The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
WordPress NextGEN Gallery: directory traversal
An attacker can traverse directories of WordPress NextGEN Gallery, in order to read a file outside the service root path...
WordPress NextGEN Gallery: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress NextGEN Gallery, in order to run JavaScript code in the context of the web site...
Node.js bittorrent-dht: information disclosure
An attacker can read a memory fragment of Node.js bittorrent-dht, in order to obtain sensitive information...
Node.js ws: information disclosure
An attacker can read a memory fragment of Node.js ws, in order to obtain sensitive information...
Google Android OS: multiple vulnerabilities of January 2016
An attacker can use several vulnerabilities of Google Android OS...
Cisco IOS XR: denial of service via OSPF LSA
An attacker can send a malicious OSPF LSA packet to Cisco IOS XR, in order to trigger a denial of service...
Jenkins: four vulnerabilities
An attacker can use several vulnerabilities of Jenkins...
Cacti: SQL injection of graphs_new.php cg_g
An attacker can use a SQL injection in graphs_new.php of Cacti, in order to read or alter data...
QEMU: assertion error via vmxnet3_io_bar0_read
An attacker, who is privileged in a guest system, can generate an assertion error in the vmxnet3_io_bar0_read() function of QEMU, in order to trigger a denial of service on the host system...
QEMU: unreachable memory reading via vmxnet3_process_tx_queue
An attacker, who is privileged in a guest system, can force a read at an invalid address in the vmxnet3_process_tx_queue() function of QEMU, in order to trigger a denial of service on the host system...
QEMU: memory corruption via ne2000_mem_writel
An attacker, who is privileged in a guest system, can generate a memory corruption in ne2000_mem_writel() of QEMU, in order to trigger a denial of service, and possibly to run code on the host system...
Linux kernel: privilege escalation via ptrace and User Namespace
A local attacker can use ptrace() on a User Namespace created by the Linux kernel, in order to escalate his privileges...
giflib: buffer overflow of giffix
An attacker can generate a buffer overflow in giffix of giflib, in order to trigger a denial of service, and possibly to run code...
MediaWiki: six vulnerabilities
An attacker can use several vulnerabilities of MediaWiki...
Ganeti: two vulnerabilities
An attacker can use several vulnerabilities of Ganeti...
WordPress Simple Ads Manager: SQL injection
An attacker can use a SQL injection of WordPress Simple Ads Manager, in order to read or alter data...
IBM DB2 9.7: eight vulnerabilities
An attacker can use several vulnerabilities of IBM DB2 9.7...
IBM DB2: privilege escalation via Binaries Build
A local attacker can use IBM DB2, in order to escalate his privileges...
IBM DB2 10.5: eight vulnerabilities
An attacker can use several vulnerabilities of IBM DB2 10.5...
Claws Mail: buffer overflow of conv_jistoeuc
An attacker can generate a buffer overflow in conv_jistoeuc of Claws Mail, in order to trigger a denial of service, and possibly to run code...
Puppet Enterprise: privilege escalation via Communications Protocol
An attacker can use Puppet Communications Protocol, in order to escalate his privileges on Puppet Enterprise...
WordPress Collne Welcart: SQL injection
An attacker can use a SQL injection of WordPress Collne Welcart, in order to read or alter data...
Wireshark 2.0: multiple vulnerabilities
An attacker can use several vulnerabilities of Wireshark 2.0...
Wireshark 1.12: multiple vulnerabilities
An attacker can use several vulnerabilities of Wireshark 1.12...
Bouncy Castle: MD5 allowed in TLS 1.2
An attacker can create a collision with a weak algorithm such as MD5 in a TLS 1.2 session of Bouncy Castle, in order to capture data belonging to this session...
KDE: access to the IPC
A local attacker can create a temporary directory containing an IPC, in order to communicate with KDE...
Ruby: bypassing $SAFE via Fiddle-Handle.new
The Ruby Fiddle::Handle.new() function accepts to open a tainted file, which bypasses the protection of the $SAFE mode...
Ruby: bypassing $SAFE via DL-dlopen
The Ruby DL::dlopen() function accepts to open a tainted file, which bypasses the protection of the $SAFE mode...
Gajim: security improvement via Connexion/Roster
The security of Gajim was improved via Connexion/Roster...
IBM SPSS Statistics: privilege escalation via Python Scripts
A local attacker can edit Python scripts of IBM SPSS Statistics, and then invite the administrator to open SPSS, in order to escalate his privileges...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 568 569 570 571 572 573 574 575 576 578 580 581 582 583 584 585 586 587 588 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1023