CISA Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.Y

    8.8

    CVSS31
    CVE-2019-1297 - Microsoft Excel Remote Code Execution Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Microsoft

    Description : A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-1297

    Alert Date: Mar 03, 2022 | 1206 days ago

    7.4

    CVSS31
    CVE-2018-8581 - Microsoft Exchange Server Privilege Escalation Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Microsoft

    Description : A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt to impersonate any other user of the Exchange server.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-8581

    Alert Date: Mar 03, 2022 | 1206 days ago

    7.5

    CVSS31
    CVE-2018-8298 - ChakraCore Scripting Engine Type Confusion Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : ChakraCore

    Description : The ChakraCore scripting engine contains a type confusion vulnerability which can allow for remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-8298

    Alert Date: Mar 03, 2022 | 1206 days ago

    5.9

    CVSS31
    CVE-2018-0180 - Cisco IOS Software Denial-of-Service Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description : A vulnerability in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0180

    Alert Date: Mar 03, 2022 | 1206 days ago

    5.9

    CVSS31
    CVE-2018-0179 - Cisco IOS Software Denial-of-Service Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description : A vulnerability in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0179

    Alert Date: Mar 03, 2022 | 1206 days ago

    8.6

    CVSS31
    CVE-2018-0174 - Cisco IOS Software and Cisco IOS XE Software Improper Input Validation Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description : A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service (DoS).

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0174

    Alert Date: Mar 03, 2022 | 1206 days ago

    8.6

    CVSS31
    CVE-2018-0173 - Cisco IOS and IOS XE Software Improper Input Validation Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description : A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets can allow for denial-of-service (DoS).

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0173

    Alert Date: Mar 03, 2022 | 1206 days ago

    8.6

    CVSS31
    CVE-2018-0172 - Cisco IOS and IOS XE Software Improper Input Validation Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description : A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service (DoS).

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0172

    Alert Date: Mar 03, 2022 | 1206 days ago

    8.8

    CVSS31
    CVE-2018-0167 - Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description : There is a buffer overflow vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software which could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0167

    Alert Date: Mar 03, 2022 | 1206 days ago

    6.3

    CVSS31
    CVE-2018-0161 - Cisco IOS Software Resource Management Errors Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description : A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial-of-service (DoS) condition.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0161

    Alert Date: Mar 03, 2022 | 1206 days ago

    8.6

    CVSS31
    CVE-2018-0158 - Cisco IOS and XE Software Internet Key Exchange Memory Leak Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description : A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial-of-service (DoS) condition.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0158

    Alert Date: Mar 03, 2022 | 1206 days ago

    7.5

    CVSS31
    CVE-2018-0156 - Cisco IOS Software and Cisco IOS XE Software Smart Install Denial-of-Service Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description : A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial-of-service (DoS) condition.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0156

    Alert Date: Mar 03, 2022 | 1206 days ago

    8.6

    CVSS31
    CVE-2018-0155 - Cisco Catalyst Bidirectional Forwarding Detection Denial-of-Service Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description : A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial-of-service (DoS) condition.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0155

    Alert Date: Mar 03, 2022 | 1206 days ago

    7.5

    CVSS31
    CVE-2018-0154 - Cisco IOS Software Integrated Services Module for VPN Denial-of-Service Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description : A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0154

    Alert Date: Mar 03, 2022 | 1206 days ago

    9.8

    CVSS31
    CVE-2018-0151 - Cisco IOS Software and Cisco IOS XE Software Quality of Service Remote Code Execution Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description : A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0151

    Alert Date: Mar 03, 2022 | 1206 days ago

    7.8

    CVSS31
    CVE-2017-8540 - Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Microsoft

    Description : The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-8540

    Alert Date: Mar 03, 2022 | 1206 days ago

    8.8

    CVSS31
    CVE-2017-6744 - Cisco IOS Software SNMP Remote Code Execution Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Cisco

    Description : The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-6744

    Alert Date: Mar 03, 2022 | 1206 days ago

    8.8

    CVSS31
    CVE-2017-6743 - Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Cisco

    Description : The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-6743

    Alert Date: Mar 03, 2022 | 1206 days ago

    8.8

    CVSS31
    CVE-2017-6740 - Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Cisco

    Description : The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-6740

    Alert Date: Mar 03, 2022 | 1206 days ago

    8.8

    CVSS31
    CVE-2017-6738 - Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Cisco

    Description : The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-6738

    Alert Date: Mar 03, 2022 | 1206 days ago
Showing 20 of 1370 Results

Filters

© cvefeed.io
Latest DB Update: Jun. 21, 2025 8:04