Security Vulnerabilities - Known exploited
CVE-2020-9818
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination.
Known exploited
CVSS Score
8.8
EPSS Score
0.006
Published
2020-06-09
CVE-2020-9819
A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5, watchOS 5.3.7. Processing a maliciously crafted mail message may lead to heap corruption.
Known exploited
CVSS Score
4.3
EPSS Score
0.004
Published
2020-06-09
CVE-2020-13965
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.
Known exploited
CVSS Score
6.1
EPSS Score
0.852
Published
2020-06-09
CVE-2020-9859
A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges.
Known exploited
CVSS Score
7.8
EPSS Score
0.003
Published
2020-06-05
CVE-2020-5410
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.
Known exploited
CVSS Score
7.5
EPSS Score
0.943
Published
2020-06-02
CVE-2020-8816
Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.
Known exploited
CVSS Score
9.1
EPSS Score
0.912
Published
2020-05-29
CVE-2020-1956
Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.
Known exploited
CVSS Score
8.8
EPSS Score
0.937
Published
2020-05-22
CVE-2020-1054
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1143.
Known exploited
CVSS Score
7.8
EPSS Score
0.77
Published
2020-05-21
CVE-2020-5741
Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.
Known exploited
CVSS Score
7.2
EPSS Score
0.456
Published
2020-05-08
CVE-2020-4427
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532.
Known exploited
CVSS Score
9.0
EPSS Score
0.51
Published
2020-05-07