CISA Catalog
Data sourced from the official CISA Known Exploited Vulnerabilities Catalog. Federal agencies are required to remediate these vulnerabilities by the due date per BOD 22-01.
KEV Entries
1,619
Ransomware Use
327
Overdue
1,615
Vendors
266
Products
655
17 results · Page 1/1
Android Framework Integer Overflow Vulnerability
Android · Framework
Android Framework contains an integer overflow vulnerability that allows for code execution that could allow for local privilege escalation.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Android Framework Information Disclosure Vulnerability
Android · Framework
Android Framework contains an unspecified vulnerability that allows for information disclosure.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Android Framework Privilege Escalation Vulnerability
Android · Framework
Android Framework contains an unspecified vulnerability that allows for privilege escalation.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Android Runtime Use-After-Free Vulnerability
Android · Runtime
Android Runtime contains a use-after-free vulnerability potentially allowing a chrome sandbox escape leading to local privilege escalation.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Android Framework Privilege Escalation Vulnerability
Android · Framework
Android Framework contains an unspecified vulnerability that allows for privilege escalation.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Android Kernel Remote Code Execution Vulnerability
Android · Kernel
Android contains an unspecified vulnerability in the kernel that allows for remote code execution. This vulnerability resides in Linux Kernel and could impact other products, including but not limited to Android OS.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Android Pixel Privilege Escalation Vulnerability
Android · Pixel
Android Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Android Pixel Privilege Escalation Vulnerability
Android · Pixel
Android Pixel contains a privilege escalation vulnerability that allows an attacker to interrupt a factory reset triggered by a device admin app.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Android Pixel Information Disclosure Vulnerability
Android · Pixel
Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Android Pixel Information Disclosure Vulnerability
Android · Pixel
Android Pixel contains a vulnerability in the Framework component, where the UI may be misleading or insufficient, providing a means to hide a foreground service notification. This could enable a local attacker to disclose sensitive information.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Android Framework Privilege Escalation Vulnerability
Android · Framework
Android Framework contains an unspecified vulnerability that allows for privilege escalation.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Android Framework Privilege Escalation Vulnerability
Android · Framework
Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed.
Required Action
Apply updates per vendor instructions.
Android OS Privilege Escalation Vulnerability
Android · Android OS
The vold volume manager daemon in Android kernel trusts messages from a PF_NETLINK socket, which allows an attacker to execute code and gain root privileges. This vulnerability is associated with GingerBreak and Exploit.AndroidOS.Lotoor.
Required Action
Apply updates per vendor instructions.
Android Kernel Use-After-Free Vulnerability
Android · Kernel
Android kernel contains a use-after-free vulnerability that allows for privilege escalation.
Required Action
Apply updates per vendor instructions.
Android Kernel Race Condition Vulnerability
Android · Kernel
Android kernel contains a race condition, which allows for a use-after-free vulnerability. Exploitation can allow for privilege escalation.
Required Action
Apply updates per vendor instructions.
Android Kernel Use-After-Free Vulnerability
Android · Android Kernel
Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an application to the Linux Kernel. This vulnerability was observed chained with CVE-2020-0041 and CVE-2020-0069 under exploit chain "AbstractEmu."
Required Action
Apply updates per vendor instructions.
Android Kernel Out-of-Bounds Write Vulnerability
Android · Android Kernel
Android Kernel binder_transaction of binder.c contains an out-of-bounds write vulnerability due to an incorrect bounds check that could allow for local privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and CVE-2020-0069 under exploit chain "AbstractEmu."
Required Action
Apply updates per vendor instructions.
