The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Linux kernel: information disclosure via setsockopt
A local attacker can read a memory fragment via setsockopt() of the Linux kernel, in order to obtain sensitive information...
Linux kernel: code execution via futex_lock_pi
An attacker can use a vulnerability via futex_lock_pi() of the Linux kernel, in order to run code...
FreeBSD: information disclosure via VOP_READDIR
A local attacker can read a memory fragment via VOP_READDIR of FreeBSD, in order to obtain sensitive information...
Erlang/OTP: Man-in-the-Middle via Invalid X.509 Certificate Chain
An attacker can act as a Man-in-the-Middle via Invalid X.509 Certificate Chain on Erlang/OTP, in order to read or write data in the session...
SIMATIC HMI: code execution via Unauthenticated Telnet
An attacker can use a vulnerability via Unauthenticated Telnet of SIMATIC HMI, in order to run code...
Linux kernel: use after free via nbd_queue_rq
An attacker can force the usage of a freed memory area via nbd_queue_rq() of the Linux kernel, in order to trigger a denial of service, and possibly to run code...
Trend Micro ServerProtect for Linux: memory leak
An attacker can create a memory leak of Trend Micro ServerProtect for Linux, in order to trigger a denial of service...
QEMU: NULL pointer dereference via Floopy Disk Emulator
An attacker, inside a guest system, can force a NULL pointer to be dereferenced via Floopy Disk Emulator of QEMU, in order to trigger a denial of service on the host system...
IBM QRadar SIEM: code execution via Deserialization
An attacker can use a vulnerability via Deserialization of IBM QRadar SIEM, in order to run code...
Drupal Subgroup: privilege escalation via Uncle/Cousin Tree
An attacker can bypass restrictions via Uncle/Cousin Tree of Drupal Subgroup, in order to escalate his privileges...
Drupal Open Social: information disclosure via CSV File Export
An attacker can bypass access restrictions to data via CSV File Export of Drupal Open Social, in order to obtain sensitive information...
Drupal Open Social: privilege escalation via social_auth_extra
An attacker can bypass restrictions via social_auth_extra of Drupal Open Social, in order to escalate his privileges...
IBM MQ: code execution via Deserialization
An attacker can use a vulnerability via Deserialization of IBM MQ, in order to run code...
IBM QRadar SIEM: information disclosure via SSRF
An attacker can bypass access restrictions to data via SSRF of IBM QRadar SIEM, in order to obtain sensitive information...
IBM QRadar SIEM: information disclosure via SSRF
An attacker can bypass access restrictions to data via SSRF of IBM QRadar SIEM, in order to obtain sensitive information...
IBM QRadar SIEM: directory traversal
An attacker can traverse directories of IBM QRadar SIEM, in order to read a file outside the service root path...
Apple iOS: multiple vulnerabilities
An attacker can use several vulnerabilities of Apple iOS...
Ansible Community Package: two vulnerabilities via community.general
An attacker can use several vulnerabilities via community.general of Ansible Community Package (which were named Ansible before version 2.10)...
Linux kernel: directory traversal via fs/nfsd/nfs3xdr.c
An attacker can traverse directories via fs/nfsd/nfs3xdr.c of the Linux kernel, in order to read a file outside the service root path...
Sudo: buffer overflow via Command Unescaping Backslashes
An attacker can trigger a buffer overflow via Command Unescaping Backslashes of Sudo, in order to trigger a denial of service, and possibly to run code...
Go: code execution via Build Process
An attacker can use a vulnerability via Build Process of Go, in order to run code...
Go: information disclosure via P-224 Curve Computation Error
An attacker can bypass access restrictions to data via P-224 Curve Computation Error of Go, in order to obtain sensitive information...
WinSCP: code execution via Session Settings Loading
An attacker can use a vulnerability via Session Settings Loading of WinSCP, in order to run code...
Mozilla Firefox/Thunderbird: multiple vulnerabilities
An attacker can use several vulnerabilities of Mozilla Firefox/Thunderbird...
Jenkins Core: file corruption via Job/Workspace Permission
A local attacker can create a symbolic link via Job/Workspace Permission, in order to alter the pointed file, with privileges of Jenkins Core...
Lifesize Icon: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Lifesize Icon, in order to run JavaScript code in the context of the web site...
Undertow: denial of service via Special Characters Queries
An attacker can trigger a fatal error via Special Characters Queries of Undertow, in order to trigger a denial of service...
WebSphere AS: external XML entity injection
An attacker can transmit malicious XML data to WebSphere AS, in order to read a file, scan sites, or trigger a denial of service...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1095 1096 1097 1098 1099 1100 1101 1102 1103 1105 1107 1108 1109 1110 1111 1112 1113 1114