The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Node.js set-getter: read-write access via Prototype Pollution
An attacker can bypass access restrictions via Prototype Pollution of Node.js set-getter, in order to read or alter data...
Node.js striptags: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Node.js striptags, in order to run JavaScript code in the context of the web site...
Bluetooth: Man-in-the-Middle via Unencrypted LE Baseband
An attacker can act as a Man-in-the-Middle via Unencrypted LE Baseband on Bluetooth, in order to read or write data in the session...
Dovecot: Man-in-the-Middle via Pre-STARTTLS SMTP Submission Service
An attacker can act as a Man-in-the-Middle via Pre-STARTTLS SMTP Submission Service on Dovecot, in order to read or write data in the session...
Dovecot: privilege escalation via JWT Tokens kid/azp Fields
An attacker can bypass restrictions via JWT Tokens kid/azp Fields of Dovecot, in order to escalate his privileges...
Linux kernel: information disclosure via BPF Speculative Execution Protection
A local attacker can read a memory fragment via BPF Speculative Execution Protection of the Linux kernel, in order to obtain sensitive information...
Linux kernel: memory corruption via CAN BCM
An attacker can trigger a memory corruption via CAN BCM of the Linux kernel, in order to trigger a denial of service, and possibly to run code...
OpenEXR: buffer overflow via rleUncompress
An attacker can trigger a buffer overflow via rleUncompress() of OpenEXR, in order to trigger a denial of service, and possibly to run code...
OpenEXR: buffer overflow via Imf_3_1-CharPtrIO-readChars
An attacker can trigger a buffer overflow via Imf_3_1::CharPtrIO::readChars() of OpenEXR, in order to trigger a denial of service, and possibly to run code...
radare2: use after free via Pyc Parse
An attacker can force the usage of a freed memory area via Pyc Parse of radare2, in order to trigger a denial of service, and possibly to run code...
Mosquitto: memory leak via CONNECT Message
An attacker can create a memory leak via CONNECT Message of Mosquitto, in order to trigger a denial of service...
Libgcrypt: information disclosure via ElGamal
An attacker can bypass access restrictions to data via ElGamal of Libgcrypt, in order to obtain sensitive information...
Go: denial of service via Net/http Large Header
An attacker can trigger a fatal error via Net/http Large Header of Go, in order to trigger a denial of service...
Tor: three vulnerabilities
An attacker can use several vulnerabilities of Tor...
Python urllib: overload via URL Authority Parser
An attacker can trigger an overload via URL Authority Parser of Python urllib, in order to trigger a denial of service...
Jenkins Generic Webhook Trigger Plugin: external XML entity injection
An attacker can transmit malicious XML data to Jenkins Generic Webhook Trigger Plugin, in order to read a file, scan sites, or trigger a denial of service...
Fortinet FortiClient: privilege escalation via Apple macOS
An attacker can bypass restrictions via Apple macOS of Fortinet FortiClient, in order to escalate his privileges...
Chrome: four vulnerabilities
An attacker can use several vulnerabilities of Chrome...
Sonatype Nexus Repository Manager: directory traversal via Blob Files
An attacker can traverse directories via Blob Files of Sonatype Nexus Repository Manager, in order to read a file outside the service root path...
Symfony: data transit via Multiple Firewalls
An attacker can bypass filtering rules via Multiple Firewalls of Symfony, in order to transmit malicious data...
Linux kernel: out-of-bounds memory reading via arm/mach-footbridge/personal-pci.c
An attacker can force a read at an invalid address via arm/mach-footbridge/personal-pci.c of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information...
tpm2-tools: Man-in-the-Middle via Fixed AES Key
An attacker can act as a Man-in-the-Middle via Fixed AES Key on tpm2-tools, in order to read or write data in the session...
Xstream: code execution via Input Stream Manipulation
An attacker can use a vulnerability via Input Stream Manipulation of Xstream, in order to run code...
RabbitMQ JMS Client: code execution via StreamMessage Deserialization
An attacker can use a vulnerability via StreamMessage Deserialization of RabbitMQ JMS Client, in order to run code...
Nettle: denial of service via RSA Decryption
An attacker can trigger a fatal error via RSA Decryption of Nettle, in order to trigger a denial of service...
htmldoc: integer overflow via image_load_gif
An attacker can trigger an integer overflow via image_load_gif() of htmldoc, in order to trigger a denial of service, and possibly to run code...
Trend Micro InterScan Web Security Virtual Appliance: Cross Site Scripting via Captive Portal
An attacker can trigger a Cross Site Scripting via Captive Portal of Trend Micro InterScan Web Security Virtual Appliance, in order to run JavaScript code in the context of the web site...
BlueZ: integer overflow via cli_feat_read_cb
An attacker can trigger an integer overflow via cli_feat_read_cb() of BlueZ, in order to trigger a denial of service, and possibly to run code...
OTRS Help Desk: Cross Site Scripting via Ticket Overview
An attacker can trigger a Cross Site Scripting via Ticket Overview of OTRS Help Desk, in order to run JavaScript code in the context of the web site...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1139 1140 1141 1142 1143 1144 1145 1146 1147 1149