Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Showing 501 - 520 of 1345
Cisco | AnyConnect Secure

CVE-2020-3153

Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability: Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks.

Related CWE: CWE-427

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-10-24
  • Due Date: 2022-11-14
Additional Notes
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj; https://nvd.nist.gov/vuln/detail/CVE-2020-3153
Cisco | AnyConnect Secure

CVE-2020-3433

Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability: Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at run time. An attacker with valid credentials on Windows could execute code on the affected machine with SYSTEM privileges.

Related CWE: CWE-427

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-10-24
  • Due Date: 2022-11-14
Additional Notes
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW; https://nvd.nist.gov/vuln/detail/CVE-2020-3433
GIGABYTE | Multiple Products

CVE-2018-19323

GIGABYTE Multiple Products Privilege Escalation Vulnerability: The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-10-24
  • Due Date: 2022-11-14
Additional Notes
https://www.gigabyte.com/Support/Security/1801; https://nvd.nist.gov/vuln/detail/CVE-2018-19323
GIGABYTE | Multiple Products

CVE-2018-19321

GIGABYTE Multiple Products Privilege Escalation Vulnerability: The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-10-24
  • Due Date: 2022-11-14
Additional Notes
https://www.gigabyte.com/Support/Security/1801; https://nvd.nist.gov/vuln/detail/CVE-2018-19321
GIGABYTE | Multiple Products

CVE-2018-19322

GIGABYTE Multiple Products Code Execution Vulnerability: The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.

Related CWE: CWE-749

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-10-24
  • Due Date: 2022-11-14
Additional Notes
https://www.gigabyte.com/Support/Security/1801; https://nvd.nist.gov/vuln/detail/CVE-2018-19322
GIGABYTE | Multiple Products

CVE-2018-19320

GIGABYTE Multiple Products Unspecified Vulnerability: The GDrv low-level driver in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-10-24
  • Due Date: 2022-11-14
Additional Notes
https://www.gigabyte.com/Support/Security/1801; https://nvd.nist.gov/vuln/detail/CVE-2018-19320
Linux | Kernel

CVE-2021-3493

Linux Kernel Privilege Escalation Vulnerability: The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalation.

Related CWE: CWE-862

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-10-20
  • Due Date: 2022-11-10
Additional Notes
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52; https://nvd.nist.gov/vuln/detail/CVE-2021-3493
Synacor | Zimbra Collaboration Suite (ZCS)

CVE-2022-41352

Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability: Synacor Zimbra Collaboration Suite (ZCS) allows an attacker to upload arbitrary files using cpio package to gain incorrect access to any other user accounts.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-10-20
  • Due Date: 2022-11-10
Additional Notes
https://wiki.zimbra.com/wiki/Security_Center; https://nvd.nist.gov/vuln/detail/CVE-2022-41352
Microsoft | Windows COM+ Event System Service

CVE-2022-41033

Microsoft Windows COM+ Event System Service Privilege Escalation Vulnerability: Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-10-11
  • Due Date: 2022-11-01
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41033; https://nvd.nist.gov/vuln/detail/CVE-2022-41033
Fortinet | Multiple Products

CVE-2022-40684

Fortinet Multiple Products Authentication Bypass Vulnerability: Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

Related CWE: CWE-288

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-10-11
  • Due Date: 2022-11-01
Additional Notes
https://www.fortiguard.com/psirt/FG-IR-22-377; https://nvd.nist.gov/vuln/detail/CVE-2022-40684
Atlassian | Bitbucket Server and Data Center

CVE-2022-36804

Atlassian Bitbucket Server and Data Center Command Injection Vulnerability: Multiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or with read permissions to a private one, can execute code by sending a malicious HTTP request.

Related CWEs: CWE-78| CWE-88| CWE-158

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-30
  • Due Date: 2022-10-21
Additional Notes
https://jira.atlassian.com/browse/BSERV-13438; https://nvd.nist.gov/vuln/detail/CVE-2022-36804
Microsoft | Exchange Server

CVE-2022-41040

Microsoft Exchange Server Server-Side Request Forgery Vulnerability: Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution.

Related CWE: CWE-918

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-30
  • Due Date: 2022-10-21
Additional Notes
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/; https://nvd.nist.gov/vuln/detail/CVE-2022-41040
Microsoft | Exchange Server

CVE-2022-41082

Microsoft Exchange Server Remote Code Execution Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-30
  • Due Date: 2022-10-21
Additional Notes
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/; https://nvd.nist.gov/vuln/detail/CVE-2022-41082
Zoho | ManageEngine

CVE-2022-35405

Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability: Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability that allows for remote code execution.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-22
  • Due Date: 2022-10-13
Additional Notes
https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-35405.html; https://nvd.nist.gov/vuln/detail/CVE-2022-35405
Microsoft | Windows

CVE-2010-2568

Microsoft Windows Remote Code Execution Vulnerability: Microsoft Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attacker who successfully exploited this vulnerability could execute code as the logged-on user.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-15
  • Due Date: 2022-10-06
Additional Notes
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046; https://nvd.nist.gov/vuln/detail/CVE-2010-2568
Trend Micro | Apex One and Apex One as a Service

CVE-2022-40139

Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability: Trend Micro Apex One and Apex One as a Service contain an improper validation of rollback mechanism components that could lead to remote code execution.

Related CWEs: CWE-353| CWE-641

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-15
  • Due Date: 2022-10-06
Additional Notes
https://success.trendmicro.com/dcx/s/solution/000291528?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2022-40139
Linux | Kernel

CVE-2013-6282

Linux Kernel Improper Input Validation Vulnerability: The get_user and put_user API functions of the Linux kernel fail to validate the target address when being used on ARM v6k/v7 platforms. This allows an application to read and write kernel memory which could lead to privilege escalation.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-15
  • Due Date: 2022-10-06
Additional Notes
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8404663f81d212918ff85f493649a7991209fa04; https://nvd.nist.gov/vuln/detail/CVE-2013-6282
Code Aurora | ACDB Audio Driver

CVE-2013-2597

Code Aurora ACDB Audio Driver Stack-based Buffer Overflow Vulnerability: The Code Aurora audio calibration database (acdb) audio driver contains a stack-based buffer overflow vulnerability that allows for privilege escalation. Code Aurora is used in third-party products such as Qualcomm and Android.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-15
  • Due Date: 2022-10-06
Additional Notes
https://web.archive.org/web/20161226013354/https:/www.codeaurora.org/news/security-advisories/stack-based-buffer-overflow-acdb-audio-driver-cve-2013-2597; https://nvd.nist.gov/vuln/detail/CVE-2013-2597
Linux | Kernel

CVE-2013-2094

Linux Kernel Privilege Escalation Vulnerability: Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perf_swevent_enabled array in sw_perf_event_destroy(). Explotation allows for privilege escalation.

Related CWE: CWE-189

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-15
  • Due Date: 2022-10-06
Additional Notes
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8176cced706b5e5d15887584150764894e94e02f; https://nvd.nist.gov/vuln/detail/CVE-2013-2094

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now