Security Vulnerabilities - Known exploited
CVE-2020-8468
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.
Known exploited
CVSS Score
8.8
EPSS Score
0.191
Published
2020-03-18
CVE-2020-8599
Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability.
Known exploited
CVSS Score
9.8
EPSS Score
0.579
Published
2020-03-18
CVE-2020-8467
A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication.
Known exploited
CVSS Score
8.8
EPSS Score
0.311
Published
2020-03-18
CVE-2020-3950
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.
Known exploited
CVSS Score
7.8
EPSS Score
0.214
Published
2020-03-17
CVE-2020-5847
Unraid through 6.8.0 allows Remote Code Execution.
Known exploited
CVSS Score
9.8
EPSS Score
0.935
Published
2020-03-16
CVE-2020-5849
Unraid 6.8.0 allows authentication bypass.
Known exploited
CVSS Score
7.5
EPSS Score
0.938
Published
2020-03-16
CVE-2020-0787
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.
Known exploited
CVSS Score
7.8
EPSS Score
0.608
Published
2020-03-12
CVE-2020-0796
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
Known exploited
CVSS Score
10.0
EPSS Score
0.944
Published
2020-03-12
CVE-2020-10181
goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrary users with elevated privileges (administrator) on a device, as demonstrated by a setString=new_user<*1*>administrator<*1*>123456 request.
Known exploited
CVSS Score
9.8
EPSS Score
0.206
Published
2020-03-11
CVE-2020-6207
SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager.
Known exploited
CVSS Score
10.0
EPSS Score
0.942
Published
2020-03-10