Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Adobe | Acrobat and Reader

CVE-2011-2462

Adobe Acrobat and Reader Universal 3D Memory Corruption Vulnerability: The Universal 3D (U3D) component in Adobe Acrobat and Reader contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS).

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Adobe | Flash Player

CVE-2011-0609

Adobe Flash Player Unspecified Vulnerability: Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Adobe | Acrobat and Reader

CVE-2010-2883

Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability: Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Adobe | Flash Player

CVE-2010-1297

Adobe Flash Player Memory Corruption Vulnerability: Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Adobe | Acrobat and Reader

CVE-2009-4324

Adobe Acrobat and Reader Use-After-Free Vulnerability: Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file.

Related CWE: CWE-399

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Adobe | Acrobat and Reader

CVE-2009-3953

Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability: Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Adobe | Acrobat and Reader

CVE-2008-0655

Adobe Acrobat and Reader Unspecified Vulnerability: Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Adobe | Acrobat and Reader

CVE-2007-5659

Adobe Acrobat and Reader Buffer Overflow Vulnerability: Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Adobe | Acrobat and Reader

CVE-2014-0546

Adobe Acrobat and Reader Sandbox Bypass Vulnerability: Adobe Acrobat and Reader on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Adobe | Flash Player

CVE-2014-8439

Adobe Flash Player Dereferenced Pointer Vulnerability: Adobe Flash Player has a vulnerability in the way it handles a dereferenced memory pointer which could lead to code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Adobe | Flash Player

CVE-2015-8651

Adobe Flash Player Integer Overflow Vulnerability: Integer overflow in Adobe Flash Player allows attackers to execute code.

Related CWE: CWE-189

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Adobe | Flash Player

CVE-2015-0310

Adobe Flash Player ASLR Bypass Vulnerability: Adobe Flash Player does not properly restrict discovery of memory addresses, which allows attackers to bypass the address space layout randomization (ASLR) protection mechanism.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Adobe | Flash Player and AIR

CVE-2016-0984

Adobe Flash Player and AIR Use-After-Free Vulnerability: Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows attackers to execute code.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted products are end-of-life and should be disconnected if still in use.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Adobe | Flash Player and AIR

CVE-2016-1010

Adobe Flash Player and AIR Integer Overflow Vulnerability: Integer overflow vulnerability in Adobe Flash Player and AIR allows attackers to execute code.

Related CWE: CWE-190

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted products are end-of-life and should be disconnected if still in use.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Adobe | Flash Player

CVE-2018-5002

Adobe Flash Player Stack-based Buffer Overflow Vulnerability: Adobe Flash Player have a stack-based buffer overflow vulnerability that could lead to remote code execution.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-05-23
Due Date: 2022-06-13

Additional Notes

Adobe | Flash Player

CVE-2015-0311

Adobe Flash Player Remote Code Execution Vulnerability: Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code.

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-04-13
Due Date: 2022-05-04

Additional Notes

Adobe | Flash Player

CVE-2014-9163

Adobe Flash Player Stack-Based Buffer Overflow Vulnerability: Stack-based buffer overflow in Adobe Flash Player allows attackers to execute code remotely.

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-04-13
Due Date: 2022-05-04

Additional Notes

Adobe | Flash Player

CVE-2015-0313

Adobe Flash Player Use-After-Free Vulnerability: Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-04-13
Due Date: 2022-05-04

Additional Notes

Adobe | Flash Player

CVE-2015-3113

Adobe Flash Player Heap-Based Buffer Overflow Vulnerability: Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-04-13
Due Date: 2022-05-04

Additional Notes

Adobe | Flash Player

CVE-2015-5122

Adobe Flash Player Use-After-Free Vulnerability: Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-04-13
Due Date: 2022-05-04

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates