Design/Logic Flaw

A user who is privileged already manager or admin can set their profile picture via the frontend API using a relative filepath to then user the PFP GET API to download any valid files. The attacker would have to have been granted privileged permissions to the system before executing this attack...

Honor NTH-AN00 Data Forgery Issue Vulnerability

The Honor NTH-AN00 Honor 50 is a smartphone from the Chinese company Honor. The Honor NTH-AN00 suffers from a security vulnerability that stems from a signature management vulnerability, successful exploitation of which could result in a forged system file overwriting a correct system file...

DEBIAN-CVE-2020-15389

jp2/opjdecompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opjimagedestroy twice...

AZL-44193 CVE-2020-15389 affecting package openjpeg2 2.3.1-12

jp2/opjdecompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opjimagedestroy twice...