The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
QEMU: out-of-bounds memory reading via SLiRP ARP/NCSI Packets
An attacker, inside a guest system, can force a read at an invalid address via SLiRP ARP/NCSI Packets of QEMU, in order to trigger a denial of service, or to obtain sensitive information on the host system...
swtpm: vulnerability
A vulnerability of swtpm was announced...
LXML: Cross Site Scripting via escape
An attacker can trigger a Cross Site Scripting via escapes of LXML, in order to run JavaScript code in the context of the web site...
xdg-utils: information disclosure
An attacker can bypass access restrictions to data of xdg-utils, in order to obtain sensitive information...
MS WIndows 7, 2008: privilege escalation via registry permissions
An attacker can make profit of permissive permission on the MS Windows registry, in order to escalate his privileges...
Synology DiskStation Manager: multiple vulnerabilities
An attacker can use several vulnerabilities of Synology DiskStation Manager...
Node.js xml-crypto: bypassing signature check
An attacker can make Node.js xml-crypto accept a message authentication code instead of a signature, in order to escalate his privileges...
Centreon Web: privilege escalation via Clickjacking
An attacker can bypass restrictions via Clickjacking of Centreon Web, in order to escalate his privileges...
Trend Micro ServerProtect for Linux: buffer overflow
An attacker can trigger a buffer overflow of Trend Micro ServerProtect for Linux, in order to trigger a denial of service, and possibly to run code...
ISC BIND: assertion error via TCP
An attacker can force an assertion error via TCP of ISC BIND, in order to trigger a denial of service...
Drupal core: file upload via PEAR Archive_Tar
An attacker can upload a malicious file via PEAR Archive_Tar on Drupal core, in order for example to upload a Trojan...
Joomla Core: seven vulnerabilities
An attacker can use several vulnerabilities of Joomla Core...
Centreon Web: six vulnerabilities
An attacker can use several vulnerabilities of Centreon Web...
mutt: disabling TLS
An attacker can force Mutt to no use TLS with an IMAP server...
Grafana: vulnerability via notifications
A vulnerability via notifications of Grafana was announced...
WildFly: password leak in log file
An attacker can retrieve usernames and associated passwords in WildFly log files...
slurm: two vulnerabilities
An attacker can use several vulnerabilities of slurm...
rclone: weak password generation
An attacker can take profit of weakness in passwords generated by rclone, which used a wrong randomness source...
Xen: buffer overflow
An attacker, inside a guest system, can trigger a buffer overflow of Xen, in order to trigger a denial of service, and possibly to run code on the host system...
MongoDB Server: assertion error
An attacker can force an assertion error of MongoDB Server, in order to trigger a denial of service...
MongoDB Server: information disclosure
An attacker can bypass access restrictions to data of MongoDB Server, in order to obtain sensitive information...
MongoDB Server: denial of service via RoleName-parseFromBSON
An attacker can trigger a fatal error via RoleName::parseFromBSON() of MongoDB Server, in order to trigger a denial of service...
IBM Spectrum Protect Operations Center: information disclosure via Websocket
An attacker can bypass access restrictions to data via Websocket of IBM Spectrum Protect Operations Center, in order to obtain sensitive information...
WinSCP: denial of service via long filenames
An attacker can trigger a fatal error via long filenames in WinSCP, in order to trigger a denial of service...
Ubuntu PulseAudio: information disclosure
An attacker can bypass access restrictions to data of Ubuntu PulseAudio, in order to obtain sensitive information...
dash: code execution via the -n switch
An attacker can use a vulnerability via the -n switch of dash, in order to run code...
WebKitGTK, WPE WebKit: use after free
An attacker can force the usage of a freed memory area of WebKitGTK, WPE WebKit, in order to trigger a denial of service, and possibly to run code...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1080 1081 1082 1083 1084 1085 1086 1087 1088 1090