|
Un’ontologia rappresenta una risorsa per organizzare la conoscenza di un dominio in maniera più dettagliata attraverso... |
Il servizio offre una piattaforma che consente ai Registrar di verificare eventuali problemi di performance e sicurezza... |
Il servizio analizza gruppi di email file (formato .eml) per identificare le email indesiderate (SPAM). Il servizio... |
Il servizio si prefigge di individuare comportamenti tipici dei ransomware quali, ad esempio, la cifratura di una... |
| Published | Description | |
|---|---|---|
| CVE-2019-12827 |
12-07-2019 16:15:11 |
Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message. |
| CVE-2019-11242 |
12-07-2019 16:15:10 |
A man-in-the-middle vulnerability related to vCenter access was found in Cohesity DataPlatform version 5.x and 6.x prior to 6.1.1c. Cohesity clusters did not verify TLS certificates presented by vCenter. This vulnerability could expose Cohesity user credentials configured to access vCenter. |
| CVE-2019-1010312 |
12-07-2019 14:15:11 |
Tildeslash Monit Version 5.25.2 and earlier is affected by: Buffer Over-read. The impact is: Disclosure of memory contents in an HTTP response, and Denial of Service. The component is: In function Util_urlDecode() on lines 1553 -1563 in Monit/src/util.c, a crafted POST parameter can cause the buffer index to increment to a value greater than the length of the buffer. The attack vector is: An authenticated remote attacker can exploit the vulnerability by sending a HTTP POST request that contains a maliciously crafted body parameter. The fixed version is: Version 5.25.3 and later. |
| CVE-2019-1010311 |
12-07-2019 14:15:11 |
Tildeslash Monit Version 5.25.2 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Execute javascript in a victim s browser; disable all monitoring for a particular host or service. The component is: In function do_viewlog() on line 910 in Monit/src/http/cervlet.c, an attacker controlled log file is copied into an HTTP response without any HTML escaping. The attack vector is: An authenticated remote attacker can exploit the vulnerability over a network. The fixed version is: Version 5.25.3 and later. |
| CVE-2019-1010310 |
12-07-2019 14:15:11 |
GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users for credentials / credit cards. The component is: Tools > Reminder > Description .. Set the description to any iframe/form tags and apply. The attack vector is: The attacker puts a login form, the user fills it and clicks on submit .. the request is sent to the attacker domain saving the data. The fixed version is: 9.4.1. |
| Date | Title | Platform | Author |
|---|---|---|---|
|
01-03-2019 |
Google Chrome < M72 - Use-After-Free in RenderProcessHostImpl Binding for P2PSocketDispatcherHost | multiple | Google Security Research |
|
01-03-2019 |
Linux < 4.14.103 / < 4.19.25 - Out-of-Bounds Read and Write in SNMP NAT Module | linux | Google Security Research |
|
01-03-2019 |
Google Chrome < M72 - FileWriterImpl Use-After-Free | multiple | Google Security Research |
|
01-03-2019 |
tcpdump < 4.9.3 - Multiple Heap-Based Out-of-Bounds Reads | multiple | Google Security Research |
|
01-03-2019 |
Cisco WebEx Meetings < 33.6.6 / < 33.9.1 - Privilege Escalation | windows | SecureAuth |
Italiano
English