The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Node.js hapi: bypassing restrictions
An attacker can bypass CORS rules of Node.js hapi, in order to access to some resources...
Node.js mysql: SQL injection
An attacker can use a SQL injection of Node.js mysql, in order to read or alter data...
libvirt: directory traversal of Volume Names
An attacker can traverse directories in Volume Names of libvirt, in order to read a file outside the service root path...
AVG AntiVirus: information disclosure via Chrome Extension
An attacker can use a vulnerability in the Chrome extension of AVG AntiVirus, in order to obtain sensitive information...
Gwenhywfar: security improvement via ca-certificates
The Gwenhywfar product uses a static copy of ca-certificates...
Horde Core: Cross Site Scripting of VarRenderer_Html
An attacker can trigger a Cross Site Scripting in VarRenderer_Html of Horde Core, in order to run JavaScript code in the context of the web site...
QEMU: buffer overflow of Rocker tx_consume
An attacker, who is administrator in a guest system, can generate a buffer overflow in Rocker tx_consume() of QEMU, in order to trigger a denial of service, and possibly to run code on the host system...
Adobe Flash Player: multiple vulnerabilities
An attacker can use several vulnerabilities of Adobe Flash Player...
Joomla Joomdonation: information disclosure
An attacker can bypass access restrictions to data of Joomla Joomdonation, in order to obtain sensitive information...
PHP: format string attack via class name
An attacker can generate a memory corruption, if he can transmit malicious PHP code containing an invalid class name, in order to trigger a denial of service, and possibly to run code...
Node.js ecstatic: denial of service via If-Modified-Since
An attacker can generate a fatal error with an If-Modified-Since header for Node.js ecstatic, in order to trigger a denial of service...
Node.js hapi: denial of service via Socket Exhaustion
An attacker can generate a Socket Exhaustion of Node.js hapi, in order to trigger a denial of service...
LibTIFF: buffer overflow of bmp2tiff
An attacker can generate a buffer overflow in bmp2tiff of LibTIFF, in order to trigger a denial of service, and possibly to run code...
LibTIFF: unreachable memory reading via DECLAREContigPutFunc
An attacker can force a read at an invalid address in DECLAREContigPutFunc() of LibTIFF, in order to trigger a denial of service...
LibTIFF: memory corruption via _TIFFVGetField
An attacker can generate a memory corruption in _TIFFVGetField() of LibTIFF, in order to trigger a denial of service, and possibly to run code...
LibTIFF: unreachable memory reading via tif_getimage.c
An attacker can force a read at an invalid address in tif_getimage.c of LibTIFF, in order to trigger a denial of service...
QEMU: buffer overflow of acpi_gpe_init
An attacker, who is privileged in a guest system, can generate a buffer overflow in acpi_gpe_init() of QEMU, in order to trigger a denial of service of the VM...
Linux kernel: attribute change on overlayfs
A local attacker can use the setxattr() function on an overlayfs file system on the Linux kernel, in order to access to a restricted file...
QEMU: buffer overflow of hmp_sendkey
An attacker in a guest system can generate a buffer overflow in hmp_sendkey() of QEMU, in order to trigger a denial of service, and possibly to run code on the host system...
phpMyAdmin: information disclosure via Error Message
An attacker can read an error message of phpMyAdmin, in order to obtain sensitive information...
gummi: file corruption
A local attacker can create a symbolic link, in order to alter the pointed file, with privileges of gummi...
glibc: security improvement via Pointer Guarding
The security of glibc was improved via Pointer Guarding...
Quassel: denial of service
An attacker can generate a fatal error of Quassel, in order to trigger a denial of service...
Mozilla NSS, OpenSSL, Oracle Java: MD5 allowed in TLS 1.2
An attacker can create a MD5 collision in a TLS 1.2 session of Mozilla NSS, OpenSSL or Oracle Java, in order to capture data belonging to this session...
openstack-swift-plugin-swift3: privilege escalation via Replay
An attacker can bypass restrictions in Replay of openstack-swift-plugin-swift3, in order to escalate his privileges...
Apache ActiveMQ: code execution via Deserialization
An attacker can use a vulnerability in Deserialization of Apache ActiveMQ, in order to run code...
Joomla com_jomestate: SQL injection
An attacker can use a SQL injection of Joomla com_jomestate, in order to read or alter data...
RSA SecurID Web Agent: bypassing the automatic logout
An attacker can bypass the automatic logout feature of RSA SecurID Web Agent, in order to continue to use the web service...
pfSense: four vulnerabilities
An attacker can use several vulnerabilities of pfSense...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 567 568 569 570 571 572 573 574 575 577 579 580 581 582 583 584 585 586 587 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1022