NEWS & EVENTS

SERVICES

The service analyzes a DNS request log and detects if there are domain names which can be generated by a Domain...

This service identifies typical ransomware behaviours such as file ciphering. Differently from signature-based anti-...

The main goal of the tool is to provide a simple and quick tool for cyber risk self-assessment. The tool requires two...

The service shows a 3D representation of network traffic related to attacks on a honeypot in Pisa. In addition, the...

LATEST CVE

Published Description
CVE-2020-10717
04-05-2020 21:15:00
A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of service may occur. This flaw allows a guest user/process to cause this denial of service on the host.
CVE-2020-10686
04-05-2020 21:15:00
A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in Keycloak version 9.0.1, where a malicious user registers as oneself. The attacker could then use the remove devices form to post different credential IDs and possibly remove MFA devices for other users.
CVE-2020-8896
04-05-2020 20:15:00
A Buffer Overflow vulnerability in the khcrypt implementation in Google Earth Pro versions up to and including 7.3.2 allows an attacker to perform a Man-in-the-Middle attack using a specially crafted key to read data past the end of the buffer used to hold it. Mitigation: Update to Google Earth Pro 7.3.3.
CVE-2020-5335
04-05-2020 19:15:00
RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site request forgery vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to send arbitrary requests to the vulnerable application to perform server operations with the privileges of the authenticated victim user.
CVE-2020-10622
04-05-2020 19:15:00
LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file creation by unauthorized users

Pages

LATEST EXPLOIT

Date Title Platform Author
06-11-2018
FaceTime - 'readSPSandGetDecoderParams' Stack Corruption macos Google Security Research
06-11-2018
OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection php AkkuS
05-11-2018
SiAdmin 1.1 - 'id' SQL Injection php Ihsan Sencan
05-11-2018
LiquidVPN 1.36 / 1.37 - Privilege Escalation macos Bernd Leitner
05-11-2018
Royal TS/X - Information Disclosure json Jakub Palaczynski

Pages