CISA Known Exploited Vulnerabilities (KEV)

  1. Home
  2. CISA KEV
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.Y

    8.8

    HIGH
    CVE-2017-11292 - Adobe Flash Player Type Confusion Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Adobe

    Description : Adobe Flash Player contains a type confusion vulnerability which can allow for remote code execution.

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-11292

    Alert Date: Mar 03, 2022 | 1282 days ago

    9.3

    HIGH
    CVE-2017-0261 - Microsoft Office Use-After-Free Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Microsoft

    Description : Microsoft Office contains a use-after-free vulnerability which can allow for remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-0261

    Alert Date: Mar 03, 2022 | 1282 days ago

    7.5

    HIGH
    CVE-2016-8562 - Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Siemens

    Description : An improper privilege management vulnerability exists within the Siemens SIMATIC Communication Processor (CP) that allows a privileged attacker to remotely cause a denial of service.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-8562

    Alert Date: Mar 03, 2022 | 1282 days ago

    9.3

    HIGH
    CVE-2016-7855 - Adobe Flash Player Use-After-Free Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Adobe

    Description : Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code.

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-7855

    Alert Date: Mar 03, 2022 | 1282 days ago

    7.8

    HIGH
    CVE-2016-7262 - Microsoft Office Security Feature Bypass Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Microsoft

    Description : A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-7262

    Alert Date: Mar 03, 2022 | 1282 days ago

    9.3

    HIGH
    CVE-2016-7193 - Microsoft Office Memory Corruption Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Microsoft

    Description : Microsoft Office contains a memory corruption vulnerability which can allow for remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-7193

    Alert Date: Mar 03, 2022 | 1282 days ago

    10.0

    HIGH
    CVE-2016-1019 - Adobe Flash Player Arbitrary Code Execution Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Adobe

    Description : Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code.

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-1019

    Alert Date: Mar 03, 2022 | 1282 days ago

    9.3

    HIGH
    CVE-2015-7645 - Adobe Flash Player Arbitrary Code Execution Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Adobe

    Description : Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file.

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-7645

    Alert Date: Mar 03, 2022 | 1282 days ago

    10.0

    HIGH
    CVE-2015-5119 - Adobe Flash Player Use-After-Free Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Adobe

    Description : A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution.

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-5119

    Alert Date: Mar 03, 2022 | 1282 days ago

    5.3

    MEDIUM
    CVE-2015-4902 - Oracle Java SE Integrity Check Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Oracle

    Description : Unspecified vulnerability in Oracle Java SE allows remote attackers to affect integrity via Unknown vectors related to deployment.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-4902

    Alert Date: Mar 03, 2022 | 1282 days ago

    10.0

    HIGH
    CVE-2015-3043 - Adobe Flash Player Memory Corruption Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Adobe

    Description : A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution.

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-3043

    Alert Date: Mar 03, 2022 | 1282 days ago

    10.0

    HIGH
    CVE-2015-2590 - Oracle Java SE and Java SE Embedded Remote Code Execution Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Oracle

    Description : An unspecified vulnerability exists within Oracle Java Runtime Environment that allows an attacker to perform remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-2590

    Alert Date: Mar 03, 2022 | 1282 days ago

    9.3

    HIGH
    CVE-2015-2545 - Microsoft Office Malformed EPS File Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Microsoft

    Description : Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-2545

    Alert Date: Mar 03, 2022 | 1282 days ago

    9.3

    HIGH
    CVE-2015-2424 - Microsoft PowerPoint Memory Corruption Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Microsoft

    Description : Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-2424

    Alert Date: Mar 03, 2022 | 1282 days ago

    7.8

    HIGH
    CVE-2015-2387 - Microsoft ATM Font Driver Privilege Escalation Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Microsoft

    Description : ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-2387

    Alert Date: Mar 03, 2022 | 1282 days ago

    7.8

    HIGH
    CVE-2015-1701 - Microsoft Win32k Privilege Escalation Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Microsoft

    Description : An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code with elevated privileges.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-1701

    Alert Date: Mar 03, 2022 | 1282 days ago

    9.3

    HIGH
    CVE-2015-1642 - Microsoft Office Memory Corruption Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Microsoft

    Description : Microsoft Office contains a memory corruption vulnerability that allows remote attackers to execute arbitrary code via a crafted document.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-1642

    Alert Date: Mar 03, 2022 | 1282 days ago

    10.0

    HIGH
    CVE-2014-0496 - Adobe Reader and Acrobat Use-After-Free Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Adobe

    Description : Adobe Reader and Acrobat contain a use-after-free vulnerability which can allow for code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2014-0496

    Alert Date: Mar 03, 2022 | 1282 days ago

    7.8

    HIGH
    CVE-2013-5065 - Microsoft Windows Kernel Privilege Escalation Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Microsoft

    Description : Microsoft Windows NDProxy.sys in the kernel contains an improper input validation vulnerability which can allow a local attacker to escalate privileges.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-5065

    Alert Date: Mar 03, 2022 | 1282 days ago

    10.0

    HIGH
    CVE-2013-3346 - Adobe Reader and Acrobat Memory Corruption Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Adobe

    Description : Adobe Reader and Acrobat contain a memory corruption vulnerability which can allow attackers to execute arbitrary code or cause a denial of service.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-3346

    Alert Date: Mar 03, 2022 | 1282 days ago
Showing 20 of 1416 Results

Filters