CISA Known Exploited Vulnerabilities (KEV)

CVE-2021-34486 - Microsoft Windows Event Tracing Privilege Escalation Vulnerability -

Action Due Apr 18, 2022 Target Vendor : Microsoft

Description : Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-34486

CVE-2021-20028 - SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability -

Action Due Apr 18, 2022 Target Vendor : SonicWall

Description : SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection.

Action : The impacted product is end-of-life and should be disconnected if still in use.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-20028

CVE-2019-7483 - SonicWall SMA100 Directory Traversal Vulnerability -

Action Due Apr 18, 2022 Target Vendor : SonicWall

Description : In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-7483

CVE-2018-8440 - Microsoft Windows Privilege Escalation Vulnerability -

Action Due Apr 18, 2022 Target Vendor : Microsoft

Description : An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-8440

CVE-2018-8406 - Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability -

Action Due Apr 18, 2022 Target Vendor : Microsoft

Description : An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-8406

CVE-2018-8405 - Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability -

Action Due Apr 18, 2022 Target Vendor : Microsoft

Description : An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-8405

CVE-2017-0213 - Microsoft Windows Privilege Escalation Vulnerability -

Action Due Apr 18, 2022 Target Vendor : Microsoft

Description : Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-0213

CVE-2017-0059 - Microsoft Internet Explorer Information Disclosure Vulnerability -

Action Due Apr 18, 2022 Target Vendor : Microsoft

Description : Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-0059

CVE-2017-0037 - Microsoft Edge and Internet Explorer Type Confusion Vulnerability -

Action Due Apr 18, 2022 Target Vendor : Microsoft

Description : Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-0037

CVE-2016-7200 - Microsoft Edge Memory Corruption Vulnerability -

Action Due Apr 18, 2022 Target Vendor : Microsoft

Description : The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-7200

CVE-2016-0189 - Microsoft Internet Explorer Memory Corruption Vulnerability -

Action Due Apr 18, 2022 Target Vendor : Microsoft

Description : The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-0189

CVE-2016-0151 - Microsoft Windows CSRSS Security Feature Bypass Vulnerability -

Action Due Apr 18, 2022 Target Vendor : Microsoft

Description : The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-0151

CVE-2016-0040 - Microsoft Windows Kernel Privilege Escalation Vulnerability -

Action Due Apr 18, 2022 Target Vendor : Microsoft

Description : The kernel in Microsoft Windows allows local users to gain privileges via a crafted application.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-0040

CVE-2015-2426 - Microsoft Windows Adobe Type Manager Library Remote Code Execution Vulnerability -

Action Due Apr 18, 2022 Target Vendor : Microsoft

Description : A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-2426

CVE-2015-2419 - Microsoft Internet Explorer Memory Corruption Vulnerability -

Action Due Apr 18, 2022 Target Vendor : Microsoft

Description : JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-2419

CVE-2015-1770 - Microsoft Office Uninitialized Memory Use Vulnerability -

Action Due Apr 18, 2022 Target Vendor : Microsoft

Description : Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-1770

CVE-2013-2729 - Adobe Reader and Acrobat Arbitrary Integer Overflow Vulnerability -

Action Due Apr 18, 2022 Target Vendor : Adobe

Description : Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-2729

CVE-2013-2551 - Microsoft Internet Explorer Use-After-Free Vulnerability -

Action Due Apr 18, 2022 Target Vendor : Microsoft

Description : Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute remote code via a crafted web site that triggers access to a deleted object.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-2551

CVE-2013-2465 - Oracle Java SE Unspecified Vulnerability -

Action Due Apr 18, 2022 Target Vendor : Oracle

Description : Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to 2D

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-2465

CVE-2013-1690 - Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability -

Action Due Apr 18, 2022 Target Vendor : Mozilla

Description : Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service (DoS) or possibly execute malicious code via a crafted web site.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-1690