CVE-2020-8203

A flaw was found in nodejs-lodash in versions 4.17.15 and earlier. A prototype pollution attack is possible which can lead to arbitrary code execution. The primary threat from this vulnerability is to data integrity and system availability...

CVE-2020-13935

A flaw was found in Apache Tomcat, where the payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. The highest threat from this vulnerability is to...

CVE-2020-13934

A flaw was found in Apache Tomcat, where an h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests are made, an OutOfMemoryException could occur, leading to a denial of service. The highest threat from this vulnerability i...

CVE-2020-14507

Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code...

Path traversal

Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code...

CVE-2020-14507

Advantech iView (versions 5.6 and earlier) is affected by multiple path traversal vulnerabilities in various components (MenuServlet, NetworkServlet, ZTPConfig, LinksTable) enabling creation/download of arbitrary files, disruption of availability, and remote code execution. Root cause across advi...

CVE-2020-14507

Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code...

jbig2dec: heap-based buffer overflow in jbig2_image_compose in jbig2_image.c

An integer overflow was found in jbig2dec, which causes an out-of-bounds read/write in the jbig2imagecompose function. This flaw could potentially result in the execution of code on the system. Applications that use jbig2dec with untrusted input may be vulnerable to this flaw. The highest threat...

CVE-2020-14422

A vulnerability was found in the way the ipaddress python module computes hash values in the IPv4Interface and IPv6Interface classes. This flaw allows an attacker to create many dictionary entries, due to the performance of a dictionary containing the IPv4Interface or IPv6Interface objects,...

envoy: Resource exhaustion when accepting too many connections

A flaw was found in envoy in versions through 1.14.1. Accepting too many connections may lead to an exhaustion of file descriptors and/or memory. The highest threat from this vulnerability is to system availability...

nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload

A flaw was found in nodejs-minimist, where it was tricked into adding or modifying properties of the Object.prototype using a "constructor" or "proto" payload. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

CVE-2020-10730

A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the...

CVE-2020-10730

A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the...

CVE-2020-10730

CVE-2020-10730 affects the Samba AD DC LDAP Server (ASQ, VLV, and paged_results) with a NULL pointer dereference/use-after-free in affected builds prior to 4.10.17, 4.11.11, and 4.12.4. The root cause is in handling certain LDAP controls in the AD DC LDAP server, with the issue also present in th...

CVE-2020-10745

A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest threat from this...

CVE-2020-14317

It was found that the issue for security flaw CVE-2019-3805, appeared again in another version of the JBoss Enterprise Application Platform - Continuous Delivery EAP-CD introducing regression. This flaw allows an attacker to modify the PID file in /var/run/jboss-eap/ allowing the init.d script to...

kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c

A flaw was found in the Linux kernel. The Marvell mwifiex driver allows a remote WiFi access point to trigger a heap-based memory buffer overflow due to an incorrect memcpy operation. The highest threat from this vulnerability is to data integrity and system availability...

KLA12084 DoS vulnerability in Apache Tomcat

DoS vulnerability was found in Apache Tomcat. Malicious users can exploit this vulnerability to cause denial of service. Original advisories Apache Tomcat 7.x vulnerabilities Exploitation Public exploits exist for this vulnerability. Malware exists for this vulnerability. Usually such malware is...

The vulnerability in the cross-platform library LibVNCServer’s component libvncserver/scale.c allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability in the component libvncserver/scale.c of the cross-platform library LibVNCServer is due to a numerical overflow in pixelvalue. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

CVE-2020-14314

A memory out-of-bounds read flaw was found in the Linux kernel's ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability...