Overview On May 12, 2020, local time, Adobe officially released July’s security updates to fix multiple vulnerabilities in its various products, including Adobe DNG Software Development Kit (SDK) and Adobe Acrobat and Reader. For details about the security update, visit the following link:
Overview A memory corruption vulnerability (CVE-2020-12651) was fixed in the latest version 8.7.2 of SecureCRT. When the CSI function receives a large negative number as a parameter, it may allow the remote system to destroy the memory in the terminal process, resulting in the execution of arbitrary code or the program crashes.
Overview Oracle released Critical Patch Update (CPU) for April 2020 that fixes multiple vulnerabilities of different risk levels, including two critical ones (CVE-2020-2883 and CVE-2020-2884) with a CVSS score of 9.8 that allow unauthenticated attackers with network access via T3 to compromise vulnerable Oracle WebLogic Server. Successful exploitation could result in takeover of Oracle WebLogic […]
Vulnerability Description On May 6, Jenkins released a security bulletin to announce the fix of nine vulnerabilities in five plug-ins. The SCM Filter Jervis plug-in contains a remote code execution vulnerability (CVE-2020-2189) which is officially identified as high-risk. As the SCM Filter Jervis plug-in does not configure its YAML parser by default, users can configure […]
Overview On April 28, local time, Adobe released an out-of-band patch tackling multiple vulnerabilities in Magento, Adobe Illustrator, and Adobe Bridge. For details about the security bulletins and advisories, visit the following link:
Overview On April 15, 2020, Beijing time, Oracle released Critical Patch Update (CPU) for April 2020 that fixes 397 vulnerabilities of different risk levels. These vulnerabilities include three critical ones (CVE-2020-2801, CVE-2020-2883, and CVE-2020-2884) that target Oracle WebLogic Server with a CVSS score of 9.8. These vulnerabilities allow unauthenticated attackers with network access via T3 […]
Vulnerability Description On April 15, Git issued a security bulletin announcing a vulnerability that could reveal Git user credentials (CVE-2020-5260). Git uses a credential helper to store and retrieve credentials. But when a URL contains an encoded newline (%0a), it may inject unexpected values into the protocol stream of the credential helper. This vulnerability is […]
Overview On April 14, 2020, local time, Adobe officially released April’s security updates to fix multiple vulnerabilities in its various products, including Adobe ColdFusion, Adobe After Effects, and Adobe Digital Editions.
Overview Microsoft released April 2020 security updates on Tuesday that fix 113 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including Android App, Apps, Microsoft Dynamics, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft Windows DNS, Open Source Software, Remote […]
Overview On April 14, local time, Oracle released the April Critical Patch Update (CPU) which fixes vulnerabilities that include a critical one (CVE-2020-2915) in Oracle Coherence CPU, with a CVSS score of 9.8. This vulnerability allows unauthenticated attackers with network access via T3 to compromise vulnerable Oracle Coherence. Successful exploitation of it could result in […]
