Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Showing 41 - 60 of 158
Filters:
Cisco | IOS

CVE-2004-1464

Cisco IOS Denial-of-Service Vulnerability: Cisco IOS contains an unspecified vulnerability that may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases, Hypertext Transport Protocol (HTTP) access to the Cisco device.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-05-19
  • Due Date: 2023-06-09
Additional Notes
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040827-telnet; https://nvd.nist.gov/vuln/detail/CVE-2004-1464
Cisco | IOS, IOS XR, and IOS XE

CVE-2016-6415

Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability: Cisco IOS, IOS XR, and IOS XE contain insufficient condition checks in the part of the code that handles Internet Key Exchange version 1 (IKEv1) security negotiation requests. contains an information disclosure vulnerability in the Internet Key Exchange version 1 (IKEv1) that could allow an attacker to retrieve memory contents. Successful exploitation could allow the attacker to retrieve memory contents, which can lead to information disclosure.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-05-19
  • Due Date: 2023-06-09
Additional Notes
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1; https://nvd.nist.gov/vuln/detail/CVE-2016-6415
Cisco | IOS and IOS XE Software

CVE-2017-6742

Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability: The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-04-19
  • Due Date: 2023-05-10
Additional Notes
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp; https://nvd.nist.gov/vuln/detail/CVE-2017-6742
Apple | Multiple Products

CVE-2023-28205

Apple Multiple Products WebKit Use-After-Free Vulnerability: Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-04-10
  • Due Date: 2023-05-01
Additional Notes
https://support.apple.com/en-us/HT213720,https://support.apple.com/en-us/HT213721,https://support.apple.com/en-us/HT213722,https://support.apple.com/en-us/HT213723; https://nvd.nist.gov/vuln/detail/CVE-2023-28205
Apple | iOS, iPadOS, and macOS

CVE-2023-28206

Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability: Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-04-10
  • Due Date: 2023-05-01
Additional Notes
https://support.apple.com/en-us/HT213720, https://support.apple.com/en-us/HT213721; https://nvd.nist.gov/vuln/detail/CVE-2023-28206
Apple | iOS, iPadOS, and macOS

CVE-2021-30900

Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability: Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges.

Related CWEs: CWE-20| CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-03-30
  • Due Date: 2023-04-20
Additional Notes
https://support.apple.com/en-us/HT21286, https://support.apple.com/en-us/HT212868, https://support.apple.com/kb/HT212872; https://nvd.nist.gov/vuln/detail/CVE-2021-30900
Apple | Multiple Products

CVE-2023-23529

Apple Multiple Products WebKit Type Confusion Vulnerability: Apple iOS, MacOS, Safari and iPadOS WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-02-14
  • Due Date: 2023-03-07
Additional Notes
https://support.apple.com/en-us/HT213635, https://support.apple.com/en-us/HT213633, https://support.apple.com/en-us/HT213638; https://nvd.nist.gov/vuln/detail/CVE-2023-23529
Apple | iOS and iPadOS

CVE-2022-42827

Apple iOS and iPadOS Out-of-Bounds Write Vulnerability: Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges.

Related CWEs: CWE-20| CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-10-25
  • Due Date: 2022-11-15
Additional Notes
https://support.apple.com/en-us/HT213489; https://nvd.nist.gov/vuln/detail/CVE-2022-42827
Cisco | AnyConnect Secure

CVE-2020-3433

Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability: Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at run time. An attacker with valid credentials on Windows could execute code on the affected machine with SYSTEM privileges.

Related CWE: CWE-427

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-10-24
  • Due Date: 2022-11-14
Additional Notes
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW; https://nvd.nist.gov/vuln/detail/CVE-2020-3433
Cisco | AnyConnect Secure

CVE-2020-3153

Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability: Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks.

Related CWE: CWE-427

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-10-24
  • Due Date: 2022-11-14
Additional Notes
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj; https://nvd.nist.gov/vuln/detail/CVE-2020-3153
Apple | iOS, iPadOS, and macOS

CVE-2022-32917

Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability: Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges.

Related CWEs: CWE-20| CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-14
  • Due Date: 2022-10-05
Additional Notes
https://support.apple.com/en-us/HT213445, https://support.apple.com/en-us/HT213444; https://nvd.nist.gov/vuln/detail/CVE-2022-32917
Apple | iOS, iPadOS, and macOS

CVE-2020-9934

Apple iOS, iPadOS, and macOS Input Validation Vulnerability: Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-08
  • Due Date: 2022-09-29
Additional Notes
https://support.apple.com/en-us/HT211288, https://support.apple.com/en-us/HT211289; https://nvd.nist.gov/vuln/detail/CVE-2020-9934
Apple | iOS, macOS, watchOS

CVE-2021-31010

Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability: In affected versions of Apple iOS, macOS, and watchOS, a sandboxed process may be able to circumvent sandbox restrictions.

Related CWEs: CWE-20| CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-08-25
  • Due Date: 2022-09-15
Additional Notes
https://support.apple.com/en-us/HT212804, https://support.apple.com/en-us/HT212805, https://support.apple.com/en-us/HT212806, https://support.apple.com/en-us/HT212807, https://support.apple.com/en-us/HT212824; https://nvd.nist.gov/vuln/detail/CVE-2021-31010
Apple | iOS and macOS

CVE-2022-32893

Apple iOS and macOS Out-of-Bounds Write Vulnerability: Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow for remote code execution when processing malicious crafted web content.

Related CWEs: CWE-20| CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-08-18
  • Due Date: 2022-09-08
Additional Notes
https://support.apple.com/en-gb/HT213412, https://support.apple.com/en-gb/HT213413; https://nvd.nist.gov/vuln/detail/CVE-2022-32893
Apple | iOS and macOS

CVE-2022-32894

Apple iOS and macOS Out-of-Bounds Write Vulnerability: Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges.

Related CWEs: CWE-20| CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-08-18
  • Due Date: 2022-09-08
Additional Notes
https://support.apple.com/en-gb/HT213412, https://support.apple.com/en-gb/HT213413; https://nvd.nist.gov/vuln/detail/CVE-2022-32894
Apple | Multiple Products

CVE-2018-4344

Apple Multiple Products Memory Corruption Vulnerability: Apple iOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability which can allow for code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-06-27
  • Due Date: 2022-07-18
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-4344
Apple | Multiple Products

CVE-2019-8605

Apple Multiple Products Use-After-Free Vulnerability: A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-06-27
  • Due Date: 2022-07-18
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-8605
Apple | Multiple Products

CVE-2020-9907

Apple Multiple Products Memory Corruption Vulnerability: Apple iOS, iPadOS, and tvOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-06-27
  • Due Date: 2022-07-18
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-9907

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now