The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
OpenSSL: memory leak via SRTP
An attacker can create a memory leak in OpenSSL compiled by default with SRTP, in order to trigger a denial of service...
Firefox, Thunderbird, SeaMonkey: multiple vulnerabilities
An attacker can use several vulnerabilities of Firefox, Thunderbird and SeaMonkey...
SSL 3.0: decrypting session, POODLE
An attacker, located as a Man-in-the-Middle, can decrypt a SSL 3.0 session, in order to obtain sensitive information...
Oracle MySQL: several vulnerabilities of October 2014
Several vulnerabilities of Oracle MySQL were announced in October 2014...
Oracle Solaris: several vulnerabilities of October 2014
Several vulnerabilities of Oracle Solaris were announced in October 2014...
Oracle Java: several vulnerabilities of October 2014
Several vulnerabilities of Oracle Java were announced in October 2014...
Oracle Fusion: several vulnerabilities of October 2014
Several vulnerabilities of Oracle Fusion were announced in October 2014...
Oracle Database: several vulnerabilities of October 2014
Several vulnerabilities of Oracle Database were announced in October 2014...
Adobe Flash Player: three vulnerabilities
An attacker can use several vulnerabilities of Adobe Flash Player...
Windows: memory corruption via FASTFAT FAT32
A local attacker can insert an USB key with a malicious FAT32 partition, to generate a memory corruption in FASTFAT of Windows, in order to trigger a denial of service, and possibly to execute code...
Microsoft Office: memory corruption via Word
An attacker can invite the victim to open a malicious Word document, to generate a memory corruption in Word of Microsoft Office, in order to trigger a denial of service, and possibly to execute code...
Windows: memory corruption via OLE
An attacker can invite the victim to open a malicious Office document, to generate a memory corruption in OLE of Windows, in order to trigger a denial of service, and possibly to execute code...
ASP.NET MVC: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of ASP.NET MVC, in order to execute JavaScript code in the context of the web site...
Windows: two vulnerabilities of Win32k.sys
An attacker can use several vulnerabilities of the Win32k.sys kernel driver of Windows...
Microsoft .NET: multiple vulnerabilities
An attacker can use several vulnerabilities of Microsoft .NET...
Internet Explorer: multiple vulnerabilities
An attacker can use several vulnerabilities of Internet Explorer...
SAP: multiple vulnerabilities
An attacker can use several vulnerabilities of SAP...
Linux kernel: denial of service via xfs_da3_fixhashpath
A local attacker can manipulate directories on an XFS filesystem with the Linux kernel, in order to trigger a denial of service...
WordPress Enfold: vulnerability
A vulnerability of WordPress Enfold was announced...
HP-UX: Cross Site Request Forgery of SMH
An attacker can trigger a Cross Site Request Forgery in SMH of HP-UX, in order to force the victim to perform operations...
WebSphere MQ: preconfigured passwords disclosure
An attacker can obtain passwords used by IBM WebSphere MQ, in order to access to privileged features...
Cisco AsyncOS: ZIP not blocked
An attacker can create a malicious ZIP archive, which is not blocked by Cisco AsyncOS on Cisco Email Security Appliance, in order to infect the destination victim computer...
WebSphere AS 7.0: multiple vulnerabilities
An attacker can use several vulnerabilities of IBM WebSphere AS 7.0...
MIT krb5: privilege escalation via kadmind kadm5_randkey_principal_3
An authenticated attacker can obtain old keys used via kadmind of MIT krb5, in order to escalate his privileges...
Apache httpd: NULL pointer dereference via mod_cache
An attacker can force a NULL pointer to be dereferenced in mod_cache of Apache httpd, in order to trigger a denial of service...
Cisco IOS XE: invalid certificate validation with ANI
An attacker can send a message with an invalid certificate to ANI of Cisco IOS XE, in order to masquerade as another device...
Cisco IOS XE: injecting ACP routes in ANI
An attacker can send a RPL Advertisement message to inject ACP routes in Cisco IOS XE with ANI...
Cisco IOS XE: privilege escalation via ANI
An attacker can send an invalid message to ANI of Cisco IOS XE, in order to escalate his privileges...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 463 464 465 466 467 468 469 470 471 473 475 476 477 478 479 480 481 482 483 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1022