CISA Catalog
Data sourced from the official CISA Known Exploited Vulnerabilities Catalog. Federal agencies are required to remediate these vulnerabilities by the due date per BOD 22-01.
KEV Entries
1,619
Ransomware Use
327
Overdue
1,615
Vendors
266
Products
655
377 results · Page 5/16
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
Microsoft · Windows
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Microsoft SharePoint Server Privilege Escalation Vulnerability
Microsoft · SharePoint Server
Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
Microsoft · Windows
Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability
Microsoft · Windows
Microsoft Windows Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
Microsoft · Windows
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their associated prompts.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability
Microsoft · Windows
Microsoft Windows Cloud Files Mini Filter Driver contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Microsoft Skype for Business Privilege Escalation Vulnerability
Microsoft · Skype for Business
Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Microsoft WordPad Information Disclosure Vulnerability
Microsoft · WordPad
Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
Microsoft · Windows CNG Key Isolation Service
Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privileges.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Microsoft Word Information Disclosure Vulnerability
Microsoft · Word
Microsoft Word contains an unspecified vulnerability that allows for information disclosure.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Microsoft Streaming Service Proxy Privilege Escalation Vulnerability
Microsoft · Streaming Service Proxy
Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Microsoft .NET Core and Visual Studio Denial-of-Service Vulnerability
Microsoft · .NET Core and Visual Studio
Microsoft .NET Core and Visual Studio contain an unspecified vulnerability that allows for denial-of-service (DoS).
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Microsoft Windows Search Remote Code Execution Vulnerability
Microsoft · Windows
Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file, leading to remote code execution.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability
Microsoft · Windows
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for privilege escalation.
Required Action
Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Microsoft Windows Defender SmartScreen Security Feature Bypass Vulnerability
Microsoft · Windows
Microsoft Windows Defender SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Open File - Security Warning prompt.
Required Action
Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Microsoft Outlook Security Feature Bypass Vulnerability
Microsoft · Outlook
Microsoft Outlook contains a security feature bypass vulnerability that allows an attacker to bypass the Microsoft Outlook Security Notice prompt.
Required Action
Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability
Microsoft · Windows
Microsoft Windows Error Reporting Service contains an unspecified vulnerability that allows for privilege escalation.
Required Action
Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft · Win32k
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Required Action
Apply updates per vendor instructions.
Microsoft Win32K Privilege Escalation Vulnerability
Microsoft · Win32k
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation up to SYSTEM privileges.
Required Action
Apply updates per vendor instructions.
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Microsoft · Windows
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
Required Action
Apply updates per vendor instructions.
Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability
Microsoft · Windows
Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context.
Required Action
Apply updates per vendor instructions.
Microsoft Internet Explorer Memory Corruption Vulnerability
Microsoft · Internet Explorer
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website.
Required Action
The impacted product is end-of-life and should be disconnected if still in use.
Microsoft Office Outlook Privilege Escalation Vulnerability
Microsoft · Office
Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.
Required Action
Apply updates per vendor instructions.
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
Microsoft · Windows
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file.
Required Action
Apply updates per vendor instructions.
Microsoft Office Publisher Security Feature Bypass Vulnerability
Microsoft · Office
Microsoft Office Publisher contains a security feature bypass vulnerability that allows for a local, authenticated attack on a targeted system.
Required Action
Apply updates per vendor instructions.
