CISA Catalog
Data sourced from the official CISA Known Exploited Vulnerabilities Catalog. Federal agencies are required to remediate these vulnerabilities by the due date per BOD 22-01.
KEV Entries
1,619
Ransomware Use
327
Overdue
1,615
Vendors
266
Products
655
377 results · Page 8/16
Microsoft Internet Explorer Memory Corruption Vulnerability
Microsoft · Internet Explorer
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial-of-service (DoS) via a crafted website.
Required Action
Apply updates per vendor instructions.
Microsoft Internet Explorer Privilege Escalation Vulnerability
Microsoft · Internet Explorer
A privilege escalation vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information.
Required Action
Apply updates per vendor instructions.
Microsoft Windows Search Remote Code Execution Vulnerability
Microsoft · Windows
Microsoft Windows allows an attacker to take control of the affected system when Windows Search fails to handle objects in memory.
Required Action
Apply updates per vendor instructions.
Microsoft Internet Explorer Information Disclosure Vulnerability
Microsoft · Internet Explorer
An information disclosure vulnerability exists when Internet Explorer does not properly handle JavaScript. The vulnerability could allow an attacker to detect specific files on the user's computer.
Required Action
Apply updates per vendor instructions.
Microsoft Internet Explorer and Edge Information Disclosure Vulnerability
Microsoft · Internet Explorer and Edge
An information disclosure vulnerability exists in the way that certain functions in Internet Explorer and Edge handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer.
Required Action
Apply updates per vendor instructions.
Microsoft Internet Explorer Messaging API Information Disclosure Vulnerability
Microsoft · Internet Explorer
An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerability could allow the attacker to test for the presence of files on disk.
Required Action
Apply updates per vendor instructions.
Microsoft Windows Kernel Privilege Escalation Vulnerability
Microsoft · Windows
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
Required Action
Apply updates per vendor instructions.
Microsoft Update Notification Manager Privilege Escalation Vulnerability
Microsoft · Update Notification Manager
Microsoft Update Notification Manager contains an unspecified vulnerability that allows for privilege escalation.
Required Action
Apply updates per vendor instructions.
Microsoft Internet Explorer Information Disclosure Vulnerability
Microsoft · Internet Explorer
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk.
Required Action
Apply updates per vendor instructions.
Microsoft Windows SMB Information Disclosure Vulnerability
Microsoft · Windows
An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, which could lead to information disclosure from the server.
Required Action
Apply updates per vendor instructions.
Microsoft Windows Privilege Escalation Vulnerability
Microsoft · Windows
A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity.
Required Action
Apply updates per vendor instructions.
Microsoft Windows AppX Deployment Extensions Privilege Escalation Vulnerability
Microsoft · Windows
A privilege escalation vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.
Required Action
Apply updates per vendor instructions.
Microsoft Windows AppX Deployment Service Privilege Escalation Vulnerability
Microsoft · Windows
A privilege escalation vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links.
Required Action
Apply updates per vendor instructions.
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft · Win32k
A privilege escalation vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited this vulnerability could run remote code in the security context of the local system.
Required Action
Apply updates per vendor instructions.
Microsoft Internet Explorer Use-After-Free Vulnerability
Microsoft · Internet Explorer
Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute code.
Required Action
Apply updates per vendor instructions.
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft · Win32k
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Required Action
Apply updates per vendor instructions.
Microsoft Windows User Profile Service Privilege Escalation Vulnerability
Microsoft · Windows
Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
Required Action
Apply updates per vendor instructions.
Microsoft Windows User Profile Service Privilege Escalation Vulnerability
Microsoft · Windows
Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
Required Action
Apply updates per vendor instructions.
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft · Win32k
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Required Action
Apply updates per vendor instructions.
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft · Win32k
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Required Action
Apply updates per vendor instructions.
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Microsoft · Windows
Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.
Required Action
Apply updates per vendor instructions.
Microsoft Windows CLFS Driver Privilege Escalation Vulnerability
Microsoft · Windows
Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.
Required Action
Apply updates per vendor instructions.
Microsoft Internet Explorer Memory Corruption Vulnerability
Microsoft · Internet Explorer
Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).
Required Action
Apply updates per vendor instructions.
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
Microsoft · Active Directory
Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
Required Action
Apply updates per vendor instructions.
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
Microsoft · Active Directory
Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
Required Action
Apply updates per vendor instructions.
