[CISA-2022:0328] CISA Adds 32 Known Exploited Vulnerabilities to Catalog
CISA has added 32 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
[CVE-2010-4398] Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability
Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control (UAC) feature.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Microsoft
- Product: Windows
- Due Date: Thu Apr 21 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2010-4398
[CVE-2011-2005] Microsoft Ancillary Function Driver (afd.sys) Improper Input Validation Vulnerability
afd.sys in the Ancillary Function Driver in Microsoft Windows does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Microsoft
- Product: Ancillary Function Driver (afd.sys)
- Due Date: Mon Apr 18 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2011-2005
[CVE-2012-0518] Oracle Fusion Middleware Unspecified Vulnerability
Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via Unknown vectors
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Oracle
- Product: Fusion Middleware
- Due Date: Mon Apr 18 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2012-0518
[CVE-2012-2034] Adobe Flash Player Memory Corruption Vulnerability
Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service (DoS).
- Action The impacted product is end-of-life and should be disconnected if still in use.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Adobe
- Product: Flash Player
- Due Date: Mon Apr 18 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2012-2034
[CVE-2012-2539] Microsoft Word Remote Code Execution Vulnerability
Microsoft Word allows attackers to execute remote code or cause a denial-of-service (DoS) via crafted RTF data.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Microsoft
- Product: Word
- Due Date: Mon Apr 18 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2012-2539
[CVE-2012-5076] Oracle Java SE Sandbox Bypass Vulnerability
The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Oracle
- Product: Java SE
- Due Date: Mon Apr 18 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2012-5076
[CVE-2013-1690] Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability
Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service (DoS) or possibly execute malicious code via a crafted web site.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Mozilla
- Product: Firefox and Thunderbird
- Due Date: Mon Apr 18 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2013-1690
[CVE-2013-2465] Oracle Java SE Unspecified Vulnerability
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to 2D
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Known
- Vendor: Oracle
- Product: Java SE
- Due Date: Mon Apr 18 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2013-2465
[CVE-2013-2551] Microsoft Internet Explorer Use-After-Free Vulnerability
Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute remote code via a crafted web site that triggers access to a deleted object.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Known
- Vendor: Microsoft
- Product: Internet Explorer
- Due Date: Mon Apr 18 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2013-2551
[CVE-2013-2729] Adobe Reader and Acrobat Arbitrary Integer Overflow Vulnerability
Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Adobe
- Product: Reader and Acrobat
- Due Date: Mon Apr 18 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2013-2729
[CVE-2013-3660] Microsoft Win32k Privilege Escalation Vulnerability
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft does not properly initialize a pointer for the next object in a certain list, which allows local users to gain privileges.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Microsoft
- Product: Win32k
- Due Date: Mon Apr 18 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2013-3660
[CVE-2015-1770] Microsoft Office Uninitialized Memory Use Vulnerability
Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Microsoft
- Product: Office
- Due Date: Mon Apr 18 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2015-1770
[CVE-2015-2419] Microsoft Internet Explorer Memory Corruption Vulnerability
JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Microsoft
- Product: Internet Explorer
- Due Date: Mon Apr 18 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2015-2419
[CVE-2015-2426] Microsoft Windows Adobe Type Manager Library Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Microsoft
- Product: Windows
- Due Date: Mon Apr 18 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2015-2426
[CVE-2016-0040] Microsoft Windows Kernel Privilege Escalation Vulnerability
The kernel in Microsoft Windows allows local users to gain privileges via a crafted application.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Microsoft
- Product: Windows
- Due Date: Mon Apr 18 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2016-0040
[CVE-2016-0151] Microsoft Windows CSRSS Security Feature Bypass Vulnerability
The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Known
- Vendor: Microsoft
- Product: Client-Server Run-time Subsystem (CSRSS)
- Due Date: Mon Apr 18 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2016-0151
[CVE-2016-0189] Microsoft Internet Explorer Memory Corruption Vulnerability
The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Microsoft
- Product: Internet Explorer
- Due Date: Mon Apr 18 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2016-0189
[CVE-2016-7200] Microsoft Edge Memory Corruption Vulnerability
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Microsoft
- Product: Edge
- Due Date: Mon Apr 18 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2016-7200
[CVE-2016-7201] Microsoft Edge Memory Corruption Vulnerability
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Microsoft
- Product: Edge
- Due Date: Mon Apr 18 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2016-7201
[CVE-2017-0037] Microsoft Edge and Internet Explorer Type Confusion Vulnerability
Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Microsoft
- Product: Edge and Internet Explorer
- Due Date: Mon Apr 18 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2017-0037
[CVE-2017-0059] Microsoft Internet Explorer Information Disclosure Vulnerability
Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Microsoft
- Product: Internet Explorer
- Due Date: Mon Apr 18 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2017-0059
[CVE-2017-0213] Microsoft Windows Privilege Escalation Vulnerability
Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Known
- Vendor: Microsoft
- Product: Windows
- Due Date: Mon Apr 18 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2017-0213
[CVE-2018-8405] Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Known
- Vendor: Microsoft
- Product: DirectX Graphics Kernel (DXGKRNL)
- Due Date: Mon Apr 18 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2018-8405
[CVE-2018-8406] Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Known
- Vendor: Microsoft
- Product: DirectX Graphics Kernel (DXGKRNL)
- Due Date: Mon Apr 18 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2018-8406
[CVE-2018-8440] Microsoft Windows Privilege Escalation Vulnerability
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Known
- Vendor: Microsoft
- Product: Windows
- Due Date: Mon Apr 18 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2018-8440
[CVE-2019-7483] SonicWall SMA100 Directory Traversal Vulnerability
In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: SonicWall
- Product: SMA100
- Due Date: Mon Apr 18 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-7483
[CVE-2021-20028] SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability
SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection.
- Action The impacted product is end-of-life and should be disconnected if still in use.
- Known To Be Used in Ransomware Campaigns?: Known
- Vendor: SonicWall
- Product: Secure Remote Access (SRA)
- Due Date: Mon Apr 18 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-20028
[CVE-2021-26085] Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Known
- Vendor: Atlassian
- Product: Confluence Server
- Due Date: Mon Apr 18 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-26085
[CVE-2021-34486] Microsoft Windows Event Tracing Privilege Escalation Vulnerability
Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Microsoft
- Product: Windows
- Due Date: Mon Apr 18 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-34486
[CVE-2021-38646] Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Known
- Vendor: Microsoft
- Product: Office
- Due Date: Mon Apr 18 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-38646
[CVE-2022-0543] Debian-specific Redis Server Lua Sandbox Escape Vulnerability
Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Redis
- Product: Debian-specific Redis Servers
- Due Date: Mon Apr 18 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2022-0543
[CVE-2022-1096] Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
- Action Apply updates per vendor instructions.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Google
- Product: Chromium V8
- Due Date: Mon Apr 18 00:00:00 2022
- Notes: https://nvd.nist.gov/vuln/detail/CVE-2022-1096
- ID
- CISA-2022:0328
- Severity
- high
- Severity from
- CVE-2012-5076
- URL
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- Published
-
2022-03-28T00:00:00
(2 years ago) - Modified
-
2022-03-28T00:00:00
(2 years ago) - Other Advisories
-
- ALAS-2013-204
- ALAS-2013-207
- ALPINE:CVE-2022-1096
- DSA-2716-1
- DSA-2720-1
- DSA-2722-1
- DSA-2727-1
- DSA-5081-1
- DSA-5110-1
- ELSA-2012-1386
- ELSA-2013-0957
- ELSA-2013-0958
- ELSA-2013-0981
- ELSA-2013-0982
- ELSA-2013-1014
- FEDORA-2022-8b0d8fb7da
- FEDORA-2022-ba2c5339d4
- FEDORA-2022-e960d7e1b6
- FREEBSD:323F900D-AC6D-11EC-A0B8-3065EC8FD3EC
- FREEBSD:36533A59-2770-11E2-BB44-003067B2972C
- FREEBSD:38195F00-B215-11E1-8132-003067B2972C
- FREEBSD:B3FCB387-DE4B-11E2-B1C6-0025905A4771
- GLSA-201206-21
- GLSA-201308-03
- GLSA-201309-23
- GLSA-201401-30
- GLSA-201406-32
- GLSA-202208-25
- MS:CVE-2016-0151
- MS:CVE-2016-0189
- MS:CVE-2016-7200
- MS:CVE-2016-7201
- MS:CVE-2017-0037
- MS:CVE-2017-0059
- MS:CVE-2017-0213
- MS:CVE-2018-8405
- MS:CVE-2018-8406
- MS:CVE-2018-8440
- MS:CVE-2021-34486
- MS:CVE-2021-38646
- MS:CVE-2022-1096
- openSUSE-SU-2022:0103-1
- openSUSE-SU-2022:0110-1
- RHSA-2012:0722
- RHSA-2012:1386
- RHSA-2012:1391
- RHSA-2012:1467
- RHSA-2013:0826
- RHSA-2013:0957
- RHSA-2013:0963
- RHSA-2013:0981
- RHSA-2013:0982
- RHSA-2013:1014
- RHSA-2013:1059
- RHSA-2013:1060
- RHSA-2013:1081
- SUSE-SU-2015:0336-1
- SUSE-SU-2015:0343-1
- SUSE-SU-2015:0344-1
- SUSE-SU-2015:0392-1
- SUSE-SU-2015:0833-1
- SUSE-SU-2015:1086-1
- SUSE-SU-2015:1086-2
- SUSE-SU-2015:1086-3
- SUSE-SU-2015:1086-4
- USN-1619-1
- USN-1890-1
- USN-1891-1
- USN-1907-1
- USN-1908-1
- USN-5316-1
- USN-5350-1
- VU:906424
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |