NEWS & EVENTS

SERVICES

The service analyzes a DNS request log and detects if there are domain names which can be generated by a Domain...

This service collects data related to public available exploits. The database is updated daily through the official...

The service aims at offering a representation of the  Cybersecurity domain through the creation of a controlled...

The service offers a survey to check the compliance of an organization with the GDPR (General Data Protection...

LATEST CVE

Published Description
CVE-2020-24659
04-09-2020 15:15:00
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.
CVE-2020-4702
04-09-2020 14:15:00
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187187.
CVE-2020-4632
04-09-2020 14:15:00
IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to submit or control server requests. IBM X-Force ID: 185416.
CVE-2020-4545
04-09-2020 14:15:00
IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbitrary code on the system, caused by improper loading of Dynamic Link Libraries by the import feature. By persuading a victim to open a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183190.
CVE-2020-7299
04-09-2020 14:15:00
Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user’s passwords on the same machine via triggering a process dump in specific situations.

Pages