The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Kronolith: information disclosure via Private Events Notifications
An attacker can bypass access restrictions to data via Private Events Notifications of Kronolith, in order to obtain sensitive information...
cloud-init: Man-in-the-Middle via ssh_deletekeys
An attacker can act as a Man-in-the-Middle via ssh_deletekeys on cloud-init, in order to read or write data in the session...
QEMU: use after free via e1000e
An attacker, inside a guest system, can force the usage of a freed memory area via e1000e of QEMU, in order to trigger a denial of service, and possibly to run code on the host system...
Joomla CMS2CMS Connector Extension: information disclosure via Catalog Permission
An attacker can bypass access restrictions to data via Catalog Permission of Joomla CMS2CMS Connector Extension, in order to obtain sensitive information...
Python: denial of service via NEWOBJ_EX
An attacker can trigger a fatal error via NEWOBJ_EX of Python, in order to trigger a denial of service...
Python: overload via TAR File
An attacker can trigger an overload via TAR File of Python, in order to trigger a denial of service...
Mumble: information disclosure via OCB2 Encryption
An attacker can bypass access restrictions to data via OCB2 encryption of Mumble, in order to obtain sensitive information...
ngx_lua plugin: information disclosure via ngx.location.capture
An attacker can bypass access restrictions to data via ngx.location.capture of ngx_lua plugin, in order to obtain sensitive information...
Rails: code execution via Render Locals
An attacker can use a vulnerability via Render Locals of Rails, in order to run code...
Python: information disclosure via HTTP Header Injection
An attacker can bypass access restrictions to data via HTTP Header Injection of Python, in order to obtain sensitive information...
Zabbix: Cross Site Scripting via URL Widget
An attacker can trigger a Cross Site Scripting via URL Widget of Zabbix, in order to run JavaScript code in the context of the web site...
Python Core Windows 3.8: executing DLL code via python3x._pth
An attacker can create a malicious python3x._pth/python._pth DLL, and then put it in the current directory of Python Core Windows 3.8, in order to execute code...
OTRS Help Desk: information disclosure via Renamed Agent User
An attacker can bypass access restrictions to data via Renamed Agent User of OTRS Help Desk, in order to obtain sensitive information...
Sylabs Singularity: Man-in-the-Middle via Integrity Check Value
An attacker can act as a Man-in-the-Middle via Integrity Check Value on Sylabs Singularity, in order to read or write data in the session...
Google Cloud Platform: three vulnerabilities
An attacker can use several vulnerabilities of Google Cloud Platform...
xrdp-sesman: buffer overflow
An attacker can trigger a buffer overflow of xrdp-sesman, in order to trigger a denial of service, and possibly to run code...
RubyGem Puma: read-write access via HTTP Pipelining
An attacker can bypass access restrictions via HTTP Pipelining of RubyGem Puma, in order to read or alter data...
RubyGem Puma: read-write access via Transfer-encoding Header
An attacker can bypass access restrictions via Transfer-encoding Header of RubyGem Puma, in order to read or alter data...
PowerDNS Recursor: privilege escalation via ACL Bypass
An attacker can bypass restrictions via ACL Bypass of PowerDNS Recursor, in order to escalate his privileges...
LibVNCServer: overload via libvncclient/sockets.c
An attacker can trigger an overload via libvncclient/sockets.c of LibVNCServer, in order to trigger a denial of service...
LibVNCServer: denial of service via hybiReadAndDecode
An attacker can trigger a fatal error via hybiReadAndDecode() of LibVNCServer, in order to trigger a denial of service...
LibVNCServer: information disclosure via ConnectToRFBRepeater
A local attacker can read a memory fragment via ConnectToRFBRepeater() of LibVNCServer, in order to obtain sensitive information...
GNU glibc: integer overflow via ARMv7 memcpy
An attacker can trigger an integer overflow via ARMv7 memcpy() of GNU glibc, in order to trigger a denial of service, and possibly to run code...
RubyGem Sanitize: Cross Site Scripting via Relaxed Config
An attacker can trigger a Cross Site Scripting via Relaxed Config of RubyGem Sanitize, in order to run JavaScript code in the context of the web site...
libopenmpt: out-of-bounds memory reading via XM/MT2 Files
An attacker can force a read at an invalid address via XM/MT2 Files of libopenmpt, in order to trigger a denial of service, or to obtain sensitive information...
libslirp: out-of-bounds memory reading via icmp6_send_echoreply
An attacker can force a read at an invalid address via icmp6_send_echoreply() of libslirp, in order to trigger a denial of service, or to obtain sensitive information...
Mozilla Thunderbird: information disclosure via X-Frame-Options
An attacker can bypass access restrictions to data via X-Frame-Options of Mozilla Thunderbird, in order to obtain sensitive information...
Microsoft Edge Chromium: code execution via DLL
An attacker can use a vulnerability via DLL of Microsoft Edge Chromium, in order to run code...
WebSphere AS: code execution via SOAP Serialized Objects
An attacker can use a vulnerability via SOAP Serialized Objects of WebSphere AS, in order to run code...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1044 1045 1046 1047 1048 1049 1050 1051 1052 1054 1056 1057 1058 1059 1060