|
This service offers the possibility of searching public domain information related to known security hardware and... |
This service shows statistics related to Tweets related to Cyber-Security, allowing to search them by keywords such as... |
This service identifies typical ransomware behaviours such as file ciphering. Differently from signature-based anti-... |
The service detects malicious signatures in analysed files, by scanning it with 57 different commercial anti-malware.... |
| Published | Description | |
|---|---|---|
| CVE-2020-15261 |
19-10-2020 22:15:00 |
On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users. |
| CVE-2020-15256 |
19-10-2020 22:15:00 |
A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method. The vulnerability is limited to the `includeInheritedProps` mode (if version >= 0.11.0 is used), which has to be explicitly enabled by creating a new instance of `object-path` and setting the option `includeInheritedProps: true`, or by using the default `withInheritedProps` instance. The default operating mode is not affected by the vulnerability if version >= 0.11.0 is used. Any usage of `set()` in versions < 0.11.0 is vulnerable. The issue is fixed in object-path version 0.11.5 As a workaround, don't use the `includeInheritedProps: true` options or the `withInheritedProps` instance if using a version >= 0.11.0. |
| CVE-2020-10746 |
19-10-2020 21:15:00 |
A flaw was found in Infinispan version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion, and shutdown of the entire server. |
| CVE-2020-15263 |
19-10-2020 21:15:00 |
In platform before version 9.4.4, inline attributes are not properly escaped. If the data that came from users was not escaped, then an XSS vulnerability is possible. The issue was introduced in 9.0.0 and fixed in 9.4.4. |
| CVE-2020-6085 |
19-10-2020 21:15:00 |
An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability by sending an Electronic Key Segment with less than 0x18 bytes following the Key Format field. |
| Date | Title | Platform | Author |
|---|---|---|---|
|
19-10-2020 |
HiSilicon Video Encoders - Full admin access via backdoor password | hardware | Alexei Kojenov |
|
19-10-2020 |
Online Discussion Forum Site 1.0 - XSS in Messaging System | php | j5oh |
|
19-10-2020 |
HiSilicon video encoders - RCE via unauthenticated upload of malicious firmware | hardware | Alexei Kojenov |
|
19-10-2020 |
HiSilicon Video Encoders - Unauthenticated file disclosure via path traversal | hardware | Alexei Kojenov |
|
19-10-2020 |
Typesetter CMS 5.1 - Arbitrary Code Execution (Authenticated) | php | Rodolfo Tavares |
Italiano
English