Security Vulnerabilities - Known exploited
CVE-2019-7286
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. An application may be able to gain elevated privileges.
Known exploited
CVSS Score
7.8
EPSS Score
0.015
Published
2019-12-18
CVE-2019-7287
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4. An application may be able to execute arbitrary code with kernel privileges.
Known exploited
CVSS Score
7.8
EPSS Score
0.049
Published
2019-12-18
CVE-2019-8506
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
Known exploited
CVSS Score
8.8
EPSS Score
0.081
Published
2019-12-18
CVE-2019-4716
IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094.
Known exploited
CVSS Score
10.0
EPSS Score
0.934
Published
2019-12-18
CVE-2019-7481
Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerablity impacted SMA100 version 9.0.0.3 and earlier.
Known exploited
CVSS Score
7.5
EPSS Score
0.943
Published
2019-12-17
CVE-2019-18935
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
Known exploited
CVSS Score
9.8
EPSS Score
0.936
Published
2019-12-11
CVE-2019-1458
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.
Known exploited
CVSS Score
7.8
EPSS Score
0.92
Published
2019-12-10
CVE-2019-5544
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
Known exploited
CVSS Score
9.8
EPSS Score
0.925
Published
2019-12-06
CVE-2019-7193
This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.
Known exploited
CVSS Score
9.8
EPSS Score
0.258
Published
2019-12-05
CVE-2019-7194
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.
Known exploited
CVSS Score
9.8
EPSS Score
0.939
Published
2019-12-05