The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Varnish Cache: assertion error via HTTP Proxy Protocol V2
An attacker can force an assertion error via HTTP Proxy Protocol V2 of Varnish Cache, in order to trigger a denial of service...
RHEL: denial of service via Core Dumping mmget_not_zero
An attacker can trigger a fatal error via Core Dumping mmget_not_zero() of RHEL, in order to trigger a denial of service...
Google Android/Pixel: multiple vulnerabilities of February 2020
An attacker can use several vulnerabilities of Google Android/Pixel...
FortiOS, FortiAnalyzer, FortiManager: denial of service via Slow HTTP
An attacker can trigger a fatal error via Slow HTTP of FortiOS, FortiAnalyzer, FortiManager, in order to trigger a denial of service...
Brocade Fabric OS: information disclosure via ESRS Server Credentials
An attacker can bypass access restrictions to data via ESRS Server Credentials of Brocade Fabric OS, in order to obtain sensitive information...
Brocade Fabric OS: information disclosure via CLI History Passwords
An attacker can bypass access restrictions to data via CLI History Passwords of Brocade Fabric OS, in order to obtain sensitive information...
WebSphere AS: code execution via File Name
An attacker can use a vulnerability via File Name of WebSphere AS, in order to run code...
Apache CXF: denial of service via Large Number Of Message Attachments
An attacker can trigger a fatal error via Large Number Of Message Attachments of Apache CXF, in order to trigger a denial of service...
IBM Security Directory Server: multiple vulnerabilities
An attacker can use several vulnerabilities of IBM Security Directory Server...
Django: SQL injection via StringAgg
An attacker can use a SQL injection via StringAgg of Django, in order to read or alter data...
Qt5: code execution via Plugin Current Directory Load
An attacker can use a vulnerability via Plugin Current Directory Load of Qt5, in order to run code...
Squid cache: memory corruption via ext_lm_group_acl helper
An attacker can trigger a memory corruption via ext_lm_group_acl helper of Squid cache, in order to trigger a denial of service, and possibly to run code...
Squid cache: information disclosure via FTP Gateway
A local attacker can read a memory fragment via FTP Gateway of Squid cache, in order to obtain sensitive information...
Squid cache: buffer overflow via Reverse Proxy
An attacker can trigger a buffer overflow via Reverse Proxy of Squid cache, in order to trigger a denial of service, and possibly to run code...
XAR: NULL pointer dereference via xar_get_path
An attacker can force a NULL pointer to be dereferenced via xar_get_path() of XAR, in order to trigger a denial of service...
XAR: NULL pointer dereference via xar_unserialize
An attacker can force a NULL pointer to be dereferenced via xar_unserialize() of XAR, in order to trigger a denial of service...
XAR: buffer overflow
An attacker can trigger a buffer overflow of XAR, in order to trigger a denial of service, and possibly to run code...
UPX: denial of service via PackLinuxElf-elf_hash
An attacker can trigger a fatal error via PackLinuxElf::elf_hash() of UPX, in order to trigger a denial of service...
UPX: out-of-bounds memory reading via canUnpack
An attacker can force a read at an invalid address via canUnpack() of UPX, in order to trigger a denial of service, or to obtain sensitive information...
UPX: use after free via PackLinuxElf64-unpack
An attacker can force the usage of a freed memory area via PackLinuxElf64::unpack() of UPX, in order to trigger a denial of service, and possibly to run code...
Apache SpamAssassin: privilege escalation via Unwarned Commands
An attacker can bypass restrictions via Unwarned Commands of Apache SpamAssassin, in order to escalate his privileges...
Apache SpamAssassin: code execution via Rule Configuration File
An attacker can use a vulnerability via Rule Configuration File of Apache SpamAssassin, in order to run code...
Prosody: privilege escalation via XMPP Address is_admin
An attacker can bypass restrictions via XMPP Address is_admin() of Prosody, in order to escalate his privileges...
Qt5: code execution via Plugin Side Load
An attacker can use a vulnerability via Plugin Side Load of Qt5, in order to run code...
FasterXML jackson-databind: external XML entity injection via jackson-mapper-asl
An attacker can transmit malicious XML data via jackson-mapper-asl to FasterXML jackson-databind, in order to read a file, scan sites, or trigger a denial of service...
Ceph: directory traversal via RGW Dashboard
An attacker can traverse directories via RGW Dashboard of Ceph, in order to read a file outside the service root path...
Ceph: denial of service via RGW Beast
An attacker can trigger a fatal error via RGW Beast of Ceph, in order to trigger a denial of service...
Node.js cordova-plugin-inappbrowser: privilege escalation via gap-iab URI
An attacker can bypass restrictions via gap-iab URI of Node.js cordova-plugin-inappbrowser, in order to escalate his privileges...
Python: denial of service via urllib.request.AbstractBasicAuthHandler
An attacker can trigger a fatal error via urllib.request.AbstractBasicAuthHandler of Python, in order to trigger a denial of service...
Sudo: privilege escalation via pwfeedback
An attacker can bypass restrictions via pwfeedback of Sudo, in order to escalate his privileges...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 997 998 999 1000 1001 1002 1003 1004 1005 1007 1009 1010 1011 1012 1013 1014 1015 1016 1017 1021 1041 1061 1070