CISA Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.Y

    9.8

    CVSS31
    CVE-2015-1427 - Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Elastic

    Description : The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 25, 2022 | 974 days ago

    9.8

    CVSS31
    CVE-2015-1187 - D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : D-Link and TRENDnet

    Description : The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution.

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 25, 2022 | 974 days ago

    7.8

    CVSS2
    CVE-2015-0666 - Cisco Prime Data Center Network Manager (DCNM) Directory Traversal Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Cisco

    Description : Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) allows remote attackers to read arbitrary files.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 25, 2022 | 974 days ago

    9.3

    CVSS2
    CVE-2014-6332 - Microsoft Windows Object Linking & Embedding (OLE) Automation Array Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Microsoft

    Description : OleAut32.dll in OLE in Microsoft Windows allows remote attackers to remotely execute code via a crafted web site.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 25, 2022 | 974 days ago

    8.8

    CVSS31
    CVE-2014-6324 - Microsoft Kerberos Key Distribution Center (KDC) Privilege Escalation Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Microsoft

    Description : The Kerberos Key Distribution Center (KDC) in Microsoft allows remote authenticated domain users to obtain domain administrator privileges.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 25, 2022 | 974 days ago

    9.8

    CVSS31
    CVE-2014-6287 - Rejetto HTTP File Server (HFS) Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Rejetto

    Description : The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (HFS or HttpFileServer) allows remote attackers to execute arbitrary programs.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 25, 2022 | 974 days ago

    6.8

    CVSS2
    CVE-2014-3120 - Elasticsearch Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Elastic

    Description : Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 25, 2022 | 974 days ago

    7.5

    CVSS31
    CVE-2014-0130 - Ruby on Rails Directory Traversal Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Rails

    Description : Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted request.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 25, 2022 | 974 days ago

    5.4

    CVSS31
    CVE-2013-5223 - D-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : D-Link

    Description : A cross-site scripting (XSS) vulnerability exists in the D-Link DSL-2760U gateway, allowing remote authenticated users to inject arbitrary web script or HTML.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 25, 2022 | 974 days ago

    9.8

    CVSS31
    CVE-2013-4810 - HP Multiple Products Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Hewlett Packard (HP)

    Description : HP ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 25, 2022 | 974 days ago

    9.8

    CVSS31
    CVE-2013-2251 - Apache Struts Improper Input Validation Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Apache

    Description : Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 25, 2022 | 974 days ago

    9.8

    CVSS31
    CVE-2012-1823 - PHP-CGI Query String Parameter Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : PHP

    Description : sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 25, 2022 | 974 days ago

    7.8

    CVSS31
    CVE-2010-4345 - Exim Privilege Escalation Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Exim

    Description : Exim allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 25, 2022 | 974 days ago

    9.8

    CVSS31
    CVE-2010-4344 - Exim Heap-Based Buffer Overflow Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Exim

    Description : Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 25, 2022 | 974 days ago

    7.5

    CVSS31
    CVE-2010-3035 - Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Cisco

    Description : Cisco IOS XR, when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 25, 2022 | 974 days ago

    9.8

    CVSS31
    CVE-2010-2861 - Adobe ColdFusion Directory Traversal Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Adobe

    Description : A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Alert Date: Mar 25, 2022 | 974 days ago

    4.3

    CVSS2
    CVE-2009-2055 - Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Cisco

    Description : Cisco IOS XR,when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 25, 2022 | 974 days ago

    9.8

    CVSS31
    CVE-2009-1151 - phpMyAdmin Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : phpMyAdmin

    Description : Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 25, 2022 | 974 days ago

    9.3

    CVSS2
    CVE-2009-0927 - Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Adobe

    Description : Stack-based buffer overflow in Adobe Reader and Adobe Acrobat allows remote attackers to execute arbitrary code.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 25, 2022 | 974 days ago

    9.8

    CVSS31
    CVE-2005-2773 - HP OpenView Network Node Manager Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Hewlett Packard (HP)

    Description : HP OpenView Network Node Manager could allow a remote attacker to execute arbitrary commands on the system.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 25, 2022 | 974 days ago
Showing 20 of 1224 Results

Filters

© cvefeed.io
Latest DB Update: Nov. 23, 2024 7:48