Security Vulnerabilities - Known exploited
CVE-2020-5722
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17.
Known exploited
CVSS Score
9.8
EPSS Score
0.927
Published
2020-03-23
CVE-2020-7961
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2020-03-20
CVE-2020-8468
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.
Known exploited
CVSS Score
8.8
EPSS Score
0.191
Published
2020-03-18
CVE-2020-8599
Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability.
Known exploited
CVSS Score
9.8
EPSS Score
0.579
Published
2020-03-18
CVE-2020-8467
A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication.
Known exploited
CVSS Score
8.8
EPSS Score
0.311
Published
2020-03-18
CVE-2020-3950
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.
Known exploited
CVSS Score
7.8
EPSS Score
0.214
Published
2020-03-17
CVE-2020-5847
Unraid through 6.8.0 allows Remote Code Execution.
Known exploited
CVSS Score
9.8
EPSS Score
0.935
Published
2020-03-16
CVE-2020-5849
Unraid 6.8.0 allows authentication bypass.
Known exploited
CVSS Score
7.5
EPSS Score
0.938
Published
2020-03-16
CVE-2020-0787
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.
Known exploited
CVSS Score
7.8
EPSS Score
0.608
Published
2020-03-12
CVE-2020-0796
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
Known exploited
CVSS Score
10.0
EPSS Score
0.944
Published
2020-03-12