Vulnerability Trends Summary

Generally speaking, this report shows monthly top 10 trends on security vulnerabilities from time to time and how hackers, malware, and exploit kits are exploiting those vulnerabilities. To begin with, we assign vulnerability trends value as a percentage of how each vulnerability is gaining the attention of cyber security communities, attackers, and malware. Henceforth, companies can benefit from the report to demonstrate on how to have more cyber threat insights and vigorously anticipate attacks wave that might target their public assets in due time.

Download the full vulnerability digest report by clicking here.

Subscribe to the monthly vulnerability digest report by clicking here.

The following chart shows the trends.

April2020 Vulnerability Trends

In April 2020, a new critical and exploitable vulnerability in VMware vCenter vmdir (CVE-2020-3952) gained ultimately attraction of cyber security communities. In a word, this vulnerability has almost 20% of overall April trends.

The next in line is Windows Type Manager RCE and Kernel Elevation vulnerabilities (CVE-2020-1020 and CVE-2020-1027) which were published in Microsoft April patch Tuesday.

The following table shows the details of the trends.

Vulnerability Trend April 2020

Download the full vulnerability digest report by clicking here.

Subscribe to the monthly vulnerability digest report by clicking here.

 

 

1.CVE-2020-3952

There is a bug in VMware vCenter vmdir component that allows an attacker to add administrator accounts without restriction and bypassing the access control.

CVSS Rate9.8 CRITICAL
ExploitedYes
Linkshttps://www.vmware.com/security/advisories/VMSA-2020-0006
https://www.guardicore.com/2020/04/pwning-vmware-vcenter-cve-2020-3952/

2.CVE-2020-1020

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka ‘Adobe Font Manager Library Remote Code Execution Vulnerability’.

CVSS Rate7.8 HIGH
ExploitedYes
Linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1020
https://mp.weixin.qq.com/s/RvTZWvcXiXsI7xB6L9RWIg

3.CVE-2020-1027

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’.

CVSS Rate7.8 HIGH
ExploitedYes
Linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1027

4.CVE-2020-1967

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the “signature_algorithms_cert” TLS extension.

CVSS Rate7.8 HIGH
ExploitedYes
Linkshttps://www.openssl.org/news/secadv/20200421.txt
https://github.com/irsl/CVE-2020-1967

5.CVE-2020-11100

In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.

CVSS Rate8.8 HIGH
ExploitedYes
Linkshttps://www.haproxy.org/download/2.1/src/CHANGELOG
https://bugs.chromium.org/p/project-zero/issues/detail?id=2023

6.CVE-2020-6450

Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS Rate8.8 HIGH
ExploitedNo
Linkshttps://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_31.html

7.CVE-2020-6819

Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-afterfree. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.

CVSS Rate8.8 HIGH
ExploitedYes
Linkshttps://www.mozilla.org/security/advisories/mfsa2020-11/

8.CVE-2020-6820

Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.

CVSS Rate8.8 HIGH
ExploitedYes
Linkshttps://source.android.com/security/bulletin/2020-04-01

9.CVE-2020-0070

In rw_t2t_update_lock_attributes of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS Rate9.8 CRITICAL
ExploitedYes
Linkshttps://source.android.com/security/bulletin/2020-04-01
https://securitylab.github.com/advisories/GHSL-2020-010-aosp

10.CVE-2020-11500

Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key.

CVSS Rate7.5 HIGH
ExploitedYes
Linkshttps://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoommeetings/