Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Dell | dbutil Driver

CVE-2021-21551

Dell dbutil Driver Insufficient Access Control Vulnerability: Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service (DoS), or information disclosure.

Related CWE: CWE-782

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-31
Due Date: 2022-04-21

Additional Notes

Dasan | Gigabit Passive Optical Network (GPON) Routers

CVE-2018-10562

Dasan GPON Routers Command Injection Vulnerability: Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Known

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-31
Due Date: 2022-04-21

Additional Notes

Dasan | Gigabit Passive Optical Network (GPON) Routers

CVE-2018-10561

Dasan GPON Routers Authentication Bypass Vulnerability: Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution.

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-31
Due Date: 2022-04-21

Additional Notes

Google | Chromium V8

CVE-2022-1096

Google Chromium V8 Type Confusion Vulnerability: Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Redis | Debian-specific Redis Servers

CVE-2022-0543

Debian-specific Redis Server Lua Sandbox Escape Vulnerability: Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.

Related CWE: CWE-862

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Office

CVE-2021-38646

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability: Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Windows

CVE-2021-34486

Microsoft Windows Event Tracing Privilege Escalation Vulnerability: Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Atlassian | Confluence Server

CVE-2021-26085

Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability: Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint.

Related CWE: CWE-425

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

SonicWall | Secure Remote Access (SRA)

CVE-2021-20028

SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability: SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection.

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Known

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

SonicWall | SMA100

CVE-2019-7483

SonicWall SMA100 Directory Traversal Vulnerability: In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Windows

CVE-2018-8440

Microsoft Windows Privilege Escalation Vulnerability: An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | DirectX Graphics Kernel (DXGKRNL)

CVE-2018-8406

Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability: An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.

Related CWE: CWE-404

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | DirectX Graphics Kernel (DXGKRNL)

CVE-2018-8405

Related CWE: CWE-404

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Windows

CVE-2017-0213

Microsoft Windows Privilege Escalation Vulnerability: Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Internet Explorer

CVE-2017-0059

Microsoft Internet Explorer Information Disclosure Vulnerability: Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Edge and Internet Explorer

CVE-2017-0037

Microsoft Edge and Internet Explorer Type Confusion Vulnerability: Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution.

Related CWE: CWE-704

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Edge

CVE-2016-7201

Microsoft Edge Memory Corruption Vulnerability: The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Edge

CVE-2016-7200

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Internet Explorer

CVE-2016-0189

Microsoft Internet Explorer Memory Corruption Vulnerability: The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Client-Server Run-time Subsystem (CSRSS)

CVE-2016-0151

Microsoft Windows CSRSS Security Feature Bypass Vulnerability: The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates