NOTIZIE

EVENTI

  • 11-10-2018 09:00 to 13-10-2018 12:30
    Centro Congressi Le Benedettine Piazza San Paolo a Ripa D'Arno, Pisa, PI, Italia

    La Ludoteca del Registro .it organizza per l'Internet Festival 2018 dei laboratori ludico-didattici che offrono un percorso formativo sul tema della cyber security, affrontata attraverso giochi che cercano di spiegare a grandi e piccoli i principi della sicurezza in Rete, le principali minacce...

  • 12-10-2018 09:00 to 18:00
    Officine Garibaldi, Via Vincenzo Gioberti 39, 56124 Pisa

    Un evento tutto dedicato alla cyber security a cui parteciperanno esperti di settore, ricercatori, rappresentanti del mondo delle imprese. Nel corso della giornata saranno presentate le attività di ricerca ed innovazione compiute dal Cybersecurity Lab del CNR di Pisa in cooperazione con l’...

  • 26-10-2018 (All day)
    Officine Cantelmo, Viale Michele de Pietro 12. Lecce

    In occasione del Festival "Conversazioni sul Futuro" la Ludoteca del Registro torna a Lecce con una tappa del suo Roadshow: la mattina sarà dedicata ai laboratori di Cybersecurity con le Scuole, nel pomeriggio ci sarà una breve sessione formativa rivolta ai docenti sull'uso dell'app...

SERVIZI

Il servizio offre un sondaggio per la verifica della conformità di un’organizzazione al GDPR (General Data Protection...

Il servizio analizza gruppi di email file (formato .eml) per identificare le email indesiderate (SPAM). Il servizio...

Servizio Rilevazione Malware. Il servizio permette di rilevare comportamenti malevoli in file (ad esempio, eseguibili o...

Il servizio offre la possibilità di cercare informazioni, note pubblicamente, relative a vulnerabilità di sicurezza...

ULTIMI CVE

Published Description
CVE-2018-14647
24-09-2018 20:29:00
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.
CVE-2018-14633
24-09-2018 20:29:00
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable.
CVE-2018-14318
24-09-2018 19:29:01
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S8 G950FXXU1AQL5. User interaction is required to exploit this vulnerability in that the target must have their cellular radios enabled. The specific flaw exists within the handling of IPCP headers. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the baseband processor. Was ZDI-CAN-5368.
CVE-2018-11614
24-09-2018 19:29:01
This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Intents. The issue lies in the ability to send an Intent that would not otherwise be reachable. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5361.
CVE-2018-10502
24-09-2018 19:29:01
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 4.2.18.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of a staging mode. The issue lies in the ability to change the configuration based on the presence of a file in an user-controlled location. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5359.

Pages