Show vulnerabilities with patch / with exploit
22 May 2020

Vulnerability summary for the week: May 22, 2020


Vulnerability summary for the week: May 22, 2020

This week’s brief overview of the most important vulnerabilities includes recently disclosed flaws in Google Chrome, Apache Camel and Apache Tomcat, Cisco Unified CCX solution, and more.

Multiple vulnerabilities have been addressed in Apache Camel, an open source integration framework, two of which have been rated as the high-risk flaws (CVE-2020-11973, CVE-2020-11972). Both bugs can be exploited for a remote code execution.

Apache Software Foundation has warned about a dangerous vulnerability (CVE-2020-9484) in Apache Tomcat, an open source Java servlet container, which allows a remote attacker to execute arbitrary code on the target system. The bug exists due to improper validation of the deserialized data.

Versions Affected:

  • Apache Tomcat 10.0.0-M1 to 10.0.0-M4

  • Apache Tomcat 9.0.0.M1 to 9.0.34

  • Apache Tomcat 8.5.0 to 8.5.54

  • Apache Tomcat 7.0.0 to 7.0.103

Google has updated Chrome for Linux, Mac, and Windows to fix more than 30 vulnerabilities, including several high-severity flaws:

CVE-2020-6465: Use after free in reader mode.

CVE-2020-6466: Use after free in media.

CVE-2020-6467: Use after free in WebRTC.

CVE-2020-6468: Type Confusion in V8.

CVE-2020-6469: Insufficient policy enforcement in developer tools.

Cisco has patched a critical remote code execution bug (CVE-2020-3280) in Cisco Unified Contact Center Express, its “contact center in a box” solution.

CVE-2020-3280 is a vulnerability in the Java Remote Management Interface of the UCCX solution, which exists due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user on an affected device.

Multiple vulnerabilities have been reported in Schneider Electric EcoStruxure Operator Terminal Expert solution, the most severe of which (CVE-2020-7493) could allow remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Operator Terminal Expert.

FreeRDP, a free remote desktop protocol client, contains more than a dozen vulnerabilities, with six of them rated as high-severity flaws, which could be exploited for a remote code execution or for launching denial of service (DoS) attacks.

The WordPress Infinite Scroll – Ajax Load More plugin has an SQL injection vulnerability, which allows a remote attacker to execute arbitrary SQL queries in database and to read, delete, and modify data in database.

Adobe has released an out-of-band patch to fix a remote code execution (RCE) flaw in Adobe Character Animator. The flaw affects Adobe Character Animator for Windows and macOS, versions 3.2 and earlier. Alongside the Adobe Character Animator update the company has also released patches for Adobe Premiere Pro and Adobe Premiere Rush that address two bugs that could be exploited by attackers to gain access to sensitive information.


Back to the list

Latest Posts

REvil ransomware group announces its first ever stolen data auction

REvil ransomware group announces its first ever stolen data auction

REvil ransomware operators escalate their extortion tactics.
3 June 2020
Apple fixes recent iPhone “unc0ver” jailbreak flaw

Apple fixes recent iPhone “unc0ver” jailbreak flaw

The vendor issued the security patches less than a week after the hackers have released jailbreak tool called “Unc0ver”.
3 June 2020
DopplePaymer ransomware operators leak NASA-related files allegedly stolen from DMI

DopplePaymer ransomware operators leak NASA-related files allegedly stolen from DMI

The gang says it breached the network of one of NASA IT contractors.
3 June 2020
Featured vulnerabilities
MitM attack in GnuTLS
Medium Patched | 04 Jun, 2020
Spoofing attack in Docker
Medium Patched | 03 Jun, 2020
Information disclosure in GitLab
Medium Patched | 03 Jun, 2020
Multiple vulnerabilities in Google Chrome
High Patched | 03 Jun, 2020
Privilege escalation in ABB Central Licensing System
Medium Not Patched | 03 Jun, 2020