CISA Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.Y

    8.8

    CVSS31
    CVE-2016-6366 - Cisco Adaptive Security Appliance (ASA) SNMP Buffer Overflow Vulnerability -

    Action Due Jun 14, 2022 Target Vendor : Cisco

    Description : A buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco ASA software could allow an attacker to cause a reload of the affected system or to remotely execute code.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-6366

    Alert Date: May 24, 2022 | 1124 days ago

    7.8

    CVSS31
    CVE-2016-6367 - Cisco Adaptive Security Appliance (ASA) CLI Remote Code Execution Vulnerability -

    Action Due Jun 14, 2022 Target Vendor : Cisco

    Description : A vulnerability in the command-line interface (CLI) parser of Cisco ASA software could allow an authenticated, local attacker to create a denial-of-service (DoS) condition or potentially execute code.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-6367

    Alert Date: May 24, 2022 | 1124 days ago

    6.5

    CVSS31
    CVE-2016-3298 - Microsoft Internet Explorer Messaging API Information Disclosure Vulnerability -

    Action Due Jun 14, 2022 Target Vendor : Microsoft

    Description : An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerability could allow the attacker to test for the presence of files on disk.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-3298

    Alert Date: May 24, 2022 | 1124 days ago

    7.8

    CVSS31
    CVE-2018-8611 - Microsoft Windows Kernel Privilege Escalation Vulnerability -

    Action Due Jun 14, 2022 Target Vendor : Microsoft

    Description : A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-8611

    Alert Date: May 24, 2022 | 1124 days ago

    6.1

    CVSS31
    CVE-2018-19953 - QNAP NAS File Station Cross-Site Scripting Vulnerability -

    Action Due Jun 14, 2022 Target Vendor : QNAP

    Description : A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-19953

    Alert Date: May 24, 2022 | 1124 days ago

    8.8

    CVSS31
    CVE-2017-0210 - Microsoft Internet Explorer Privilege Escalation Vulnerability -

    Action Due Jun 14, 2022 Target Vendor : Microsoft

    Description : A privilege escalation vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-0210

    Alert Date: May 24, 2022 | 1124 days ago

    8.8

    CVSS31
    CVE-2016-4657 - Apple iOS Webkit Memory Corruption Vulnerability -

    Action Due Jun 14, 2022 Target Vendor : Apple

    Description : Apple iOS WebKit contains a memory corruption vulnerability that allows attackers to execute remote code or cause a denial-of-service (DoS) via a crafted web site. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-4657

    Alert Date: May 24, 2022 | 1124 days ago

    7.8

    CVSS31
    CVE-2021-1048 - Android Kernel Use-After-Free Vulnerability -

    Action Due Jun 13, 2022 Target Vendor : Android

    Description : Android kernel contains a use-after-free vulnerability that allows for privilege escalation.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-1048

    Alert Date: May 23, 2022 | 1125 days ago

    6.4

    CVSS31
    CVE-2021-0920 - Android Kernel Race Condition Vulnerability -

    Action Due Jun 13, 2022 Target Vendor : Android

    Description : Android kernel contains a race condition, which allows for a use-after-free vulnerability. Exploitation can allow for privilege escalation.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-0920

    Alert Date: May 23, 2022 | 1125 days ago

    7.8

    CVSS31
    CVE-2020-1027 - Microsoft Windows Kernel Privilege Escalation Vulnerability -

    Action Due Jun 13, 2022 Target Vendor : Microsoft

    Description : An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-1027

    Alert Date: May 23, 2022 | 1125 days ago

    7.8

    CVSS31
    CVE-2020-0638 - Microsoft Update Notification Manager Privilege Escalation Vulnerability -

    Action Due Jun 13, 2022 Target Vendor : Microsoft

    Description : Microsoft Update Notification Manager contains an unspecified vulnerability that allows for privilege escalation.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-0638

    Alert Date: May 23, 2022 | 1125 days ago

    7.8

    CVSS31
    CVE-2019-7286 - Apple Multiple Products Memory Corruption Vulnerability -

    Action Due Jun 13, 2022 Target Vendor : Apple

    Description : Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for privilege escalation.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-7286

    Alert Date: May 23, 2022 | 1125 days ago

    7.8

    CVSS31
    CVE-2019-7287 - Apple iOS Memory Corruption Vulnerability -

    Action Due Jun 13, 2022 Target Vendor : Apple

    Description : Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-7287

    Alert Date: May 23, 2022 | 1125 days ago

    6.5

    CVSS31
    CVE-2019-0676 - Microsoft Internet Explorer Information Disclosure Vulnerability -

    Action Due Jun 13, 2022 Target Vendor : Microsoft

    Description : An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-0676

    Alert Date: May 23, 2022 | 1125 days ago

    6.5

    CVSS31
    CVE-2019-5786 - Google Chrome Blink Use-After-Free Vulnerability -

    Action Due Jun 13, 2022 Target Vendor : Google

    Description : Google Chrome Blink contains a heap use-after-free vulnerability that allows an attacker to potentially perform out of bounds memory access via a crafted HTML page.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-5786

    Alert Date: May 23, 2022 | 1125 days ago

    7.8

    CVSS31
    CVE-2019-0880 - Microsoft Windows Privilege Escalation Vulnerability -

    Action Due Jun 13, 2022 Target Vendor : Microsoft

    Description : A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-0880

    Alert Date: May 23, 2022 | 1125 days ago

    8.8

    CVSS31
    CVE-2019-13720 - Google Chrome WebAudio Use-After-Free Vulnerability -

    Action Due Jun 13, 2022 Target Vendor : Google

    Description : Google Chrome WebAudio contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-13720

    Alert Date: May 23, 2022 | 1125 days ago

    8.8

    CVSS31
    CVE-2019-11707 - Mozilla Firefox and Thunderbird Type Confusion Vulnerability -

    Action Due Jun 13, 2022 Target Vendor : Mozilla

    Description : Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable crash.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-11707

    Alert Date: May 23, 2022 | 1125 days ago

    10.0

    CVSS31
    CVE-2019-11708 - Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability -

    Action Due Jun 13, 2022 Target Vendor : Mozilla

    Description : Mozilla Firefox and Thunderbird contain a sandbox escape vulnerability that could result in remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-11708

    Alert Date: May 23, 2022 | 1125 days ago

    8.8

    CVSS31
    CVE-2019-8720 - WebKitGTK Memory Corruption Vulnerability -

    Action Due Jun 13, 2022 Target Vendor : WebKitGTK

    Description : WebKitGTK contains a memory corruption vulnerability which can allow an attacker to perform remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-8720

    Alert Date: May 23, 2022 | 1125 days ago
Showing 20 of 1370 Results

Filters

© cvefeed.io
Latest DB Update: Jun. 21, 2025 19:56