Google Project Zero Team released 11 zero-day vulnerabilities in their report for the first half of 2020
The complete details about these zero-days have been obtained from a Google Spreadsheet managed by Google security researchers, which the company made public available earlier this year. The spreadsheet contains Google’s internal statistics about in-the-wild zero-day usage going as far back as 2014, when the company began tracking said stats.
-
- CVE-2019-17026
- Mozilla
- Firefox
- Memory Corruption
- Type confusion in IonMonkey JIT compiler
- ???
- 2020-01-08
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/
- Dark Hotel
- https://blogs.360.cn/post/apt-c-06_0day.html
- Qihoo 360 ATA
-
- CVE-2020-0674
- Microsoft
- Internet Explorer
- Memory Corruption
- Unspecified memory corruption in Internet Explorer
- 2020-02-11
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0674
- https://blogs.360.cn/post/apt-c-06_0day.html
- Dark Hotel
- https://blogs.360.cn/post/apt-c-06_0day.html
- “Yi Huang(@C0rk1_H) & Kang Yang(@dnpushme) of Qihoo 360 ATA
- Clément Lecigne of Google’s Threat Analysis Group”
-
- CVE-2020-6418
- Chrome
- Memory Corruption
- Type confusion in v8
- 2020-02-24
- https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
- Clement Lecigne of Google’s Threat Analysis Group
-
- CVE-2020-8467
- TrendMicro
- Apex One/OfficeScan
- Unspecified
- Unspecified vulnerability in a migration tool component
- 2020-03-16
- https://success.trendmicro.com/solution/000245571
- Trend Micro Research
-
- CVE-2020-8468
- TrendMicro
- Apex One/OfficeScan
- Logic/Design Flaw
- Content validation escape in agent client component
- ???
- 2020-03-16
- https://success.trendmicro.com/solution/000245571
- Trend Micro Research
-
- CVE-2020-6819
- Mozilla
- Firefox
- Memory Corruption
- Use-after-free while running the nsDocShell destructor
- 2020-04-03
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/
- Francisco Alonso @revskills working with Javier Marcos of @JMPSec
-
- CVE-2020-6820
- Mozilla
- Firefox
- Memory Corruption
- Use-after-free when handling a ReadableStream
- 2020-04-03
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/
- Francisco Alonso @revskills working with Javier Marcos of @JMPSec
-
- CVE-2020-0938
- Microsoft
- Windows
- Memory Corruption
- Unspecified memory corruption in Adobe Type 1 PostScript format
- 2020-04-14
- https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0938
- Liubenjin and Zhiyi Zhang from Codesafe Team of Legendsec at Qi’anxin Group
-
- CVE-2020-1020
- Microsoft
- Windows
- Memory Corruption
- Unspecified memory corruption in Adobe Type 1 PostScript format
- 2020-04-14
- https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1020
- Google Project Zero & Google’s Threat Analysis Group
-
- CVE-2020-1027
- Microsoft
- Windows
- Memory Corruption
- Unspecified memory corruption in Windows Kernel
- 2020-03-23
- 2020-04-14
- https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1027
- Google Project Zero & Google’s Threat Analysis Group
-
- CVE 2020-12271
- Sophos
- XG Firewall
- Logic/Design Flaw
- SQL injection in admin interface/user portal
- 2020-04-22
- 2020-04-25
- https://community.sophos.com/kb/en-us/135412
- https://news.sophos.com/en-us/2020/04/26/asnarok/