CISA Known Exploited Vulnerabilities (KEV)

  1. Home
  2. CISA KEV
Threat Intelligence

CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.

    9.3

    HIGH
    CVE-2017-0199 - Microsoft Office and WordPad Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description :Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-0199

    Alert Date: Nov 03, 2021 | 1594 days ago

    8.8

    HIGH
    CVE-2020-1380 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description :Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-1380

    Alert Date: Nov 03, 2021 | 1594 days ago

    7.6

    HIGH
    CVE-2019-1429 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description :Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-1429

    Alert Date: Nov 03, 2021 | 1594 days ago

    7.8

    HIGH
    CVE-2017-11774 - Microsoft Office Outlook Security Feature Bypass Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description :Microsoft Office Outlook contains a security feature bypass vulnerability due to improperly handling objects in memory. Successful exploitation allows an attacker to execute commands.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-11774

    Alert Date: Nov 03, 2021 | 1594 days ago

    7.6

    HIGH
    CVE-2020-0968 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description :Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-0968

    Alert Date: Nov 03, 2021 | 1594 days ago

    7.8

    HIGH
    CVE-2019-0808 - Microsoft Win32k Privilege Escalation Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description :Microsoft Win32k contains a privilege escalation vulnerability due to the component failing to properly handle objects in memory. Successful exploitation allows an attacker to run code in kernel mode.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-0808

    Alert Date: Nov 03, 2021 | 1594 days ago
Showing 20 of 1546 Results

Filters