CISA Catalog
Data sourced from the official CISA Known Exploited Vulnerabilities Catalog. Federal agencies are required to remediate these vulnerabilities by the due date per BOD 22-01.
KEV Entries
1,619
Ransomware Use
327
Overdue
1,615
Vendors
266
Products
655
377 results · Page 12/16
Microsoft Graphics Component Memory Corruption Vulnerability
Microsoft · Graphics Component
Microsoft Graphics Component contains a memory corruption vulnerability which can allow for remote code execution.
Required Action
Apply updates per vendor instructions.
Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability
Microsoft · Windows
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution"
Required Action
Apply updates per vendor instructions.
Microsoft Internet Explorer Type Confusion Vulnerability
Microsoft · Internet Explorer
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer
Required Action
Apply updates per vendor instructions.
Microsoft Word Memory Corruption Vulnerability
Microsoft · Word
Microsoft Word contains a memory corruption vulnerability which when exploited could allow for remote code execution.
Required Action
Apply updates per vendor instructions.
Microsoft SMBv1 Remote Code Execution Vulnerability
Microsoft · SMBv1
The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.
Required Action
Apply updates per vendor instructions.
Microsoft Office Remote Code Execution Vulnerability
Microsoft · Office
A remote code execution vulnerability exists in Microsoft Office.
Required Action
Apply updates per vendor instructions.
Microsoft Windows SAM Local Privilege Escalation Vulnerability
Microsoft · Windows
If a Volume Shadow Copy (VSS) shadow copy of the system drive is available, users can read the SAM file which would allow any user to escalate privileges to SYSTEM level.
Required Action
Apply updates per vendor instructions.
Microsoft SMBv3 Remote Code Execution Vulnerability
Microsoft · SMBv3
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.
Required Action
Apply updates per vendor instructions.
Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability
Microsoft · Windows
Windows Shell in multiple versions of Microsoft Windows allows local users or remote attackers to execute arbitrary code via a crafted .LNK file
Required Action
Apply updates per vendor instructions.
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft · Win32k
Microsoft Win32k contains a privilege escalation vulnerability due to the Windows kernel-mode driver failing to properly handle objects in memory.
Required Action
Apply updates per vendor instructions.
Microsoft SMBv1 Remote Code Execution Vulnerability
Microsoft · SMBv1
The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.
Required Action
Apply updates per vendor instructions.
Microsoft HTTP.sys Remote Code Execution Vulnerability
Microsoft · HTTP.sys
Microsoft HTTP protocol stack (HTTP.sys) contains a vulnerability that allows for remote code execution.
Required Action
Apply updates per vendor instructions.
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft · Win32k
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Required Action
Apply updates per vendor instructions.
Microsoft Internet Explorer Memory Corruption Vulnerability
Microsoft · Internet Explorer
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code in the context of the current user.
Required Action
Apply updates per vendor instructions.
Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability
Microsoft · Windows
Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this vulnerability to execute arbitrary code with system-level privileges.
Required Action
Apply updates per vendor instructions.
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft · Win32k
Microsoft Windows Win32k contains a vulnerability that allows an attacker to escalate privileges.
Required Action
Apply updates per vendor instructions.
Microsoft Exchange Server Information Disclosure
Microsoft · Exchange Server
Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target.
Required Action
Apply updates per vendor instructions.
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft · Win32k
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP.
Required Action
Apply updates per vendor instructions.
Microsoft WinVerifyTrust function Remote Code Execution
Microsoft · WinVerifyTrust function
A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files.
Required Action
Apply updates per vendor instructions.
Microsoft Windows AppX Installer Spoofing Vulnerability
Microsoft · Windows
Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability.
Required Action
Apply updates per vendor instructions.
Microsoft Windows Win32k Privilege Escalation Vulnerability
Microsoft · Windows
Unspecified vulnerability allows for an authenticated user to escalate privileges.
Required Action
Apply updates per vendor instructions.
Microsoft Excel Security Feature Bypass
Microsoft · Office
A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution.
Required Action
Apply updates per vendor instructions.
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft · Exchange
An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution.
Required Action
Apply updates per vendor instructions.
Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability
Microsoft · Windows
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution.
Required Action
Apply updates per vendor instructions.
Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability
Microsoft · Enhanced Cryptographic Provider
Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.
Required Action
Apply updates per vendor instructions.
