Security Vulnerabilities - Known exploited
CVE-2020-1020
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0938.
Known exploited
CVSS Score
8.8
EPSS Score
0.857
Published
2020-04-15
CVE-2020-0968
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0970.
Known exploited
CVSS Score
7.5
EPSS Score
0.437
Published
2020-04-15
CVE-2020-0938
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1020.
Known exploited
CVSS Score
7.8
EPSS Score
0.87
Published
2020-04-15
CVE-2020-2883
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2020-04-15
CVE-2020-11738
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.
Known exploited
CVSS Score
7.5
EPSS Score
0.941
Published
2020-04-13
CVE-2020-3952
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
Known exploited
CVSS Score
9.8
EPSS Score
0.943
Published
2020-04-10
CVE-2020-5735
Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code.
Known exploited
CVSS Score
8.8
EPSS Score
0.535
Published
2020-04-08
CVE-2020-10199
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
Known exploited
CVSS Score
8.8
EPSS Score
0.944
Published
2020-04-01
CVE-2020-5722
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17.
Known exploited
CVSS Score
9.8
EPSS Score
0.927
Published
2020-03-23
CVE-2020-7961
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2020-03-20