The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Stormshield Network Security: information disclosure via LDAP User Enumeration
An attacker can bypass access restrictions to data via LDAP User Enumeration of Stormshield Network Security, in order to obtain sensitive information...
Centreon Web 2.8: multiple vulnerabilities
An attacker can use several vulnerabilities of Centreon Web 2.8...
IBM Power9 Self Boot Engine: code execution via Service Processor Code Injection
An attacker can use a vulnerability via Service Processor Code Injection of IBM Power9 Self Boot Engine, in order to run code...
RESTEasy: information disclosure via HTTP Response
An attacker can bypass access restrictions to data via HTTP Response of RESTEasy, in order to obtain sensitive information...
Linux kernel: memory corruption via BPF Arithmetic Operations
An attacker can trigger a memory corruption via BPF Arithmetic Operations of the Linux kernel, in order to trigger a denial of service, and possibly to run code...
ISC DHCP: denial of service via Lease File Parsing
An attacker can trigger a fatal error via Lease File Parsing of ISC DHCP, in order to trigger a denial of service...
upx: out-of-bounds memory reading via p_lx_elf.cpp
An attacker can force a read at an invalid address via p_lx_elf.cpp of upx, in order to trigger a denial of service, or to obtain sensitive information...
FreeBSD: denial of service via libradius
An attacker can trigger a fatal error via libradius of FreeBSD, in order to trigger a denial of service...
FreeBSD: privilege escalation via SMAP Bypass
An attacker can bypass restrictions via SMAP Bypass of FreeBSD, in order to escalate his privileges...
Drupal Core: Cross Site Scripting via CKEditor
An attacker can trigger a Cross Site Scripting via CKEditor of Drupal Core, in order to run JavaScript code in the context of the web site...
Bluetooth: information disclosure via Mesh Profile Provisioning AuthValue leak
An attacker can bypass access restrictions to data via Mesh Profile Provisioning AuthValue leak of Bluetooth, in order to obtain sensitive information...
Bluetooth: privilege escalation via Mesh Profile Provisioning Malleable Commitment
An attacker can bypass restrictions via Mesh Profile Provisioning Malleable Commitment of Bluetooth, in order to escalate his privileges...
Bluetooth: privilege escalation via Mesh Profile Provisioning Predictable Authvalue
An attacker can bypass restrictions via Mesh Profile Provisioning Predictable Authvalue of Bluetooth, in order to escalate his privileges...
Bluetooth: privilege escalation via Mesh Profile Provisioning
An attacker can bypass restrictions via Mesh Profile Provisioning of Bluetooth, in order to escalate his privileges...
Bluetooth: privilege escalation via BR/EDR Pin-pairing
An attacker can bypass restrictions via BR/EDR Pin-pairing of Bluetooth, in order to escalate his privileges...
Bluetooth: privilege escalation via LE Legacy Pairing
An attacker can bypass restrictions via LE Legacy Pairing of Bluetooth, in order to escalate his privileges...
Bluetooth: privilege escalation via Passkey Entry Impersonation
An attacker can bypass restrictions via Passkey Entry Impersonation of Bluetooth, in order to escalate his privileges...
Linux kernel: memory corruption via /dev/kvm
An attacker, inside a guest system, can trigger a memory corruption via /dev/kvm of the Linux kernel, in order to trigger a denial of service, and possibly to run code on the host system...
Chrome: multiple vulnerabilities
An attacker can use several vulnerabilities of Chrome...
cURL: use after free via TLS Session Caching
An attacker can force the usage of a freed memory area via TLS Session Caching of cURL, in order to trigger a denial of service, and possibly to run code...
cURL: information disclosure via TELNET NEW_ENV Variables
An attacker can bypass access restrictions to data via TELNET NEW_ENV Variables of cURL, in order to obtain sensitive information...
cURL: information disclosure via Concurrent Transfers Last Schannel Cipher Selection
An attacker can bypass access restrictions to data via Concurrent Transfers Last Schannel Cipher Selection of cURL, in order to obtain sensitive information...
VMware vCenter Server: two vulnerabilities
An attacker can use several vulnerabilities of VMware vCenter Server...
Moodle: Cross Site Scripting via Polyglot Input Tag
An attacker can trigger a Cross Site Scripting via Polyglot Input Tag of Moodle, in order to run JavaScript code in the context of the web site...
Apport: multiple vulnerabilities
An attacker can use several vulnerabilities of Apport...
IBM DB2: executing DLL code via Flexnet Agent Check For Updates
An attacker can create a malicious Flexnet Agent Check For Updates DLL, and then put it in the current directory of IBM DB2, in order to execute code...
WebSphere AS: external XML entity injection via Java Batch
An attacker can transmit malicious XML data via Java Batch to WebSphere AS, in order to read a file, scan sites, or trigger a denial of service...
Spring Framework: read-write access via WebFlux Temporary Storage
An attacker can bypass access restrictions via WebFlux Temporary Storage of Spring Framework, in order to read or alter data...
Joomla Core: Cross Site Request Forgery via Data Download Endpoints
An attacker can trigger a Cross Site Request Forgery via Data Download Endpoints of Joomla Core, in order to force the victim to perform operations...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1133 1134 1135 1136 1137 1138 1139 1140 1141 1143 1145 1146 1147 1148 1149 1150