Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 1,171–1,200 of 1,619 CVEs · Page 40 of 54 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Mar 3, 2022 CVE-2015-2387 Microsoft ATM Font Driver
endpoint m365 smb essential
Microsoft ATM Font Driver Privilege Escalation Vulnerability
ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application.
24.7%
Mar 3, 2022 CVE-2015-2424 Microsoft PowerPoint
endpoint m365 smb essential
Microsoft PowerPoint Memory Corruption Vulnerability
Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document.
64.5%
Mar 3, 2022 CVE-2015-2545 Microsoft Office
endpoint m365 smb essential
Microsoft Office Malformed EPS File Vulnerability
Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image.
93.2%
Mar 3, 2022 CVE-2015-2590 Oracle Java SE
database enterprise
Oracle Java SE and Java SE Embedded Remote Code Execution Vulnerability
An unspecified vulnerability exists within Oracle Java Runtime Environment that allows an attacker to perform remote code execution.
66.6%
Mar 3, 2022 CVE-2015-3043 Adobe Flash Player
smb essential
Adobe Flash Player Memory Corruption Vulnerability
A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution.
87.4%
Mar 3, 2022 CVE-2015-4902 Oracle Java SE
database enterprise
Oracle Java SE Integrity Check Vulnerability
Unspecified vulnerability in Oracle Java SE allows remote attackers to affect integrity via Unknown vectors related to deployment.
18.3%
Mar 3, 2022 CVE-2015-5119 Adobe Flash Player
smb essential
Adobe Flash Player Use-After-Free Vulnerability
A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution.
93.2%
Mar 3, 2022 CVE-2015-7645
Ransomware
Adobe Flash Player
smb essential
Adobe Flash Player Arbitrary Code Execution Vulnerability
Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file.
85.2%
Mar 3, 2022 CVE-2016-0099
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Secondary Logon Service Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who success…
90.4%
Mar 3, 2022 CVE-2016-1019
Ransomware
Adobe Flash Player
smb essential
Adobe Flash Player Arbitrary Code Execution Vulnerability
Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code.
56.7%
Mar 3, 2022 CVE-2016-4117 Adobe Flash Player
smb essential
Adobe Flash Player Arbitrary Code Execution Vulnerability
An access of resource using incompatible type vulnerability exists within Adobe Flash Player that allows an attacker to perform remote code execution.
93.0%
Mar 3, 2022 CVE-2016-5195 Linux Kernel
server os
Linux Kernel Race Condition Vulnerability
Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges.
93.9%
Mar 3, 2022 CVE-2016-7193 Microsoft Office
endpoint m365 smb essential
Microsoft Office Memory Corruption Vulnerability
Microsoft Office contains a memory corruption vulnerability which can allow for remote code execution.
73.8%
Mar 3, 2022 CVE-2016-7262 Microsoft Excel
endpoint m365 smb essential
Microsoft Office Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary com…
88.2%
Mar 3, 2022 CVE-2016-7855 Adobe Flash Player
smb essential
Adobe Flash Player Use-After-Free Vulnerability
Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code.
59.0%
Mar 3, 2022 CVE-2016-8562 Siemens SIMATIC CP
ics ot
Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability
An improper privilege management vulnerability exists within the Siemens SIMATIC Communication Processor (CP) that allows a privileged attacker to remotely cause a denial of servi…
18.5%
Mar 3, 2022 CVE-2017-0001 Microsoft Graphics Device Interface (GDI)
endpoint m365 smb essential
Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1…
47.8%
Mar 3, 2022 CVE-2017-0261 Microsoft Office
endpoint m365 smb essential
Microsoft Office Use-After-Free Vulnerability
Microsoft Office contains a use-after-free vulnerability which can allow for remote code execution.
92.3%
Mar 3, 2022 CVE-2017-11292 Adobe Flash Player
smb essential
Adobe Flash Player Type Confusion Vulnerability
Adobe Flash Player contains a type confusion vulnerability which can allow for remote code execution.
34.4%
Mar 3, 2022 CVE-2017-11826 Microsoft Office
endpoint m365 smb essential
Microsoft Office Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the …
91.7%
Mar 3, 2022 CVE-2017-12231 Cisco IOS software
mobile network
Cisco IOS Software Network Address Translation Denial-of-Service Vulnerability
A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS could allow an unauthenticated, remote attacker to cause a denial of service.
9.4%
Mar 3, 2022 CVE-2017-12232 Cisco IOS software
mobile network
Cisco IOS Software for Cisco Integrated Services Routers Denial-of-Service Vulnerability
A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS could allow an unauthenticated, adjacent a…
1.4%
Mar 3, 2022 CVE-2017-12233 Cisco IOS software
mobile network
Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability
There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected de…
11.3%
Mar 3, 2022 CVE-2017-12234 Cisco IOS software
mobile network
Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability
There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected de…
11.3%
Mar 3, 2022 CVE-2017-12235 Cisco IOS software
mobile network
Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial-of-Service Vulnerability
A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS could allow an unauthenticated, remote attacker to cause an affec…
5.2%
Mar 3, 2022 CVE-2017-12237 Cisco IOS and IOS XE Software
m365 mobile network
Cisco IOS and IOS XE Software Internet Key Exchange Denial-of-Service Vulnerability
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS and Cisco IOS XE could allow an unauthenticated, remote attacker to cause high CPU utilization, …
9.3%
Mar 3, 2022 CVE-2017-12238 Cisco Catalyst 6800 Series Switches
network
Cisco Catalyst 6800 Series Switches VPLS Denial-of-Service Vulnerability
A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a de…
1.0%
Mar 3, 2022 CVE-2017-12240 Cisco IOS and IOS XE Software
mobile network
Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability
The Dynamic Host Configuration Protocol (DHCP) relay subsystem of Cisco IOS and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker…
10.7%
Mar 3, 2022 CVE-2017-12319 Cisco IOS XE Software
mobile network
Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial-of-Service Vulnerability
A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to c…
1.3%
Mar 3, 2022 CVE-2017-6627 Cisco IOS and IOS XE Software
mobile network
Cisco IOS Software and Cisco IOS XE Software UDP Packet Processing Denial-of-Service Vulnerability
A vulnerability in the UDP processing code of Cisco IOS and IOS XE could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packe…
10.2%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.