Show vulnerabilities with patch / with exploit
26 June 2020

Vulnerability summary for the week: June 26, 2020


Vulnerability summary for the week: June 26, 2020

Here’s a short overview of the most noteworthy vulnerabilities affecting various products disclosed this week.

Google has updated its Chrome browser for Windows, Mac, and Linux to address several vulnerabilities, including a couple of high risk flaws (CVE-2020-6509) that allow a remote attacker to compromise a vulnerable system.

A vulnerability has been found in the Elliptic package 6.5.2 for Node.js that could be exploited by a remote attacker to compromise the target system. The flaw (CVE-2020-13822) allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.

Baxter ExactaMix pharmacy compounding system equipment widely used in the healthcare sector contains a number of vulnerabilities, which could lead to the sensitive information disclosure or to the remote code execution. The most interesting flaw is CVE-2017-0143, which exists due to an error when parsing requests in Microsoft Server Message Block 1.0 (SMBv1) server. A remote unauthenticated attacker can send specially crafted SMB packets and execute arbitrary code on the target system and fully compromise the vulnerable system.

Users are advised to upgrade to the ExactaMix Version 1.4 (EM1200) and ExactaMix Version 1.13 (EM2400) which fix the above mentioned issues.

Bitdefender has fixed a flaw in its SafePay solution, a protected web browser designed to secure sensitive online transactions such as online-banking and e-shopping.

Successful exploitation of the CVE-2020-8102 flaw could allow an attacker to execute commands remotely in the context of the user on the system, and depending on the privileges associated with the user, to install software; view, change, or delete data; or create new accounts with full user rights.

Adobe has issued an update to patch three high risk vulnerabilities in Adobe Framemaker software. The bugs, tracked as CVE-2020-9636, CVE-2020-9634, and CVE-2020-9635, can lead to the remote code execution.

A SQL injection issue has been found in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress. The vulnerability (CVE-2020-13640) allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request. Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.


Back to the list

Latest Posts

Weekly security roundup: July 13, 2020

Weekly security roundup: July 13, 2020

A short overview of last week's top stories in the world of cyber security.
13 July 2020
Hackers are attempting to exploit recent Citrix vulnerabilities

Hackers are attempting to exploit recent Citrix vulnerabilities

Citrix downplayed the impact of the vulnerabilities and said they are less likely to be exploited compared to CVE-2019-19781.
13 July 2020
Zoom patches critical bug affecting Zoom client for Windows

Zoom patches critical bug affecting Zoom client for Windows

The company has also released a planned update for Phone and Web users, which brings AES-256 bit encryption.
13 July 2020