CVE Tracker

Track known exploited vulnerabilities, CISA KEV alerts, and linked threat intelligence.

1,542

Total CVEs

1,542

CISA KEV

1542

Critical & High

With Known Exploits

All CISA KEV CRITICAL (0)HIGH (1542)MEDIUM (0)LOW (0)

Showing 20 of 1,542 CVEs with HIGH severity

CVE ID	Severity	EPSS	Vendor	Description	Status
CVE-2015-2387	High	31.2%	MicrosoftATM Font Driver	ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application.	KEV
CVE-2014-0496	High	74.9%	AdobeReader and Acrobat	Adobe Reader and Acrobat contain a use-after-free vulnerability which can allow for code execution.	KEV
CVE-2011-1889	High	85.4%	MicrosoftForefront Threat Management Gateway (TMG)	A remote code execution vulnerability exists in the Forefront Threat Management Gateway (TMG) Firewall Client Winsock provider that could allow code execution in the security context of the client application.	KEV
CVE-2015-7645	High	84.5%	AdobeFlash Player	Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file.	KEV
CVE-2015-2590	High	61.5%	OracleJava SE	An unspecified vulnerability exists within Oracle Java Runtime Environment that allows an attacker to perform remote code execution.	KEV
CVE-2013-0640	High	92.4%	AdobeReader and Acrobat	An memory corruption vulnerability exists in the acroform.dll in Adobe Reader that allows an attacker to perform remote code execution.	KEV
CVE-2010-3333	High	93.8%	MicrosoftOffice	A stack-based buffer overflow vulnerability exists in the parsing of RTF data in Microsoft Office and earlier allows an attacker to perform remote code execution.	KEV
CVE-2013-0641	High	88.0%	AdobeReader	A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution.	KEV
CVE-2013-1347	High	88.0%	MicrosoftInternet Explorer	This vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.	KEV
CVE-2012-4681	High	94.1%	OracleJava SE	The Java Runtime Environment (JRE) component in Oracle Java SE allow for remote code execution.	KEV
CVE-2013-0632	High	92.7%	AdobeColdFusion	An authentication bypass vulnerability exists in Adobe ColdFusion which could result in an unauthorized user gaining administrative access.	KEV
CVE-2012-1723	High	94.1%	OracleJava SE	Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Hotspot.	KEV
CVE-2012-1856	High	91.9%	MicrosoftOffice	The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption.	KEV
CVE-2011-0611	High	93.6%	AdobeFlash Player	Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content.	KEV
CVE-2011-3544	High	92.6%	OracleJava SE JDK and JRE	An access control vulnerability exists in the Applet Rhino Script Engine component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.	KEV
CVE-2010-0188	High	93.4%	AdobeReader and Acrobat	Unspecified vulnerability in Adobe Reader and Acrobat allows attackers to cause a denial of service or possibly execute arbitrary code.	KEV
CVE-2012-1535	High	91.4%	AdobeFlash Player	Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content.	KEV
CVE-2010-0232	High	72.6%	MicrosoftWindows	The kernel in Microsoft Windows, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges.	KEV
CVE-2008-2992	High	93.7%	AdobeAcrobat and Reader	Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution.	KEV
CVE-2004-0210	High	3.7%	MicrosoftWindows	A privilege elevation vulnerability exists in the POSIX subsystem. This vulnerability could allow a logged on user to take complete control of the system.	KEV

CVE-2015-2387

High

ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application.

Adobe Reader and Acrobat contain a use-after-free vulnerability which can allow for code execution.

A remote code execution vulnerability exists in the Forefront Threat Management Gateway (TMG) Firewall Client Winsock provider that could allow code execution in the security context of the client application.

Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file.

An unspecified vulnerability exists within Oracle Java Runtime Environment that allows an attacker to perform remote code execution.

An memory corruption vulnerability exists in the acroform.dll in Adobe Reader that allows an attacker to perform remote code execution.

A stack-based buffer overflow vulnerability exists in the parsing of RTF data in Microsoft Office and earlier allows an attacker to perform remote code execution.

A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution.

This vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.

The Java Runtime Environment (JRE) component in Oracle Java SE allow for remote code execution.

An authentication bypass vulnerability exists in Adobe ColdFusion which could result in an unauthorized user gaining administrative access.

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Hotspot.

The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption.

Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content.

An access control vulnerability exists in the Applet Rhino Script Engine component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.

Unspecified vulnerability in Adobe Reader and Acrobat allows attackers to cause a denial of service or possibly execute arbitrary code.

Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content.

The kernel in Microsoft Windows, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges.

Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution.

A privilege elevation vulnerability exists in the POSIX subsystem. This vulnerability could allow a logged on user to take complete control of the system.

MicrosoftEPSS 3.7%

KEV

Previous57 / 78Next