NEWS & EVENTS

  • 09/12/2020 13:02:00

    Cyrano event will be held on December 16th, 2020 form 10 to 12 am, to share ideas about the sectorial challenges in cyber security.

    During this event Fabio Martinelli will introduce the cyber security observatory, also promoted by E-CORRIDOR. All the stakeholders...

  • 06/10/2020 18:01:22

    Il 9 ottobre, durante Internet Festival, avra’ luogo il Cybersecurity Day ( dell’Istituto di Informatica e Telematica del Cnr (IIT).

    All’evento parteciperanno esperti di settore, ricercatori, rappresentanti del mondo delle imprese. Nel corso della giornata saranno presentate le attività...

  • 29/09/2020 11:45:53

    Il 24 settembre scorso Fabio Martinelli è stato invitato dalla Commissione Europea a parlare delle prossime sfide in cyber security nell'ambito degli European research and innovation days 2020.

    In questa occasione ha avuto cosi modo di illustrare le prossime attivita' di ricerca del Cyber...

  • 04/09/2020 13:57:59

    Pubblicato il bando per la quinta edizione del Master in Cybersecurity dell'Università di Pisa, anno accademico 2020/21.

    Per immatricolarsi al Master, l’interessato deve collegarsi al Portale Alice all’indirizzo https://www.studenti.unipi.it...

SERVICES

The service offers a survey to check the compliance of an organization with the GDPR (General Data Protection...

This service collects data related to public available exploits. The database is updated daily through the official...

The main goal of the tool is to provide a simple and quick tool for cyber risk self-assessment. The tool requires two...

The service aims at offering a representation of the  Cybersecurity domain through the creation of a controlled...

LATEST CVE

Published Description
CVE-2021-27379
18-02-2021 17:15:00
An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges. This occurs because a backport missed a flush, and thus IOMMU updates were not always correct. NOTE: this issue exists because of an incomplete fix for CVE-2020-15565.
CVE-2020-28463
18-02-2021 16:15:00
All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject <img src="http://127.0.0.1:5000" valign="top"/> 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF
CVE-2020-28499
18-02-2021 16:15:00
All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge .
CVE-2021-23341
18-02-2021 16:15:00
The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components.
CVE-2020-28491
18-02-2021 16:15:00
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.

Pages