The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Node.js nats: information disclosure
An attacker can bypass access restrictions to data of Node.js nats, in order to obtain sensitive information...
Node.js jison: code execution via Command Injection
An attacker can use a vulnerability via Command Injection of Node.js jison, in order to run code...
Node.js next: open redirect
An attacker can deceive the user of Node.js next, in order to redirect him to a malicious site...
IBM Informix Dynamic Server: buffer overflow via Spatial Datablade
An attacker can trigger a buffer overflow via Spatial Datablade of IBM Informix Dynamic Server, in order to trigger a denial of service, and possibly to run code...
Cisco ASR 5000: privilege escalation via StarOS
An attacker can bypass restrictions via StarOS of Cisco ASR 5000, in order to escalate his privileges...
Cisco ASR 5000: privilege escalation via StarOS
An attacker can bypass restrictions via StarOS of Cisco ASR 5000, in order to escalate his privileges...
Jenkins Plugins: multiple vulnerabilities
An attacker can use several vulnerabilities of Jenkins Plugins...
Apache HttpClient: information disclosure via java.net.URI Authority Component
An attacker can bypass access restrictions to data via java.net.URI Authority Component of Apache HttpClient, in order to obtain sensitive information...
Zabbix: code execution via IPv6 Address
An attacker can use a vulnerability via IPv6 Address of Zabbix, in order to run code...
IBM QRadar SIEM: code execution via Java Deserialization
An attacker can use a vulnerability via Java Deserialization of IBM QRadar SIEM, in order to run code...
JasPer: assertion error via jpc_abstorelstepsize
An attacker can force an assertion error via jpc_abstorelstepsize() of JasPer, in order to trigger a denial of service...
JasPer: out-of-bounds memory reading via jp2_decode
An attacker can force a read at an invalid address via jp2_decode() of JasPer, in order to trigger a denial of service, or to obtain sensitive information...
Spring Security: information disclosure via CBC Null Initialization Vector
An attacker can bypass access restrictions to data via CBC Null Initialization Vector of Spring Security, in order to obtain sensitive information...
YUI: Cross Site Scripting via Menu Widget AddItem
An attacker can trigger a Cross Site Scripting via Menu Widget AddItem of YUI, in order to run JavaScript code in the context of the web site...
Terracotta Quartz Scheduler: external XML entity injection via initDocumentParser
An attacker can transmit malicious XML data via initDocumentParser() to Terracotta Quartz Scheduler, in order to read a file, scan sites, or trigger a denial of service...
Apache CXF: information disclosure via InstrumentationManager Extension Bus
An attacker can bypass access restrictions to data via InstrumentationManager Extension Bus of Apache CXF, in order to obtain sensitive information...
Apache CXF: privilege escalation via OpenId Connect Access Token
An attacker can bypass restrictions via OpenId Connect Access Token of Apache CXF, in order to escalate his privileges...
Apache ActiveMQ: information disclosure via OpenWire Protocol
An attacker can bypass access restrictions to data via OpenWire Protocol of Apache ActiveMQ, in order to obtain sensitive information...
Apache ActiveMQ: Cross Site Scripting via queue.jsp
An attacker can trigger a Cross Site Scripting via queue.jsp of Apache ActiveMQ, in order to run JavaScript code in the context of the web site...
Apache CXF: information disclosure via OpenId Connect JWK Keys
An attacker can bypass access restrictions to data via OpenId Connect JWK Keys of Apache CXF, in order to obtain sensitive information...
Apache ActiveMQ: Man-in-the-Middle via TLS Hostname Verification
An attacker can act as a Man-in-the-Middle via TLS Hostname Verification on Apache ActiveMQ, in order to read or write data in the session...
Apache ActiveMQ: Cross Site Scripting via Webconsole Admin GUI
An attacker can trigger a Cross Site Scripting via Webconsole Admin GUI of Apache ActiveMQ, in order to run JavaScript code in the context of the web site...
Apache ActiveMQ: denial of service via Corrupt MQTT Frame
An attacker can trigger a fatal error via Corrupt MQTT Frame of Apache ActiveMQ, in order to trigger a denial of service...
IBM QRadar SIEM: privilege escalation via KDC Spoofing
An attacker can bypass restrictions via KDC Spoofing of IBM QRadar SIEM, in order to escalate his privileges...
MariaDB: privilege escalation via SST Illegal Character
An attacker can bypass restrictions via SST Illegal Character of MariaDB, in order to escalate his privileges...
golang.org/x/crypto: denial of service via SSH Signature Verification
An attacker can trigger a fatal error via SSH Signature Verification of golang.org/x/crypto, in order to trigger a denial of service...
Apache ActiveMQ: privilege escalation via LocateRegistry.createRegistry
An attacker can bypass restrictions via LocateRegistry.createRegistry() of Apache ActiveMQ, in order to escalate his privileges...
Cisco Nexus Data Broker: directory traversal
An attacker can traverse directories of Cisco Nexus Data Broker, in order to read a file outside the service root path...
Cisco ESA: privilege escalation via URL Filtering Bypass
An attacker can bypass restrictions via URL Filtering Bypass of Cisco ESA, in order to escalate his privileges...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1065 1066 1067 1068 1069 1070 1071 1072 1073 1075 1077 1078 1079 1080 1081 1082