The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
ISC DHCP: denials of service
An attacker can generate two denials of service in ISC DHCP, in order to stop it...
F5 BIG-IP: weak initial cryptographic keys
Initial cryptographic keys generated on F5 BIG-IP are not sufficiently strong, so an attacker may guess the private key, and then access to the system...
Firefox, Thunderbird, SeaMonkey: several vulnerabilities
Several vulnerabilities of Firefox, Thunderbird and SeaMonkey can be used by an attacker to execute code on victim's computer...
WebSphere MQ: access to SVRCONN
An unauthenticated attacker can access to a SVRCONN Channel of WebSphere MQ, in order to transmit/receive messages...
PostgreSQL: denial of service via SECURITY DEFINER and SET
An attacker can create a special function, and then call it, in order to stop PostgreSQL...
IBM DB2 9.8: four vulnerabilities
An attacker can use four vulnerabilities of IBM DB2, in order to create a denial of service or to elevate his privileges...
IBM DB2 9.5: four vulnerabilities
An attacker can use four vulnerabilities of IBM DB2, in order to create a denial of service or to elevate his privileges...
Quagga: denial of service via ORF
A malicious peer can send a BGP OPEN message with a malformed ORF capability, in order to generate a denial of service in Quagga...
BIND: denial of service via rdata null
An attacker can use a zone containing an empty record, in order to stop a recursive DNS server, or to obtain fragments of its memory...
Windows: revoked Microsoft certification authorities
Three certification authorities trusted by Windows delivered certificates to attackers, used to sign malicious applications...
IBM DB2 9.8: three vulnerabilities
An attacker can use three vulnerabilities of IBM DB2, in order to create a denial of service or to elevate his privileges...
IBM DB2 9.7: five vulnerabilities
An attacker can use five vulnerabilities of IBM DB2, in order to create a denial of service or to elevate his privileges...
MIT krb5: denial of service of kadmind via create
An administrator with the "create" privilege can stop the MIT krb5 kadmind service...
strongSwan: bypassing the RSA signature with gmp
When strongSwan is configured with the "gmp" plugin to check RSA signatures, an attacker can use an empty signature, which is recognized as valid, and leads to the authentication as a legitimate user...
QEMU: file corruption via snapshot
When the administrator uses the snapshot option of QEMU, a local attacker can create a symbolic link, in order to alter a file with root privileges...
GIMP: buffer overflow of Script-Fu Server
When the Script-Fu Server is enabled on GIMP, an attacker can send a long query, in order to generate a buffer overflow, leading to a denial of service or to code execution...
Cisco IOS XR: denial of service
An attacker can send a malicious packet to products with Cisco IOS XR, in order to create a denial of service...
BSD, PHP, PostgreSQL: password truncation by crypt
When the crypt() function is used to hash a non ascii password with the DES algorithm, the password is truncated, so brute force attacks can be easier...
Linux kernel: denial of service via SYN+FIN
An attacker can send TCP packets with the SYN and FIN flags, in order to create a denial of service...
Asterisk: denial of service via IAX2 or Skinny
An attacker can use two vulnerabilities of Asterisk, in order to create a denial of service...
Apache log4j: memory leak via MDC and ThreadLocal
When an application uses an org.apache.log4j.MDC object, an attacker can call it to generate a memory leak, leading to a denial of service...
WebSphere AS 7.0: six vulnerabilities
An attacker can use several vulnerabilities of WebSphere Application Server...
FFmpeg: several vulnerabilities
An attacker can create a malicious video, and invite the victim to display it with an application linked to FFmpeg, in order to stop it or to execute code on his computer...
TCP: packets injection via a firewall and a malware
When an attacker installed an unprivileged malware on a client computer, and when a firewall is located between this client and a TCP server, an attacker who is located on the internet can guess valid sequence numbers, in order to inject data in this TCP session...
VMware vSphere Management Assistant: privilege elevation
A local attacker can invite VMware vSphere Management Assistant to load a malicious library, in order to elevate his privileges...
Apache Ant, Commons Compress: denial of service via bzip2
When an attacker can transmit data to compress by bzip2 to Apache Ant or Apache Commons Compress, he can create a denial of service...
Symantec Endpoint Protection: multiple vulnerabilities
An attacker can use several vulnerabilities of Symantec Endpoint Protection, in order to create a denial of service, to delete files, or to elevate his privileges...
Linux kernel: memory leak via HugeTLB
A local attacker can create an error during the mmap() of huge memory pages, in order to generate memory leaks, leading progressively to a denial of service...
Windows XP: privilege elevation via Keyboard Layout offTable
A local attacker can load a malformed Keyboard Layout, in order to create a denial of service or to obtain system privileges...
Xen: denial of service via Kernel Size
An attacker, who is administrator in a guest system, can enlarge the kernel size, in order to create a denial of service on the host system...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 336 337 338 339 340 341 342 343 344 346 348 349 350 351 352 353 354 355 356 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1022