CVE-2020-6851

A heap-based buffer overflow flaw was found in openjpeg in the opjt1clbldecodeprocessor in libopenjp2.so. Affecting versions through 2.3.1, the highest threat from this vulnerability is to file confidentiality and integrity as well as system availability...

KLA11722 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities: 1. Memory access vulnerability in streams component can be exploited to cause denial of service. 2. Type confusion vulnerability...

File deletion vulnerability in ourphp v1.9.1 backend

OURPHP is Harbin Weicheng Technology Co., Ltd. developed a PHP + MySQL based on the development of W3C standards-compliant building system. ourphp v1.9.1 arbitrary file deletion vulnerability exists in the background. Attackers can use this vulnerability to delete website files, the integrity of...

CVE-2020-1935

A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line EOL parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the...

openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c

A heap-based buffer overflow flaw was found in the opjt1clbldecodeprocessor in openjpeg2. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Webshell Bypass Vulnerability in D-Shield Firewall of Shenzhen Di Element Technology Co. Ltd (CNVD-2020-18727)

D-ShieldFirewall is an active defense protection software designed specifically for IIS to prevent websites and servers from being invaded by internal and external protection, and is designed based on the concept that the fewer the functions, the safer the server is under the normal operation of...

Webshell Bypass Vulnerability in D-Shield Firewall of Shenzhen Di Element Technology Co. Ltd (CNVD-2020-18723)

D-ShieldFirewall is an active defense protection software specially designed for IIS to prevent websites and servers from being invaded by internal and external protection, and is designed based on the concept that the fewer the functions, the safer the server is under the normal operation of all...

Webshell Bypass Vulnerability in D-Shield Firewall of Shenzhen Di Element Technology Co. Ltd (CNVD-2020-18729)

D-ShieldFirewall is an active defense protection software specially designed for IIS to prevent websites and servers from being invaded by internal and external protection, and is designed based on the concept that the fewer the functions, the safer the server is under the normal operation of all...

Webshell Bypass Vulnerability in D-Shield Firewall of Shenzhen Di Element Technology Co. Ltd (CNVD-2020-18720)

D-ShieldFirewall is an active defense protection software specially designed for IIS to prevent websites and servers from being invaded by internal and external protection, and is designed based on the concept that the fewer the functions, the safer the server is under the normal operation of all...

Webshell Bypass Vulnerability in D-Shield Firewall of Shenzhen Di Element Technology Co. Ltd (CNVD-2020-18721)

D-ShieldFirewall is an active defense protection software designed specifically for IIS to prevent websites and servers from being invaded by internal and external protection, and is designed based on the concept that the fewer the functions, the safer the server is under the normal operation of...

Webshell Bypass Vulnerability in D-Shield Firewall of Shenzhen Di Element Technology Co. Ltd (CNVD-2020-18716)

D-ShieldFirewall is an active defense protection software designed specifically for IIS to prevent websites and servers from being invaded by internal and external protection, and is designed based on the concept that the fewer the functions, the safer the server is under the normal operation of...

Webshell Bypass Vulnerability in D-Shield Firewall of Shenzhen Di Element Technology Co. Ltd (CNVD-2020-18712)

D-ShieldFirewall is an active defense protection software specially designed for IIS to prevent websites and servers from being invaded by internal and external protection, and is designed based on the concept that the fewer the functions, the safer the server is under the normal operation of all...

Webshell Bypass Vulnerability in D-Shield Firewall of Shenzhen Di Element Technology Co. Ltd (CNVD-2020-18713)

D-ShieldFirewall is an active defense protection software specially designed for IIS to prevent websites and servers from being invaded by internal and external protection, and is designed based on the concept that the fewer the functions, the safer the server is under the normal operation of all...

CVE-2019-20044

A flaw was found in zsh. When unsetting the PRIVILEGED option, the shell sets its effective user and group IDs to match their respective real IDs. When the RUID and EUID were both non-zero, it is possible to regain the shell's former privileges. Also, the setopt built-in did not correctly report...

CVE-2019-15791

A vulnerability was found in Linux kernel. A reference count underflow was discovered in the shiftfs implementation which could be used to cause a denial of service system crash or possibly execute arbitrary code. The highest threat from this vulnerability is to data confidentiality and integrity...

CVE-2019-20388

A memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being freed leading to a denial of service. System availability is the highest threat from this vulnerability...

CVE-2020-5398

A flaw was found in springframework in versions prior to 5.0.16, 5.1.13, and 5.2.3. A reflected file download RFD attack is possible when a "Content-Disposition" header is set in response to where the filename attribute is derived from user supplied input. The highest threat from this vulnerabili...

CVE-2020-7941

A privilege escalation flaw was found in plone in versions 4.3 through 5.2.1. Users are allowed to PUT overwrite some content without needing write permissions. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

CVE-2020-7938

A flaw was found in Plone in versions 5.2.0 through 5.2.1. Users with a certain privilege level can escalate their privileges up to the highest privilege level when the site is using plone.restapi. The highest threat from this vulnerability is to data confidentiality and integrity as well as syst...

kernel: heap overflow in marvell/mwifiex/tdls.c

A heap overflow flaw was found in the Linux kernel's Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If cod...