The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Perl IPTables-Parse: file corruption
A local attacker can create a symbolic link, in order to alter the pointed file, with privileges of Perl IPTables::Parse...
NVIDIA: four vulnerabilities
An attacker can use several vulnerabilities of NVIDIA...
Drupal Encrypt: encryption with Drupal private key
An attacker can obtain the site private key via Drupal Encrypt, in order to decrypt sensitive data...
VMware vCenter Server: external XML entity injection
An attacker can transmit malicious XML data to VMware vCenter Server, in order to read a file, scan sites, or trigger a denial of service...
libxml2: unreachable memory reading via xmlSAX2TextNode
An attacker can create a malformed XML/HTML file, in order to generate a denial of service in applications linked to libxml2...
WordPress WooCommerce: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress WooCommerce, in order to run JavaScript code in the context of the web site...
Dracut: file corruption
A local attacker can create a symbolic link, in order to alter the pointed file, with privileges of Dracut...
WordPress Users Ultra Membership Plugin: file upload
An attacker can upload a malicious file on WordPress Users Ultra Membership Plugin, in order for example to upload a Trojan...
HP Operations Orchestration Central: Cross Site Request Forgery
An attacker can trigger a Cross Site Request Forgery of HP Operations Orchestration Central, in order to force the victim to perform operations...
Linux kernel: use after free via peer_wait_queue
A local attacker can force the usage of a freed memory area in the peer_wait_queue() function of the Linux kernel, in order to trigger a denial of service, and possibly to run code...
Adobe LiveCycle Data Services: Server Side Request Forgery of BlazeDS
An attacker can trigger a Server Side Request Forgery in BlazeDS of Adobe LiveCycle Data Services, in order to access to filtered web services...
LXCFS: two vulnerabilities
An attacker can use several vulnerabilities of LXCFS...
Cyrus IMAP: unreachable memory reading via index_urlfetch
An attacker can force a read at an invalid address in index_urlfetch of Cyrus IMAP, in order to trigger a denial of service...
Pygments: code execution via FontManager._get_nix_font_path
An attacker can use a vulnerability in FontManager._get_nix_font_path of Pygments, in order to run code...
PowerDNS: denial of service
An attacker can send a malicious packet to PowerDNS, in order to trigger a denial of service...
libxml2: unreachable memory reading via xmlParseMarkupDecl
An attacker can create a malformed XML file, in order to generate a denial of service in applications linked to libxml2...
WordPress LineNity: directory traversal
An attacker can traverse directories of WordPress LineNity, in order to read a file outside the service root path...
WebKitGTK: two vulnerabilities
An attacker can use several vulnerabilities of WebKitGTK...
Kaspersky Anti-Virus: three vulnerabilities
Several vulnerabilities were announced in Kaspersky Anti-Virus...
Cisco Prime Collaboration Assurance: Cross Site Request Forgery
An attacker can trigger a Cross Site Request Forgery of Cisco Prime Collaboration Assurance, in order to force the victim to perform operations...
strongSwan: privilege escalation via EAP-MSCHAPv2
An attacker can bypass restrictions in EAP-MSCHAPv2 of strongSwan, in order to escalate his privileges...
Tornado: information disclosure via BREACH
An attacker can use the BREACH attack on Tornado, in order to obtain a cookie to perform operations on the service...
IBM TSM Data Protection: information disclosure via changetsmpassword
A local attacker can read logs of IBM TSM Data Protection, in order to obtain sensitive information...
Cisco Aironet 1800: denial of service via SSHv2
An authenticated attacker can try to open numerous SSHv2 sessions on Cisco Aironet 1800, in order to trigger a denial of service...
Cisco IOS: bypassing Virtual PPP ACL
An attacker can bypass ACLs on virtual PPP interfaces of Cisco IOS when ACLs on physical interfaces are open, in order to access to network services which should be forbidden...
Fedora packages: security improvement via fPIC
The security of several Fedora packages was improved by recompiling them with the -fPIC option...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 558 559 560 561 562 563 564 565 566 568 570 571 572 573 574 575 576 577 578 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1020