Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Showing 41 - 60 of 74
Filters:
Adobe | Flash Player

CVE-2015-5123

Adobe Flash Player Use-After-Free Vulnerability: Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.
  • Date Added: 2022-04-13
  • Due Date: 2022-05-04
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2015-5123
Adobe | Flash Player

CVE-2012-2034

Adobe Flash Player Memory Corruption Vulnerability: Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service (DoS).

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.
  • Date Added: 2022-03-28
  • Due Date: 2022-04-18
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2012-2034
Adobe | Reader and Acrobat

CVE-2013-2729

Adobe Reader and Acrobat Arbitrary Integer Overflow Vulnerability: Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code.

Related CWE: CWE-189

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-28
  • Due Date: 2022-04-18
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2013-2729
Adobe | Reader and Acrobat

CVE-2009-0927

Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability: Stack-based buffer overflow in Adobe Reader and Adobe Acrobat allows remote attackers to execute arbitrary code.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-25
  • Due Date: 2022-04-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2009-0927
Adobe | ColdFusion

CVE-2010-2861

Adobe ColdFusion Directory Traversal Vulnerability: A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-25
  • Due Date: 2022-04-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2010-2861
Adobe | Flash Player

CVE-2016-4171

Adobe Flash Player Remote Code Execution Vulnerability: Unspecified vulnerability in Adobe Flash Player allows for remote code execution.

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.
  • Date Added: 2022-03-25
  • Due Date: 2022-04-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-4171
Adobe | Flash Player

CVE-2016-7892

Adobe Flash Player Use-After-Free Vulnerability: Adobe Flash Player has an exploitable use-after-free vulnerability in the TextField class.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.
  • Date Added: 2022-03-25
  • Due Date: 2022-04-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-7892
Adobe | BlazeDS

CVE-2009-3960

Adobe BlazeDS Information Disclosure Vulnerability: Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-07
  • Due Date: 2022-09-07
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2009-3960
Adobe | ColdFusion

CVE-2013-0631

Adobe ColdFusion Information Disclosure Vulnerability: Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-07
  • Due Date: 2022-09-07
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2013-0631
Adobe | ColdFusion

CVE-2013-0629

Adobe ColdFusion Directory Traversal Vulnerability: Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-07
  • Due Date: 2022-09-07
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2013-0629
Adobe | ColdFusion

CVE-2013-0625

Adobe ColdFusion Authentication Bypass Vulnerability: Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access.

Related CWE: CWE-255

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-07
  • Due Date: 2022-09-07
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2013-0625
Adobe | Flash Player

CVE-2012-1535

Adobe Flash Player Arbitrary Code Execution Vulnerability: Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content.

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2012-1535
Adobe | Flash Player

CVE-2017-11292

Adobe Flash Player Type Confusion Vulnerability: Adobe Flash Player contains a type confusion vulnerability which can allow for remote code execution.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-11292
Adobe | Flash Player

CVE-2016-7855

Adobe Flash Player Use-After-Free Vulnerability: Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-7855
Adobe | Flash Player

CVE-2016-4117

Adobe Flash Player Arbitrary Code Execution Vulnerability: An access of resource using incompatible type vulnerability exists within Adobe Flash Player that allows an attacker to perform remote code execution.

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-4117
Adobe | Flash Player

CVE-2016-1019

Adobe Flash Player Arbitrary Code Execution Vulnerability: Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code.

Known To Be Used in Ransomware Campaigns? Known

Action: The impacted product is end-of-life and should be disconnected if still in use.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-1019
Adobe | Flash Player

CVE-2015-7645

Adobe Flash Player Arbitrary Code Execution Vulnerability: Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file.

Known To Be Used in Ransomware Campaigns? Known

Action: The impacted product is end-of-life and should be disconnected if still in use.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2015-7645
Adobe | Flash Player

CVE-2015-5119

Adobe Flash Player Use-After-Free Vulnerability: A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2015-5119
Adobe | Flash Player

CVE-2015-3043

Adobe Flash Player Memory Corruption Vulnerability: A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2015-3043
Adobe | Reader and Acrobat

CVE-2014-0496

Adobe Reader and Acrobat Use-After-Free Vulnerability: Adobe Reader and Acrobat contain a use-after-free vulnerability which can allow for code execution.

Related CWE: CWE-399

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2014-0496

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now