CISA Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.Y

    8.8

    CVSS31
    CVE-2016-5198 - Google Chromium V8 Out-of-Bounds Memory Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Google

    Description : Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code execution, via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Jun 08, 2022 | 835 days ago

    8.8

    CVSS31
    CVE-2016-1646 - Google Chromium V8 Out-of-Bounds Read Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Google

    Description : Google Chromium V8 Engine contains an out-of-bounds read vulnerability that allows a remote attacker to cause a denial of service or possibly have another unspecified impact via crafted JavaScript code. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Jun 08, 2022 | 835 days ago

    7.8

    CVSS31
    CVE-2013-1331 - Microsoft Office Buffer Overflow Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Microsoft

    Description : Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via crafted PNG data in an Office document.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Jun 08, 2022 | 835 days ago

    8.8

    CVSS31
    CVE-2012-5054 - Adobe Flash Player Integer Overflow Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Adobe

    Description : Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments.

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Jun 08, 2022 | 835 days ago

    9.3

    CVSS2
    CVE-2012-4969 - Microsoft Internet Explorer Use-After-Free Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Microsoft

    Description : Microsoft Internet Explorer contains a use-after-free vulnerability that allows remote attackers to execute code via a crafted web site.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Jun 08, 2022 | 835 days ago

    8.8

    CVSS31
    CVE-2012-1889 - Microsoft XML Core Services Memory Corruption Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Microsoft

    Description : Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Jun 08, 2022 | 835 days ago

    4.3

    CVSS2
    CVE-2012-0767 - Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Adobe

    Description : Adobe Flash Player contains a XSS vulnerability that allows remote attackers to inject web script or HTML.

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Jun 08, 2022 | 835 days ago

    9.3

    CVSS2
    CVE-2012-0754 - Adobe Flash Player Memory Corruption Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Adobe

    Description : Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Jun 08, 2022 | 835 days ago

    7.8

    CVSS31
    CVE-2012-0151 - Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Microsoft

    Description : The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute code.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Jun 08, 2022 | 835 days ago

    9.8

    CVSS31
    CVE-2011-2462 - Adobe Acrobat and Reader Universal 3D Memory Corruption Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Adobe

    Description : The Universal 3D (U3D) component in Adobe Acrobat and Reader contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS).

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Jun 08, 2022 | 835 days ago

    7.8

    CVSS31
    CVE-2011-0609 - Adobe Flash Player Unspecified Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Adobe

    Description : Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Jun 08, 2022 | 835 days ago

    7.3

    CVSS31
    CVE-2010-2883 - Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Adobe

    Description : Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Jun 08, 2022 | 835 days ago

    7.8

    CVSS31
    CVE-2010-2572 - Microsoft PowerPoint Buffer Overflow Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Microsoft

    Description : Microsoft PowerPoint contains a buffer overflow vulnerability that alllows for remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Jun 08, 2022 | 835 days ago

    7.8

    CVSS31
    CVE-2010-1297 - Adobe Flash Player Memory Corruption Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Adobe

    Description : Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Jun 08, 2022 | 835 days ago

    7.8

    CVSS31
    CVE-2009-4324 - Adobe Acrobat and Reader Use-After-Free Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Adobe

    Description : Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Jun 08, 2022 | 835 days ago

    8.8

    CVSS31
    CVE-2009-3953 - Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Adobe

    Description : Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Jun 08, 2022 | 835 days ago

    7.8

    CVSS31
    CVE-2009-1862 - Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Adobe

    Description : Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS).

    Action : For Adobe Acrobat and Reader, apply updates per vendor instructions. For Adobe Flash Player, the impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Jun 08, 2022 | 835 days ago

    7.8

    CVSS31
    CVE-2009-0563 - Microsoft Office Buffer Overflow Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Microsoft

    Description : Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via a Word document with a crafted tag containing an invalid length field.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Jun 08, 2022 | 835 days ago

    7.8

    CVSS31
    CVE-2009-0557 - Microsoft Office Object Record Corruption Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Microsoft

    Description : Microsoft Office contains an object record corruption vulnerability that allows remote attackers to execute code via a crafted Excel file with a malformed record object.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Jun 08, 2022 | 835 days ago

    9.8

    CVSS31
    CVE-2008-0655 - Adobe Acrobat and Reader Unspecified Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Adobe

    Description : Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Jun 08, 2022 | 835 days ago
Showing 20 of 1180 Results

Filters