CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
9.8
CVE-2019-7192 - QNAP Photo Station Improper Access Control Vulnerability -
Action Due Jun 22, 2022 Target Vendor : QNAP
Description :QNAP NAS devices running Photo Station contain an improper access control vulnerability allowing remote attackers to gain unauthorized access to the system.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Jun 08, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-7192
9.3
CVE-2012-5054 - Adobe Flash Player Integer Overflow Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments.
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2012-5054
9.3
CVE-2013-1331 - Microsoft Office Buffer Overflow Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Microsoft
Description :Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via crafted PNG data in an Office document.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2013-1331
8.8
CVE-2006-2492 - Microsoft Word Malformed Object Pointer Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Microsoft
Description :Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2006-2492
9.3
CVE-2007-5659 - Adobe Acrobat and Reader Buffer Overflow Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2007-5659
9.8
CVE-2008-0655 - Adobe Acrobat and Reader Unspecified Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2008-0655
9.3
CVE-2009-0563 - Microsoft Office Buffer Overflow Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Microsoft
Description :Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via a Word document with a crafted tag containing an invalid length field.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2009-0563
9.3
CVE-2009-1862 - Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS).
Action :For Adobe Acrobat and Reader, apply updates per vendor instructions. For Adobe Flash Player, the impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2009-1862
10.0
CVE-2009-3953 - Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2009-3953
9.3
CVE-2009-4324 - Adobe Acrobat and Reader Use-After-Free Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2009-4324
9.3
CVE-2010-1297 - Adobe Flash Player Memory Corruption Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2010-1297
9.3
CVE-2010-2572 - Microsoft PowerPoint Buffer Overflow Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Microsoft
Description :Microsoft PowerPoint contains a buffer overflow vulnerability that alllows for remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2010-2572
9.3
CVE-2010-2883 - Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2010-2883
9.3
CVE-2011-0609 - Adobe Flash Player Unspecified Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2011-0609
9.3
CVE-2012-0754 - Adobe Flash Player Memory Corruption Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2012-0754
8.8
CVE-2017-5030 - Google Chromium V8 Memory Corruption Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Google
Description :Google Chromium V8 Engine contains a memory corruption vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-5030
8.8
CVE-2018-17480 - Google Chromium V8 Out-of-Bounds Write Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Google
Description :Google Chromium V8 Engine contains out-of-bounds write vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-17480
9.8
CVE-2019-7195 - QNAP Photo Station Path Traversal Vulnerability -
Action Due Jun 22, 2022 Target Vendor : QNAP
Description :QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Jun 08, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-7195
9.0
CVE-2019-15271 - Cisco RV Series Routers Deserialization of Untrusted Data Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Cisco
Description :A deserialization of untrusted data vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an attacker to execute code with root privileges.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-15271
9.3
CVE-2012-1889 - Microsoft XML Core Services Memory Corruption Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Microsoft
Description :Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2012-1889