Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Cisco | IOS software

CVE-2017-12233

Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability: There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Cisco | IOS software

CVE-2017-12232

Cisco IOS Software for Cisco Integrated Services Routers Denial-of-Service Vulnerability: A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service.

Related CWE: CWE-399

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Cisco | IOS software

CVE-2017-12231

Cisco IOS Software Network Address Translation Denial-of-Service Vulnerability: A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS could allow an unauthenticated, remote attacker to cause a denial of service.

Related CWE: CWE-399

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Office

CVE-2017-11826

Microsoft Office Remote Code Execution Vulnerability: A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Flash Player

CVE-2017-11292

Adobe Flash Player Type Confusion Vulnerability: Adobe Flash Player contains a type confusion vulnerability which can allow for remote code execution.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Office

CVE-2017-0261

Microsoft Office Use-After-Free Vulnerability: Microsoft Office contains a use-after-free vulnerability which can allow for remote code execution.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Graphics Device Interface (GDI)

CVE-2017-0001

Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Siemens | SIMATIC CP

CVE-2016-8562

Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability: An improper privilege management vulnerability exists within the Siemens SIMATIC Communication Processor (CP) that allows a privileged attacker to remotely cause a denial of service.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Flash Player

CVE-2016-7855

Adobe Flash Player Use-After-Free Vulnerability: Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Excel

CVE-2016-7262

Microsoft Office Security Feature Bypass Vulnerability: A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Office

CVE-2016-7193

Microsoft Office Memory Corruption Vulnerability: Microsoft Office contains a memory corruption vulnerability which can allow for remote code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Linux | Kernel

CVE-2016-5195

Linux Kernel Race Condition Vulnerability: Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges.

Related CWE: CWE-362

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Flash Player

CVE-2016-4117

Adobe Flash Player Arbitrary Code Execution Vulnerability: An access of resource using incompatible type vulnerability exists within Adobe Flash Player that allows an attacker to perform remote code execution.

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Flash Player

CVE-2016-1019

Adobe Flash Player Arbitrary Code Execution Vulnerability: Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code.

Known To Be Used in Ransomware Campaigns? Known

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Windows

CVE-2016-0099

Microsoft Windows Secondary Logon Service Privilege Escalation Vulnerability: A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Flash Player

CVE-2015-7645

Adobe Flash Player Arbitrary Code Execution Vulnerability: Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file.

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Flash Player

CVE-2015-5119

Adobe Flash Player Use-After-Free Vulnerability: A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Oracle | Java SE

CVE-2015-4902

Oracle Java SE Integrity Check Vulnerability: Unspecified vulnerability in Oracle Java SE allows remote attackers to affect integrity via Unknown vectors related to deployment.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Flash Player

CVE-2015-3043

Adobe Flash Player Memory Corruption Vulnerability: A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Oracle | Java SE

CVE-2015-2590

Oracle Java SE and Java SE Embedded Remote Code Execution Vulnerability: An unspecified vulnerability exists within Oracle Java Runtime Environment that allows an attacker to perform remote code execution.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates