|
The main goal of the tool is to provide a simple and quick tool for cyber risk self-assessment. The tool requires two... |
An onthology represents an important resource for the organisation of a domain's knowledge in a more detailed way by... |
This service collects data related to public available exploits. The database is updated daily through the official... |
The service analyzes a DNS request log and detects if there are domain names which can be generated by a Domain... |
| Published | Description | |
|---|---|---|
| CVE-2020-26895 |
21-10-2020 02:15:00 |
Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver, or payment-sender). The impact is a loss of funds in certain situations. |
| CVE-2020-26896 |
21-10-2020 02:15:00 |
Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount collision with an invoice, the preimage for an expected payment was instead released. A malicious peer could have deliberately intercepted an HTLC intended for the victim node, probed the preimage through a colluding relayed HTLC, and stolen the intercepted HTLC. The impact is a loss of funds in certain situations, and a weakening of the victim's receiver privacy. |
| CVE-2020-24410 |
20-10-2020 22:15:00 |
Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files. This could result in a read past the end of an allocated memory structure, potentially resulting in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. |
| CVE-2020-24413 |
20-10-2020 22:15:00 |
Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. |
| CVE-2020-24411 |
20-10-2020 22:15:00 |
Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds write vulnerability when handling crafted PDF files. This could result in a write past the end of an allocated memory structure, potentially resulting in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. |
| Date | Title | Platform | Author |
|---|---|---|---|
|
20-10-2020 |
Ultimate Project Manager CRM PRO Version 2.0.5 - SQLi (Authenticated) | php | nag0mez |
|
20-10-2020 |
Wordpress Plugin WP Courses < 2.0.29 - Broken Access Controls leading to Courses Content Disclosure | php | redtimmysec |
|
20-10-2020 |
WordPress Plugin Rest Google Maps < 7.11.18 - SQL Injection | php | Jonatas Fil |
|
20-10-2020 |
WordPress Plugin Colorbox Lightbox v1.1.1 - Persistent Cross-Site Scripting (Authenticated) | multiple | n1x_ |
|
20-10-2020 |
Mobile Shop System v1.0 - SQL Injection Authentication Bypass | php | Moaaz Taha |
Italiano
English