Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Showing 61 - 80 of 96
Filters:
SonicWall | Secure Remote Access (SRA)

CVE-2021-20028

SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability: SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection.

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Known

Action: The impacted product is end-of-life and should be disconnected if still in use.
  • Date Added: 2022-03-28
  • Due Date: 2022-04-18
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-20028
SonicWall | SMA100

CVE-2019-7483

SonicWall SMA100 Directory Traversal Vulnerability: In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-28
  • Due Date: 2022-04-18
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-7483
SonicWall | SonicOS

CVE-2020-5135

SonicWall SonicOS Buffer Overflow Vulnerability: A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall.

Related CWE: CWE-120

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-15
  • Due Date: 2022-04-05
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-5135
Apple | iOS, iPadOS, and macOS

CVE-2022-22620

Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability: Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-02-11
  • Due Date: 2022-02-25
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-22620
Apple | OS X

CVE-2015-1130

Apple OS X Authentication Bypass Vulnerability: The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges.

Related CWE: CWE-254

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-02-10
  • Due Date: 2022-08-10
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2015-1130
Apple | OS X

CVE-2014-4404

Apple OS X Heap-Based Buffer Overflow Vulnerability: Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-02-10
  • Due Date: 2022-08-10
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2014-4404
Apple | iOS and macOS

CVE-2022-22587

Apple Memory Corruption Vulnerability: Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges.

Related CWEs: CWE-20| CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-01-28
  • Due Date: 2022-02-11
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-22587
SonicWall | SMA 100 Appliances

CVE-2021-20038

SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability: SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution.

Related CWE: CWE-121

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-01-28
  • Due Date: 2022-02-11
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-20038
Apple | Multiple Products

CVE-2021-30860

Apple Multiple Products Integer Overflow Vulnerability: Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerability is also known under the moniker of FORCEDENTRY.

Related CWEs: CWE-20| CWE-190

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-30860
Apple | Multiple Products

CVE-2020-27930

Apple Multiple Products Memory Corruption Vulnerability: Apple iOS, iPadOS, macOS, and watchOS FontParser contain a memory corruption vulnerability which may allow for code execution when processing maliciously crafted front.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-27930
Apple | Multiple Products

CVE-2021-30807

Apple Multiple Products Memory Corruption Vulnerability: Apple iOS, iPadOS, macOS, and watchOS IOMobileFrameBuffer contain a memory corruption vulnerability which may allow an application to execute code with kernel privileges.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-30807
Apple | Multiple Products

CVE-2020-27950

Apple Multiple Products Memory Initialization Vulnerability: Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory.

Related CWE: CWE-665

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-27950
Apple | iOS and macOS

CVE-2019-6223

Apple iOS and macOS Group Facetime Vulnerability: Apple iOS and macOS Group FaceTime contains an unspecified vulnerability where the call initiator can cause the recipient's Apple device to answer unknowingly or without user interaction.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-6223
SonicWall | SSLVPN SMA100

CVE-2021-20016

SonicWall SSLVPN SMA100 SQL Injection Vulnerability: SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker.

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-20016
SonicWall | SonicWall Email Security

CVE-2021-20023

SonicWall Email Security Path Traversal Vulnerability: SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20022 to achieve privilege escalation.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-20023
SonicWall | SonicWall Email Security

CVE-2021-20022

SonicWall Email Security Unrestricted Upload of File Vulnerability: SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20023 to achieve privilege escalation.

Related CWE: CWE-434

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-20022
SonicWall | SMA100

CVE-2019-7481

SonicWall SMA100 SQL Injection Vulnerability: SonicWall SMA100 contains a SQL injection vulnerability allowing an unauthenticated user to gain read-only access to unauthorized resources.

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-7481
SonicWall | SonicWall Email Security

CVE-2021-20021

SonicWall Email Security Improper Privilege Management Vulnerability: SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20022 and CVE-2021-20023 to achieve privilege escalation.

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-20021
Apple | Multiple Products

CVE-2020-27932

Apple Multiple Products Type Confusion Vulnerability: Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel privileges.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-27932
Apple | iOS, iPadOS, and watchOS

CVE-2020-9818

Apple iOS, iPadOS, and watchOS Out-of-Bounds Write Vulnerability: Apple iOS, iPadOS, and watchOS Mail contains an out-of-bounds write vulnerability which may allow memory modification or application termination when processing a maliciously crafted mail message.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-9818

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now