CISA Known Exploited Vulnerabilities Catalog
8.8
CVE-2018-6065 - Google Chromium V8 Integer Overflow Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Google
Description : Google Chromium V8 Engine contains an integer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-6065
8.8
CVE-2018-4990 - Adobe Acrobat and Reader Double Free Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description : Adobe Acrobat and Reader have a double free vulnerability that could lead to remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-4990
8.8
CVE-2018-17480 - Google Chromium V8 Out-of-Bounds Write Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Google
Description : Google Chromium V8 Engine contains out-of-bounds write vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-17480
8.8
CVE-2018-17463 - Google Chromium V8 Remote Code Execution Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Google
Description : Google Chromium V8 Engine contains an unspecified vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-17463
9.8
CVE-2017-6862 - NETGEAR Multiple Devices Buffer Overflow Vulnerability -
Action Due Jun 22, 2022 Target Vendor : NETGEAR
Description : Multiple NETGEAR devices contain a buffer overflow vulnerability that allows for authentication bypass and remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-6862
8.8
CVE-2017-5070 - Google Chromium V8 Type Confusion Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Google
Description : Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-5070
8.8
CVE-2017-5030 - Google Chromium V8 Memory Corruption Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Google
Description : Google Chromium V8 Engine contains a memory corruption vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-5030
8.8
CVE-2016-5198 - Google Chromium V8 Out-of-Bounds Memory Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Google
Description : Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code execution, via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-5198
7.8
CVE-2013-1331 - Microsoft Office Buffer Overflow Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Microsoft
Description : Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via crafted PNG data in an Office document.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-1331
8.8
CVE-2012-5054 - Adobe Flash Player Integer Overflow Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description : Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments.
Action : The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-5054
8.1
CVE-2012-4969 - Microsoft Internet Explorer Use-After-Free Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Microsoft
Description : Microsoft Internet Explorer contains a use-after-free vulnerability that allows remote attackers to execute code via a crafted web site.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-4969
8.8
CVE-2012-1889 - Microsoft XML Core Services Memory Corruption Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Microsoft
Description : Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-1889
6.1
CVE-2012-0767 - Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description : Adobe Flash Player contains a XSS vulnerability that allows remote attackers to inject web script or HTML.
Action : The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-0767
8.1
CVE-2012-0754 - Adobe Flash Player Memory Corruption Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description : Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Action : The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-0754
7.8
CVE-2012-0151 - Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Microsoft
Description : The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute code.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-0151
9.8
CVE-2011-2462 - Adobe Acrobat and Reader Universal 3D Memory Corruption Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description : The Universal 3D (U3D) component in Adobe Acrobat and Reader contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS).
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2011-2462
7.8
CVE-2011-0609 - Adobe Flash Player Unspecified Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description : Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Action : The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2011-0609
7.3
CVE-2010-2883 - Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description : Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2010-2883
7.8
CVE-2010-2572 - Microsoft PowerPoint Buffer Overflow Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Microsoft
Description : Microsoft PowerPoint contains a buffer overflow vulnerability that alllows for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2010-2572
7.8
CVE-2009-4324 - Adobe Acrobat and Reader Use-After-Free Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description : Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2009-4324