Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Mar 3, 2022 | CVE-2017-6739 | Cisco IOS and IOS XE Software |
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute cod…
|
— | 20.4% |
| Mar 3, 2022 | CVE-2017-6740 | Cisco IOS and IOS XE Software |
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute cod…
|
— | 16.1% |
| Mar 3, 2022 | CVE-2017-6743 | Cisco IOS and IOS XE Software |
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute cod…
|
— | 20.4% |
| Mar 3, 2022 | CVE-2017-6744 | Cisco IOS software |
Cisco IOS Software SNMP Remote Code Execution Vulnerability
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an a…
|
— | 7.6% |
| Mar 3, 2022 | CVE-2018-0151 | Cisco IOS and IOS XE Software |
Cisco IOS Software and Cisco IOS XE Software Quality of Service Remote Code Execution Vulnerability
A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of serv…
|
— | 5.9% |
| Mar 3, 2022 | CVE-2018-0154 | Cisco IOS Software |
Cisco IOS Software Integrated Services Module for VPN Denial-of-Service Vulnerability
A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause …
|
— | 11.7% |
| Mar 3, 2022 | CVE-2018-0156 | Cisco IOS Software and Cisco IOS XE Software |
Cisco IOS Software and Cisco IOS XE Software Smart Install Denial-of-Service Vulnerability
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected dev…
|
— | 15.5% |
| Mar 3, 2022 | CVE-2018-0158 | Cisco IOS Software and Cisco IOS XE Software |
Cisco IOS and XE Software Internet Key Exchange Memory Leak Vulnerability
A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remo…
|
— | 14.6% |
| Mar 3, 2022 | CVE-2018-0159 | Cisco IOS Software and Cisco IOS XE Software |
Cisco IOS and XE Software Internet Key Exchange Version 1 Denial-of-Service Vulnerability
A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remo…
|
— | 7.0% |
| Mar 3, 2022 | CVE-2018-0161 | Cisco IOS Software |
Cisco IOS Software Resource Management Errors Vulnerability
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated,…
|
— | 0.9% |
| Mar 3, 2022 | CVE-2018-0167 | Cisco IOS, XR, and XE Software |
Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability
There is a buffer overflow vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software which could …
|
— | 1.2% |
| Mar 3, 2022 | CVE-2018-0172 | Cisco IOS and IOS XE Software |
Cisco IOS and IOS XE Software Improper Input Validation Vulnerability
A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service (DoS).
|
— | 6.2% |
| Mar 3, 2022 | CVE-2018-0173 | Cisco IOS and IOS XE Software |
Cisco IOS and IOS XE Software Improper Input Validation Vulnerability
A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets can allow for deni…
|
— | 5.4% |
| Mar 3, 2022 | CVE-2018-0174 | Cisco IOS XE Software |
Cisco IOS Software and Cisco IOS XE Software Improper Input Validation Vulnerability
A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service (DoS).
|
— | 5.4% |
| Mar 3, 2022 | CVE-2018-0175 | Cisco IOS, XR, and XE Software |
Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability
Format string vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenti…
|
— | 2.9% |
| Mar 3, 2022 | CVE-2018-0179 | Cisco IOS Software |
Cisco IOS Software Denial-of-Service Vulnerability
A vulnerability in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, re…
|
— | 2.0% |
| Mar 3, 2022 | CVE-2018-0180 | Cisco IOS Software |
Cisco IOS Software Denial-of-Service Vulnerability
A vulnerability in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, re…
|
— | 1.7% |
| Feb 11, 2022 | CVE-2022-22620 | Apple iOS, iPadOS, and macOS |
Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability
Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could i…
|
— | 4.0% |
| Feb 10, 2022 | CVE-2014-4404 | Apple OS X |
Apple OS X Heap-Based Buffer Overflow Vulnerability
Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context.
|
— | 62.0% |
| Feb 10, 2022 | CVE-2015-1130 | Apple OS X |
Apple OS X Authentication Bypass Vulnerability
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges.
|
— | 23.4% |
| Jan 28, 2022 | CVE-2022-22587 | Apple iOS and macOS |
Apple Memory Corruption Vulnerability
Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges.
|
— | 0.4% |
| Nov 3, 2021 | CVE-2018-0171 | Cisco IOS and IOS XE |
Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability
Cisco IOS and IOS XE Software improperly validates packet data, allowing an unauthenticated, remote attacker to trigger a reload of an affected device, cause a denial-of-service (…
|
— | 92.9% |
| Nov 3, 2021 | CVE-2019-2215 | Android Android Kernel |
Android Kernel Use-After-Free Vulnerability
Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an application to the Linux Kernel. This vulnerability was observed ch…
|
— | 53.1% |
| Nov 3, 2021 | CVE-2019-6223 | Apple iOS and macOS |
Apple iOS and macOS Group Facetime Vulnerability
Apple iOS and macOS Group FaceTime contains an unspecified vulnerability where the call initiator can cause the recipient's Apple device to answer unknowingly or without user inte…
|
— | 0.4% |
| Nov 3, 2021 | CVE-2020-0041 | Android Android Kernel |
Android Kernel Out-of-Bounds Write Vulnerability
Android Kernel binder_transaction of binder.c contains an out-of-bounds write vulnerability due to an incorrect bounds check that could allow for local privilege escalation. This …
|
— | 23.9% |
| Nov 3, 2021 | CVE-2020-16010 | Google Chrome for Android UI |
Google Chrome for Android UI Heap Buffer Overflow Vulnerability
Google Chrome for Android UI contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbo…
|
— | 19.6% |
| Nov 3, 2021 | CVE-2020-27930 | Apple Multiple Products |
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, and watchOS FontParser contain a memory corruption vulnerability which may allow for code execution when processing maliciously crafted front.
|
— | 43.9% |
| Nov 3, 2021 | CVE-2020-27932 | Apple Multiple Products |
Apple Multiple Products Type Confusion Vulnerability
Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel privileges.
|
— | 15.7% |
| Nov 3, 2021 | CVE-2020-27950 | Apple Multiple Products |
Apple Multiple Products Memory Initialization Vulnerability
Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory.
|
— | 43.8% |
| Nov 3, 2021 | CVE-2020-3118 | Cisco IOS XR |
Cisco IOS XR Software Discovery Protocol Format String Vulnerability
Cisco IOS XR improperly validates string input from certain fields in Cisco Discovery Protocol messages. Exploitation could allow an unauthenticated, adjacent attacker to execute …
|
— | 0.2% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.