CISA Known Exploited Vulnerabilities (KEV)

CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.

8.6

HIGH

CVE-2018-0155 - Cisco Catalyst Bidirectional Forwarding Detection Denial-of-Service Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Cisco

Description :A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial-of-service (DoS) condition.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-0155

Alert Date: Mar 03, 2022 | 1467 days ago

10.0

HIGH

CVE-2016-1019 - Adobe Flash Player Arbitrary Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Adobe

Description :Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code.

Action :The impacted product is end-of-life and should be disconnected if still in use.

Known To Be Used in Ransomware Campaigns? : Known Detected Mar 03, 2022

Notes :https://nvd.nist.gov/vuln/detail/CVE-2016-1019

Alert Date: Mar 03, 2022 | 1467 days ago

7.8

HIGH

CVE-2015-2387 - Microsoft ATM Font Driver Privilege Escalation Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Microsoft

Description :ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2015-2387

Alert Date: Mar 03, 2022 | 1467 days ago

10.0

HIGH

CVE-2014-0496 - Adobe Reader and Acrobat Use-After-Free Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Adobe

Description :Adobe Reader and Acrobat contain a use-after-free vulnerability which can allow for code execution.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2014-0496

Alert Date: Mar 03, 2022 | 1467 days ago

10.0

HIGH

CVE-2013-0632 - Adobe ColdFusion Authentication Bypass Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Adobe

Description :An authentication bypass vulnerability exists in Adobe ColdFusion which could result in an unauthorized user gaining administrative access.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2013-0632

Alert Date: Mar 03, 2022 | 1467 days ago

9.3

HIGH

CVE-2012-1535 - Adobe Flash Player Arbitrary Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Adobe

Description :Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content.

Action :The impacted product is end-of-life and should be disconnected if still in use.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2012-1535

Alert Date: Mar 03, 2022 | 1467 days ago

9.3

HIGH

CVE-2015-1642 - Microsoft Office Memory Corruption Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Microsoft

Description :Microsoft Office contains a memory corruption vulnerability that allows remote attackers to execute arbitrary code via a crafted document.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2015-1642

Alert Date: Mar 03, 2022 | 1467 days ago

9.0

HIGH

CVE-2019-1652 - Cisco Small Business Routers Improper Input Validation Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Cisco

Description :A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-1652

Alert Date: Mar 03, 2022 | 1467 days ago

8.0

HIGH

CVE-2018-0175 - Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Cisco

Description :Format string vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-0175

Alert Date: Mar 03, 2022 | 1467 days ago

9.3

HIGH

CVE-2015-2545 - Microsoft Office Malformed EPS File Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Microsoft

Description :Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2015-2545

Alert Date: Mar 03, 2022 | 1467 days ago

10.0

CRITICAL

CVE-2022-20708 - Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Cisco

Description :A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2022-20708

Alert Date: Mar 03, 2022 | 1467 days ago

10.0

CRITICAL

CVE-2022-20700 - Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Cisco

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2022-20700

Alert Date: Mar 03, 2022 | 1467 days ago

10.0

CRITICAL

CVE-2022-20699 - Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Cisco

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2022-20699

Alert Date: Mar 03, 2022 | 1467 days ago

7.1

HIGH

CVE-2018-0179 - Cisco IOS Software Denial-of-Service Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Cisco

Description :A vulnerability in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-0179

Alert Date: Mar 03, 2022 | 1467 days ago

8.6

HIGH

CVE-2018-0174 - Cisco IOS Software and Cisco IOS XE Software Improper Input Validation Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Cisco

Description :A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service (DoS).

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-0174

Alert Date: Mar 03, 2022 | 1467 days ago

8.6

HIGH

CVE-2018-0173 - Cisco IOS and IOS XE Software Improper Input Validation Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Cisco

Description :A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets can allow for denial-of-service (DoS).

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-0173

Alert Date: Mar 03, 2022 | 1467 days ago

8.6

HIGH

CVE-2018-0172 - Cisco IOS and IOS XE Software Improper Input Validation Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Cisco

Description :A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service (DoS).

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-0172

Alert Date: Mar 03, 2022 | 1467 days ago

8.8

HIGH

CVE-2018-0167 - Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Cisco

Description :There is a buffer overflow vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software which could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-0167

Alert Date: Mar 03, 2022 | 1467 days ago

10.0

HIGH

CVE-2018-0151 - Cisco IOS Software and Cisco IOS XE Software Quality of Service Remote Code Execution Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Cisco

Description :A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-0151

Alert Date: Mar 03, 2022 | 1467 days ago

9.3

HIGH

CVE-2017-8540 - Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Microsoft

Description :The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-8540

Alert Date: Mar 03, 2022 | 1467 days ago

Showing 20 of 1540 Results

Filters

What are you looking for ?

Date Added

Ransomware

Sort By

Browse by Apps

CISA Known Exploited Vulnerabilities (KEV)

8.6

10.0

7.8

10.0

10.0

9.3

9.3

9.0

8.0

9.3

10.0

10.0

10.0

7.1

8.6

8.6

8.6

8.8

10.0

9.3

Filters

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable

Cookie Preferences