|
The service shows a 3D representation of network traffic related to attacks on a honeypot in Pisa. In addition, the... |
The service offers a survey to check the compliance of an organization with the GDPR (General Data Protection... |
This service shows statistics related to Tweets related to Cyber-Security, allowing to search them by keywords such as... |
The service detects malicious signatures in analysed files, by scanning it with 57 different commercial anti-malware.... |
| Published | Description | |
|---|---|---|
| CVE-2019-19339 |
17-01-2020 19:15:00 |
It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for CVE-2018-12207. A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processor. System software like OS OR Virtual Machine Monitor (VMM) use virtual memory system for storing program instructions and data in memory. Virtual Memory system uses Paging structures like Page Tables and Page Directories to manage system memory. The processor's Memory Management Unit (MMU) uses Paging structure entries to translate program's virtual memory addresses to physical memory addresses. The processor stores these address translations into its local cache buffer called - Translation Lookaside Buffer (TLB). TLB has two parts, one for instructions and other for data addresses. System software can modify its Paging structure entries to change address mappings OR certain attributes like page size etc. Upon such Paging structure alterations in memory, system software must invalidate the corresponding address translations in the processor's TLB cache. But before this TLB invalidation takes place, a privileged guest user may trigger an instruction fetch operation, which could use an already cached, but now invalid, virtual to physical address translation from Instruction TLB (ITLB). Thus accessing an invalid physical memory address and resulting in halting the processor due to the Machine Check Error (MCE) on Page Size Change. |
| CVE-2020-5397 |
17-01-2020 19:15:00 |
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack. |
| CVE-2020-3940 |
17-01-2020 18:15:00 |
VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability. |
| CVE-2019-17127 |
17-01-2020 18:15:00 |
A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation. |
| CVE-2019-17125 |
17-01-2020 18:15:00 |
A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. |
| Date | Title | Platform | Author |
|---|---|---|---|
|
08-11-2019 |
Jenkins build-metrics plugin 1.3 - 'label' Cross-Site Scripting | java | vesche |
|
08-11-2019 |
Nextcloud 17 - Cross-Site Request Forgery | php | Ozer Goker |
|
08-11-2019 |
rConfig - install Command Execution (Metasploit) | linux | Metasploit |
|
07-11-2019 |
Adaware Web Companion version 4.8.2078.3950 - 'WCAssistantService' Unquoted Service Path | windows | Mariela L Martínez Hdez |
|
06-11-2019 |
Smartwares HOME easy 1.0.9 - Database Backup Information Disclosure | hardware | LiquidWorm |
Italiano
English