Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Oracle | Java SE

CVE-2012-4681

Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability: The Java Runtime Environment (JRE) component in Oracle Java SE allow for remote code execution.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Office

CVE-2012-1856

Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability: The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Oracle | Java SE

CVE-2012-1723

Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Hotspot.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Flash Player

CVE-2012-1535

Adobe Flash Player Arbitrary Code Execution Vulnerability: Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content.

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Oracle | Java SE

CVE-2012-0507

Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability: An incorrect type vulnerability exists in the Concurrency component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Oracle | Java SE JDK and JRE

CVE-2011-3544

Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability: An access control vulnerability exists in the Applet Rhino Script Engine component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Forefront Threat Management Gateway (TMG)

CVE-2011-1889

Microsoft Forefront TMG Remote Code Execution Vulnerability: A remote code execution vulnerability exists in the Forefront Threat Management Gateway (TMG) Firewall Client Winsock provider that could allow code execution in the security context of the client application.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Flash Player

CVE-2011-0611

Adobe Flash Player Remote Code Execution Vulnerability: Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Office

CVE-2010-3333

Microsoft Office Stack-based Buffer Overflow Vulnerability: A stack-based buffer overflow vulnerability exists in the parsing of RTF data in Microsoft Office and earlier allows an attacker to perform remote code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Windows

CVE-2010-0232

Microsoft Windows Kernel Exception Handler Vulnerability: The kernel in Microsoft Windows, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Reader and Acrobat

CVE-2010-0188

Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability: Unspecified vulnerability in Adobe Reader and Acrobat allows attackers to cause a denial of service or possibly execute arbitrary code.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Excel

CVE-2009-3129

Microsoft Excel Featheader Record Memory Corruption Vulnerability: Microsoft Office Excel allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Windows

CVE-2009-1123

Microsoft Windows Improper Input Validation Vulnerability: The kernel in Microsoft Windows does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Oracle | VirtualBox

CVE-2008-3431

Oracle VirtualBox Insufficient Input Validation Vulnerability: An input validation vulnerability exists in the VBoxDrv.sys driver of Sun xVM VirtualBox which allows attackers to locally execute arbitrary code.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Acrobat and Reader

CVE-2008-2992

Adobe Reader and Acrobat Input Validation Vulnerability: Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Windows

CVE-2004-0210

Microsoft Windows Privilege Escalation Vulnerability: A privilege elevation vulnerability exists in the POSIX subsystem. This vulnerability could allow a logged on user to take complete control of the system.

Related CWE: CWE-120

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Windows

CVE-2002-0367

Microsoft Windows Privilege Escalation Vulnerability: smss.exe debugging subsystem in Microsoft Windows does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Synacor | Zimbra Collaborate Suite (ZCS)

CVE-2022-24682

Synacor Zimbra Collaborate Suite (ZCS) Cross-Site Scripting Vulnerability: Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting (XSS) vulnerability in the Calendar feature that allows an attacker to execute arbitrary code.

Related CWEs: CWE-79| CWE-116

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-02-25
Due Date: 2022-03-11

Additional Notes

Microsoft | Office

CVE-2017-8570

Microsoft Office Remote Code Execution Vulnerability: A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-02-25
Due Date: 2022-08-25

Additional Notes

Microsoft | Internet Explorer

CVE-2017-0222

Microsoft Internet Explorer Remote Code Execution Vulnerability: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-02-25
Due Date: 2022-08-25

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates