2016-0185
6.1
CVE-2021-38000 - Google Chromium Intents Improper Input Validation Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Google
Description :Google Chromium Intents contains an improper input validation vulnerability that allows a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-38000
8.8
CVE-2021-30666 - Apple iOS WebKit Buffer Overflow Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description :Apple iOS WebKit contains a buffer-overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-30666
10.0
CVE-2021-22502 - Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Micro Focus
Description :Micro Focus Operation Bridge Report (OBR) contains an unspecified vulnerability that allows for remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-22502
8.4
CVE-2021-33739 - Microsoft Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Microsoft
Description :Microsoft Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-33739
7.8
CVE-2021-33771 - Microsoft Windows Kernel Privilege Escalation Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Microsoft
Description :Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-33771
9.3
CVE-2021-31956 - Microsoft Windows NTFS Privilege Escalation Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Microsoft
Description :Microsoft Windows New Technology File System (NTFS) contains an unspecified vulnerability that allows attackers to escalate privileges via a specially crafted application.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-31956
7.8
CVE-2021-31979 - Microsoft Windows Kernel Privilege Escalation Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Microsoft
Description :Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-31979
9.8
CVE-2021-34523 - Microsoft Exchange Server Privilege Escalation Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Microsoft
Description :Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-34523
7.8
CVE-2020-0938 - Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Microsoft
Description :Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-0938
7.8
CVE-2020-17087 - Microsoft Windows Kernel Privilege Escalation Vulnerability -
Action Due May 03, 2022 Target Vendor : Microsoft
Description :Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-17087
8.8
CVE-2020-1020 - Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Microsoft
Description :Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-1020
7.2
CVE-2021-22900 - Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability -
Action Due May 03, 2022 Target Vendor : Ivanti
Description :Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2021-22900
7.8
CVE-2020-0986 - Microsoft Windows Kernel Privilege Escalation Vulnerability -
Action Due May 03, 2022 Target Vendor : Microsoft
Description :Microsoft Windows kernel contains an unspecified vulnerability when handling objects in memory that allows attackers to escalate privileges and execute code in kernel mode.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-0986
8.8
CVE-2021-26411 - Microsoft Internet Explorer Memory Corruption Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Microsoft
Description :Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-26411
7.8
CVE-2019-0859 - Microsoft Win32k Privilege Escalation Vulnerability -
Action Due May 03, 2022 Target Vendor : Microsoft
Description :Microsoft Win32k fails to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-0859
8.8
CVE-2020-1380 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability -
Action Due May 03, 2022 Target Vendor : Microsoft
Description :Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-1380
9.8
CVE-2020-10181 - Sumavision EMR Cross-Site Request Forgery (CSRF) Vulnerability -
Action Due May 03, 2022 Target Vendor : Sumavision
Description :Sumavision Enhanced Multimedia Router (EMR) contains a cross-site request forgery (CSRF) vulnerability allowing the creation of users with elevated privileges as administrator on a device.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-10181