Known Exploited Vulnerabilities (KEV)

CISA Catalog

Known Exploited Vulnerabilities

· Live CISA DataCISA KEV catalog — vulnerabilities with active exploitation requiring federal remediation

Data sourced from the official CISA Known Exploited Vulnerabilities Catalog. Federal agencies are required to remediate these vulnerabilities by the due date per BOD 22-01.

KEV Entries

1,619

Ransomware Use

327

Overdue

1,615

Vendors

266

Products

655

44 results · Page 2/2

CVE-2012-0518Overdue

Due: 2022-04-18
Added: 2022-03-28

Oracle Fusion Middleware Unspecified Vulnerability

Oracle · Fusion Middleware

Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via Unknown vectors

Required Action

Apply updates per vendor instructions.

CVE-2019-2616Overdue

Due: 2022-04-15
Added: 2022-03-25

Oracle BI Publisher Unauthorized Access Vulnerability

Oracle · BI Publisher (Formerly XML Publisher)

Oracle BI Publisher, formerly XML Publisher, contains an unspecified vulnerability that allows for various unauthorized actions. Open-source reporting attributes this vulnerability to allowing for authentication bypass.

Required Action

Apply updates per vendor instructions.

2 / 2

Due: 2022-03-24
Added: 2022-03-03

Oracle Java SE Integrity Check Vulnerability

Unspecified vulnerability in Oracle Java SE allows remote attackers to affect integrity via Unknown vectors related to deployment.

Required Action

Apply updates per vendor instructions.

CVE-2015-2590Overdue

Due: 2022-03-24
Added: 2022-03-03

Oracle Java SE and Java SE Embedded Remote Code Execution Vulnerability

Oracle · Java SE

An unspecified vulnerability exists within Oracle Java Runtime Environment that allows an attacker to perform remote code execution.

Required Action

Apply updates per vendor instructions.

CVE-2012-4681RansomwareOverdue

Due: 2022-03-24
Added: 2022-03-03

Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability

Oracle · Java SE

The Java Runtime Environment (JRE) component in Oracle Java SE allow for remote code execution.

Required Action

Apply updates per vendor instructions.

CVE-2012-1723RansomwareOverdue

Due: 2022-03-24
Added: 2022-03-03

Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability

Oracle · Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Hotspot.

Required Action

Apply updates per vendor instructions.

CVE-2012-0507RansomwareOverdue

Due: 2022-03-24
Added: 2022-03-03

Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability

Oracle · Java SE

An incorrect type vulnerability exists in the Concurrency component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.

Required Action

Apply updates per vendor instructions.

CVE-2011-3544Overdue

Due: 2022-03-24
Added: 2022-03-03

Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability

Oracle · Java SE JDK and JRE

An access control vulnerability exists in the Applet Rhino Script Engine component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.

Required Action

Apply updates per vendor instructions.

CVE-2008-3431Overdue

Due: 2022-03-24
Added: 2022-03-03

Oracle VirtualBox Insufficient Input Validation Vulnerability

Oracle · VirtualBox

An input validation vulnerability exists in the VBoxDrv.sys driver of Sun xVM VirtualBox which allows attackers to locally execute arbitrary code.

Required Action

Apply updates per vendor instructions.

CVE-2017-10271RansomwareOverdue

Due: 2022-08-10
Added: 2022-02-10

Oracle Corporation WebLogic Server Remote Code Execution Vulnerability

Oracle · WebLogic Server

Oracle Corporation WebLogic Server contains a vulnerability that allows for remote code execution.

Required Action

Apply updates per vendor instructions.

CVE-2020-14864Overdue

Due: 2022-07-18
Added: 2022-01-18

Oracle Business Intelligence Enterprise Edition Path Transversal

Oracle · Intelligence Enterprise Edition

Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file.

Required Action

Apply updates per vendor instructions.

CVE-2019-2725RansomwareOverdue

Due: 2022-07-10
Added: 2022-01-10

Oracle WebLogic Server, Injection

Oracle · WebLogic Server

Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).

Required Action

Apply updates per vendor instructions.

CVE-2020-2555Overdue

Due: 2022-05-03
Added: 2021-11-03

Oracle Multiple Products Remote Code Execution Vulnerability

Oracle · Multiple Products

Multiple Oracle products contain a remote code execution vulnerability that allows an unauthenticated attacker with network access via T3 or HTTP to takeover the affected system. Impacted Oracle products: Oracle Coherence in Fusion Middleware, Oracle Utilities Framework, Oracle Retail Assortment Planning, Oracle Commerce, Oracle Communications Diameter Signaling Router (DSR).

Required Action

Apply updates per vendor instructions.

CVE-2012-3152Overdue

Due: 2022-05-03
Added: 2021-11-03

Oracle Fusion Middleware Unspecified Vulnerability

Oracle · Fusion Middleware

Oracle Fusion Middleware Reports Developer contains an unspecified vulnerability that allows remote attackers to affect confidentiality and integrity of affected systems.

Required Action

Apply updates per vendor instructions.

CVE-2020-14871Overdue

Due: 2022-05-03
Added: 2021-11-03

Oracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability

Oracle · Solaris and Zettabyte File System (ZFS)

Oracle Solaris and Oracle ZFS Storage Appliance Kit contain an unspecified vulnerability causing high impacts to confidentiality, integrity, and availability of affected systems.

Required Action

Apply updates per vendor instructions.

CVE-2015-4852Overdue

Due: 2022-05-03
Added: 2021-11-03

Oracle WebLogic Server Deserialization of Untrusted Data Vulnerability

Oracle · WebLogic Server

Oracle WebLogic Server contains a deserialization of untrusted data vulnerability within Apache Commons, which can allow for for remote code execution.

Required Action

Apply updates per vendor instructions.

CVE-2020-14750Overdue

Due: 2022-05-03
Added: 2021-11-03

Oracle WebLogic Server Remote Code Execution Vulnerability

Oracle · WebLogic Server

Oracle WebLogic Server contains an unspecified vulnerability allowing an unauthenticated attacker to perform remote code execution. This vulnerability is related to CVE-2020-14882.

Required Action

Apply updates per vendor instructions.

CVE-2020-14882Overdue

Due: 2022-05-03
Added: 2021-11-03

Oracle WebLogic Server Remote Code Execution Vulnerability

Oracle · WebLogic Server

Oracle WebLogic Server contains an unspecified vulnerability, which is assessed to allow for remote code execution, based on this vulnerability being related to CVE-2020-14750.

Required Action

Apply updates per vendor instructions.

CVE-2020-14883Overdue

Due: 2022-05-03
Added: 2021-11-03

Oracle WebLogic Server Unspecified Vulnerability

Oracle · WebLogic Server

Oracle WebLogic Server contains an unspecified vulnerability in the Console component with high impacts to confidentilaity, integrity, and availability.

Required Action

Apply updates per vendor instructions.