CISA Known Exploited Vulnerabilities (KEV)

CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.

9.0

HIGH

CVE-2017-6743 - Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description : The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-6743

Alert Date: Mar 03, 2022 | 1464 days ago

8.6

HIGH

CVE-2018-0158 - Cisco IOS and XE Software Internet Key Exchange Memory Leak Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Cisco

Description : A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial-of-service (DoS) condition.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0158

Alert Date: Mar 03, 2022 | 1464 days ago

6.3

MEDIUM

CVE-2018-0161 - Cisco IOS Software Resource Management Errors Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Cisco

Description : A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial-of-service (DoS) condition.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0161

Alert Date: Mar 03, 2022 | 1464 days ago

8.8

HIGH

CVE-2018-0167 - Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Cisco

Description : There is a buffer overflow vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software which could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0167

Alert Date: Mar 03, 2022 | 1464 days ago

8.6

HIGH

CVE-2018-0172 - Cisco IOS and IOS XE Software Improper Input Validation Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Cisco

Description : A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service (DoS).

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0172

Alert Date: Mar 03, 2022 | 1464 days ago

8.6

HIGH

CVE-2018-0174 - Cisco IOS Software and Cisco IOS XE Software Improper Input Validation Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Cisco

Description : A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service (DoS).

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0174

Alert Date: Mar 03, 2022 | 1464 days ago

9.8

CRITICAL

CVE-2020-1938 - Apache Tomcat Improper Privilege Management Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Apache

Description : Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-1938

Alert Date: Mar 03, 2022 | 1464 days ago

10.0

CRITICAL

CVE-2022-20701 - Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Cisco

Description : A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-20701

Alert Date: Mar 03, 2022 | 1464 days ago

7.2

HIGH

CVE-2016-5195 - Linux Kernel Race Condition Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Linux

Description : Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-5195

Alert Date: Mar 03, 2022 | 1464 days ago

9.3

HIGH

CVE-2010-3333 - Microsoft Office Stack-based Buffer Overflow Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Microsoft

Description : A stack-based buffer overflow vulnerability exists in the parsing of RTF data in Microsoft Office and earlier allows an attacker to perform remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2010-3333

Alert Date: Mar 03, 2022 | 1464 days ago

5.3

MEDIUM

CVE-2015-4902 - Oracle Java SE Integrity Check Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Oracle

Description : Unspecified vulnerability in Oracle Java SE allows remote attackers to affect integrity via Unknown vectors related to deployment.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-4902

Alert Date: Mar 03, 2022 | 1464 days ago

10.0

HIGH

CVE-2015-5119 - Adobe Flash Player Use-After-Free Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Adobe

Description : A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution.

Action : The impacted product is end-of-life and should be disconnected if still in use.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-5119

Alert Date: Mar 03, 2022 | 1464 days ago

6.5

MEDIUM

CVE-2017-12238 - Cisco Catalyst 6800 Series Switches VPLS Denial-of-Service Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description : A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a denial of service.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-12238

Alert Date: Mar 03, 2022 | 1464 days ago

10.0

HIGH

CVE-2017-12240 - Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description : The Dynamic Host Configuration Protocol (DHCP) relay subsystem of Cisco IOS and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-12240

Alert Date: Mar 03, 2022 | 1464 days ago

6.5

MEDIUM

CVE-2017-6663 - Cisco IOS Software and Cisco IOS XE Software Denial-of-Service Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description : A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to reload, resulting in denial-of-service (DoS).

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-6663

Alert Date: Mar 03, 2022 | 1464 days ago

9.0

HIGH

CVE-2017-6736 - Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description : The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-6736

Alert Date: Mar 03, 2022 | 1464 days ago

9.0

HIGH

CVE-2017-6737 - Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description : The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-6737

Alert Date: Mar 03, 2022 | 1464 days ago

9.0

HIGH

CVE-2017-6739 - Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description : The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-6739

Alert Date: Mar 03, 2022 | 1464 days ago

10.0

CRITICAL

CVE-2022-20703 - Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Cisco

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-20703

Alert Date: Mar 03, 2022 | 1464 days ago

7.8

HIGH

CVE-2017-12233 - Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description : There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-12233

Alert Date: Mar 03, 2022 | 1464 days ago

Showing 20 of 1540 Results

Filters

What are you looking for ?

Date Added

Ransomware

Sort By

Browse by Apps

CISA Known Exploited Vulnerabilities (KEV)

9.0

8.6

6.3

8.8

8.6

8.6

9.8

10.0

7.2

9.3

5.3

10.0

6.5

10.0

6.5

9.0

9.0

9.0

10.0

7.8

Filters

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable

Cookie Preferences