CVE-2020-0609 and CVE-2020-0610, remote code execution vulnerabilities in Windows Remote Desktop Gateway (RD Gateway). CVSS v3.1 Base Score 9.8.
CVE-2020-0796, a remote code execution vulnerability in Windows SMBv3 Client/Server. CVSS v3.1 Base Score 10.
CVE-2020-1350, a remote code execution vulnerability in Windows Domain Name System servers. CVSS v3.1 Base Score 10.
CVE-2020-1472, an elevation of privilege vulnerability in the Netlogon Remote Protocol (MSNRPC). CVSS v3.1 Base Score 10.
IGSS Data Collector (dc.exe) V18.104.22.16843 and prior received updates for multiple flaws with the most critical ones allowing an unauthorized party to gain access to the Windows Operating System on the machine running IGSS in production. Two of the vulnerabilities received a CVSS v3.1 Base Score of 9.8:
CVE-2021-22802, a Buffer Copy without Checking Size of Input vulnerability.
CVE-2021-22803, an Unrestricted Upload of File with Dangerous Type vulnerability.
Modicon TM5 modules received updates for multiple vulnerabilities fixed in 2020 and known as “AMNESIA:33”. The TCP/IP stack code in the Modicon TM5 was affected by two of them:
CVE-2020-13987, an Out-of-bounds read when calculating the checksums for IP packets. CVSS v3.1 Base Score 7.5.
CVE-2020-17438, an Out-of-bounds write when reassembling fragmented IP packets. CVSS v3.1 Base Score 9.8.
Refer to SE's Recommended Cybersecurity Best Practices document to ensure a defence-in-depth approach.
If you are using any of the vulnerable products that have fixes available, apply the latest updates as soon as possible.