CISA Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.Y

    7.5

    CVSS31
    CVE-2013-0629 - Adobe ColdFusion Directory Traversal Vulnerability -

    Action Due Sep 07, 2022 Target Vendor : Adobe

    Description : Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 07, 2022 | 928 days ago

    9.8

    CVSS31
    CVE-2013-0625 - Adobe ColdFusion Authentication Bypass Vulnerability -

    Action Due Sep 07, 2022 Target Vendor : Adobe

    Description : Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 07, 2022 | 928 days ago

    6.5

    CVSS31
    CVE-2009-3960 - Adobe BlazeDS Information Disclosure Vulnerability -

    Action Due Sep 07, 2022 Target Vendor : Adobe

    Description : Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Alert Date: Mar 07, 2022 | 928 days ago

    10.0

    CVSS31
    CVE-2022-20708 - Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description : A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    10.0

    CVSS31
    CVE-2022-20703 - Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description : A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    10.0

    CVSS31
    CVE-2022-20701 - Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description : A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    10.0

    CVSS31
    CVE-2022-20700 - Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description : A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    10.0

    CVSS31
    CVE-2022-20699 - Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description : A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    7.8

    CVSS31
    CVE-2021-41379 - Microsoft Windows Installer Privilege Escalation Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Microsoft

    Description : Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Alert Date: Mar 03, 2022 | 932 days ago

    9.8

    CVSS31
    CVE-2020-1938 - Apache Tomcat Improper Privilege Management Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Apache

    Description : Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    5.4

    CVSS31
    CVE-2020-11899 - Treck TCP/IP stack Out-of-Bounds Read Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Treck TCP/IP stack

    Description : The Treck TCP/IP stack contains an IPv6 out-of-bounds read vulnerability.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    9.8

    CVSS31
    CVE-2019-16928 - Exim Out-of-bounds Write Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Exim

    Description : Exim contains an out-of-bounds write vulnerability which can allow for remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    7.2

    CVSS31
    CVE-2019-1652 - Cisco Small Business Routers Improper Input Validation Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description : A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    8.8

    CVSS31
    CVE-2019-1297 - Microsoft Excel Remote Code Execution Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Microsoft

    Description : A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    7.4

    CVSS31
    CVE-2018-8581 - Microsoft Exchange Server Privilege Escalation Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Microsoft

    Description : A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt to impersonate any other user of the Exchange server.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Alert Date: Mar 03, 2022 | 932 days ago

    7.5

    CVSS30
    CVE-2018-8298 - ChakraCore Scripting Engine Type Confusion Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : ChakraCore

    Description : The ChakraCore scripting engine contains a type confusion vulnerability which can allow for remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    5.9

    CVSS31
    CVE-2018-0180 - Cisco IOS Software Denial-of-Service Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description : A vulnerability in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    5.9

    CVSS31
    CVE-2018-0179 - Cisco IOS Software Denial-of-Service Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description : A vulnerability in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    8.0

    CVSS31
    CVE-2018-0175 - Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description : Format string vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    8.6

    CVSS31
    CVE-2018-0174 - Cisco IOS Software and Cisco IOS XE Software Improper Input Validation Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description : A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service (DoS).

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago
Showing 20 of 1181 Results

Filters