Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 421–450 of 531 CVEs · Page 15 of 18 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Nov 3, 2021 CVE-2017-6327 Symantec Symantec Messaging Gateway
endpoint
Symantec Messaging Gateway Remote Code Execution Vulnerability
Symantec Messaging Gateway contains an unspecified vulnerability which can allow for remote code execution. With the ability to perform remote code execution, an attacker may also…
75.9%
Nov 3, 2021 CVE-2017-7269 Microsoft Internet Information Services (IIS)
endpoint m365 server os smb essential web server
Microsoft Windows Server Buffer Overflow Vulnerability
Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services (IIS) 6.0 which allows remote attackers to execute code via a long heade…
94.4%
Nov 3, 2021 CVE-2017-8759 Microsoft .NET Framework
endpoint m365 smb essential
Microsoft .NET Framework Remote Code Execution Vulnerability
Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system.
94.0%
Nov 3, 2021 CVE-2018-0798 Microsoft Office
endpoint m365 smb essential
Microsoft Office Memory Corruption Vulnerability
Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context o…
94.1%
Nov 3, 2021 CVE-2018-0802 Microsoft Office
endpoint m365 smb essential
Microsoft Office Memory Corruption Vulnerability
Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context o…
94.1%
Nov 3, 2021 CVE-2018-8653 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.
35.6%
Nov 3, 2021 CVE-2019-0541 Microsoft MSHTML
endpoint m365 smb essential
Microsoft MSHTML Remote Code Execution Vulnerability
Microsoft MSHTML engine contains an improper input validation vulnerability that allows for remote code execution vulnerability.
87.2%
Nov 3, 2021 CVE-2019-0604
Ransomware
Microsoft SharePoint
endpoint m365 smb essential
Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft SharePoint fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run remote code in the context of th…
94.4%
Nov 3, 2021 CVE-2019-0708
Ransomware
Microsoft Remote Desktop Services
endpoint m365 smb essential
Microsoft Remote Desktop Services Remote Code Execution Vulnerability
Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target syste…
94.5%
Nov 3, 2021 CVE-2019-0797 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains a privilege escalation vulnerability when the Win32k component fails to properly handle objects in memory. Successful exploitation allows an attacker to …
4.5%
Nov 3, 2021 CVE-2019-0803 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability due to it failing to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attac…
88.8%
Nov 3, 2021 CVE-2019-0808 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains a privilege escalation vulnerability due to the component failing to properly handle objects in memory. Successful exploitation allows an attacker to run…
74.0%
Nov 3, 2021 CVE-2019-0859 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k fails to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.
10.6%
Nov 3, 2021 CVE-2019-0863 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Error Reporting (WER) Privilege Escalation Vulnerability
Microsoft Windows Error Reporting (WER) contains a privilege escalation vulnerability due to the way it handles files, allowing for code execution in kernel mode.
6.2%
Nov 3, 2021 CVE-2019-11510
Ransomware
Ivanti Pulse Connect Secure
endpoint vpn remote
Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability
Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted …
94.5%
Nov 3, 2021 CVE-2019-11539
Ransomware
Ivanti Pulse Connect Secure and Pulse Policy Secure
endpoint vpn remote
Ivanti Pulse Connect Secure and Policy Secure Command Injection Vulnerability
Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands.
93.9%
Nov 3, 2021 CVE-2019-11634
Ransomware
Citrix Workspace Application and Receiver for Windows
endpoint enterprise smb essential vpn remote
Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability
Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the client…
52.4%
Nov 3, 2021 CVE-2019-1214 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Privilege Common Log File System (CLFS) Escalation Vulnerability
Microsoft Windows Common Log File System (CLFS) driver improperly handles objects in memory which can allow for privilege escalation.
3.7%
Nov 3, 2021 CVE-2019-1215
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Privilege Escalation Vulnerability
Microsoft Windows contains an unspecified vulnerability due to the way ws2ifsl.sys (Winsock) handles objects in memory, allowing for privilege escalation. Successful exploitation …
5.2%
Nov 3, 2021 CVE-2019-1367
Ransomware
Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability in how the scripting engine handles objects in memory. Successful exploitation allows for remote code execut…
90.7%
Nov 3, 2021 CVE-2019-1429 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.
83.0%
Nov 3, 2021 CVE-2019-18187 Trend Micro OfficeScan
endpoint
Trend Micro OfficeScan Directory Traversal Vulnerability
Trend Micro OfficeScan contains a directory traversal vulnerability by extracting files from a zip file to a specific folder on the OfficeScan server, leading to remote code execu…
80.6%
Nov 3, 2021 CVE-2019-6223 Apple iOS and macOS
endpoint mobile smb essential
Apple iOS and macOS Group Facetime Vulnerability
Apple iOS and macOS Group FaceTime contains an unspecified vulnerability where the call initiator can cause the recipient's Apple device to answer unknowingly or without user inte…
0.4%
Nov 3, 2021 CVE-2020-0601 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows CryptoAPI Spoofing Vulnerability
Microsoft Windows CryptoAPI (Crypt32.dll) contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the v…
94.1%
Nov 3, 2021 CVE-2020-0646 Microsoft .NET Framework
endpoint m365 smb essential
Microsoft .NET Framework Remote Code Execution Vulnerability
Microsoft .NET Framework contains an improper input validation vulnerability that allows for remote code execution.
93.9%
Nov 3, 2021 CVE-2020-0674 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. Successful exploitation could allow remote co…
93.6%
Nov 3, 2021 CVE-2020-0683 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Installer Privilege Escalation Vulnerability
Microsoft Windows Installer contains a privilege escalation vulnerability when MSI packages process symbolic links, which allows attackers to bypass access restrictions to add or …
31.3%
Nov 3, 2021 CVE-2020-0688
Ransomware
Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability
Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution.
94.4%
Nov 3, 2021 CVE-2020-0878
Ransomware
Microsoft Edge and Internet Explorer
browser endpoint m365 smb essential
Microsoft Edge and Internet Explorer Memory Corruption Vulnerability
Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user.
5.3%
Nov 3, 2021 CVE-2020-0938 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability
Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows …
87.0%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.