http://vigilance.fr/?langue=2 This RSS feed tracks public vulnerabilities detailed by Vigil@nce. These information are published with a time delay. Our subscribers can read our bulletins without this time delay. en-US Vigil@nce Orange Business Services Vigil@nce Copyright 1999-2013 Orange Business Services Vigil@nce 2013-05-21T08:57:50Z hourly 1 2000-01-01T00:00:00Z http://vigilance.fr/vulnerability/Nagios-file-corruption-via-nagios-upgrade-to-v3-sh-12741 When the administrator runs the nagios.upgrade_to_v3.sh script, a local attacker can create a symbolic link, in order to corrupt a file with root privileges. 2 VIGILANCE-VUL-12741 Vigil@nce 2013-05-17T09:18:28Z http://vigilance.fr/offer/Vulnerability-watch-database-alert-and-management The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. 0 Vigil@nce 2013-05-16T12:00:00Z http://vigilance.fr/vulnerability/KDE-password-displayed-in-KIO-Slave-HTTP-error-messages-12770 A local attacker can trigger a network error, so that KDE displays an error message containing the password used by the HTTP KIO Slave. 1 VIGILANCE-VUL-12770 Vigil@nce 2013-05-16T06:49:31Z http://vigilance.fr/vulnerability/LibreOffice-Cacl-links-followed-without-Control-12769 When the user configured the security option "Ctrl-click required to follow hyperlinks", it is not honored in LibreOffice Calc, so an attacker can force the victim to browse a site. 1 VIGILANCE-VUL-12769 Vigil@nce 2013-05-16T06:27:34Z http://vigilance.fr/vulnerability/Linux-kernel-use-after-free-via-veth-12728 An attacker can use a freed memory area in veth of Linux kernel, in order to trigger a denial of service, and possibly to execute code. 2 VIGILANCE-VUL-12728 Vigil@nce 2013-05-14T11:39:14Z http://vigilance.fr/vulnerability/Linux-kernel-privilege-escalation-via-scm-set-cred-12727 An attacker can use a suid/sgid application using SCM, in order to escalate his privileges. 2 VIGILANCE-VUL-12727 Vigil@nce 2013-05-14T08:31:05Z http://vigilance.fr/vulnerability/Linux-kernel-privilege-escalation-via-uid-map-12726 An attacker can edit the content of the /proc/pid/uid_map file of the Linux kernel, in order to escalate his privileges. 2 VIGILANCE-VUL-12726 Vigil@nce 2013-05-14T08:11:20Z http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-EXT4-ORPHAN-FS-12719 An attacker can mount an ext4 filesystem with no journal and using an orphan extend, to create an infinite loop in the Linux kernel, in order to trigger a denial of service. 2 VIGILANCE-VUL-12719 Vigil@nce 2013-05-11T13:39:03Z http://vigilance.fr/vulnerability/Internet-Explorer-file-detection-via-XMLDOM-12762 An attacker can create an HTML page using XMLDOM of Internet Explorer, in order to detect if a file or a directory exists on user's computer. 1 VIGILANCE-VUL-12762 Vigil@nce 2013-05-10T08:11:16Z http://vigilance.fr/vulnerability/Cisco-ASA-enumeration-of-VPN-groups-12691 An unauthenticated attacker can send ISAKMP AM1 messages to Cisco ASA, in order to detect if a VPN Group name is valid. 2 VIGILANCE-VUL-12691 Vigil@nce 2013-05-03T09:38:49Z http://vigilance.fr/vulnerability/MIT-krb5-denial-of-service-via-TGS-12685 An authenticated attacker can send a special TGS query to MIT krb5, in order to dereference a NULL pointer, which leads to a denial of service. 2 VIGILANCE-VUL-12685 Vigil@nce 2013-05-02T09:03:57Z http://vigilance.fr/vulnerability/Xen-file-reading-via-qemu-nbd-12676 When the host system uses the autodetection of qemu-nbd, an administrator located in a guest system can read files of the host system. 2 VIGILANCE-VUL-12676 Vigil@nce 2013-04-30T16:31:26Z http://vigilance.fr/vulnerability/cURL-obtaining-Cookies-12664 An attacker can create a site with a domain name matching the end of another site, in order to force cURL to send its cookies. 2 VIGILANCE-VUL-12664 Vigil@nce 2013-04-27T11:53:24Z http://vigilance.fr/vulnerability/Linux-kernel-buffer-overflow-of-tg3-VPD-12662 An attacker can plug a malicious Tigon3 device, to generate a buffer overflow in the tg3 driver of Linux kernel, in order to trigger a denial of service, and possibly to execute code. 2 VIGILANCE-VUL-12662 Vigil@nce 2013-04-27T07:51:22Z http://vigilance.fr/vulnerability/X-Org-Server-character-injection-via-VT-Switch-12686 A local attacker can plug a keyboard, press keys, and then change the virtual terminal of X.Org Server, in order to inject characters in the X environment. 1 VIGILANCE-VUL-12686 Vigil@nce 2013-04-20T11:38:39Z http://vigilance.fr/vulnerability/Xen-memory-corruption-of-XSM-12608 An attacker can generate a memory corruption when XSM is enabled in Xen, in order to trigger a denial of service, and possibly to execute code. 2 VIGILANCE-VUL-12608 Vigil@nce 2013-04-20T06:49:14Z http://vigilance.fr/vulnerability/NVIDIA-UNIX-GPU-Driver-buffer-overflow-of-NoScanout-12603 An attacker can generate a buffer overflow in NoScanout mode of NVIDIA UNIX GPU Driver, in order to trigger a denial of service, and possibly to execute code. 2 VIGILANCE-VUL-12603 Vigil@nce 2013-04-19T11:19:05Z http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-FUNCTION-TRACER-12674 A local privileged attacker can use the tracing features of the Linux kernel, in order to trigger a denial of service. 1 VIGILANCE-VUL-12674 Vigil@nce 2013-04-18T12:47:56Z http://vigilance.fr/vulnerability/glibc-buffer-overflow-of-getaddrinfo-12599 An attacker can generate a buffer overflow in the getaddrinfo() function of glibc, in order to trigger a denial of service, and possibly to execute code. 2 VIGILANCE-VUL-12599 Vigil@nce 2013-04-18T12:42:25Z http://vigilance.fr/vulnerability/Asterisk-denial-of-service-via-Content-Length-12588 An attacker can send an HTTP query with a large Content-Length header, in order to stop the web service of Asterisk. 2 VIGILANCE-VUL-12588 Vigil@nce 2013-04-12T12:23:34Z http://vigilance.fr/vulnerability/Linux-kernel-memory-reading-via-VIDEO-SET-SPU-PALETTE-12611 A local attacker can use the VIDEO_SET_SPU_PALETTE ioctl, in order to read a fragment of kernel memory. 1 VIGILANCE-VUL-12611 Vigil@nce 2013-04-11T08:00:05Z