Recently, we detected that the latest patch of CVE-2020-14882, Oracle Weblogic Console Remote Code Execution vulnerability can be bypassed. The vulnerability level is critical. The
Category: Vulnerability
CVE-2020-2490 & CVE-2020-2492: QNAP QTS Command Injection Vulnerabilities Alert
Network-attached storage device (NAS) developer QNAP recently issued a reminder that two security vulnerabilities have been discovered in the QTS operating system and have been
CVE-2020-3992: VMWARE ESXI Remote Code Execution Vulnerability Alert
On October 20, VMware issued a security notice to fix a VMware ESXi remote code execution vulnerability (CVE-2020-3992). The vulnerability comes from the “use-after-free” reuse
Oracle Critical Patch Update October 2020 fixed 421 vulnerabilities
On October 20, 2020, Oracle officially released the Oracle Critical Patch Update Advisory – October 2020. This security update released 421 vulnerability patches, of which
CVE-2020-24407, CVE-2020-24400: Adobe Magento File Upload Allow List Bypass/SQL Injection Vulnerabilities Alert
Magento is an open-source e-commerce platform written in PHP. It uses multiple other PHP frameworks such as Laminas and Symfony. Magento source code is distributed
CVE-2020-16922: Windows Spoofing Vulnerability Alert
Digital signatures are widely used in various places on the Internet. We use digital certificate encryption when browsing websites and digital signature verification when installing
CVE-2020-17023: Visual Studio JSON Remote Code Execution Vulnerability Alert
According to a message released by the Microsoft Security Response Center, Windows Codecs and Visual Studio Code code editors have high-risk security vulnerabilities. Windows Codecs
CVE-2020-5135: SonicOS Buffer Overflow Vulnerability Alert
On October 16, 2020, SonicWALL officially released a risk notice for SonicOS. The vulnerability level is critical. The vulnerability score is 9.4. There is a
CVE-2020-13933: Nexus Repository Manager 2 & 3 – Shiro Authentication Bypass Vulnerability Alert
Nexus is a repository manager, and acts as a staging repository which “intercepts” artifacts uploaded by mvn deploy. Thus artifacts can be safely deployed to
CVE-2020-12351/12352/24490: Linux Bluetooth Protocol Remote Code Execution Vulnerability Alert
On October 13, 2020, Google security researchers disclosed three vulnerabilities in the Bluetooth protocol stack of the Linux kernel. The vulnerability numbers are CVE-2020-12351, CVE-2020-12352,
VMware vCenter Unauthenticated Arbitrary File Read Vulnerability Alert
On October 13, 2020, @ptswarm issued a risk notice for VMware vCenter arbitrary file reading. A remote attacker can arbitrarily read files on the host
SAP Security Patch Day – October 2020: fix multi security vulnerabilities
On October 13, 2020, SAP officially released a risk notice for the October security update. In this update, SAP has fixed a total of 20
Homeland Security issues Zerologon security vulnerability warning
When Microsoft released a cumulative update in August 2020, it also disclosed a high-risk elevation of privilege vulnerability (EoP), which rated the maximum 10.0 in
CVE-2020-16898: Windows TCP/IP Remote Code Execution Vulnerability Alert
On October 13, 2020, Microsoft had issued a risk notice for a TCP/IP remote code execution vulnerability. The vulnerability number is CVE-2020-16875, the vulnerability level
Microsoft October 2020 Patch Tuesday: fix 87 vulnerabilities
On October 13, 2020, Microsoft officially released a risk notice for October. This security update released patches for 87 vulnerabilities, mainly covering the Windows operating