Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Showing 1 - 15 of 15
Filters:
Qualcomm | Multiple Chipsets

CVE-2024-43047

Qualcomm Multiple Chipsets Use-After-Free Vulnerability: Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services while maintaining memory maps of HLOS memory.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
  • Date Added: 2024-10-08
  • Due Date: 2024-10-29
Additional Notes
https://git.codelinaro.org/clo/la/platform/vendor/qcom/opensource/dsp-kernel/-/commit/0e27b6c7d2bd8d0453e4465ac2ca49a8f8c440e2 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43047
Qualcomm | Multiple Chipsets

CVE-2023-33107

Qualcomm Multiple Chipsets Integer Overflow Vulnerability: Multiple Qualcomm chipsets contain an integer overflow vulnerability due to memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.

Related CWE: CWE-190

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
  • Date Added: 2023-12-05
  • Due Date: 2023-12-26
Additional Notes
This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://git.codelinaro.org/clo/la/kernel/msm-4.19/-/commit/d66b799c804083ea5226cfffac6d6c4e7ad4968b; https://nvd.nist.gov/vuln/detail/CVE-2023-33107
Qualcomm | Multiple Chipsets

CVE-2023-33106

Qualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset Vulnerability: Multiple Qualcomm chipsets contain a use of out-of-range pointer offset vulnerability due to memory corruption in Graphics while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.

Related CWE: CWE-823

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
  • Date Added: 2023-12-05
  • Due Date: 2023-12-26
Additional Notes
This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://git.codelinaro.org/clo/la/kernel/msm-4.19/-/commit/1e46e81dbeb69aafd5842ce779f07e617680fd58; https://nvd.nist.gov/vuln/detail/CVE-2023-33106
Qualcomm | Multiple Chipsets

CVE-2023-33063

Qualcomm Multiple Chipsets Use-After-Free Vulnerability: Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services during a remote call from HLOS to DSP.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
  • Date Added: 2023-12-05
  • Due Date: 2023-12-26
Additional Notes
This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://git.codelinaro.org/clo/la/kernel/msm-5.15/-/commit/2643808ddbedfaabbb334741873fb2857f78188a, https://git.codelinaro.org/clo/la/kernel/msm-4.14/-/commit/d43222efda5a01c9804d74a541e3c1be9b7fe110; https://nvd.nist.gov/vuln/detail/CVE-2023-33063
Qualcomm | Multiple Chipsets

CVE-2022-22071

Qualcomm Multiple Chipsets Use-After-Free Vulnerability: Multiple Qualcomm chipsets contain a use-after-free vulnerability when process shell memory is freed using IOCTL munmap call and process initialization is in progress.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
  • Date Added: 2023-12-05
  • Due Date: 2023-12-26
Additional Notes
This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://git.codelinaro.org/clo/la/kernel/msm-5.4/-/commit/586840fde350d7b8563df9889c8ce397e2c20dda; https://nvd.nist.gov/vuln/detail/CVE-2022-22071
Realtek | SDK

CVE-2014-8361

Realtek SDK Improper Input Validation Vulnerability: Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via a crafted NewInternalClient request.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-09-18
  • Due Date: 2023-10-09
Additional Notes
https://web.archive.org/web/20150831100501/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055; https://nvd.nist.gov/vuln/detail/CVE-2014-8361
Realtek | Jungle Software Development Kit (SDK)

CVE-2021-35394

Realtek Jungle SDK Remote Code Execution Vulnerability: RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution.

Related CWEs: CWE-78| CWE-138

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-12-10
  • Due Date: 2021-12-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-35394
Qualcomm | Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CVE-2020-11261

Qualcomm Multiple Chipsets Improper Input Validation Vulnerability: Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-12-01
  • Due Date: 2022-06-01
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-11261
Accellion | FTA

CVE-2021-27104

Accellion FTA OS Command Injection Vulnerability: Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints.

Related CWEs: CWE-20| CWE-78

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-27104
Accellion | FTA

CVE-2021-27102

Accellion FTA OS Command Injection Vulnerability: Accellion FTA contains an OS command injection vulnerability exploited via a local web service call.

Related CWEs: CWE-20| CWE-78

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-27102
Accellion | FTA

CVE-2021-27101

Accellion FTA SQL Injection Vulnerability: Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to document_root.html.

Related CWEs: CWE-89| CWE-138

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-27101
Accellion | FTA

CVE-2021-27103

Accellion FTA Server-Side Request Forgery (SSRF) Vulnerability: Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html.

Related CWE: CWE-918

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-27103
Qualcomm | Multiple Chipsets

CVE-2021-1906

Qualcomm Multiple Chipsets Detection of Error Condition Without Action Vulnerability: Multiple Qualcomm chipsets contain a detection of error condition without action vulnerability when improper handling of address deregistration on failure can lead to new GPU address allocation failure.

Related CWE: CWE-390

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-1906
Qualcomm | Multiple Chipsets

CVE-2021-1905

Qualcomm Multiple Chipsets Use-After-Free Vulnerability: Multiple Qualcomm Chipsets contain a use after free vulnerability due to improper handling of memory mapping of multiple processes simultaneously.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-1905
Realtek | AP-Router SDK

CVE-2021-35395

Realtek AP-Router SDK Buffer Overflow Vulnerability: Realtek AP-Router SDK HTTP web server boa contains a buffer overflow vulnerability due to unsafe copies of some overly long parameters submitted in the form that lead to denial-of-service (DoS).

Related CWEs: CWE-20| CWE-122

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-35395

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now