NEWS & EVENTS

SERVICES

This service shows statistics related to Tweets related to Cyber-Security, allowing to search them by keywords such as...

The service offers a platform that allows Registrars to check for any performance and security problems present on...

This service analyses sets of email file in .eml format to identify the unsolicited ones (SPAM). Moreover, the service...

The service aims at offering a representation of the  Cybersecurity domain through the creation of a controlled...

LATEST CVE

Published Description
CVE-2020-15120
27-07-2020 18:15:00
An authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. This can be further exploited to access all bills of another project without knowledge of this other project's private code. With the default configuration, anybody is allowed to create a new project. An attacker can create a new project and then use it to become authenticated and exploit this flaw. As such, the exposure is similar to an unauthenticated attack, because it is trivial to become authenticated.
CVE-2020-7016
27-07-2020 18:15:00
Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive.
CVE-2020-4408
27-07-2020 14:15:00
The IBM QRadar Advisor 1.1 through 2.5.2 with Watson App for IBM QRadar SIEM does not adequately mask all passwords during input, which could be obtained by a physical attacker nearby. IBM X-Force ID: 179536.
CVE-2020-4498
27-07-2020 14:15:00
IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118.
CVE-2020-15593
27-07-2020 14:15:00
SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC (Inter-Process Communication) primitives to enable the processes to cooperate. Any user in the system is allowed to access the interprocess communication channel AternityAgentAssistantIpc, retrieve a serialized object and call object methods remotely. Among others, the methods allow any user to: (1) Create and/or overwrite arbitrary XML files across the system; (2) Create arbitrary directories across the system; and (3) Load arbitrary plugins (i.e., C# assemblies) from the "%PROGRAMFILES(X86)/Aternity Information Systems/Assistant/plugins” directory and execute code contained in them.

Pages

LATEST EXPLOIT

Pages