CISA Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.Y

    7.8

    CVSS31
    CVE-2020-0986 - Microsoft Windows Kernel Privilege Escalation Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description : Microsoft Windows kernel contains an unspecified vulnerability when handling objects in memory that allows attackers to escalate privileges and execute code in kernel mode.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-0986

    Alert Date: Nov 03, 2021 | 1266 days ago

    8.8

    CVSS31
    CVE-2020-1020 - Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description : Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-1020

    Alert Date: Nov 03, 2021 | 1266 days ago

    7.8

    CVSS31
    CVE-2021-38645 - Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Microsoft

    Description : Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability that allows for privilege escalation.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-38645

    Alert Date: Nov 03, 2021 | 1266 days ago

    9.8

    CVSS31
    CVE-2021-34523 - Microsoft Exchange Server Privilege Escalation Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Microsoft

    Description : Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-34523

    Alert Date: Nov 03, 2021 | 1266 days ago

    9.8

    CVSS31
    CVE-2017-7269 - Microsoft Windows Server Buffer Overflow Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description : Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services (IIS) 6.0 which allows remote attackers to execute code via a long header beginning with "If: <http://" in a PROPFIND request.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-7269

    Alert Date: Nov 03, 2021 | 1266 days ago

    7.8

    CVSS31
    CVE-2021-36948 - Microsoft Windows Update Medic Service Privilege Escalation Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Microsoft

    Description : Microsoft Windows Update Medic Service contains an unspecified vulnerability that allows for privilege escalation.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-36948

    Alert Date: Nov 03, 2021 | 1266 days ago

    7.8

    CVSS31
    CVE-2021-38649 - Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Microsoft

    Description : Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-38649

    Alert Date: Nov 03, 2021 | 1266 days ago

    8.8

    CVSS31
    CVE-2020-0688 - Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description : Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-0688

    Alert Date: Nov 03, 2021 | 1266 days ago

    8.8

    CVSS31
    CVE-2017-0143 - Microsoft Windows Server Message Block (SMBv1) Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description : Microsoft Windows Server Message Block 1.0 (SMBv1) contains an unspecified vulnerability that allows for remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-0143

    Alert Date: Nov 03, 2021 | 1266 days ago

    7.8

    CVSS31
    CVE-2016-7255 - Microsoft Win32k Privilege Escalation Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description : Microsoft Win32k kernel-mode driver fails to properly handle objects in memory which allows for privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-7255

    Alert Date: Nov 03, 2021 | 1266 days ago

    9.8

    CVSS31
    CVE-2021-34473 - Microsoft Exchange Server Remote Code Execution Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Microsoft

    Description : Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-34473

    Alert Date: Nov 03, 2021 | 1266 days ago

    7.8

    CVSS31
    CVE-2020-1464 - Microsoft Windows Spoofing Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description : Microsoft Windows contains a spoofing vulnerability when Windows incorrectly validates file signatures, allowing an attacker to bypass security features and load improperly signed files.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-1464

    Alert Date: Nov 03, 2021 | 1266 days ago

    6.6

    CVSS31
    CVE-2021-31207 - Microsoft Exchange Server Security Feature Bypass Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Microsoft

    Description : Microsoft Exchange Server contains an unspecified vulnerability that allows for security feature bypass.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-31207

    Alert Date: Nov 03, 2021 | 1266 days ago

    7.8

    CVSS31
    CVE-2019-0803 - Microsoft Win32k Privilege Escalation Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description : Microsoft Win32k contains an unspecified vulnerability due to it failing to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-0803

    Alert Date: Nov 03, 2021 | 1266 days ago

    9.0

    CVSS31
    CVE-2020-1040 - Microsoft Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description : Microsoft Hyper-V RemoteFX vGPU contains an improper input validation vulnerability due to the host server failing to properly validate input from an authenticated user on a guest operating system. Successful exploitation allows for remote code execution on the host operating system.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-1040

    Alert Date: Nov 03, 2021 | 1266 days ago

    7.8

    CVSS31
    CVE-2021-28310 - Microsoft Win32k Privilege Escalation Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Microsoft

    Description : Microsoft Windows Win32k contains an unspecified vulnerability that allows for privilege escalation.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-28310

    Alert Date: Nov 03, 2021 | 1266 days ago

    8.8

    CVSS31
    CVE-2021-26411 - Microsoft Internet Explorer Memory Corruption Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Microsoft

    Description : Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-26411

    Alert Date: Nov 03, 2021 | 1266 days ago

    7.8

    CVSS31
    CVE-2019-0859 - Microsoft Win32k Privilege Escalation Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description : Microsoft Win32k fails to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-0859

    Alert Date: Nov 03, 2021 | 1266 days ago

    8.8

    CVSS31
    CVE-2021-40444 - Microsoft MSHTML Remote Code Execution Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Microsoft

    Description : Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-40444

    Alert Date: Nov 03, 2021 | 1266 days ago

    7.8

    CVSS31
    CVE-2017-8759 - Microsoft .NET Framework Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description : Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-8759

    Alert Date: Nov 03, 2021 | 1266 days ago
Showing 20 of 1325 Results

Filters

© cvefeed.io
Latest DB Update: Apr. 22, 2025 14:45