Security Vulnerabilities - Known exploited
CVE-2020-0638
An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'.
Known exploited
CVSS Score
7.8
EPSS Score
0.015
Published
2020-01-14
CVE-2020-0601
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
Known exploited
CVSS Score
8.1
EPSS Score
0.941
Published
2020-01-14
CVE-2019-17558
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).
Known exploited
CVSS Score
7.5
EPSS Score
0.945
Published
2019-12-30
CVE-2019-17621
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
Known exploited
CVSS Score
9.8
EPSS Score
0.93
Published
2019-12-30
CVE-2019-20085
TVT NVMS-1000 devices allow GET /.. Directory Traversal
Known exploited
CVSS Score
7.5
EPSS Score
0.94
Published
2019-12-30
CVE-2019-19781
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2019-12-27
CVE-2019-10758
mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment.
Known exploited
CVSS Score
9.9
EPSS Score
0.944
Published
2019-12-24
CVE-2019-7483
In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.
Known exploited
CVSS Score
7.5
EPSS Score
0.424
Published
2019-12-19
CVE-2019-8605
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges.
Known exploited
CVSS Score
7.8
EPSS Score
0.121
Published
2019-12-18
CVE-2019-8526
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges.
Known exploited
CVSS Score
7.8
EPSS Score
0.003
Published
2019-12-18