CISA Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.Y

    7.8

    CVSS31
    CVE-2019-1315 - Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability -

    Action Due Apr 05, 2022 Target Vendor : Microsoft

    Description : A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Alert Date: Mar 15, 2022 | 920 days ago

    7.8

    CVSS31
    CVE-2019-1253 - Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability -

    Action Due Apr 05, 2022 Target Vendor : Microsoft

    Description : A privilege escalation vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Alert Date: Mar 15, 2022 | 920 days ago

    7.8

    CVSS30
    CVE-2019-1132 - Microsoft Win32k Privilege Escalation Vulnerability -

    Action Due Apr 05, 2022 Target Vendor : Microsoft

    Description : A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 15, 2022 | 920 days ago

    7.8

    CVSS30
    CVE-2019-1129 - Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability -

    Action Due Apr 05, 2022 Target Vendor : Microsoft

    Description : A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Alert Date: Mar 15, 2022 | 920 days ago

    7.8

    CVSS31
    CVE-2019-1069 - Microsoft Task Scheduler Privilege Escalation Vulnerability -

    Action Due Apr 05, 2022 Target Vendor : Microsoft

    Description : A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Alert Date: Mar 15, 2022 | 920 days ago

    7.8

    CVSS30
    CVE-2019-1064 - Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability -

    Action Due Apr 05, 2022 Target Vendor : Microsoft

    Description : A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Alert Date: Mar 15, 2022 | 920 days ago

    7.8

    CVSS31
    CVE-2019-0841 - Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability -

    Action Due Apr 05, 2022 Target Vendor : Microsoft

    Description : A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Alert Date: Mar 15, 2022 | 920 days ago

    7.8

    CVSS30
    CVE-2019-0543 - Microsoft Windows Privilege Escalation Vulnerability -

    Action Due Apr 05, 2022 Target Vendor : Microsoft

    Description : A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Alert Date: Mar 15, 2022 | 920 days ago

    7.0

    CVSS30
    CVE-2018-8120 - Microsoft Win32k Privilege Escalation Vulnerability -

    Action Due Apr 05, 2022 Target Vendor : Microsoft

    Description : A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Alert Date: Mar 15, 2022 | 920 days ago

    7.8

    CVSS31
    CVE-2017-0101 - Microsoft Windows Transaction Manager Privilege Escalation Vulnerability -

    Action Due Apr 05, 2022 Target Vendor : Microsoft

    Description : A privilege escalation vulnerability exists when the Windows Transaction Manager improperly handles objects in memory.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Alert Date: Mar 15, 2022 | 920 days ago

    7.8

    CVSS31
    CVE-2016-3309 - Microsoft Windows Kernel Privilege Escalation Vulnerability -

    Action Due Apr 05, 2022 Target Vendor : Microsoft

    Description : A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Alert Date: Mar 15, 2022 | 920 days ago

    6.9

    CVSS2
    CVE-2015-2546 - Microsoft Win32k Memory Corruption Vulnerability -

    Action Due Apr 05, 2022 Target Vendor : Microsoft

    Description : The kernel-mode driver in Microsoft Windows OS and Server allows local users to gain privileges via a crafted application.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Alert Date: Mar 15, 2022 | 920 days ago

    9.6

    CVSS31
    CVE-2022-26486 - Mozilla Firefox Use-After-Free Vulnerability -

    Action Due Mar 21, 2022 Target Vendor : Mozilla

    Description : Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 07, 2022 | 928 days ago

    8.8

    CVSS31
    CVE-2022-26485 - Mozilla Firefox Use-After-Free Vulnerability -

    Action Due Mar 21, 2022 Target Vendor : Mozilla

    Description : Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 07, 2022 | 928 days ago

    5.3

    CVSS31
    CVE-2021-21973 - VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability -

    Action Due Mar 21, 2022 Target Vendor : VMware

    Description : VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosure.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 07, 2022 | 928 days ago

    7.2

    CVSS31
    CVE-2020-8218 - Pulse Connect Secure Code Injection Vulnerability -

    Action Due Sep 07, 2022 Target Vendor : Pulse Secure

    Description : A code injection vulnerability exists in Pulse Connect Secure that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 07, 2022 | 928 days ago

    9.8

    CVSS30
    CVE-2019-11581 - Atlassian Jira Server and Data Center Server-Side Template Injection Vulnerability -

    Action Due Sep 07, 2022 Target Vendor : Atlassian

    Description : Atlassian Jira Server and Data Center contain a server-side template injection vulnerability which can allow for remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 07, 2022 | 928 days ago

    9.8

    CVSS31
    CVE-2017-6077 - NETGEAR DGN2200 Remote Code Execution Vulnerability -

    Action Due Sep 07, 2022 Target Vendor : NETGEAR

    Description : NETGEAR DGN2200 wireless routers contain a vulnerability that allows for remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 07, 2022 | 928 days ago

    8.8

    CVSS31
    CVE-2016-6277 - NETGEAR Multiple Routers Remote Code Execution Vulnerability -

    Action Due Sep 07, 2022 Target Vendor : NETGEAR

    Description : NETGEAR confirmed multiple routers allow unauthenticated web pages to pass form input directly to the command-line interface, permitting remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 07, 2022 | 928 days ago

    7.5

    CVSS31
    CVE-2013-0631 - Adobe ColdFusion Information Disclosure Vulnerability -

    Action Due Sep 07, 2022 Target Vendor : Adobe

    Description : Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 07, 2022 | 928 days ago
Showing 20 of 1181 Results

Filters