Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Apache | Tomcat

CVE-2016-8735

Apache Tomcat Remote Code Execution Vulnerability: Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension (JMX) ports. This CVE exists because this listener wasn't updated for consistency with the Oracle patched issues for CVE-2016-3427 which affected credential types.

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-05-12
Due Date: 2023-06-02

Additional Notes

Apache | Log4j2

CVE-2021-45046

Apache Log4j2 Deserialization of Untrusted Data Vulnerability: Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.

Related CWE: CWE-917

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2023-05-01
Due Date: 2023-05-22

Additional Notes

Linux | Kernel

CVE-2023-0266

Linux Kernel Use-After-Free Vulnerability: Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-03-30
Due Date: 2023-04-20

Additional Notes

Apache | Spark

CVE-2022-33891

Apache Spark Command Injection Vulnerability: Apache Spark contains a command injection vulnerability via Spark User Interface (UI) when Access Control Lists (ACLs) are enabled.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-03-07
Due Date: 2023-03-28

Additional Notes

Linux | Kernel

CVE-2021-3493

Linux Kernel Privilege Escalation Vulnerability: The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalation.

Related CWE: CWE-862

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-10-20
Due Date: 2022-11-10

Additional Notes

Linux | Kernel

CVE-2013-6282

Linux Kernel Improper Input Validation Vulnerability: The get_user and put_user API functions of the Linux kernel fail to validate the target address when being used on ARM v6k/v7 platforms. This allows an application to read and write kernel memory which could lead to privilege escalation.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-09-15
Due Date: 2022-10-06

Additional Notes

Linux | Kernel

CVE-2013-2094

Linux Kernel Privilege Escalation Vulnerability: Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perf_swevent_enabled array in sw_perf_event_destroy(). Explotation allows for privilege escalation.

Related CWE: CWE-189

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-09-15
Due Date: 2022-10-06

Additional Notes

Linux | Kernel

CVE-2013-2596

Linux Kernel Integer Overflow Vulnerability: Linux kernel fb_mmap function in drivers/video/fbmem.c contains an integer overflow vulnerability that allows for privilege escalation.

Related CWE: CWE-189

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-09-15
Due Date: 2022-10-06

Additional Notes

Apache | CouchDB

CVE-2022-24706

Apache CouchDB Insecure Default Initialization of Resource Vulnerability: Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges.

Related CWE: CWE-1188

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-08-25
Due Date: 2022-09-15

Additional Notes

Apache | APISIX

CVE-2022-24112

Apache APISIX Authentication Bypass Vulnerability: Apache APISIX contains an authentication bypass vulnerability that allows for remote code execution.

Related CWE: CWE-290

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-08-25
Due Date: 2022-09-15

Additional Notes

Linux | Kernel

CVE-2014-3153

Linux Kernel Privilege Escalation Vulnerability: The futex_requeue function in kernel/futex.c in Linux kernel does not ensure that calls have two different futex addresses, which allows local users to gain privileges.

Related CWE: CWE-269

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Linux | Kernel

CVE-2022-0847

Linux Kernel Privilege Escalation Vulnerability: Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of "Dirty Pipe."

Related CWE: CWE-665

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-04-25
Due Date: 2022-05-16

Additional Notes

Linux | Kernel

CVE-2021-22600

Linux Kernel Privilege Escalation Vulnerability: Linux Kernel contains a flaw in the packet socket (AF_PACKET) implementation which could lead to incorrectly freeing memory. A local user could exploit this for denial-of-service (DoS) or possibly for privilege escalation.

Related CWE: CWE-415

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-04-11
Due Date: 2022-05-02

Additional Notes

Apache | Struts

CVE-2013-2251

Apache Struts Improper Input Validation Vulnerability: Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Apache | Kylin

CVE-2020-1956

Apache Kylin OS Command Injection Vulnerability: Apache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execution.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Apache | Tomcat

CVE-2017-12617

Apache Tomcat Remote Code Execution Vulnerability: When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Related CWE: CWE-434

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Apache | Tomcat

CVE-2017-12615

Apache Tomcat on Windows Remote Code Execution Vulnerability: When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Related CWE: CWE-434

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Apache | Tomcat

CVE-2020-1938

Apache Tomcat Improper Privilege Management Vulnerability: Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-17

Additional Notes

Linux | Kernel

CVE-2016-5195

Linux Kernel Race Condition Vulnerability: Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges.

Related CWE: CWE-362

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Apache | ActiveMQ

CVE-2016-3088

Apache ActiveMQ Improper Input Validation Vulnerability: The Fileserver web application in Apache ActiveMQ allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-02-10
Due Date: 2022-08-10

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates