The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
WordPress Viral Optins: file upload
An attacker can upload a malicious file on WordPress Plugins Viral Optins, in order for example to upload a Trojan...
Apple QuickTime: executing DLL code via the installer
An attacker can create a malicious DLL, and then put it in the current directory of Apple QuickTime, in order to execute code...
SAP: multiples vulnerabilities of June 2017
An attacker can use several vulnerabilities of SAP products...
libsndfile: out-of-bounds memory reading via aiff_read_chanmap
An attacker can force a read at an invalid address via aiff_read_chanmap() of libsndfile, in order to trigger a denial of service...
WordPress WP-Testimonials: SQL injection via the testid request parameter
An attacker can use a SQL injection via the request parameter testid in WordPress WP-Testimonials, in order to read or alter data...
Linux kernel: information disclosure via snd_timer_user_read
A local attacker can read a memory fragment via snd_timer_user_read() of the Linux kernel, in order to get sensitive information...
QEMU: denial of service against the Network Block Device server
An attacker can start NBD connexions to QEMU, in order to trigger a denial of service...
OpenBSD: denial of service via the wscons driver
An attacker can generate a fatal error via wscons of OpenBSD, in order to trigger a denial of service...
OpenBSD on hppa plateforms: integer overflow in the sti graphic driver
An attacker can generate an integer overflow in the sti driver of OpenBSD, in order to trigger a denial of service...
WordPress Multi Feed Reader: SQL injection
An attacker can use a SQL injection of WordPress Multi Feed Reader, in order to read or alter data...
WordPress Spiffy Calendar: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WordPress Spiffy Calendar, in order to run JavaScript code in the context of the web site...
SPIP: code execution
An attacker can use a vulnerability of SPIP, in order to run code...
libgcrypt: private key disclosure
An attacker who succeeded to retrieve a session key can get a DSA private key...
LibTIFF: two vulnerabilities
An attacker can use several vulnerabilities of LibTIFF...
FlightCrew: file corruption
A local attacker can create a symbolic link, in order to alter the pointed file, with privileges of FlightCrew...
GnuTLS: denial of service via TLS
An attacker can send malicious TLS packets to GnuTLS, in order to trigger a denial of service...
libstaroffice: buffer overflow via StarWriterStruct-DatabaseName-read
An attacker can generate a buffer overflow via StarWriterStruct::DatabaseName::read() of libstaroffice, in order to trigger a denial of service, and possibly to run code...
oniguruma: vulnerability
A vulnerability of oniguruma was announced...
perltidy: file corruption
A local attacker can create a symbolic link, in order to alter the pointed file, with privileges of perltidy...
authconfig: information disclosure
An attacker can bypass access restrictions to data of authconfig, in order to obtain sensitive information...
libmwaw: code execution
An attacker can use a vulnerability of libmwaw, in order to run code...
tor: assertion error
An attacker can force an assertion failure of tor, in order to trigger a denial of service...
IBM Domino: information disclosure via SVG Keylogger
An attacker can send an email to IBM Domino, in order to get sensitive information via SVG Keylogger...
Node pidusage: shell command injection
An attacker can pass a shell command after a PID to Node pidusage, in order to run any shell command...
Node badjs-sourcemap-server: directory traversal
An attacker can traverse directories of Node badjs-sourcemap-server, in order to read a file outside the service root path...
Node gomeplus-h5-proxy: directory traversal
An attacker can traverse directories of Node gomeplus-h5-proxy, in order to read a file outside the service root path...
catdoc: multiple vulnerabilities
An attacker can use several vulnerabilities of catdoc...
poppler: NULL pointer dereference in JPXStream-readUByte
An attacker can force a NULL pointer to be dereferenced in JPXStream::readUByte() of poppler, in order to trigger a denial of service...
ettercap: vulnerability
A vulnerability of ettercap was announced...
QEMU: NULL pointer dereference via the emulation of the chip MegaRAID SAS 8708EM2
A privileged attacker, inside a guest system, can force a NULL pointer to be dereferenced via the emulation of the chip MegaRAID SAS 8708EM2 of QEMU, in order to trigger a denial of service on the host system...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 712 713 714 715 716 717 718 719 720 722 724 725 726 727 728 729 730 731 732 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021