CISA Known Exploited Vulnerabilities (KEV)

Threat Intelligence

CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.

7.1

HIGH

CVE-2020-27950 - Apple Multiple Products Memory Initialization Vulnerability -

Action Due May 03, 2022 Target Vendor : Apple

Description :Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-27950

Alert Date: Nov 03, 2021 | 1692 days ago

9.3

HIGH

CVE-2021-30807 - Apple Multiple Products Memory Corruption Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Apple

Description :Apple iOS, iPadOS, macOS, and watchOS IOMobileFrameBuffer contain a memory corruption vulnerability which may allow an application to execute code with kernel privileges.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-30807

Alert Date: Nov 03, 2021 | 1692 days ago

5.5

MEDIUM

CVE-2021-31955 - Microsoft Windows Kernel Information Disclosure Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Microsoft

Description :Microsoft Windows Kernel contains an unspecified vulnerability that allows for information disclosure. Successful exploitation allows attackers to read the contents of kernel memory from a user-mode process.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-31955

Alert Date: Nov 03, 2021 | 1692 days ago

9.8

CRITICAL

CVE-2020-14750 - Oracle WebLogic Server Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Oracle

Description :Oracle WebLogic Server contains an unspecified vulnerability allowing an unauthenticated attacker to perform remote code execution. This vulnerability is related to CVE-2020-14882.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-14750

Alert Date: Nov 03, 2021 | 1692 days ago

7.8

HIGH

CVE-2020-27930 - Apple Multiple Products Memory Corruption Vulnerability -

Action Due May 03, 2022 Target Vendor : Apple

Description :Apple iOS, iPadOS, macOS, and watchOS FontParser contain a memory corruption vulnerability which may allow for code execution when processing maliciously crafted front.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-27930

Alert Date: Nov 03, 2021 | 1692 days ago

7.8

HIGH

CVE-2021-30860 - Apple Multiple Products Integer Overflow Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Apple

Description :Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerability is also known under the moniker of FORCEDENTRY.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-30860

Alert Date: Nov 03, 2021 | 1692 days ago

7.2

HIGH

CVE-2021-22900 - Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability -

Action Due May 03, 2022 Target Vendor : Ivanti

Description :Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2021-22900

Alert Date: Nov 03, 2021 | 1692 days ago

Showing 20 of 1627 Results

Filters

What are you looking for ?

Date Added

Ransomware

Sort By

Browse by Apps

CISA Known Exploited Vulnerabilities (KEV)

7.1

CVE-2020-27950 - Apple Multiple Products Memory Initialization Vulnerability -

9.3

CVE-2021-30807 - Apple Multiple Products Memory Corruption Vulnerability -

5.5

CVE-2021-31955 - Microsoft Windows Kernel Information Disclosure Vulnerability -

9.8

CVE-2020-14750 - Oracle WebLogic Server Remote Code Execution Vulnerability -

7.8

CVE-2020-27930 - Apple Multiple Products Memory Corruption Vulnerability -

7.8

CVE-2021-30860 - Apple Multiple Products Integer Overflow Vulnerability -

7.2

CVE-2021-22900 - Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability -

Filters

Cookie Preferences