|
The service offers a survey to check the compliance of an organization with the GDPR (General Data Protection... |
This service collects data related to public available exploits. The database is updated daily through the official... |
The main goal of the tool is to provide a simple and quick tool for cyber risk self-assessment. The tool requires two... |
The service aims at offering a representation of the Cybersecurity domain through the creation of a controlled... |
| Published | Description | |
|---|---|---|
| CVE-2021-27379 |
18-02-2021 17:15:00 |
An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges. This occurs because a backport missed a flush, and thus IOMMU updates were not always correct. NOTE: this issue exists because of an incomplete fix for CVE-2020-15565. |
| CVE-2020-28463 |
18-02-2021 16:15:00 |
All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject <img src="http://127.0.0.1:5000" valign="top"/> 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF |
| CVE-2020-28499 |
18-02-2021 16:15:00 |
All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge . |
| CVE-2021-23341 |
18-02-2021 16:15:00 |
The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components. |
| CVE-2020-28491 |
18-02-2021 16:15:00 |
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception. |
| Date | Title | Platform | Author |
|---|---|---|---|
|
01-12-2020 |
Pharmacy/Medical Store & Sale Point 1.0 - 'email' SQL Injection | php | naivenom |
|
01-12-2020 |
Online Shopping Alphaware 1.0 - Error Based SQL injection | php | Moaaz Taha |
|
01-12-2020 |
Global Registration Service 1.0.0.3 - 'GREGsvc.exe' Unquoted Service Path | windows | Emmanuel Lujan |
|
01-12-2020 |
Intel(r) Management and Security Application 5.2 - User Notification Service Unquoted Service Path | windows | Metin Yunus Kandemir |
|
01-12-2020 |
Pandora FMS 7.0 NG 749 - Multiple Persistent Cross-Site Scripting Vulnerabilities # Date: 11-14-2020 | php | Matthew Aberegg |
| Published | Title | URL |
|---|---|---|
| 28-08-2019 | Aggiornamento di sicurezza per il CMS Joomla! | CERT LINK |
| 28-08-2019 | Aggiornamenti di sicurezza per prodotti Apple (26 agosto 2019) | CERT LINK |
| 28-08-2019 | Aggiornamento di sicurezza per Google Chrome (26 agosto 2019) | CERT LINK |
| 27-08-2019 | Vulnerabilità in prodotti Cisco (agosto 2019) | CERT LINK |
| 27-08-2019 | Aggiornamenti di sicurezza per prodotti Microsoft (agosto 2019) | CERT LINK |
Italiano
English