The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
JasPer: out-of-bounds memory reading via jp2_decode
An attacker can force a read at an invalid address via jp2_decode() of JasPer, in order to trigger a denial of service, or to obtain sensitive information...
Spring Security: information disclosure via CBC Null Initialization Vector
An attacker can bypass access restrictions to data via CBC Null Initialization Vector of Spring Security, in order to obtain sensitive information...
YUI: Cross Site Scripting via Menu Widget AddItem
An attacker can trigger a Cross Site Scripting via Menu Widget AddItem of YUI, in order to run JavaScript code in the context of the web site...
Terracotta Quartz Scheduler: external XML entity injection via initDocumentParser
An attacker can transmit malicious XML data via initDocumentParser() to Terracotta Quartz Scheduler, in order to read a file, scan sites, or trigger a denial of service...
Apache CXF: information disclosure via InstrumentationManager Extension Bus
An attacker can bypass access restrictions to data via InstrumentationManager Extension Bus of Apache CXF, in order to obtain sensitive information...
Apache CXF: privilege escalation via OpenId Connect Access Token
An attacker can bypass restrictions via OpenId Connect Access Token of Apache CXF, in order to escalate his privileges...
Apache ActiveMQ: information disclosure via OpenWire Protocol
An attacker can bypass access restrictions to data via OpenWire Protocol of Apache ActiveMQ, in order to obtain sensitive information...
Apache ActiveMQ: Cross Site Scripting via queue.jsp
An attacker can trigger a Cross Site Scripting via queue.jsp of Apache ActiveMQ, in order to run JavaScript code in the context of the web site...
Apache CXF: information disclosure via OpenId Connect JWK Keys
An attacker can bypass access restrictions to data via OpenId Connect JWK Keys of Apache CXF, in order to obtain sensitive information...
Apache ActiveMQ: Man-in-the-Middle via TLS Hostname Verification
An attacker can act as a Man-in-the-Middle via TLS Hostname Verification on Apache ActiveMQ, in order to read or write data in the session...
Apache ActiveMQ: Cross Site Scripting via Webconsole Admin GUI
An attacker can trigger a Cross Site Scripting via Webconsole Admin GUI of Apache ActiveMQ, in order to run JavaScript code in the context of the web site...
Apache ActiveMQ: denial of service via Corrupt MQTT Frame
An attacker can trigger a fatal error via Corrupt MQTT Frame of Apache ActiveMQ, in order to trigger a denial of service...
IBM QRadar SIEM: privilege escalation via KDC Spoofing
An attacker can bypass restrictions via KDC Spoofing of IBM QRadar SIEM, in order to escalate his privileges...
MariaDB: privilege escalation via SST Illegal Character
An attacker can bypass restrictions via SST Illegal Character of MariaDB, in order to escalate his privileges...
golang.org/x/crypto: denial of service via SSH Signature Verification
An attacker can trigger a fatal error via SSH Signature Verification of golang.org/x/crypto, in order to trigger a denial of service...
Apache ActiveMQ: privilege escalation via LocateRegistry.createRegistry
An attacker can bypass restrictions via LocateRegistry.createRegistry() of Apache ActiveMQ, in order to escalate his privileges...
Cisco Nexus Data Broker: directory traversal
An attacker can traverse directories of Cisco Nexus Data Broker, in order to read a file outside the service root path...
Cisco ESA: privilege escalation via URL Filtering Bypass
An attacker can bypass restrictions via URL Filtering Bypass of Cisco ESA, in order to escalate his privileges...
QEMU: buffer overflow via ati_2d_blt
An attacker, inside a guest system, can trigger a buffer overflow via ati_2d_blt() of QEMU, in order to trigger a denial of service, and possibly to run code on the host system...
KDE Connect: denial of service via Packet Manipulation
An attacker can trigger a fatal error via Packet Manipulation of KDE Connect, in order to trigger a denial of service...
Chrome: multiple vulnerabilities
An attacker can use several vulnerabilities of Chrome...
Linux kernel: out-of-bounds memory reading via ppp_cp_parse_cr
An attacker can force a read at an invalid address via ppp_cp_parse_cr() of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information...
TigerVNC: read-write access via Certificates Stored As Authorities
An attacker can bypass access restrictions via Certificates Stored As Authorities of TigerVNC, in order to read or alter data...
GitHub Flavored Markdown: overload via Input Parsing
An attacker can trigger an overload via Input Parsing of GitHub Flavored Markdown, in order to trigger a denial of service...
SPICE: buffer overflow via QUIC Decoding Code
An attacker can trigger a buffer overflow via QUIC Decoding Code of SPICE, in order to trigger a denial of service, and possibly to run code...
Python: code execution via CJK Codec Tests eval
An attacker can use a vulnerability via CJK Codec Tests eval() of Python, in order to run code...
Google Android: multiple vulnerabilities of October 2020
An attacker can use several vulnerabilities of Google Android...
Dell EMC OpenManage Integration for Microsoft System Center: code execution
An attacker can use a vulnerability of Dell EMC OpenManage Integration for Microsoft System Center, in order to run code...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1064 1065 1066 1067 1068 1069 1070 1071 1072 1074 1076 1077 1078 1079 1080 1081 1082 1083 1084 1101 1116