The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
fetchmail: truncation of X.509 with null
An attacker can invite the victim to connect with fetchmail to a SSL site using a X.509 certificate with a Common Name containing a null character, in order to deceive the victim...
APR, APR-util: integer overflow of allocations
An attacker, who can force an application to allocate a malicious size, can generate an overflow in APR, leading to a denial of service or to code execution...
AIX: file creation via _LIB_INIT_DBG
A local attacker can use _LIB_INIT_DBG and a suid root program, in order to create a file owned by root...
Java JRE/JDK/SDK: several vulnerabilities
Several vulnerabilities of Java JRE/JDK/SDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code...
Linux kernel: memory corruption via clone
A local attacker can use clone() and execve() in order to change 4 bytes in kernel memory...
Linux kernel: information disclosure via sigaltstack
On a 64 bit computer, a local attacker can use sigaltstack() to obtain a fragment of kernel memory...
Firefox 3.0: several vulnerabilities
Several vulnerabilities of Firefox 3.0 can be used by an attacker to execute code on victim's computer...
Firefox 3.5: several vulnerabilities
Several vulnerabilities of Firefox 3.5 can be used by an attacker to execute code on victim's computer...
SAP Business One: buffer overflow of NT_Naming_Service
A remote attacker can connect to the License Manager service of SAP Business One, in order to execute code...
MySQL: denial of service via partitioning
An attacker can create a partitioned table in order to stop MySQL...
Firefox, GnuTLS, OpenSSL, NSPR, NSS: signature with MD2 for X.509
An attacker can invite the victim to connect to a SSL site using a X.509 certificate signed with MD2, in order to deceive the victim...
Firefox, NSPR, NSS: truncation of X.509 with null
An attacker can invite the victim to connect to a SSL site using a X.509 certificate with a Common Name containing a null character, in order to deceive the victim...
Joomla: sending several emails
An attacker can use com_mailto of Joomla! to send emails without honouring the anti-spam limit...
Firefox, NSPR, NSS: overflow via X.509
An attacker can invite the victim to connect to a SSL site using a malicious X.509 certificate, in order to execute code...
Adobe Flash Player: several vulnerabilities
Several Adobe Flash Player vulnerabilities can be used by an attacker to execute code or to obtain information...
Solaris: denial of service via Trusted Extensions
An attacker can send an IP packet to a system with Trusted Extensions enabled, in order to stop it...
VNC: privilege elevation
A local attacker can elevate his privileges via a vulnerability of VNC Server Service-Mode...
TYPO3: vulnerabilities of extensions
An attacker can use several vulnerabilities of TYPO3 extensions in order to obtain information, to generate a Cross Site Scripting or to inject SQL code...
Cisco IOS: denial of service via BGP
A malicious peer can send BGP packets in order to force the router to restart...
NetBSD: denial of service via SHA2
Applications using the SHA-256/SHA-512 implementation of NetBSD are potentially unstable...
Linux kernel: privilege elevation via eCryptfs
A local attacker, allowed to mount a eCryptfs filesystem, can generate an overflow in order to elevate his privileges...
ISC DHCP: denial of service via Client ID
In a special configuration, an attacker can send a DHCP packet to another interface of the server, in order to stop it...
BIND: denial of service of Dynamic Update
An attacker can send a DNS Dynamic Update packet to a BIND server, which is master for a zone, in order to stop it, even if it is not configured for Dynamic Updates...
Internet Explorer: multiple vulnerabilities
Several vulnerabilities of Internet Explorer lead to code execution...
Visual Studio: vulnerabilities of ATL
An attacker can use an ActiveX developped with the Active Template Library, provided by Visual Studio, in order to execute code in the web browser of victims...
KDE: memory corruption via a HTML entity
An attacker can invite the victim to see a malicious HTML page, in order to create a denial of service or to execute code...
Asterisk: denial of service of RTP
An attacker can send malicious text data to Asterisk version 1.6.1 or 1.6.1.1 in order to stop it...
Solaris: denial of service via Auditing and openat
When Solaris Auditing is enabled, a local attacker can call the openat() function in order to panic the system...
MPlayer, VLC: integer overflow of RDT
An attacker can invite the victim to open a malicious Real stream in order to execute code on his computer...
Cisco Wireless LAN Controller: several vulnerabilities
Four vulnerabilities of Cisco Wireless LAN Controller can be used by an attacker to create a denial of service or to alter the configuration...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 244 245 246 247 248 249 250 251 252 254 256 257 258 259 260 261 262 263 264 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1104