NEWS & EVENTS

SERVICES

The service shows a 3D representation of network traffic related to attacks on a honeypot in Pisa. In addition, the...

The service offers a survey to check the compliance of an organization with the GDPR (General Data Protection...

This service identifies typical ransomware behaviours such as file ciphering. Differently from signature-based anti-...

This service offers the possibility of searching public domain information related to known security hardware and...

LATEST CVE

Published Description
CVE-2019-17199
05-10-2019 16:15:10
www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. substring.
CVE-2019-17197
05-10-2019 15:15:11
OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clinical_rules.php that affects library/patient.inc.
CVE-2019-13145
05-10-2019 15:15:11
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-17192
04-10-2019 22:15:11
** DISPUTED ** The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via malformed packets. NOTE: the vendor plans to continue this behavior for performance reasons unless a WebRTC design change occurs.
CVE-2019-17191
04-10-2019 22:15:11
The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the callee can block eavesdropping.

Pages