The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
QEMU: infinite loop in the emulator of the network device e1000e
A privileged attacker, inside a guest system, can generate an endless loop in the QEMU emulator for the netword card 1000e, in order to trigger a denial of service on the host system...
EMC Avamar: two vulnerabilities
An attacker can use several vulnerabilities of EMC Avamar...
pngquant: buffer overflow
An attacker can generate a buffer overflow of pngquant, in order to trigger a denial of service, and possibly to run code...
PoDoFo: multiple vulnerabilities
An attacker can use several vulnerabilities of libpodofo...
sudo: privilege escalation via the parsing of /proc/pid/stat
A local attacker can tamper with the parsing of /proc/[pid]/stat by sudo, in order to escalate his privileges...
ImageMagick: memory leak via ReadAVSImage
An attacker can create a memory leak via ReadAVSImage() of ImageMagick, in order to trigger a denial of service...
strongswan: two vulnerabilities
An attacker can use several vulnerabilities of strongswan...
Mozilla NSS: NULL pointer dereference via a SSL v2 packet
An attacker can force Mozilla NSS dereference a NULL pointer while processing an SSL v2 packet, in order to trigger a denial of service...
OpenLDAP: denial of service via the search option "Paged Results"
An attacker can generate a fatal error via the search option "Paged Results" in OpenLDAP, in order to trigger a denial of service...
WordPress Raygun4WP: Cross Site Scripting via sendtesterror.php
An attacker can trigger a Cross Site Scripting via sendtesterror.php of WordPress Raygun4WP, in order to run JavaScript code in the context of the web site...
VideoLAN VLC: memory corruption via libflac_plugin.dll
An attacker can generate a memory corruption via libflac_plugin.dll of VideoLAN VLC, in order to trigger a denial of service, and possibly to run code...
VideoLAN VLC: out-of-bounds memory reading via libmpgatofixed32_plugin.dll
An attacker can force a read at an invalid address via libmpgatofixed32_plugin.dll of VideoLAN VLC, in order to trigger a denial of service, or to obtain sensitive information...
OTRS: Cross Site Scripting via AgentStats
An attacker can trigger a Cross Site Scripting via AgentStats of OTRS, in order to run JavaScript code in the context of the web site...
FFmpeg2: memory leak
An attacker can create a memory leak of FFmpeg2, in order to trigger a denial of service...
mosquitto: privilege escalation via MQTT broker
An attacker can bypass restrictions via MQTT broker of mosquitto, in order to escalate his privileges...
exiv2: denial of service via tiff pictures
An attacker can generate a fatal error via a tiff picture in exiv2, in order to trigger a denial of service...
tnef: integer overflow via unicode_to_utf8
An attacker can generate an integer overflow via unicode_to_utf8() of tnef, in order to trigger a denial of service, and possibly to run code...
TeamPass: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of TeamPass, in order to run JavaScript code in the context of the web site...
Joomla Kunena: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Joomla Kunena, in order to run JavaScript code in the context of the web site...
Linux kernel: memory corruption via __ip6_append_data
An attacker can generate a memory corruption via __ip6_append_data() on the Linux kernel, in order to trigger a denial of service, and possibly to run code...
WordPress AffiliateWP: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress AffiliateWP, in order to run JavaScript code in the context of the web site...
WordPress Huge-IT Video Gallery: SQL injection
An attacker can use a SQL injection of WordPress Huge-IT Video Gallery, in order to read or alter data...
WordPress All In One Schema.org Rich Snippets: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress All In One Schema.org Rich Snippets, in order to run JavaScript code in the context of the web site...
WordPress Social Stream: information disclosure via Twitter API Secret Keys
An attacker can bypass access restrictions to data via Twitter API Secret Keys of WordPress Social Stream, in order to obtain sensitive information...
Gajim: information disclosure via XEP-0146
An attacker can bypass access restrictions to data via XEP-0146 of Gajim, in order to obtain sensitive information...
Windows Defender: multiple vulnerabilities
An attacker can use several vulnerabilities of Windows Defender...
Windows: denial of service via NTFS MFT
A local attacker can access to this path, in order to trigger a denial of service. A remote attacker can create a web page with an image with this path as its sources, and invite the victim to open it with Internet Explorer...
WordPress Easy Team Manager: SQL injection via easy_team_manager_desc_edit.php
An attacker can use a SQL injection via easy_team_manager_desc_edit.php of WordPress Easy Team Manager, in order to read or alter data...
FreeRADIUS: bypass of TLS based flow protection
An attacker can made FreeRADIUS restore a TLS session before the authentication process complete, in order to tamper with the EAP based authentication...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 709 710 711 712 713 714 715 716 717 719 721 722 723 724 725 726 727 728 729 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1020