The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Xfig fig2dev: buffer overflow via calc_arrow
An attacker can trigger a buffer overflow via calc_arrow() of Xfig fig2dev, in order to trigger a denial of service, and possibly to run code...
PySAML2: spoofing via XML Signature Wrapping
An attacker can create spoofed data via XML Signature Wrapping of PySAML2, in order to deceive the victim...
serialize-javascript: Cross Site Scripting via Regular Expressions
An attacker can trigger a Cross Site Scripting via Regular Expressions of serialize-javascript, in order to run JavaScript code in the context of the web site...
Samba: three vulnerabilities
An attacker can use several vulnerabilities of Samba...
FasterXML jackson-databind: code execution via Xalan Serialization Gadgets
An attacker can use a vulnerability via Xalan Serialization Gadgets of FasterXML jackson-databind, in order to run code...
FasterXML jackson-databind: code execution via Commons-configuration Serialization Gadgets
An attacker can use a vulnerability via Commons-configuration Serialization Gadgets of FasterXML jackson-databind, in order to run code...
Red Hat JBoss EAP: information disclosure via Vault System Property Security Attribute
An attacker can bypass access restrictions to data via Vault System Property Security Attribute of Red Hat JBoss EAP, in order to obtain sensitive information...
Undertow: denial of service via HTTPS
An attacker can trigger a fatal error via HTTPS of Undertow, in order to trigger a denial of service...
Hibernate-Validator: Cross Site Scripting via SafeHtml
An attacker can trigger a Cross Site Scripting via SafeHtml of Hibernate-Validator, in order to run JavaScript code in the context of the web site...
Swagger UI: information disclosure via RPO Input Field Value Exfiltration
An attacker can bypass access restrictions to data via RPO Input Field Value Exfiltration of Swagger UI, in order to obtain sensitive information...
e2fsprogs: buffer overflow via e2fsck directory rehashing
An attacker can trigger a buffer overflow via e2fsck directory rehashing of e2fsprogs, in order to trigger a denial of service, and possibly to run code...
Mozilla NSS: information disclosure via HelloRetryRequest Lower Protocol Negotiation
An attacker can bypass access restrictions to data via HelloRetryRequest Lower Protocol Negotiation of Mozilla NSS, in order to obtain sensitive information...
glibc: information disclosure via LD_PREFER_MAP_32BIT_EXEC Mapping Addresses
An attacker can bypass access restrictions to data via LD_PREFER_MAP_32BIT_EXEC Mapping Addresses of glibc, in order to obtain sensitive information...
libbsd: out-of-bounds memory reading via nlist.c
An attacker can force a read at an invalid address via nlist.c of libbsd, in order to trigger a denial of service, or to obtain sensitive information...
gpac: buffer overflow via dimC_Read
An attacker can trigger a buffer overflow via dimC_Read() of gpac, in order to trigger a denial of service, and possibly to run code...
gpac: six vulnerabilities
An attacker can use several vulnerabilities of gpac...
gpac: out-of-bounds memory reading via isomedia/isom_read.c
An attacker can force a read at an invalid address via isomedia/isom_read.c of gpac, in order to trigger a denial of service, or to obtain sensitive information...
gpac: out-of-bounds memory reading via audio_sample_entry_AddBox
An attacker can force a read at an invalid address via audio_sample_entry_AddBox() of gpac, in order to trigger a denial of service, or to obtain sensitive information...
gpac: NULL pointer dereference via AVC_DuplicateConfig
An attacker can force a NULL pointer to be dereferenced via AVC_DuplicateConfig() of gpac, in order to trigger a denial of service...
Cacti: code execution via Performance Boost Debug Log
An attacker can use a vulnerability via Performance Boost Debug Log of Cacti, in order to run code...
GlusterFS: read-write access via auth.allow
An attacker can bypass access restrictions via auth.allow of GlusterFS, in order to read or alter data...
uftpd: buffer overflow via handle_PORT
An attacker can trigger a buffer overflow via handle_PORT() of uftpd, in order to trigger a denial of service, and possibly to run code...
libredwg: seven vulnerabilities
An attacker can use several vulnerabilities of libredwg...
libredwg: ten vulnerabilities
An attacker can use several vulnerabilities of libredwg...
RubyGem Rack: privilege escalation via Session ID Time Measurement
An attacker can bypass restrictions via Session ID Time Measurement of RubyGem Rack, in order to escalate his privileges...
Internet Explorer: memory corruption via Scripting Engine
An attacker can trigger a memory corruption via Scripting Engine of Internet Explorer, in order to trigger a denial of service, and possibly to run code...
Spring Framework: Cross Site Request Forgery via CORS Preflight Requests
An attacker can trigger a Cross Site Request Forgery via CORS Preflight Requests of Spring Framework, in order to force the victim to perform operations...
Chrome: multiple vulnerabilities
An attacker can use several vulnerabilities of Chrome...
Cacti: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Cacti, in order to run JavaScript code in the context of the web site...
Spring Framework: file reading via Content-Disposition Reflected File Download
A local attacker can read a file via Content-Disposition Reflected File Download of Spring Framework, in order to obtain sensitive information...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 993 994 995 996 997 998 999 1000 1001 1003 1005 1006 1007 1008 1009 1010 1011 1012 1013 1021 1041 1061 1070