CISA Known Exploited Vulnerabilities (KEV)

  1. Home
  2. CISA KEV
Threat Intelligence

CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.

    9.3

    HIGH
    CVE-2012-1535 - Adobe Flash Player Arbitrary Code Execution Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Adobe

    Description :Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content.

    Action :The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2012-1535

    Alert Date: Mar 03, 2022 | 1512 days ago

    7.8

    HIGH
    CVE-2009-1123 - Microsoft Windows Improper Input Validation Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Microsoft

    Description :The kernel in Microsoft Windows does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2009-1123

    Alert Date: Mar 03, 2022 | 1512 days ago

    7.1

    HIGH
    CVE-2018-0179 - Cisco IOS Software Denial-of-Service Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description :A vulnerability in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-0179

    Alert Date: Mar 03, 2022 | 1512 days ago

    8.8

    HIGH
    CVE-2008-3431 - Oracle VirtualBox Insufficient Input Validation Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Oracle

    Description :An input validation vulnerability exists in the VBoxDrv.sys driver of Sun xVM VirtualBox which allows attackers to locally execute arbitrary code.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2008-3431

    Alert Date: Mar 03, 2022 | 1512 days ago

    7.1

    HIGH
    CVE-2017-12319 - Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial-of-Service Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Cisco

    Description :A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-12319

    Alert Date: Mar 03, 2022 | 1512 days ago

    9.3

    HIGH
    CVE-2013-0640 - Adobe Reader and Acrobat Memory Corruption Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Adobe

    Description :An memory corruption vulnerability exists in the acroform.dll in Adobe Reader that allows an attacker to perform remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2013-0640

    Alert Date: Mar 03, 2022 | 1512 days ago

    10.0

    HIGH
    CVE-2013-0632 - Adobe ColdFusion Authentication Bypass Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Adobe

    Description :An authentication bypass vulnerability exists in Adobe ColdFusion which could result in an unauthorized user gaining administrative access.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2013-0632

    Alert Date: Mar 03, 2022 | 1512 days ago

    10.0

    CRITICAL
    CVE-2022-20703 - Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description :A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2022-20703

    Alert Date: Mar 03, 2022 | 1512 days ago

    10.0

    CRITICAL
    CVE-2022-20700 - Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description :A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2022-20700

    Alert Date: Mar 03, 2022 | 1512 days ago

    10.0

    CRITICAL
    CVE-2022-20699 - Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description :A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2022-20699

    Alert Date: Mar 03, 2022 | 1512 days ago

    5.4

    MEDIUM
    CVE-2020-11899 - Treck TCP/IP stack Out-of-Bounds Read Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Treck TCP/IP stack

    Description :The Treck TCP/IP stack contains an IPv6 out-of-bounds read vulnerability.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-11899

    Alert Date: Mar 03, 2022 | 1512 days ago

    9.0

    HIGH
    CVE-2019-1652 - Cisco Small Business Routers Improper Input Validation Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description :A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-1652

    Alert Date: Mar 03, 2022 | 1512 days ago

    8.0

    HIGH
    CVE-2018-0175 - Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description :Format string vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-0175

    Alert Date: Mar 03, 2022 | 1512 days ago

    8.6

    HIGH
    CVE-2018-0174 - Cisco IOS Software and Cisco IOS XE Software Improper Input Validation Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description :A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service (DoS).

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-0174

    Alert Date: Mar 03, 2022 | 1512 days ago

    10.0

    CRITICAL
    CVE-2022-20708 - Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description :A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2022-20708

    Alert Date: Mar 03, 2022 | 1512 days ago

    7.8

    HIGH
    CVE-2021-41379 - Microsoft Windows Installer Privilege Escalation Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Microsoft

    Description :Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Mar 03, 2022

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-41379

    Alert Date: Mar 03, 2022 | 1512 days ago

    9.3

    HIGH
    CVE-2019-1297 - Microsoft Excel Remote Code Execution Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Microsoft

    Description :A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-1297

    Alert Date: Mar 03, 2022 | 1512 days ago

    7.4

    HIGH
    CVE-2018-8581 - Microsoft Exchange Server Privilege Escalation Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Microsoft

    Description :A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt to impersonate any other user of the Exchange server.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Mar 03, 2022

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-8581

    Alert Date: Mar 03, 2022 | 1512 days ago

    7.6

    HIGH
    CVE-2018-8298 - ChakraCore Scripting Engine Type Confusion Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : ChakraCore

    Description :The ChakraCore scripting engine contains a type confusion vulnerability which can allow for remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-8298

    Alert Date: Mar 03, 2022 | 1512 days ago

    7.1

    HIGH
    CVE-2018-0180 - Cisco IOS Software Denial-of-Service Vulnerability -

    Action Due Mar 17, 2022 Target Vendor : Cisco

    Description :A vulnerability in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-0180

    Alert Date: Mar 03, 2022 | 1512 days ago
Showing 20 of 1582 Results

Filters