CISA Known Exploited Vulnerabilities

This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).

CVE-2016-1019

Ransomware

Adobe Flash Player Arbitrary Code Execution Vulnerability

Vendor: Adobe

Product: Flash Player

Added: 2022-03-03

Due Date: 2022-03-24

Description:

Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code.

Required Action:

The impacted product is end-of-life and should be disconnected if still in use.

CVE-2016-0099

Ransomware

Microsoft Windows Secondary Logon Service Privilege Escalation Vulnerability

Vendor: Microsoft

Product: Windows

Added: 2022-03-03

Due Date: 2022-03-24

Description:

A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-264

CVE-2015-7645

Ransomware

Adobe Flash Player Arbitrary Code Execution Vulnerability

Vendor: Adobe

Product: Flash Player

Added: 2022-03-03

Due Date: 2022-03-24

Description:

Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file.

Required Action:

The impacted product is end-of-life and should be disconnected if still in use.

CVE-2015-5119

Adobe Flash Player Use-After-Free Vulnerability

Vendor: Adobe

Product: Flash Player

Added: 2022-03-03

Due Date: 2022-03-24

Description:

A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution.

Required Action:

The impacted product is end-of-life and should be disconnected if still in use.

CWEs:

CWE-119

CVE-2015-4902

Oracle Java SE Integrity Check Vulnerability

Vendor: Oracle

Product: Java SE

Added: 2022-03-03

Due Date: 2022-03-24

Description:

Unspecified vulnerability in Oracle Java SE allows remote attackers to affect integrity via Unknown vectors related to deployment.

Required Action:

Apply updates per vendor instructions.

CVE-2015-3043

Adobe Flash Player Memory Corruption Vulnerability

Vendor: Adobe

Product: Flash Player

Added: 2022-03-03

Due Date: 2022-03-24

Description:

A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution.

Required Action:

The impacted product is end-of-life and should be disconnected if still in use.

CWEs:

CWE-787

CVE-2015-2590

Oracle Java SE and Java SE Embedded Remote Code Execution Vulnerability

Vendor: Oracle

Product: Java SE

Added: 2022-03-03

Due Date: 2022-03-24

Description:

An unspecified vulnerability exists within Oracle Java Runtime Environment that allows an attacker to perform remote code execution.

Required Action:

Apply updates per vendor instructions.

CVE-2015-2545

Microsoft Office Malformed EPS File Vulnerability

Vendor: Microsoft

Product: Office

Added: 2022-03-03

Due Date: 2022-03-24

Description:

Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-20

CVE-2015-2424

Microsoft PowerPoint Memory Corruption Vulnerability

Vendor: Microsoft

Product: PowerPoint

Added: 2022-03-03

Due Date: 2022-03-24

Description:

Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-119

CVE-2015-2387

Microsoft ATM Font Driver Privilege Escalation Vulnerability

Vendor: Microsoft

Product: ATM Font Driver

Added: 2022-03-03

Due Date: 2022-03-24

Description:

ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-264

CVE-2015-1701

Ransomware

Microsoft Win32k Privilege Escalation Vulnerability

Vendor: Microsoft

Product: Win32k

Added: 2022-03-03

Due Date: 2022-03-24

Description:

An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code with elevated privileges.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-264

CVE-2015-1642

Microsoft Office Memory Corruption Vulnerability

Vendor: Microsoft

Product: Office

Added: 2022-03-03

Due Date: 2022-03-24

Description:

Microsoft Office contains a memory corruption vulnerability that allows remote attackers to execute arbitrary code via a crafted document.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-119

CVE-2014-4114

Microsoft Windows Object Linking & Embedding (OLE) Remote Code Execution Vulnerability

Vendor: Microsoft

Product: Windows

Added: 2022-03-03

Due Date: 2022-03-24

Description:

A vulnerability exists in Windows Object Linking & Embedding (OLE) that could allow remote code execution if a user opens a file that contains a specially crafted OLE object.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-20

CVE-2014-0496

Adobe Reader and Acrobat Use-After-Free Vulnerability

Vendor: Adobe

Product: Reader and Acrobat

Added: 2022-03-03

Due Date: 2022-03-24

Description:

Adobe Reader and Acrobat contain a use-after-free vulnerability which can allow for code execution.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-399

CVE-2013-5065

Microsoft Windows Kernel Privilege Escalation Vulnerability

Vendor: Microsoft

Product: Windows

Added: 2022-03-03

Due Date: 2022-03-24

Description:

Microsoft Windows NDProxy.sys in the kernel contains an improper input validation vulnerability which can allow a local attacker to escalate privileges.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-20