CISA Known Exploited Vulnerabilities

This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).

CVE-2015-2424

Microsoft PowerPoint Memory Corruption Vulnerability

Vendor: Microsoft

Product: PowerPoint

Added: 2022-03-03

Due Date: 2022-03-24

Description:

Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-119

CVE-2015-2387

Microsoft ATM Font Driver Privilege Escalation Vulnerability

Vendor: Microsoft

Product: ATM Font Driver

Added: 2022-03-03

Due Date: 2022-03-24

Description:

ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-264

CVE-2015-1701

Ransomware

Microsoft Win32k Privilege Escalation Vulnerability

Vendor: Microsoft

Product: Win32k

Added: 2022-03-03

Due Date: 2022-03-24

Description:

An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code with elevated privileges.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-264

CVE-2015-1642

Microsoft Office Memory Corruption Vulnerability

Vendor: Microsoft

Product: Office

Added: 2022-03-03

Due Date: 2022-03-24

Description:

Microsoft Office contains a memory corruption vulnerability that allows remote attackers to execute arbitrary code via a crafted document.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-119

CVE-2014-4114

Microsoft Windows Object Linking & Embedding (OLE) Remote Code Execution Vulnerability

Vendor: Microsoft

Product: Windows

Added: 2022-03-03

Due Date: 2022-03-24

Description:

A vulnerability exists in Windows Object Linking & Embedding (OLE) that could allow remote code execution if a user opens a file that contains a specially crafted OLE object.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-20

CVE-2014-0496

Adobe Reader and Acrobat Use-After-Free Vulnerability

Vendor: Adobe

Product: Reader and Acrobat

Added: 2022-03-03

Due Date: 2022-03-24

Description:

Adobe Reader and Acrobat contain a use-after-free vulnerability which can allow for code execution.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-399

CVE-2013-5065

Microsoft Windows Kernel Privilege Escalation Vulnerability

Vendor: Microsoft

Product: Windows

Added: 2022-03-03

Due Date: 2022-03-24

Description:

Microsoft Windows NDProxy.sys in the kernel contains an improper input validation vulnerability which can allow a local attacker to escalate privileges.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-20

CVE-2013-3897

Microsoft Internet Explorer Use-After-Free Vulnerability

Vendor: Microsoft

Product: Internet Explorer

Added: 2022-03-03

Due Date: 2022-03-24

Description:

A use-after-free vulnerability exists within CDisplayPointer in Microsoft Internet Explorer that allows an attacker to remotely execute arbitrary code.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-399

CVE-2013-3346

Adobe Reader and Acrobat Memory Corruption Vulnerability

Vendor: Adobe

Product: Reader and Acrobat

Added: 2022-03-03

Due Date: 2022-03-24

Description:

Adobe Reader and Acrobat contain a memory corruption vulnerability which can allow attackers to execute arbitrary code or cause a denial of service.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-119

CVE-2013-1675

Mozilla Firefox Information Disclosure Vulnerability

Vendor: Mozilla

Product: Firefox

Added: 2022-03-03

Due Date: 2022-03-24

Description:

Mozilla Firefox does not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-119

CVE-2013-1347

Microsoft Internet Explorer Remote Code Execution Vulnerability

Vendor: Microsoft

Product: Internet Explorer

Added: 2022-03-03

Due Date: 2022-03-24

Description:

This vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-94

CVE-2013-0641

Adobe Reader Buffer Overflow Vulnerability

Vendor: Adobe

Product: Reader

Added: 2022-03-03

Due Date: 2022-03-24

Description:

A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-120

CVE-2013-0640

Adobe Reader and Acrobat Memory Corruption Vulnerability

Vendor: Adobe

Product: Reader and Acrobat

Added: 2022-03-03

Due Date: 2022-03-24

Description:

An memory corruption vulnerability exists in the acroform.dll in Adobe Reader that allows an attacker to perform remote code execution.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-787

CVE-2013-0632

Adobe ColdFusion Authentication Bypass Vulnerability

Vendor: Adobe

Product: ColdFusion

Added: 2022-03-03

Due Date: 2022-03-24

Description:

An authentication bypass vulnerability exists in Adobe ColdFusion which could result in an unauthorized user gaining administrative access.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-200

CVE-2012-4681

Ransomware

Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability

Vendor: Oracle

Product: Java SE

Added: 2022-03-03

Due Date: 2022-03-24

Description:

The Java Runtime Environment (JRE) component in Oracle Java SE allow for remote code execution.

Required Action:

Apply updates per vendor instructions.