Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Red Hat | JBoss

CVE-2010-0738

Red Hat JBoss Authentication Bypass Vulnerability: The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Adobe | Flash Player

CVE-2014-8439

Adobe Flash Player Dereferenced Pointer Vulnerability: Adobe Flash Player has a vulnerability in the way it handles a dereferenced memory pointer which could lead to code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Microsoft | Internet Explorer and Edge

CVE-2016-3351

Microsoft Internet Explorer and Edge Information Disclosure Vulnerability: An information disclosure vulnerability exists in the way that certain functions in Internet Explorer and Edge handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-05-24
Due Date: 2022-06-14

Additional Notes

Microsoft | Windows

CVE-2018-8611

Microsoft Windows Kernel Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory.

Related CWE: CWE-404

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-24
Due Date: 2022-06-14

Additional Notes

QNAP | Network Attached Storage (NAS)

CVE-2018-19953

QNAP NAS File Station Cross-Site Scripting Vulnerability: A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.

Related CWEs: CWE-79| CWE-80

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-05-24
Due Date: 2022-06-14

Additional Notes

QNAP | Network Attached Storage (NAS)

CVE-2018-19949

QNAP NAS File Station Command Injection Vulnerability: A command injection vulnerability affecting QNAP NAS File Station could allow remote attackers to run commands.

Related CWEs: CWE-20| CWE-77| CWE-78

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-05-24
Due Date: 2022-06-14

Additional Notes

QNAP | Network Attached Storage (NAS)

CVE-2018-19943

QNAP NAS File Station Cross-Site Scripting Vulnerability: A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.

Related CWEs: CWE-79| CWE-80

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-05-24
Due Date: 2022-06-14

Additional Notes

Microsoft | SMBv1 server

CVE-2017-0147

Microsoft Windows SMBv1 Information Disclosure Vulnerability: The SMBv1 server in Microsoft Windows allows remote attackers to obtain sensitive information from process memory via a crafted packet.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-05-24
Due Date: 2022-06-14

Additional Notes

Microsoft | XML Core Services

CVE-2017-0022

Microsoft XML Core Services Information Disclosure Vulnerability: Microsoft XML Core Services (MSXML) improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-24
Due Date: 2022-06-14

Additional Notes

Microsoft | Windows

CVE-2017-0005

Microsoft Windows Graphics Device Interface (GDI) Privilege Escalation Vulnerability: The Graphics Device Interface (GDI) in Microsoft Windows allows local users to gain privileges via a crafted application.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-24
Due Date: 2022-06-14

Additional Notes

Microsoft | Internet Explorer

CVE-2017-0149

Microsoft Internet Explorer Memory Corruption Vulnerability: Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial-of-service (DoS) via a crafted website.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-24
Due Date: 2022-06-14

Additional Notes

Microsoft | Internet Explorer

CVE-2017-0210

Microsoft Internet Explorer Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-24
Due Date: 2022-06-14

Additional Notes

Artifex | Ghostscript

CVE-2017-8291

Artifex Ghostscript Type Confusion Vulnerability: Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile.

Related CWE: CWE-704

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-24
Due Date: 2022-06-14

Additional Notes

Kaseya | Virtual System/Server Administrator (VSA)

CVE-2017-18362

Kaseya VSA SQL Injection Vulnerability: ConnectWise ManagedITSync integration for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database.

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Known

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-05-24
Due Date: 2022-06-14

Additional Notes

Microsoft | Windows

CVE-2017-8543

Microsoft Windows Search Remote Code Execution Vulnerability: Microsoft Windows allows an attacker to take control of the affected system when Windows Search fails to handle objects in memory.

Related CWE: CWE-281

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-24
Due Date: 2022-06-14

Additional Notes

Microsoft | Internet Explorer

CVE-2016-3298

Microsoft Internet Explorer Messaging API Information Disclosure Vulnerability: An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerability could allow the attacker to test for the presence of files on disk.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-24
Due Date: 2022-06-14

Additional Notes

Cisco | Adaptive Security Appliance (ASA)

CVE-2016-6367

Cisco Adaptive Security Appliance (ASA) CLI Remote Code Execution Vulnerability: A vulnerability in the command-line interface (CLI) parser of Cisco ASA software could allow an authenticated, local attacker to create a denial-of-service (DoS) condition or potentially execute code.

Related CWE: CWE-77

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-24
Due Date: 2022-06-14

Additional Notes

Cisco | Adaptive Security Appliance (ASA)

CVE-2016-6366

Cisco Adaptive Security Appliance (ASA) SNMP Buffer Overflow Vulnerability: A buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco ASA software could allow an attacker to cause a reload of the affected system or to remotely execute code.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-24
Due Date: 2022-06-14

Additional Notes

Apple | iOS

CVE-2016-4656

Apple iOS Memory Corruption Vulnerability: A memory corruption vulnerability in Apple iOS kernel allows attackers to execute code in a privileged context or cause a denial-of-service (DoS) via a crafted application.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-24
Due Date: 2022-06-14

Additional Notes

Apple | iOS

CVE-2016-4657

Apple iOS Webkit Memory Corruption Vulnerability: Apple iOS WebKit contains a memory corruption vulnerability that allows attackers to execute remote code or cause a denial-of-service (DoS) via a crafted web site. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-24
Due Date: 2022-06-14

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates