Security Vulnerabilities - Known exploited
CVE-2020-3952
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
Known exploited
CVSS Score
9.8
EPSS Score
0.933
Published
2020-04-10
CVE-2020-5735
Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code.
Known exploited
CVSS Score
8.8
EPSS Score
0.482
Published
2020-04-08
CVE-2020-10199
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
Known exploited
CVSS Score
8.8
EPSS Score
0.944
Published
2020-04-01
CVE-2020-5722
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17.
Known exploited
CVSS Score
9.8
EPSS Score
0.909
Published
2020-03-23
CVE-2020-7961
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2020-03-20
CVE-2020-8468
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.
Known exploited
CVSS Score
8.8
EPSS Score
0.045
Published
2020-03-18
CVE-2020-8599
Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability.
Known exploited
CVSS Score
9.8
EPSS Score
0.584
Published
2020-03-18
CVE-2020-8467
A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication.
Known exploited
CVSS Score
8.8
EPSS Score
0.077
Published
2020-03-18
CVE-2020-3950
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.
Known exploited
CVSS Score
7.8
EPSS Score
0.107
Published
2020-03-17
CVE-2020-5847
Unraid through 6.8.0 allows Remote Code Execution.
Known exploited
CVSS Score
9.8
EPSS Score
0.935
Published
2020-03-16