NOTIZIE & EVENTI

SERVIZI

Il servizio offre una piattaforma che consente ai Registrar di verificare eventuali problemi di performance e sicurezza...

Il Thesaurus offre una rappresentazione della conoscenza di un insieme di termini relativi alla Cybersecurity,...

Il servizio offre un sondaggio per la verifica della conformità di un’organizzazione al GDPR (General Data Protection...

Il servizio offre la possibilità di cercare informazioni, note pubblicamente, relative a vulnerabilità di sicurezza...

ULTIMI CVE

Published Description
CVE-2020-26895
21-10-2020 02:15:00
Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver, or payment-sender). The impact is a loss of funds in certain situations.
CVE-2020-26896
21-10-2020 02:15:00
Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount collision with an invoice, the preimage for an expected payment was instead released. A malicious peer could have deliberately intercepted an HTLC intended for the victim node, probed the preimage through a colluding relayed HTLC, and stolen the intercepted HTLC. The impact is a loss of funds in certain situations, and a weakening of the victim's receiver privacy.
CVE-2020-24414
20-10-2020 22:15:00
Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.
CVE-2020-24415
20-10-2020 22:15:00
Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.
CVE-2020-25648
20-10-2020 22:15:00
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.

Pages