The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Xen: privilege escalation via memory_exchange
An attacker, inside a guest system, can bypass restrictions via memory_exchange() of Xen, in order to escalate his privileges on the host system...
GeoTIFF: memory corruption via AFL image
An attacker can generate a memory corruption via AFL image of GeoTIFF, in order to trigger a denial of service, and possibly to run code...
curl: information disclosure via --write-out
A local attacker can read a memory fragment via --write-out of curl, in order to obtain sensitive information...
tryton-server: code execution via Path Suffix Injection
An attacker can use a vulnerability via Path Suffix Injection of tryton-server, in order to run code...
Elasticsearch: privilege escalation via Sandbox Bypass
An attacker can bypass restrictions via Sandbox Bypass of Elasticsearch, in order to escalate his privileges...
ceph: denial of service via HTTP Origin Header
An attacker can generate a fatal error via HTTP Origin Header of ceph, in order to trigger a denial of service...
Blue Coat Content Analysis System: shell command execution via the administration Web interface
An authenticated attacker can use the administration Web console of Blue Coat Content Analysis System, in order to run arbitrary shell commands on the underlying operating system with the full privileges...
Pacemaker Corosync: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Pacemaker Corosync, in order to run JavaScript code in the context of the web site...
HPE Operations Bridge Analytics: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of HPE Operations Bridge Analytics, in order to run JavaScript code in the context of the web site...
Apple iOS: buffer overflow via Wi-Fi
An attacker can generate a buffer overflow in the Wi-Fi protocol stack of Apple iOS based devices, in order to trigger a denial of service, and possibly to run code with the kernel privileges...
v8: memory corruption via Left-trimmed Objects
An attacker can generate a memory corruption via Left-trimmed Objects of v8, in order to trigger a denial of service, and possibly to run code...
Android OS: multiple vulnerabilities of April 2017
An attacker can use several vulnerabilities of Android OS...
Linux kernel: memory corruption via UDP MSG_PEEK
An attacker can generate a memory corruption via UDP on applications using the MSG_PEEK option on the Linux kernel, in order to trigger a denial of service, and possibly to run code...
QEMU: memory leak via v9fs_create
An attacker, inside a guest system, can create a memory leak via v9fs_create of QEMU, in order to trigger a denial of service on the host system...
McAfee Network Security Manager: multiple vulnerabilities
An attacker can use several vulnerabilities of McAfee Network Security Manager...
Nagios: Cross Site Scripting via corewindow
An attacker can trigger a Cross Site Scripting via corewindow of Nagios, in order to run JavaScript code in the context of the web site...
Linux kernel: NULL pointer dereference via KEYS Subsystem
An attacker can force a NULL pointer to be dereferenced via KEYS Subsystem on the Linux kernel, in order to trigger a denial of service...
MuleSoft Mule ESB: external XML entity injection
An attacker can transmit malicious XML data to MuleSoft Mule ESB, in order to read a file, scan sites, or trigger a denial of service...
Linux kernel: use after free via fs/crypto
An attacker can force the usage of a freed memory area via fs/crypto on the Linux kernel, in order to trigger a denial of service, and possibly to run code...
virglrenderer: multiple vulnerabilities
An attacker can use several vulnerabilities of virglrenderer...
Linux kernel: integer overflow via packet_set_ring
A privileged attacker can generate an integer overflow via packet_set_ring() on the Linux kernel, in order to trigger a denial of service, and possibly to run code...
WordPress Image Gallery with Slideshow: multiple vulnerabilities
An attacker can use several vulnerabilities of WordPress Image Gallery with Slideshow of type stored XSS and SQL injection...
Linux kernel: privilege escalation via L2TPv3 IP Encapsulation
An attacker can bypass restrictions via L2TPv3 IP Encapsulation on the Linux kernel, in order to escalate his privileges...
Moodle: four vulnerabilities
An attacker can use several vulnerabilities of Moodle...
libsndfile: buffer overflow via a FLAC file
An attacker can generate a buffer overflow in libsndfile while processing a file in FLAC format, in order to trigger a denial of service, and possibly to run code...
sscg: vulnerability via Shared Files Race
A vulnerability via Shared Files Race of sscg was announced...
WordPress wp-dreamworkgallery: file upload
An attacker can upload a malicious file on WordPress wp-dreamworkgallery, in order for example to upload a Trojan...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 691 692 693 694 695 696 697 698 699 701 703 704 705 706 707 708 709 710 711 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1070