Security Vulnerabilities - Known exploited
CVE-2019-7483
In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.
Known exploited
CVSS Score
7.5
EPSS Score
0.399
Published
2019-12-19
CVE-2019-8605
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges.
Known exploited
CVSS Score
7.8
EPSS Score
0.102
Published
2019-12-18
CVE-2019-8526
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges.
Known exploited
CVSS Score
7.8
EPSS Score
0.003
Published
2019-12-18
CVE-2019-7286
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. An application may be able to gain elevated privileges.
Known exploited
CVSS Score
7.8
EPSS Score
0.022
Published
2019-12-18
CVE-2019-7287
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4. An application may be able to execute arbitrary code with kernel privileges.
Known exploited
CVSS Score
7.8
EPSS Score
0.042
Published
2019-12-18
CVE-2019-8506
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
Known exploited
CVSS Score
8.8
EPSS Score
0.16
Published
2019-12-18
CVE-2019-4716
IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094.
Known exploited
CVSS Score
10.0
EPSS Score
0.797
Published
2019-12-18
CVE-2019-7481
Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerablity impacted SMA100 version 9.0.0.3 and earlier.
Known exploited
CVSS Score
7.5
EPSS Score
0.943
Published
2019-12-17
CVE-2019-18935
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
Known exploited
CVSS Score
9.8
EPSS Score
0.937
Published
2019-12-11
CVE-2019-1458
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.
Known exploited
CVSS Score
7.8
EPSS Score
0.926
Published
2019-12-10