CISA Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.Y

    9.8

    CVSS31
    CVE-2017-6077 - NETGEAR DGN2200 Remote Code Execution Vulnerability -

    Action Due Sep 07, 2022 Target Vendor : NETGEAR

    Description : NETGEAR DGN2200 wireless routers contain a vulnerability that allows for remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 07, 2022 | 992 days ago

    8.8

    CVSS31
    CVE-2016-6277 - NETGEAR Multiple Routers Remote Code Execution Vulnerability -

    Action Due Sep 07, 2022 Target Vendor : NETGEAR

    Description : NETGEAR confirmed multiple routers allow unauthenticated web pages to pass form input directly to the command-line interface, permitting remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 07, 2022 | 992 days ago

    7.5

    CVSS31
    CVE-2013-0631 - Adobe ColdFusion Information Disclosure Vulnerability -

    Action Due Sep 07, 2022 Target Vendor : Adobe

    Description : Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 07, 2022 | 992 days ago

    7.5

    CVSS31
    CVE-2013-0629 - Adobe ColdFusion Directory Traversal Vulnerability -

    Action Due Sep 07, 2022 Target Vendor : Adobe

    Description : Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 07, 2022 | 992 days ago

    9.8

    CVSS31
    CVE-2013-0625 - Adobe ColdFusion Authentication Bypass Vulnerability -

    Action Due Sep 07, 2022 Target Vendor : Adobe

    Description : Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 07, 2022 | 992 days ago

    6.5

    CVSS31
    CVE-2009-3960 - Adobe BlazeDS Information Disclosure Vulnerability -

    Action Due Sep 07, 2022 Target Vendor : Adobe

    Description : Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Alert Date: Mar 07, 2022 | 992 days ago

    10.0

    CVSS31
    CVE-2022-20708 - Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description : A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 996 days ago

    10.0

    CVSS31
    CVE-2022-20703 - Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description : A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 996 days ago

    10.0

    CVSS31
    CVE-2022-20701 - Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description : A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 996 days ago

    10.0

    CVSS31
    CVE-2022-20700 - Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description : A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 996 days ago

    10.0

    CVSS31
    CVE-2022-20699 - Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description : A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 996 days ago

    7.8

    CVSS31
    CVE-2021-41379 - Microsoft Windows Installer Privilege Escalation Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Microsoft

    Description : Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Alert Date: Mar 03, 2022 | 996 days ago

    9.8

    CVSS31
    CVE-2020-1938 - Apache Tomcat Improper Privilege Management Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Apache

    Description : Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 996 days ago

    5.4

    CVSS31
    CVE-2020-11899 - Treck TCP/IP stack Out-of-Bounds Read Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Treck TCP/IP stack

    Description : The Treck TCP/IP stack contains an IPv6 out-of-bounds read vulnerability.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 996 days ago

    9.8

    CVSS31
    CVE-2019-16928 - Exim Out-of-bounds Write Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Exim

    Description : Exim contains an out-of-bounds write vulnerability which can allow for remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 996 days ago

    7.2

    CVSS31
    CVE-2019-1652 - Cisco Small Business Routers Improper Input Validation Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description : A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 996 days ago

    8.8

    CVSS31
    CVE-2019-1297 - Microsoft Excel Remote Code Execution Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Microsoft

    Description : A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 996 days ago

    7.4

    CVSS31
    CVE-2018-8581 - Microsoft Exchange Server Privilege Escalation Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Microsoft

    Description : A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt to impersonate any other user of the Exchange server.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Alert Date: Mar 03, 2022 | 996 days ago

    7.5

    CVSS30
    CVE-2018-8298 - ChakraCore Scripting Engine Type Confusion Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : ChakraCore

    Description : The ChakraCore scripting engine contains a type confusion vulnerability which can allow for remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 996 days ago

    5.9

    CVSS31
    CVE-2018-0180 - Cisco IOS Software Denial-of-Service Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description : A vulnerability in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 996 days ago
Showing 20 of 1224 Results

Filters

© cvefeed.io
Latest DB Update: Nov. 23, 2024 4:11