The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
ClamAV: out-of-bounds memory reading via Credit Card DLP
An attacker can force a read at an invalid address via Credit Card DLP of ClamAV, in order to trigger a denial of service, or to obtain sensitive information...
Rack CORS Middleware: directory traversal
An attacker can traverse directories of Rack CORS Middleware, in order to read a file outside the service root path...
Exiv2: infinite loop via Jp2Image-readMetadata
An attacker can trigger an infinite loop via Jp2Image::readMetadata() of Exiv2, in order to trigger a denial of service...
systemd: memory leak via button_open
An attacker can create a memory leak via button_open of systemd, in order to trigger a denial of service...
systemd: use after free via Asynchronous Polkit Queries
An attacker can force the usage of a freed memory area via Asynchronous Polkit Queries of systemd, in order to trigger a denial of service, and possibly to run code...
Cisco NX-OS: buffer overflow via Cisco Discovery Protocol
An attacker can trigger a buffer overflow via Cisco Discovery Protocol of Cisco NX-OS, in order to trigger a denial of service, and possibly to run code...
Cisco IP Phone: code execution via Cisco Discovery Protocol
An attacker can use a vulnerability via Cisco Discovery Protocol of Cisco IP Phone, in order to run code...
Cisco IOS XR: memory corruption via Cisco Discovery Protocol Format String
An attacker can trigger a memory corruption via Cisco Discovery Protocol Format String of Cisco IOS XR, in order to trigger a denial of service, and possibly to run code...
Cisco FXOS, IOS XR, NX-OS: memory leak via Cisco Discovery Protocol
An attacker can create a memory leak via Cisco Discovery Protocol of Cisco FXOS, IOS XR and NX-OS, in order to trigger a denial of service...
SUSE: privilege escalation via mariadb mysql-systemd-helper
An attacker can bypass restrictions via mariadb mysql-systemd-helper of SUSE, in order to escalate his privileges...
ksh: code execution via Environment Variables Arithmetic Expressions
An attacker can use a vulnerability via Environment Variables Arithmetic Expressions of ksh, in order to run code...
SQLite: NULL pointer dereference via multiSelect
An attacker can force a NULL pointer to be dereferenced via multiSelect() of SQLite, in order to trigger a denial of service...
SQLite: NULL pointer dereference via zipfileUpdate
An attacker can force a NULL pointer to be dereferenced via zipfileUpdate() of SQLite, in order to trigger a denial of service...
SQLite: NULL pointer dereference via flattenSubquery
An attacker can force a NULL pointer to be dereferenced via flattenSubquery() of SQLite, in order to trigger a denial of service...
SQLite: NULL pointer dereference via exprListAppendList
An attacker can force a NULL pointer to be dereferenced via exprListAppendList() of SQLite, in order to trigger a denial of service...
Google Chrome: multiple vulnerabilities
An attacker can use several vulnerabilities of Google Chrome...
TeamViewer: information disclosure via Constant Key AES Encrypted Password
An attacker can bypass access restrictions to data via Constant Key AES Encrypted Password of TeamViewer, in order to obtain sensitive information...
IBM SDK: executing DLL code
An attacker can create a malicious DLL, and then put it in the current directory of IBM SDK, in order to execute code...
WebSphere AS: information disclosure via Admin Console
An attacker can bypass access restrictions to data via Admin Console of WebSphere AS, in order to obtain sensitive information...
Terraform: information disclosure via SAS Azure Backend Cleartext Token
An attacker can bypass access restrictions to data via SAS Azure Backend Cleartext Token of Terraform, in order to obtain sensitive information...
UPX: out-of-bounds memory reading via canUnpack
An attacker can force a read at an invalid address via canUnpack() of UPX, in order to trigger a denial of service, or to obtain sensitive information...
MariaDB: privilege escalation via mysql_install_db
An attacker can bypass restrictions via mysql_install_db of MariaDB, in order to escalate his privileges...
Varnish Cache: assertion error via HTTP Proxy Protocol V2
An attacker can force an assertion error via HTTP Proxy Protocol V2 of Varnish Cache, in order to trigger a denial of service...
RHEL: denial of service via Core Dumping mmget_not_zero
An attacker can trigger a fatal error via Core Dumping mmget_not_zero() of RHEL, in order to trigger a denial of service...
Google Android/Pixel: multiple vulnerabilities of February 2020
An attacker can use several vulnerabilities of Google Android/Pixel...
FortiOS, FortiAnalyzer, FortiManager: denial of service via Slow HTTP
An attacker can trigger a fatal error via Slow HTTP of FortiOS, FortiAnalyzer, FortiManager, in order to trigger a denial of service...
Brocade Fabric OS: information disclosure via ESRS Server Credentials
An attacker can bypass access restrictions to data via ESRS Server Credentials of Brocade Fabric OS, in order to obtain sensitive information...
Brocade Fabric OS: information disclosure via CLI History Passwords
An attacker can bypass access restrictions to data via CLI History Passwords of Brocade Fabric OS, in order to obtain sensitive information...
WebSphere AS: code execution via File Name
An attacker can use a vulnerability via File Name of WebSphere AS, in order to run code...
Apache CXF: denial of service via Large Number Of Message Attachments
An attacker can trigger a fatal error via Large Number Of Message Attachments of Apache CXF, in order to trigger a denial of service...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 998 999 1000 1001 1002 1003 1004 1005 1006 1008 1010 1011