Show vulnerabilities with patch / with exploit
27 July 2020

Vulnerability summary for the week: July 27, 2020


Vulnerability summary for the week: July 27, 2020

Adobe has released last week a slew of security updates to address a total of 13 vulnerabilities affecting its Bridge, Prelude and Photoshop applications.

Of five vulnerabilities addressed in Photoshop application, two are out-of-bounds read (CVE-2020-9683 and CVE-2020-9686) that allow an attacker to gain access to sensitive information, while other three are out-of-bounds write bugs (CVE-2020-9684, CVE-2020-9685, and CVE-2020-9687), which could be exploited for remote code execution.

In Bridge, Adobe’s asset management app, three vulnerabilities have been patched, two of which (CVE-2020-9674, CVE-2020-9676) could lead to remote code execution. Adobe Bridge versions 10.0.3 and earlier are affected. Users are recommended to update to version 10.1.1 for a fix.

Adobe Prelude solution has been found to contain out-of-bounds read (CVE-2020-9677, CVE-2020-9679) and out-of-bounds write (CVE-2020-9678, CVE-2020-9680) vulnerabilities that can allow code execution. The bugs affect Adobe Prelude versions 9.0 and earlier for Windows. Users can update to version 9.0.1. to resolve the flaws.

Cisco has also issued 33 security bug fixes to patch flaws across numerous of its products, including multiple RV-series routers, the RV110W series VPN Firewall, and Cisco SD-WAN Solution Software.

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers contain a couple of bugs deemed to be high security risks (CVE-2020-3357 and CVE-2020-3358). CVE-2020-3357 is a remote code execution bug, while CVE-2020-3358 is a denial of service flaw.

Cisco SD-WAN Solution Software is affected by two vulnerabilities (CVE-2020-3351, CVE-2020-3379). The first one allows a remote attacker to perform a denial of service attack whereas the latter can be exploited by a local user to escalate privileges on the system.

QEMU, an open source machine emulator and virtualizer, contains multiple vulnerabilities, most of which could be exploited to launch denial of service attacks, or gain access to sensitive information. However, two bugs (CVE-2020-13754 and CVE-2020-13361) allow a remote attacker to compromise vulnerable system by sending a malicious request.

The vulnerabilities impact QEMU v4.1.0, 4.1.1, 4.2.0, 4.2.1, and 5.0.0.

Foxit has fixed several bugs in its Studio Photo software. The most dangerous is CVE-2020-15629, which is an out-of-bound write vulnerability which allows a remote attacker to execute arbitrary code with the help of the specially crafted file. To achieve this, an attacker needs to convince the victim to open the malicious file. The flaw affects Foxit Studio Photo v3.6.6.918, 3.6.6.922, and 3.6.6.924.


Back to the list

Latest Posts

Iranian APT Oilrig becomes the first group to weaponize DNS-over-HTTPS

Iranian APT Oilrig becomes the first group to weaponize DNS-over-HTTPS

Oilrig members have added a new DNSExfiltrator utility to their hacking arsenal.
5 August 2020
Hacker published passwords for over 900 corporate VPN servers

Hacker published passwords for over 900 corporate VPN servers

The list was published on a Russian-speaking hacker forum frequented by different ransomware operators.
5 August 2020
Maze operators published dozens of GBs of data from LG and Xerox

Maze operators published dozens of GBs of data from LG and Xerox

Stolen information may include Xerox support records and source code for the firmware of various LG products.
4 August 2020