Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Adobe | ColdFusion

CVE-2017-3066

Adobe ColdFusion Deserialization Vulnerability: Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-02-24
Due Date: 2025-03-17

Additional Notes

Adobe | ColdFusion

CVE-2024-20767

Adobe ColdFusion Improper Access Control Vulnerability: Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel.

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-12-16
Due Date: 2025-01-06

Additional Notes

Adobe | Flash Player

CVE-2014-0497

Adobe Flash Player Integer Underflow Vulnerablity: Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code.

Related CWE: CWE-191

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

Date Added: 2024-09-17
Due Date: 2024-10-08

Additional Notes

Adobe | Flash Player

CVE-2013-0643

Adobe Flash Player Incorrect Default Permissions Vulnerability: Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

Date Added: 2024-09-17
Due Date: 2024-10-08

Additional Notes

Adobe | Flash Player

CVE-2013-0648

Adobe Flash Player Code Execution Vulnerability: Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content.

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

Date Added: 2024-09-17
Due Date: 2024-10-08

Additional Notes

Adobe | Flash Player

CVE-2014-0502

Adobe Flash Player Double Free Vulnerablity: Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code.

Related CWE: CWE-399

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

Date Added: 2024-09-17
Due Date: 2024-10-08

Additional Notes

Adobe | Commerce and Magento Open Source

CVE-2024-34102

Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability: Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution.

Related CWE: CWE-611

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-07-17
Due Date: 2024-08-07

Additional Notes

Adobe | ColdFusion

CVE-2023-38203

Adobe ColdFusion Deserialization of Untrusted Data Vulnerability: Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-01-08
Due Date: 2024-01-29

Additional Notes

Adobe | ColdFusion

CVE-2023-29300

Adobe ColdFusion Deserialization of Untrusted Data Vulnerability: Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-01-08
Due Date: 2024-01-29

Additional Notes

Adobe | Acrobat and Reader

CVE-2023-21608

Adobe Acrobat and Reader Use-After-Free Vulnerability: Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-10-10
Due Date: 2023-10-31

Additional Notes

Adobe | Acrobat and Reader

CVE-2023-26369

Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability: Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-09-14
Due Date: 2023-10-05

Additional Notes

Adobe | ColdFusion

CVE-2023-26359

Adobe ColdFusion Deserialization of Untrusted Data Vulnerability: Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-08-21
Due Date: 2023-09-11

Additional Notes

Adobe | ColdFusion

CVE-2023-38205

Adobe ColdFusion Improper Access Control Vulnerability: Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-07-20
Due Date: 2023-08-10

Additional Notes

Adobe | ColdFusion

CVE-2023-29298

Adobe ColdFusion Improper Access Control Vulnerability: Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-07-20
Due Date: 2023-08-10

Additional Notes

Adobe | ColdFusion

CVE-2023-26360

Adobe ColdFusion Deserialization of Untrusted Data Vulnerability: Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution.

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-03-15
Due Date: 2023-04-05

Additional Notes

Adobe | Acrobat and Reader, Flash Player

CVE-2009-1862

Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability: Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS).

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: For Adobe Acrobat and Reader, apply updates per vendor instructions. For Adobe Flash Player, the impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Adobe | Acrobat and Reader

CVE-2018-4990

Adobe Acrobat and Reader Double Free Vulnerability: Adobe Acrobat and Reader have a double free vulnerability that could lead to remote code execution.

Related CWE: CWE-415

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Adobe | Flash Player

CVE-2012-5054

Adobe Flash Player Integer Overflow Vulnerability: Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments.

Related CWE: CWE-189

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Adobe | Flash Player

CVE-2012-0767

Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability: Adobe Flash Player contains a XSS vulnerability that allows remote attackers to inject web script or HTML.

Related CWE: CWE-79

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Adobe | Flash Player

CVE-2012-0754

Adobe Flash Player Memory Corruption Vulnerability: Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Adobe | Acrobat and Reader

CVE-2011-2462

Adobe Acrobat and Reader Universal 3D Memory Corruption Vulnerability: The Universal 3D (U3D) component in Adobe Acrobat and Reader contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS).

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Adobe | Flash Player

CVE-2011-0609

Adobe Flash Player Unspecified Vulnerability: Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Adobe | Acrobat and Reader

CVE-2010-2883

Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability: Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Adobe | Flash Player

CVE-2010-1297

Adobe Flash Player Memory Corruption Vulnerability: Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Adobe | Acrobat and Reader

CVE-2009-4324

Adobe Acrobat and Reader Use-After-Free Vulnerability: Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file.

Related CWE: CWE-399

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Adobe | Acrobat and Reader

CVE-2009-3953

Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability: Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Adobe | Acrobat and Reader

CVE-2008-0655

Adobe Acrobat and Reader Unspecified Vulnerability: Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Adobe | Acrobat and Reader

CVE-2007-5659

Adobe Acrobat and Reader Buffer Overflow Vulnerability: Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Adobe | Acrobat and Reader

CVE-2014-0546

Adobe Acrobat and Reader Sandbox Bypass Vulnerability: Adobe Acrobat and Reader on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Adobe | Flash Player

CVE-2014-8439

Adobe Flash Player Dereferenced Pointer Vulnerability: Adobe Flash Player has a vulnerability in the way it handles a dereferenced memory pointer which could lead to code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Adobe | Flash Player

CVE-2015-8651

Adobe Flash Player Integer Overflow Vulnerability: Integer overflow in Adobe Flash Player allows attackers to execute code.

Related CWE: CWE-189

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Adobe | Flash Player

CVE-2015-0310

Adobe Flash Player ASLR Bypass Vulnerability: Adobe Flash Player does not properly restrict discovery of memory addresses, which allows attackers to bypass the address space layout randomization (ASLR) protection mechanism.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Adobe | Flash Player and AIR

CVE-2016-0984

Adobe Flash Player and AIR Use-After-Free Vulnerability: Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows attackers to execute code.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted products are end-of-life and should be disconnected if still in use.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Adobe | Flash Player and AIR

CVE-2016-1010

Adobe Flash Player and AIR Integer Overflow Vulnerability: Integer overflow vulnerability in Adobe Flash Player and AIR allows attackers to execute code.

Related CWE: CWE-190

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted products are end-of-life and should be disconnected if still in use.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Adobe | Flash Player

CVE-2018-5002

Adobe Flash Player Stack-based Buffer Overflow Vulnerability: Adobe Flash Player have a stack-based buffer overflow vulnerability that could lead to remote code execution.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-05-23
Due Date: 2022-06-13

Additional Notes

Adobe | Flash Player

CVE-2015-0311

Adobe Flash Player Remote Code Execution Vulnerability: Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code.

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-04-13
Due Date: 2022-05-04

Additional Notes

Adobe | Flash Player

CVE-2014-9163

Adobe Flash Player Stack-Based Buffer Overflow Vulnerability: Stack-based buffer overflow in Adobe Flash Player allows attackers to execute code remotely.

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-04-13
Due Date: 2022-05-04

Additional Notes

Adobe | Flash Player

CVE-2015-0313

Adobe Flash Player Use-After-Free Vulnerability: Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-04-13
Due Date: 2022-05-04

Additional Notes

Adobe | Flash Player

CVE-2015-3113

Adobe Flash Player Heap-Based Buffer Overflow Vulnerability: Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-04-13
Due Date: 2022-05-04

Additional Notes

Adobe | Flash Player

CVE-2015-5122

Adobe Flash Player Use-After-Free Vulnerability: Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-04-13
Due Date: 2022-05-04

Additional Notes

Adobe | Flash Player

CVE-2015-5123

Adobe Flash Player Use-After-Free Vulnerability: Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-04-13
Due Date: 2022-05-04

Additional Notes

Adobe | Flash Player

CVE-2012-2034

Adobe Flash Player Memory Corruption Vulnerability: Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service (DoS).

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Adobe | Reader and Acrobat

CVE-2013-2729

Adobe Reader and Acrobat Arbitrary Integer Overflow Vulnerability: Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code.

Related CWE: CWE-189

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Adobe | Reader and Acrobat

CVE-2009-0927

Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability: Stack-based buffer overflow in Adobe Reader and Adobe Acrobat allows remote attackers to execute arbitrary code.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Adobe | ColdFusion

CVE-2010-2861

Adobe ColdFusion Directory Traversal Vulnerability: A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Adobe | Flash Player

CVE-2016-4171

Adobe Flash Player Remote Code Execution Vulnerability: Unspecified vulnerability in Adobe Flash Player allows for remote code execution.

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Adobe | Flash Player

CVE-2016-7892

Adobe Flash Player Use-After-Free Vulnerability: Adobe Flash Player has an exploitable use-after-free vulnerability in the TextField class.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Adobe | BlazeDS

CVE-2009-3960

Adobe BlazeDS Information Disclosure Vulnerability: Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-07
Due Date: 2022-09-07

Additional Notes

Adobe | ColdFusion

CVE-2013-0631

Adobe ColdFusion Information Disclosure Vulnerability: Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-07
Due Date: 2022-09-07

Additional Notes

Adobe | ColdFusion

CVE-2013-0629

Adobe ColdFusion Directory Traversal Vulnerability: Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-07
Due Date: 2022-09-07

Additional Notes

Adobe | ColdFusion

CVE-2013-0625

Adobe ColdFusion Authentication Bypass Vulnerability: Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access.

Related CWE: CWE-255

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-07
Due Date: 2022-09-07

Additional Notes

Adobe | Flash Player

CVE-2012-1535

Adobe Flash Player Arbitrary Code Execution Vulnerability: Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content.

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Flash Player

CVE-2017-11292

Adobe Flash Player Type Confusion Vulnerability: Adobe Flash Player contains a type confusion vulnerability which can allow for remote code execution.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Flash Player

CVE-2016-7855

Adobe Flash Player Use-After-Free Vulnerability: Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Flash Player

CVE-2016-4117

Adobe Flash Player Arbitrary Code Execution Vulnerability: An access of resource using incompatible type vulnerability exists within Adobe Flash Player that allows an attacker to perform remote code execution.

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Flash Player

CVE-2016-1019

Adobe Flash Player Arbitrary Code Execution Vulnerability: Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code.

Known To Be Used in Ransomware Campaigns? Known

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Flash Player

CVE-2015-7645

Adobe Flash Player Arbitrary Code Execution Vulnerability: Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file.

Known To Be Used in Ransomware Campaigns? Known

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Flash Player

CVE-2015-5119

Adobe Flash Player Use-After-Free Vulnerability: A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Flash Player

CVE-2015-3043

Adobe Flash Player Memory Corruption Vulnerability: A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Reader and Acrobat

CVE-2014-0496

Adobe Reader and Acrobat Use-After-Free Vulnerability: Adobe Reader and Acrobat contain a use-after-free vulnerability which can allow for code execution.

Related CWE: CWE-399

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Reader and Acrobat

CVE-2013-3346

Adobe Reader and Acrobat Memory Corruption Vulnerability: Adobe Reader and Acrobat contain a memory corruption vulnerability which can allow attackers to execute arbitrary code or cause a denial of service.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Reader

CVE-2013-0641

Adobe Reader Buffer Overflow Vulnerability: A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution.

Related CWE: CWE-120

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Reader and Acrobat

CVE-2013-0640

Adobe Reader and Acrobat Memory Corruption Vulnerability: An memory corruption vulnerability exists in the acroform.dll in Adobe Reader that allows an attacker to perform remote code execution.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | ColdFusion

CVE-2013-0632

Adobe ColdFusion Authentication Bypass Vulnerability: An authentication bypass vulnerability exists in Adobe ColdFusion which could result in an unauthorized user gaining administrative access.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Flash Player

CVE-2011-0611

Adobe Flash Player Remote Code Execution Vulnerability: Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Reader and Acrobat

CVE-2010-0188

Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability: Unspecified vulnerability in Adobe Reader and Acrobat allows attackers to cause a denial of service or possibly execute arbitrary code.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Acrobat and Reader

CVE-2008-2992

Adobe Reader and Acrobat Input Validation Vulnerability: Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Flash Player

CVE-2018-15982

Adobe Flash Player Use-After-Free Vulnerability: Adobe Flash Player com.adobe.tvsdk.mediacore.metadata Use After Free Vulnerability

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Known

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-02-15
Due Date: 2022-08-15

Additional Notes

Adobe | Commerce and Magento Open Source

CVE-2022-24086

Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability: Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-02-15
Due Date: 2022-03-01

Additional Notes

Adobe | Acrobat and Reader

CVE-2021-21017

Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability: Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.

Related CWE: CWE-122

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Adobe | Flash Player

CVE-2018-4878

Adobe Flash Player Use-After-Free Vulnerability: Adobe Flash Player contains a use-after-free vulnerability that could allow for code execution.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Known

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Adobe | ColdFusion

CVE-2018-15961

Adobe ColdFusion Unrestricted File Upload Vulnerability: Adobe ColdFusion contains an unrestricted file upload vulnerability that could allow for code execution.

Related CWE: CWE-434

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Adobe | ColdFusion

CVE-2018-4939

Adobe ColdFusion Deserialization of Untrusted Data Vulnerability: Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could allow for code execution.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Adobe | Acrobat and Reader

CVE-2021-28550

Adobe Acrobat and Reader Use-After-Free Vulnerability: Adobe Acrobat and Reader contains a use-after-free vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates