Since 1999, the Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security fixes, a database and tools to remediate them.
Each user customizes the list of software to track. As soon as Vigil@nce publishes an alert for one of his software, the user receives a vigilance bulletin, containing a simple explanation of the threat, its patches and workarounds.
The administrator then uses the online Vigil@nce diary in order to plan and track the security process.


Our offer Request your free trial

Computer vulnerabilities bulletins published by Vigil@nce

Public vulnerabilities
Drupal YubiKey: privilege escalation via Brute Force
Drupal Open ReadSpeaker: Cross Site Scripting
Roundcube Webmail: Cross Site Scripting via XML Attachment
Roundcube Webmail: Cross Site Scripting via Username Template Object
JBoss RESTEasy: Cross Site Scripting via RESTEASY003870 Exception
JBoss RESTEasy: information disclosure via MediaTypeHeaderDelegate Injection
PAN-OS: code execution via Management Interface Certificate Generator
PAN-OS: code execution via FIPS-CC Mode Certificate Verification
PAN-OS: buffer overflow via Authd Authentication Response
Stormshield Network Security: Cross Site Scripting via Certificate
Stormshield Network Security: Cross Site Scripting via Uid Parameter
Linux kernel: use after free via napi_gro_frags
McAfee VirusScan Enterprise: three vulnerabilities
Linux kernel: integer overflow via drivers/tty/vt/keyboard.c
Linux kernel: out-of-bounds memory reading via f2fs_xattr_generic_list
libjpeg-turbo: out-of-bounds memory reading via get_rgb_row
OpenBSD: Man-in-the-Middle via X.509 Expired Untrusted Issuer Certificates
ArcSight Management Center: Cross Site Scripting
ArcSight Enterprise Security Manager: Cross Site Scripting
ArcSight Logger: Cross Site Scripting
Recent vulnerabilities
SAP: multiple vulnerabilities of August 2020
Nexus Repository Manager: privilege escalation via Access Controls Bypass
Chrome: multiple vulnerabilities
Ansible Core: information disclosure via no_log Content Parameter
Ansible Core: information disclosure via no_log Response Keys
Go: overload via ReadUvarint
Eclipse OpenJ9: denial of service via System.arraycopy
QEMU: assertion error via net_tx_pkt_add_raw_fragment
Ruby Kramdown: code execution via template option
Sophos XG Firewall: code execution via User Portal
Apache httpd: denial of service via mod_http2 Push Diary Trace/Tebug
Apache httpd: buffer overflow via mod_proxy_uwsgi
Apache httpd: IP Address Spoofing via mod_remoteip/mod_rewrite
Apache httpd: memory corruption via mod_http2 Push Diary Cache-Digest
radare2: code execution via PDB File Names
Firejail: code execution via Output Concatenation
Firejail: code execution via End-of-options Separator Bypass
PHP: use after free via phar_parse_zipfile
FreeBSD: privilege escalation via sendmsg
FreeBSD: memory corruption via USB Network Device Drivers
Severities: 1 = low, 2 = medium, 3 = important, 4 = critical.

Daily activities

  • Vulnerabilities are discovered daily and published on thousands of internet information sources.
  • Vigil@nce announces these vulnerabilities and how to protect your system. This information is customized according to your environment, it is available on a web site and sent by e-mail alerts.
  • Your teams secure and protect your networks based on Vigil@nce information and tools.

Your environment

  • A database describing more than 30000 vulnerabilities and their 70000 solutions.
  • A web space where each user defines his vigilance preferences.
  • Alert and synthesis e-mails, to inform your teams.
  • A customized tracking of your software and systems.
  • A diary to plan solutions to install, and to monitor the security process of each computer.

Your benefits

  • A customized watch on computer vulnerabilities and their solutions.
  • An experienced team at your service for more than 21 years.
  • A tool to monitor the security process of your networks and computers.
  • A CVE compatible solution.
  • A time saving for your team which concentrates on important tasks.