CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
9.8
CVE-2008-0655 - Adobe Acrobat and Reader Unspecified Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2008-0655
9.3
CVE-2007-5659 - Adobe Acrobat and Reader Buffer Overflow Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2007-5659
8.8
CVE-2006-2492 - Microsoft Word Malformed Object Pointer Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Microsoft
Description :Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2006-2492
9.3
CVE-2012-4969 - Microsoft Internet Explorer Use-After-Free Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Microsoft
Description :Microsoft Internet Explorer contains a use-after-free vulnerability that allows remote attackers to execute code via a crafted web site.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2012-4969
8.8
CVE-2018-6065 - Google Chromium V8 Integer Overflow Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Google
Description :Google Chromium V8 Engine contains an integer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-6065
9.3
CVE-2009-0563 - Microsoft Office Buffer Overflow Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Microsoft
Description :Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via a Word document with a crafted tag containing an invalid length field.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2009-0563
9.0
CVE-2019-15271 - Cisco RV Series Routers Deserialization of Untrusted Data Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Cisco
Description :A deserialization of untrusted data vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an attacker to execute code with root privileges.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-15271
9.3
CVE-2011-0609 - Adobe Flash Player Unspecified Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2011-0609
9.3
CVE-2010-2883 - Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2010-2883
9.3
CVE-2010-2572 - Microsoft PowerPoint Buffer Overflow Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Microsoft
Description :Microsoft PowerPoint contains a buffer overflow vulnerability that alllows for remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2010-2572
8.8
CVE-2017-5030 - Google Chromium V8 Memory Corruption Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Google
Description :Google Chromium V8 Engine contains a memory corruption vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-5030
8.8
CVE-2016-5198 - Google Chromium V8 Out-of-Bounds Memory Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Google
Description :Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code execution, via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2016-5198
9.3
CVE-2016-1646 - Google Chromium V8 Out-of-Bounds Read Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Google
Description :Google Chromium V8 Engine contains an out-of-bounds read vulnerability that allows a remote attacker to cause a denial of service or possibly have another unspecified impact via crafted JavaScript code. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2016-1646
9.8
CVE-2019-7195 - QNAP Photo Station Path Traversal Vulnerability -
Action Due Jun 22, 2022 Target Vendor : QNAP
Description :QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Jun 08, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-7195
9.8
CVE-2019-7194 - QNAP Photo Station Path Traversal Vulnerability -
Action Due Jun 22, 2022 Target Vendor : QNAP
Description :QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Jun 08, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-7194
9.8
CVE-2019-7192 - QNAP Photo Station Improper Access Control Vulnerability -
Action Due Jun 22, 2022 Target Vendor : QNAP
Description :QNAP NAS devices running Photo Station contain an improper access control vulnerability allowing remote attackers to gain unauthorized access to the system.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Jun 08, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-7192
9.3
CVE-2012-1889 - Microsoft XML Core Services Memory Corruption Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Microsoft
Description :Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2012-1889
6.1
CVE-2012-0767 - Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Flash Player contains a XSS vulnerability that allows remote attackers to inject web script or HTML.
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2012-0767
9.3
CVE-2012-0754 - Adobe Flash Player Memory Corruption Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2012-0754
9.3
CVE-2012-5054 - Adobe Flash Player Integer Overflow Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments.
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2012-5054