Sophos XG Firewall Buffer
Overflow Vulnerability: Sophos
XG Firewall contains a buffer overflow vulnerability that allows
for remote code execution via the "HTTP/S bookmark" feature.
CyberoamOS (CROS) SQL
Injection Vulnerability: CyberoamOS
(CROS) contains a SQL injection vulnerability in the WebAdmin
that allows an unauthenticated attacker to execute arbitrary SQL
statements remotely.
Related CWE:
Known To Be Used in Ransomware
Campaigns? Unknown
Action: The impacted product is end-of-life (EoL) and/or
end-of-service (EoS). Users should discontinue utilization
of the product.
JQuery Cross-Site Scripting (XSS)
Vulnerability: JQuery
contains a persistent cross-site scripting (XSS) vulnerability.
When passing maliciously formed, untrusted input enclosed in
HTML tags, JQuery's DOM manipulators can execute untrusted code
in the context of the user's browser.
Oracle WebLogic Server Unspecified
Vulnerability: Oracle
WebLogic Server, a product within the Fusion Middleware suite,
contains an unspecified vulnerability exploitable by an
unauthenticated attacker with network access via IIOP or T3.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
DrayTek Multiple Vigor Routers OS
Command Injection Vulnerability: DrayTek
Vigor3900, Vigor2960, and Vigor300B devices contain an OS
command injection vulnerability in cgi-bin/mainfunction.cgi/cvmcfgupload
that allows for remote code execution via shell metacharacters
in a filename when the text/x-python-script content type is used.
Related CWE: CWE-78
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
Oracle WebLogic Server Remote Code
Execution Vulnerability: Oracle
WebLogic Server, a product within the Fusion Middleware suite,
contains a deserialization vulnerability. Unauthenticated
attackers with network access via T3 or IIOP can exploit this
vulnerability to achieve remote code execution.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
Microsoft SQL Server Reporting
Services Remote Code Execution Vulnerability: Microsoft
SQL Server Reporting Services contains a deserialization
vulnerability when handling page requests incorrectly. An
authenticated attacker can exploit this vulnerability to execute
code in the context of the Report Server service account.
Related CWE: CWE-502
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
Roundcube Webmail Cross-Site
Scripting (XSS) Vulnerability: Roundcube
Webmail contains a cross-site scripting (XSS) vulnerability that
allows a remote attacker to manipulate data via a malicious XML
attachment.
Related CWE: CWE-80
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
Apache Flink Improper Access
Control Vulnerability: Apache
Flink contains an improper access control vulnerability that
allows an attacker to read any file on the local filesystem of
the JobManager through its REST interface.
Related CWE: CWE-552
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
Cisco ASA and FTD Information
Disclosure Vulnerability: Cisco
Adaptive Security Appliance (ASA) and Firepower Threat Defense
(FTD) contain an information disclosure vulnerability. An
attacker could retrieve memory contents on an affected device,
which could lead to the disclosure of confidential information
due to a buffer tracking issue when the software parses invalid
URLs that are requested from the web services interface. This
vulnerability affects only specific AnyConnect and WebVPN
configurations.
Related CWE: CWE-200
Known To Be Used in Ransomware
Campaigns? Known
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
Oracle Fusion Middleware
Unspecified Vulnerability: Oracle
Fusion Middleware contains an unspecified vulnerability in the
WLS Core Components that allows an unauthenticated attacker with
network access via IIOP to compromise the WebLogic Server.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or
discontinue use of the product if mitigations are
unavailable.
Roundcube Webmail Cross-Site
Scripting (XSS) Vulnerability: Roundcube
Webmail contains a cross-site scripting (XSS) vulnerability that
allows an attacker to send a plain text e-mail message with
Javascript in a link reference element that is mishandled by
linkref_addinindex in rcube_string_replacer.php.
Related CWE: CWE-79
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Roundcube Webmail Remote Code
Execution Vulnerability: Roundcube
Webmail contains an remote code execution vulnerability that
allows attackers to execute code via shell metacharacters in a
configuration setting for im_convert_path or im_identify_path.
Related CWE: CWE-78
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Plex Media Server Remote Code
Execution Vulnerability: Plex
Media Server contains a remote code execution vulnerability that
allows an attacker with access to the server administrator's
Plex account to upload a malicious file via the Camera Upload
feature and have the media server execute it.
Related CWE: CWE-502
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Cisco AnyConnect Secure Mobility
Client for Windows DLL Hijacking Vulnerability: Cisco
AnyConnect Secure Mobility Client for Windows interprocess
communication (IPC) channel allows for insufficient validation
of resources that are loaded by the application at run time. An
attacker with valid credentials on Windows could execute code on
the affected machine with SYSTEM privileges.
Related CWE: CWE-427
Known To Be Used in Ransomware
Campaigns? Known
Action: Apply updates per vendor instructions.
Cisco AnyConnect Secure Mobility
Client for Windows Uncontrolled Search Path Vulnerability: Cisco
AnyConnect Secure Mobility Client for Windows allows for
incorrect handling of directory paths. An attacker with valid
credentials on Windows would be able to copy malicious files to
arbitrary locations with system level privileges. This could
include DLL pre-loading, DLL hijacking, and other related
attacks.
Related CWE: CWE-427
Known To Be Used in Ransomware
Campaigns? Known
Action: Apply updates per vendor instructions.
Apple iOS, iPadOS, and macOS Input
Validation Vulnerability: Apple
iOS, iPadOS, and macOS contain an unspecified vulnerability
involving input validation which can allow a local attacker to
view sensitive user information.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply updates per vendor instructions.
PEAR Archive_Tar Improper Link
Resolution Vulnerability: PEAR
Archive_Tar Tar.php allows write operations with directory
traversal due to inadequate checking of symbolic links. PEAR
stands for PHP Extension and Application Repository and it is an
open-source framework and distribution system for reusable PHP
components with known usage in third-party products such as
Drupal Core and Red Hat Linux.
Related CWEs: CWE-22|CWE-59
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
PEAR Archive_Tar Deserialization
of Untrusted Data Vulnerability: PEAR
Archive_Tar allows an unserialization attack because phar: is
blocked but PHAR: is not blocked. PEAR stands for PHP Extension
and Application Repository and it is an open-source framework
and distribution system for reusable PHP components with known
usage in third-party products such as Drupal Core and Red Hat
Linux.
Related CWE: CWE-74
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Apple Multiple Products Memory
Corruption Vulnerability: Apple
iOS, iPadOS, macOS, tvOS, and watchOS contain a memory
corruption vulnerability that could allow an application to
execute code with kernel privileges.
Related CWE: CWE-787
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Apple Multiple Products Memory
Corruption Vulnerability: Apple
iOS, iPadOS, and tvOS contain a memory corruption vulnerability
that could allow an application to execute code with kernel
privileges.
Related CWE: CWE-787
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Microsoft Windows Kernel Privilege
Escalation Vulnerability: An
elevation of privilege vulnerability exists in the way that the
Windows Kernel handles objects in memory. An attacker who
successfully exploited the vulnerability could execute code with
elevated permissions.
Related CWE: CWE-787
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Microsoft Update Notification
Manager Privilege Escalation Vulnerability: Microsoft
Update Notification Manager contains an unspecified
vulnerability that allows for privilege escalation.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply updates per vendor instructions.
QNAP Network-Attached Storage
(NAS) Command Injection Vulnerability: QNAP
NAS devices contain a command injection vulnerability which
could allow attackers to perform remote code execution.
Related CWEs: CWE-77|CWE-78
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
D-Link DIR-610 Devices Remote
Command Execution: D-Link
DIR-610 devices allow remote code execution via the cmd
parameter to command.php.
Related CWE: CWE-78
Known To Be Used in Ransomware
Campaigns? Unknown
Action: The impacted product is end-of-life and
should be disconnected if still in use.
Zyxel Multiple NAS Devices OS
Command Injection Vulnerability: Multiple
Zyxel network-attached storage (NAS) devices contain a
pre-authentication command injection vulnerability, which may
allow a remote, unauthenticated attacker to execute arbitrary
code.
Related CWE: CWE-78
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
OpenSMTPD Remote Code Execution
Vulnerability: smtp_mailaddr
in smtp_session.c in OpenSMTPD, as used in OpenBSD and other
products, allows remote attackers to execute arbitrary commands
as root via a crafted SMTP session.
Related CWEs: CWE-755|CWE-78
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Date Added: 2022-03-25
Due Date: 2022-04-15
VMware Tanzu | Spring Cloud
Configuration (Config) Server
QNAP Helpdesk Improper Access
Control Vulnerability: QNAP
Helpdesk contains an improper access control vulnerability which
could allow an attacker to gain privileges or to read sensitive
information.
Related CWE: CWE-284
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Palo Alto Networks PAN-OS
Authentication Bypass Vulnerability: Palo
Alto Networks PAN-OS contains a vulnerability in SAML which
allows an attacker to bypass authentication.
Related CWE: CWE-347
Known To Be Used in Ransomware
Campaigns? Known
Action: Apply updates per vendor instructions.
Apache Kylin OS Command Injection
Vulnerability: Apache
Kylin contains an OS command injection vulnerability which could
permit an attacker to perform remote code execution.
Related CWE: CWE-78
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Juniper Junos OS Path Traversal
Vulnerability: A
path traversal vulnerability in the HTTP/HTTPS service used by
J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall
Authentication Pass-Through with Web-Redirect, and Zero Touch
Provisioning (ZTP) allows an unauthenticated attacker to perform
remote code execution.
Related CWEs: CWE-22|CWE-73
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
SonicWall SonicOS Buffer Overflow
Vulnerability: A
buffer overflow vulnerability in SonicOS allows a remote
attacker to cause Denial of Service (DoS) and potentially
execute arbitrary code by sending a malicious request to the
firewall.
Related CWE: CWE-120
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Pulse Connect Secure Code
Injection Vulnerability: A
code injection vulnerability exists in Pulse Connect Secure that
allows an attacker to crafted a URI to perform an arbitrary code
execution via the admin web interface.
Related CWE: CWE-94
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Apache Tomcat Improper Privilege
Management Vulnerability: Apache
Tomcat treats Apache JServ Protocol (AJP) connections as having
higher trust than, for example, a similar HTTP connection. If
such connections are available to an attacker, they can be
exploited.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply updates per vendor instructions.
Microsoft SMBv3 Remote Code
Execution Vulnerability: A
remote code execution vulnerability exists in the way that the
Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles
certain requests. An attacker who successfully exploited the
vulnerability could gain the ability to execute code on the
target server or client.
Related CWE: CWE-119
Known To Be Used in Ransomware
Campaigns? Known
Action: Apply updates per vendor instructions.
Grandstream Networks UCM6200
Series SQL Injection Vulnerability: Grandstream
UCM6200 series is vulnerable to an unauthenticated remote SQL
injection via crafted HTTP request. Exploitation can allow for
code execution as root.
Related CWE: CWE-89
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Microsoft Windows Background
Intelligent Transfer Service (BITS) Improper Privilege
Management Vulnerability: Microsoft
Windows BITS is vulnerable to to a privilege elevation
vulnerability if it improperly handles symbolic links. An actor
can exploit this vulnerability to execute arbitrary code with
system-level privileges.
Related CWEs: CWE-269|CWE-59
Known To Be Used in Ransomware
Campaigns? Known
Action: Apply updates per vendor instructions.
Oracle Business Intelligence
Enterprise Edition Path Transversal: Path
traversal vulnerability, where an attacker can target the
preview FilePath parameter of the getPreviewImage function to
get access to arbitrary system file.
Related CWE: CWE-22
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Apache Airflow's Experimental API
Authentication Bypass: The
previous default setting for Airflow's Experimental API was to
allow all API requests without authentication.
Related CWEs: CWE-1188|CWE-306
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Google Chrome Media Use-After-Free
Vulnerability: Google
Chrome Media contains a use-after-free vulnerability that allows
a remote attacker to execute code via a crafted HTML page.
Related CWE: CWE-416
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Fuel CMS SQL Injection
Vulnerability: FUEL
CMS 1.4.7 allows SQL Injection via the col parameter to
/pages/items, /permissions/items, or /navigation/items.
Related CWE: CWE-89
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Amcrest Cameras and NVR
Stack-based Buffer Overflow Vulnerability: Amcrest
cameras and NVR contain a stack-based buffer overflow
vulnerability through port 37777 that allows an unauthenticated,
remote attacker to crash the device and possibly execute code.
Related CWE: CWE-121
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Android Kernel Use-After-Free
Vulnerability: Android
Kernel contains a use-after-free vulnerability in binder.c that
allows for privilege escalation from an application to the Linux
Kernel. This vulnerability was observed chained with
CVE-2020-0041 and CVE-2020-0069 under exploit chain
"AbstractEmu."
Related CWE: CWE-416
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Android Kernel Out-of-Bounds Write
Vulnerability: Android
Kernel binder_transaction of binder.c contains an out-of-bounds
write vulnerability due to an incorrect bounds check that could
allow for local privilege escalation. This vulnerability was
observed chained with CVE-2019-2215 and CVE-2020-0069 under
exploit chain "AbstractEmu."
Related CWE: CWE-20
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Mediatek Multiple Chipsets
Insufficient Input Validation Vulnerability: Multiple
MediaTek chipsets contain an insufficient input validation
vulnerability and have missing SELinux restrictions in the
Command Queue drivers ioctl handlers. This causes an
out-of-bounds write leading to privilege escalation. This
vulnerability was observed chained with CVE-2019-2215 and
CVE-2020-0041 under exploit chain "AbstractEmu."
Related CWE: CWE-787
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Apache Struts Remote Code
Execution Vulnerability: Forced
Object-Graph Navigation Language (OGNL) evaluation in Apache
Struts, when evaluated on raw user input in tag attributes, can
lead to remote code execution.
Related CWE: CWE-917
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Apple Multiple Products Memory
Corruption Vulnerability: Apple
iOS, iPadOS, macOS, and watchOS FontParser contain a memory
corruption vulnerability which may allow for code execution when
processing maliciously crafted front.
Related CWE: CWE-787
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Apple Multiple Products Memory
Initialization Vulnerability: Apple
iOS, iPadOS, macOS, and watchOS contain a memory initialization
vulnerability that may allow a malicious application to disclose
kernel memory.
Related CWE: CWE-665
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Apple Multiple Products Type
Confusion Vulnerability: Apple
iOS, iPadOS, macOS, and watchOS contain a type confusion
vulnerability that may allow a malicious application to execute
code with kernel privileges.
Related CWE: CWE-843
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Apple iOS, iPadOS, and watchOS
Out-of-Bounds Write Vulnerability: Apple
iOS, iPadOS, and watchOS Mail contains an out-of-bounds write
vulnerability which may allow memory modification or application
termination when processing a maliciously crafted mail message.
Related CWE: CWE-787
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Apple iOS, iPadOS, and watchOS
Memory Corruption Vulnerability: Apple
iOS, iPadOS, and watchOS Mail contains a memory corruption
vulnerability that may allow heap corruption when processing a
maliciously crafted mail message.
Related CWE: CWE-787
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Apple Multiple Products Code
Execution Vulnerability: Apple
iOS, iPadOS, macOS, watchOS, and tvOS contain an unspecified
vulnerability that may allow an application to execute code with
kernel privileges.
Related CWE: CWE-415
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Cisco ASA and FTD Read-Only Path
Traversal Vulnerability: Cisco
Adaptive Security Appliance (ASA) and Firepower Threat Defense
(FTD) contain an improper input validation vulnerability when
HTTP requests process URLs. An attacker could exploit this
vulnerability by sending a crafted HTTP request containing
directory traversal character sequences to an affected device. A
successful exploit could allow the attacker to view arbitrary
files within the web services file system on the targeted
device.
Related CWE: CWE-20
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Cisco ASA and FTD Cross-Site
Scripting (XSS) Vulnerability: Cisco
Adaptive Security Appliance (ASA) and Firepower Threat Defense
(FTD) contain an insufficient input validation vulnerability for
user-supplied input by the web services interface. Successful
exploitation could allow an attacker to perform cross-site
scripting (XSS) in the context of the interface or access
sensitive browser-based information.
Related CWE: CWE-79
Known To Be Used in Ransomware
Campaigns? Known
Action: Apply updates per vendor instructions.
Cisco IOS XR Software Discovery
Protocol Format String Vulnerability: Cisco
IOS XR improperly validates string input from certain fields in
Cisco Discovery Protocol messages. Exploitation could allow an
unauthenticated, adjacent attacker to execute code with
administrative privileges or cause a reload on an affected
device.
Related CWE: CWE-134
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Cisco IOS XR Software DVMRP Memory
Exhaustion Vulnerability: Cisco
IOS XR Distance Vector Multicast Routing Protocol (DVMRP)
incorrectly handles Internet Group Management Protocol (IGMP)
packets. Exploitation could allow an unauthenticated, remote
attacker to immediately crash the IGMP process or make it
consume available memory and eventually crash.
Related CWE: CWE-400
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Cisco IOS XR Software DVMRP Memory
Exhaustion Vulnerability: Cisco
IOS XR Distance Vector Multicast Routing Protocol (DVMRP)
incorrectly handles Internet Group Management Protocol (IGMP)
packets. Exploitation could allow an unauthenticated, remote
attacker to immediately crash the IGMP process or make it
consume available memory and eventually crash.
Related CWE: CWE-400
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Cisco IP Phones Web Server Remote
Code Execution and Denial-of-Service Vulnerability: Cisco
IP Phones contain an improper input validation vulnerability for
HTTP requests. Exploitation could allow an attacker to execute
code remotely with root privileges or cause a denial-of-service
(DoS) condition.
Related CWE: CWE-20
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Citrix ADC, Gateway, and SD-WAN
WANOP Appliance Authorization Bypass Vulnerability: Citrix
ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance
models contain an authorization bypass vulnerability that may
allow unauthenticated access to certain URL endpoints. The
attacker must have access to the NetScaler IP (NSIP) in order to
perform exploitation.
Related CWE: CWE-284
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
D-Link DIR-825 R1 Devices Buffer
Overflow Vulnerability: D-Link
DIR-825 R1 devices contain a buffer overflow vulnerability in
the web interface that may allow for remote code execution.
Related CWE: CWE-119
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
D-Link DNS-320 Device Command
Injection Vulnerability: D-Link
DNS-320 device contains a command injection vulnerability in the
sytem_mgr.cgi component that may allow for remote code
execution.
Related CWE: CWE-78
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Multiple DrayTek Vigor Routers Web
Management Page Vulnerability: DrayTek
Vigor3900, Vigor2960, and Vigor300B routers contain an
unspecified vulnerability that allows for remote code execution.
Related CWE: CWE-78
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
EyesOfNetwork Use of Hard-Coded
Credentials Vulnerability: EyesOfNetwork
contains a use of hard-coded credentials vulnerability, as it
uses the same API key by default. Exploitation allows an
attacker to calculate or guess the admin access token.
Related CWE: CWE-798
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
EyesOfNetwork Improper Privilege
Management Vulnerability: EyesOfNetwork
contains an improper privilege management vulnerability that may
allow a user to run commands as root via a crafted Nmap
Scripting Engine (NSE) script to nmap7.
Related CWE: CWE-269
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Fortinet FortiOS SSL VPN Improper
Authentication Vulnerability: Fortinet
FortiOS SSL VPN contains an improper authentication
vulnerability that may allow a user to login successfully
without being prompted for the second factor of authentication
(FortiToken) if they change the case in their username.
Related CWEs: CWE-178|CWE-287
Known To Be Used in Ransomware
Campaigns? Known
Action: Apply updates per vendor instructions.
Google Chrome for Android UI Heap
Buffer Overflow Vulnerability: Google
Chrome for Android UI contains a heap buffer overflow
vulnerability that allows a remote attacker, who has compromised
the renderer process, to potentially perform a sandbox escape
via a crafted HTML page.
Related CWE: CWE-787
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Google Chrome FreeType Heap Buffer
Overflow Vulnerability: Google
Chrome uses FreeType, an open-source software library to render
fonts, which contains a heap buffer overflow vulnerability in
the function Load_SBit_Png when processing PNG images embedded
into fonts. This vulnerability is part of an exploit chain with
CVE-2020-17087 on Windows and CVE-2020-16010 on Android.
Related CWE: CWE-787
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Google Chrome Use-After-Free
Vulnerability: Google
Chrome contains a use-after-free vulnerability that allows a
remote attacker, who has compromised the renderer process, to
potentially perform a sandbox escape via a crafted HTML page.
Related CWE: CWE-416
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Google Chromium V8 Type Confusion
Vulnerability: Google
Chromium V8 Engine contains a type confusion vulnerability that
allows a remote attacker to potentially exploit heap corruption
via a crafted HTML page. This vulnerability could affect
multiple web browsers that utilize Chromium, including, but not
limited to, Google Chrome, Microsoft Edge, and Opera.
Related CWEs: CWE-787|CWE-843
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Google Chromium V8 Incorrect
Implementation Vulnerabililty: Google
Chromium V8 Engine contains an inappropriate implementation
vulnerability that allows a remote attacker to potentially
exploit heap corruption via a crafted HTML page. This
vulnerability could affect multiple web browsers that utilize
Chromium, including, but not limited to, Google Chrome,
Microsoft Edge, and Opera.
Related CWE: CWE-787
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Google Chromium V8 Type Confusion
Vulnerability: Google
Chromium V8 Engine contains a type confusion vulnerability
allows a remote attacker to potentially exploit heap corruption
via a crafted HTML page. This vulnerability could affect
multiple web browsers that utilize Chromium, including, but not
limited to, Google Chrome, Microsoft Edge, and Opera.
Related CWE: CWE-843
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
IBM Data Risk Manager Directory
Traversal Vulnerability: IBM
Data Risk Manager contains a directory traversal vulnerability
that could allow a remote authenticated attacker to traverse
directories and send a specially crafted URL request to download
arbitrary files from the system.
Related CWE: CWE-22
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
IBM Data Risk Manager Security
Bypass Vulnerability: IBM
Data Risk Manager contains a security bypass vulnerability that
could allow a remote attacker to bypass security restrictions
when configured with SAML authentication. By sending a specially
crafted HTTP request, an attacker could exploit this
vulnerability to bypass the authentication process and gain full
administrative access to the system.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply updates per vendor instructions.
IBM Data Risk Manager Remote Code
Execution Vulnerability: IBM
Data Risk Manager contains an unspecified vulnerability which
could allow a remote, authenticated attacker to execute commands
on the system.�
Related CWE: CWE-78
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Liferay Portal Deserialization of
Untrusted Data Vulnerability: Liferay
Portal contains a deserialization of untrusted data
vulnerability that allows remote attackers to execute code via
JSON web services.
Related CWE: CWE-502
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Microsoft Edge and Internet
Explorer Memory Corruption Vulnerability: Microsoft
Edge and Internet Explorer contain a memory corruption
vulnerability that allows attackers to execute code in the
context of the current user.
Related CWE: CWE-787
Known To Be Used in Ransomware
Campaigns? Known
Action: Apply updates per vendor instructions.
Microsoft Windows Installer
Privilege Escalation Vulnerability: Microsoft
Windows Installer contains a privilege escalation vulnerability
when MSI packages process symbolic links, which allows attackers
to bypass access restrictions to add or remove files.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply updates per vendor instructions.
Microsoft Windows Kernel Privilege
Escalation Vulnerability: Microsoft
Windows kernel contains an unspecified vulnerability that allows
for privilege escalation.
Related CWE: CWE-131
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Microsoft Windows Adobe Font
Manager Library Remote Code Execution Vulnerability: Microsoft
Windows Adobe Font Manager Library contains an unspecified
vulnerability when handling specially crafted multi-master fonts
(Adobe Type 1 PostScript format) that allows for remote code
execution for all systems except Windows 10. For systems running
Windows 10, an attacker who successfully exploited the
vulnerability could execute code in an AppContainer sandbox
context with limited privileges and capabilities.
Related CWE: CWE-787
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Microsoft Exchange Server Remote
Code Execution Vulnerability: Microsoft
Exchange Server improperly validates cmdlet arguments which
allow an attacker to perform remote code execution.
Related CWE: CWE-502
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Microsoft Windows Kernel Privilege
Escalation Vulnerability: Microsoft
Windows kernel contains an unspecified vulnerability when
handling objects in memory that allows attackers to escalate
privileges and execute code in kernel mode.
Related CWE: CWE-787
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Microsoft Windows Adobe Font
Manager Library Remote Code Execution Vulnerability: Microsoft
Windows Adobe Font Manager Library contains an unspecified
vulnerability when handling specially crafted multi-master fonts
(Adobe Type 1 PostScript format) that allows for remote code
execution for all systems except Windows 10. For systems running
Windows 10, an attacker who successfully exploited the
vulnerability could execute code in an AppContainer sandbox
context with limited privileges and capabilities.
Related CWE: CWE-787
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Microsoft Exchange Server
Validation Key Remote Code Execution Vulnerability: Microsoft
Exchange Server Validation Key fails to properly create unique
keys at install time, allowing for remote code execution.
Related CWE: CWE-287
Known To Be Used in Ransomware
Campaigns? Known
Action: Apply updates per vendor instructions.
Microsoft Windows Spoofing
Vulnerability: Microsoft
Windows contains a spoofing vulnerability when Windows
incorrectly validates file signatures, allowing an attacker to
bypass security features and load improperly signed files.
Related CWE: CWE-347
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Microsoft Hyper-V RemoteFX vGPU
Remote Code Execution Vulnerability: Microsoft
Hyper-V RemoteFX vGPU contains an improper input validation
vulnerability due to the host server failing to properly
validate input from an authenticated user on a guest operating
system. Successful exploitation allows for remote code execution
on the host operating system.
Related CWE: CWE-20
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Microsoft Windows DNS Server
Remote Code Execution Vulnerability: Microsoft
Windows DNS Servers fail to properly handle requests, allowing
an attacker to perform remote code execution in the context of
the Local System Account. The vulnerability is also known under
the moniker of SIGRed.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply updates per vendor instructions.
Microsoft Internet Explorer
Scripting Engine Memory Corruption Vulnerability: Microsoft
Internet Explorer contains a memory corruption vulnerability due
to the way the Scripting Engine handles objects in memory.
Successful exploitation could allow remote code execution in the
context of the current user.
Related CWE: CWE-416
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Microsoft Internet Explorer
Scripting Engine Memory Corruption Vulnerability: Microsoft
Internet Explorer contains a memory corruption vulnerability
which can allow for remote code execution in the context of the
current user.
Related CWE: CWE-787
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Microsoft Internet Explorer
Scripting Engine Memory Corruption Vulnerability: Microsoft
Internet Explorer contains a memory corruption vulnerability due
to how the Scripting Engine handles objects in memory, leading
to remote code execution.
Related CWE: CWE-787
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Microsoft Netlogon Privilege
Escalation Vulnerability: Microsoft's
Netlogon Remote Protocol (MS-NRPC) contains a privilege
escalation vulnerability when an attacker establishes a
vulnerable Netlogon secure channel connection to a domain
controller. An attacker who successfully exploits the
vulnerability could run a specially crafted application on a
device on the network. The vulnerability is also known under the
moniker of Zerologon.
Related CWE: CWE-330
Known To Be Used in Ransomware
Campaigns? Known
Action: Apply updates per vendor instructions.
Microsoft Win32k Privilege
Escalation Vulnerability: Microsoft
Win32k contains a privilege escalation vulnerability when the
Windows kernel-mode driver fails to properly handle objects in
memory. Successful exploitation allows an attacker to execute
code in kernel mode.
Related CWE: CWE-787
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Microsoft Windows CryptoAPI
Spoofing Vulnerability: Microsoft
Windows CryptoAPI (Crypt32.dll) contains a spoofing
vulnerability in the way it validates Elliptic Curve
Cryptography (ECC) certificates. An attacker could exploit the
vulnerability by using a spoofed code-signing certificate to
sign a malicious executable, making it appear the file was from
a trusted, legitimate source. A successful exploit could also
allow the attacker to conduct man-in-the-middle attacks and
decrypt confidential information on user connections to the
affected software. The vulnerability is also known under the
moniker of CurveBall.
Related CWE: CWE-295
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Microsoft .NET Framework Remote
Code Execution Vulnerability: Microsoft
.NET Framework contains an improper input validation
vulnerability that allows for remote code execution.
Related CWE: CWE-91
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Date Added: 2021-11-03
Due Date: 2022-05-03
Microsoft | .NET Framework,
SharePoint, Visual Studio
Microsoft .NET Framework,
SharePoint, and Visual Studio Remote Code Execution
Vulnerability: Microsoft
.NET Framework, Microsoft SharePoint, and Visual Studio contain
a remote code execution vulnerability when the software fails to
check the source markup of XML file input. Successful
exploitation allows an attacker to execute code in the context
of the process responsible for deserialization of the XML
content.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply updates per vendor instructions.
Mozilla Firefox And Thunderbird
Use-After-Free Vulnerability: Mozilla
Firefox and Thunderbird contain a race condition vulnerability
when running the nsDocShell destructor under certain conditions.
The race condition creates a use-after-free vulnerability,
causing unspecified impacts.
Related CWEs: CWE-362|CWE-416
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Mozilla Firefox And Thunderbird
Use-After-Free Vulnerability: Mozilla
Firefox and Thunderbird contain a race condition vulnerability
when handling a ReadableStream under certain conditions. The
race condition creates a use-after-free vulnerability, causing
unspecified impacts.
Related CWE: CWE-362
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Netgear JGS516PE Devices Missing
Function Level Access Control Vulnerability: Netgear
JGS516PE devices contain a missing function level access control
vulnerability.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply updates per vendor instructions.
Oracle Solaris and Zettabyte File
System (ZFS) Unspecified Vulnerability: Oracle
Solaris and Oracle ZFS Storage Appliance Kit contain an
unspecified vulnerability causing high impacts to
confidentiality, integrity, and availability of affected
systems.
Related CWE: CWE-787
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Oracle WebLogic Server Remote Code
Execution Vulnerability: Oracle
WebLogic Server contains an unspecified vulnerability allowing
an unauthenticated attacker to perform remote code execution.
This vulnerability is related to CVE-2020-14882.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply updates per vendor instructions.
Oracle WebLogic Server Remote Code
Execution Vulnerability: Oracle
WebLogic Server contains an unspecified vulnerability, which is
assessed to allow for remote code execution, based on this
vulnerability being related to CVE-2020-14750.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply updates per vendor instructions.
Oracle WebLogic Server Unspecified
Vulnerability: Oracle
WebLogic Server contains an unspecified vulnerability in the
Console component with high impacts to confidentilaity,
integrity, and availability.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply updates per vendor instructions.
Ivanti Pulse Connect Secure Code
Execution Vulnerability: Ivanti
Pulse Connect Secure contains an unspecified vulnerability in
the admin web interface that could allow an authenticated
attacker to upload a custom template to perform code execution.
Related CWE: CWE-94
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
rConfig OS Command Injection
Vulnerability: rConfig
lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command
injection vulnerability that allows remote attackers to execute
OS commands via shell metacharacters in the fileName POST
parameter.
Related CWE: CWE-78
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
SaltStack Salt Path Traversal
Vulnerability: SaltStack
Salt contains a path traversal vulnerability in the salt-master
process ClearFuncs which allows directory access to
authenticated users. Salt users who follow fundamental internet
security guidelines and best practices are not affected by this
vulnerability.
Related CWE: CWE-22
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
SaltStack Salt Authentication
Bypass Vulnerability: SaltStack
Salt contains an authentication bypass vulnerability in the
salt-master process ClearFuncs due to improperly validating
method calls. The vulnerability allows a remote user to access
some methods without authentication, which can be used to
retrieve user tokens from the salt master and/or run commands on
salt minions. Salt users who follow fundamental internet
security guidelines and best practices are not affected by this
vulnerability.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply updates per vendor instructions.
SaltStack Salt Shell Injection
Vulnerability: SaltStack
Salt allows an unauthenticated user with network access to the
Salt API to use shell injections to run code on the Salt API
using the SSH client. This vulnerability affects any users
running the Salt API.
Related CWE: CWE-78
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
SAP NetWeaver Missing
Authentication for Critical Function Vulnerability: SAP
NetWeaver Application Server Java Platforms contains a missing
authentication for critical function vulnerability allowing
unauthenticated access to execute configuration tasks and create
administrative users.
Related CWE: CWE-306
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
SAP Solution Manager Missing
Authentication for Critical Function Vulnerability: SAP
Solution Manager User Experience Monitoring contains a missing
authentication for critical function vulnerability which results
in complete compromise of all SMDAgents connected to the
Solution Manager.
Related CWE: CWE-306
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
SolarWinds Orion Authentication
Bypass Vulnerability: SolarWinds
Orion API contains an authentication bypass vulnerability that
could allow a remote attacker to execute API commands.
Related CWE: CWE-288
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Sophos SFOS SQL Injection
Vulnerability: Sophos
Firewall operating system (SFOS) firmware contains a SQL
injection vulnerability when configured with either the
administration (HTTPS) service or the User Portal is exposed on
the WAN zone. Successful exploitation may cause remote code
execution to exfiltrate usernames and hashed passwords for the
local device admin(s), portal admins, and user accounts used for
remote access (but not external Active Directory or LDAP
passwords).
Related CWE: CWE-89
Known To Be Used in Ransomware
Campaigns? Known
Action: Apply updates per vendor instructions.
Sumavision EMR Cross-Site Request
Forgery (CSRF) Vulnerability: Sumavision
Enhanced Multimedia Router (EMR) contains a cross-site request
forgery (CSRF) vulnerability allowing the creation of users with
elevated privileges as administrator on a device.
Related CWE: CWE-352
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Tenda AC1900 Router AC15 Model
Remote Code Execution Vulnerability: Tenda
AC1900 Router AC15 Model contains an unspecified vulnerability
that allows remote attackers to execute system commands via the
deviceName POST parameter.
Related CWE: CWE-78
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Trend Micro Apex One and
OfficeScan Remote Code Execution Vulnerability: Trend
Micro Apex One and OfficeScan contain an unspecified
vulnerability within a migration tool component that allows for
remote code execution.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply updates per vendor instructions.
Date Added: 2021-11-03
Due Date: 2022-05-03
Trend Micro | Apex One,
OfficeScan and Worry-Free Business Security Agents
Trend Micro Multiple Products
Content Validation Escape Vulnerability: Trend
Micro Apex One, OfficeScan, and Worry-Free Business Security
agents contain a content validation escape vulnerability that
could allow an attacker to manipulate certain agent client
components.
Related CWE: CWE-74
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Date Added: 2021-11-03
Due Date: 2022-05-03
Trend Micro | Apex One,
OfficeScan, and Worry-Free Business Security
Trend Micro Multiple Products
Improper Access Control Vulnerability: Trend
Micro Apex One, OfficeScan, and Worry-Free Business Security on
Microsoft Windows contain an improper access control
vulnerability that may allow an attacker to manipulate a
particular product folder to disable the security temporarily,
abuse a specific Windows function, and attain privilege
escalation.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply updates per vendor instructions.
Trend Micro Apex One and
OfficeScan Authentication Bypass Vulnerability: Trend
Micro Apex One and OfficeScan server contain a vulnerable EXE
file that could allow a remote attacker to write data to a path
on affected installations and bypass root login.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply updates per vendor instructions.
Unraid Authentication Bypass
Vulnerability: Unraid
contains an authentication bypass vulnerability that allows
attackers to gain access to the administrative interface. This
CVE is chainable with CVE-2020-5847 for remote code execution.
Related CWEs: CWE-287|CWE-697
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Unraid Remote Code Execution
Vulnerability: Unraid
contains a vulnerability due to the insecure use of the extract
PHP function that can be abused to execute remote code as root.
This CVE is chainable with CVE-2020-5849 for initial access.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply updates per vendor instructions.
vBulletin PHP Module Remote Code
Execution Vulnerability: The
PHP module within vBulletin contains an unspecified
vulnerability that allows for remote code execution via crafted
subWidgets data in an
ajax/render/widget_tabbedcontainer_tab_panel request. This CVE
ID resolves an incomplete patch for CVE-2019-16759.
Related CWE: CWE-74
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
VMware ESXi OpenSLP Use-After-Free
Vulnerability: VMware
ESXi OpenSLP contains a use-after-free vulnerability that allows
an attacker residing in the management network with access to
port 427 to perform remote code execution.
Related CWE: CWE-416
Known To Be Used in Ransomware
Campaigns? Known
Action: Apply updates per vendor instructions.
VMware Multiple Products Privilege
Escalation Vulnerability: VMware
Fusion, Remote Console (VMRC) for Mac, and Horizon Client for
Mac contain a privilege escalation vulnerability due to improper
use of setuid binaries that allows attackers to escalate
privileges to root.
Related CWE: CWE-269
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
VMware vCenter Server Information
Disclosure Vulnerability: VMware
vCenter Server contains an information disclosure vulnerability
in the VMware Directory Service (vmdir) when the Platform
Services Controller (PSC) does not correctly implement access
controls. Successful exploitation allows an attacker with
network access to port 389 to extract sensitive information.
Related CWE: CWE-306
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Multiple VMware Products Command
Injection Vulnerability: VMware
Workspace One Access, Access Connector, Identity Manager, and
Identity Manager Connector contain a command injection
vulnerability. An attacker with network access to the
administrative configurator on port 8443 and a valid password
for the configurator administrator account can execute commands
with unrestricted privileges on the underlying operating system.
Related CWE: CWE-78
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
WordPress Snap Creek Duplicator
Plugin File Download Vulnerability: WordPress
Snap Creek Duplicator plugin contains a file download
vulnerability when an administrator creates a new copy of their
site that allows an attacker to download the generated files
from their Wordpress dashboard. This vulnerability affects
Duplicator and Dulplicator Pro.
Related CWE: CWE-22
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Zoho ManageEngine Desktop
Central File Upload Vulnerability: Zoho
ManageEngine Desktop Central contains a file upload
vulnerability that allows for unauthenticated remote code
execution.
Related CWE: CWE-502
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.
Zyxel Multiple Products Use of
Hard-Coded Credentials Vulnerability: Zyxel
firewalls (ATP, USG, VM) and AP Controllers (NXC2500 and
NXC5500) contain a use of hard-coded credentials vulnerability
in an undocumented account ("zyfwp") with an unchangeable
password.
Related CWE: CWE-522
Known To Be Used in Ransomware
Campaigns? Unknown
Action: Apply updates per vendor instructions.