CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
8.8
CVE-2018-17480 - Google Chromium V8 Out-of-Bounds Write Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Google
Description :Google Chromium V8 Engine contains out-of-bounds write vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-17480
9.3
CVE-2013-1331 - Microsoft Office Buffer Overflow Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Microsoft
Description :Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via crafted PNG data in an Office document.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2013-1331
9.3
CVE-2012-5054 - Adobe Flash Player Integer Overflow Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments.
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2012-5054
9.3
CVE-2012-4969 - Microsoft Internet Explorer Use-After-Free Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Microsoft
Description :Microsoft Internet Explorer contains a use-after-free vulnerability that allows remote attackers to execute code via a crafted web site.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2012-4969
9.3
CVE-2012-1889 - Microsoft XML Core Services Memory Corruption Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Microsoft
Description :Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2012-1889
6.1
CVE-2012-0767 - Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Flash Player contains a XSS vulnerability that allows remote attackers to inject web script or HTML.
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2012-0767
9.3
CVE-2012-0754 - Adobe Flash Player Memory Corruption Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2012-0754
9.3
CVE-2012-0151 - Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Microsoft
Description :The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute code.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2012-0151
10.0
CVE-2011-2462 - Adobe Reader and Acrobat Universal 3D Memory Corruption Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :The Universal 3D (U3D) component in Adobe Reader and Acrobat contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS).
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2011-2462
9.3
CVE-2011-0609 - Adobe Flash Player Unspecified Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2011-0609
9.3
CVE-2010-2883 - Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2010-2883
9.3
CVE-2010-2572 - Microsoft PowerPoint Buffer Overflow Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Microsoft
Description :Microsoft PowerPoint contains a buffer overflow vulnerability that alllows for remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2010-2572
9.3
CVE-2010-1297 - Adobe Flash Player Memory Corruption Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2010-1297
9.3
CVE-2009-4324 - Adobe Acrobat and Reader Use-After-Free Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2009-4324
9.3
CVE-2009-1862 - Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS).
Action :For Adobe Acrobat and Reader, apply updates per vendor instructions. For Adobe Flash Player, the impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2009-1862
9.3
CVE-2009-0557 - Microsoft Office Object Record Corruption Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Microsoft
Description :Microsoft Office contains an object record corruption vulnerability that allows remote attackers to execute code via a crafted Excel file with a malformed record object.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2009-0557
9.8
CVE-2008-0655 - Adobe Acrobat and Reader Unspecified Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2008-0655
9.3
CVE-2007-5659 - Adobe Acrobat and Reader Buffer Overflow Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2007-5659
8.8
CVE-2006-2492 - Microsoft Word Malformed Object Pointer Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Microsoft
Description :Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2006-2492
6.5
CVE-2019-5825 - Google Chromium V8 Out-of-Bounds Write Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Google
Description :Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-5825