This is a list of recent vulnerabilities for which exploits are available.
CVE, Title, Vendor
CVSS v2 Base Score
Microsoft Windows SMBv3 Client/Server Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.
In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.
OpenWrt's opkg Man In The Middle Attack Vulnerability
A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary package payloads (which are installed without verification).
Zoho ManageEngine Desktop Central Remote Code Execution Vulnerability
An issue was discovered in Zoho ManageEngine Desktop Central. Remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets. An attacker could exploit this vulnerability to escalate privilege on the target system.
In Sudo versions, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS however, it is NOT the default for up stream and many other packages, and would exist only if enabled by anadministrator.) The attacker needs to deliver along string to the stdin of get ln()int get pass.c.