The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
AccountsService: directory traversal via user_change_icon_file_authorized_cb
An attacker can traverse directories via user_change_icon_file_authorized_cb() of AccountsService, in order to read a file outside the service root path...
OpenSC: three vulnerabilities
An attacker can use several vulnerabilities of OpenSC...
Dell OpenManage Network Manager: privilege escalation via Synergy Account
An attacker can bypass restrictions via Synergy Account of Dell OpenManage Network Manager, in order to escalate his privileges...
Dell OpenManage Network Manager: privilege escalation via MySQL File Write
An attacker can bypass restrictions via MySQL File Write of Dell OpenManage Network Manager, in order to escalate his privileges...
GlusterFS: multiple vulnerabilities
An attacker can use several vulnerabilities of GlusterFS...
gThumb: use after free via add_themes_from_dir
An attacker can force the usage of a freed memory area via add_themes_from_dir() of gThumb, in order to trigger a denial of service, and possibly to run code...
Node.js cryptiles: information disclosure via Insufficient Entropy
An attacker can bypass access restrictions to data via Insufficient Entropy of Node.js cryptiles, in order to obtain sensitive information...
Node.js libnmap: code execution via Command Injection
An attacker can use a vulnerability via Command Injection of Node.js libnmap, in order to run code...
Node.js apex-publish-static-files: code execution via Command Injection
An attacker can use a vulnerability via Command Injection of Node.js apex-publish-static-files, in order to run code...
Aruba, Cisco Aironet, Meraki: memory corruption via Texas Instruments Bluetooth Low Energy
An attacker can generate a memory corruption via Texas Instruments Bluetooth Low Energy of products of several editors, in order to trigger a denial of service, and possibly to run code...
FFmpeg: out-of-bounds memory reading via vc1_put_blocks_clamped
An attacker can force a read at an invalid address via vc1_put_blocks_clamped() of FFmpeg, in order to trigger a denial of service, or to obtain sensitive information...
SoundTouch: memory corruption via WavFileBase
An attacker can generate a memory corruption via WavFileBase of SoundTouch, in order to trigger a denial of service, and possibly to run code...
SoundTouch: use after free via WavFileBase
An attacker can force the usage of a freed memory area via WavFileBase of SoundTouch, in order to trigger a denial of service, and possibly to run code...
SoundTouch: assertion error via BPMDetect
An attacker can force an assertion error via BPMDetect of SoundTouch, in order to trigger a denial of service...
IBM WebSphere MQ: denial of service via MQTT Topic Publishing
An attacker can generate a fatal error via MQTT Topic Publishing of IBM WebSphere MQ, in order to trigger a denial of service...
IBM Spectrum Protect: information disclosure via Tracing
An attacker can bypass access restrictions to data via Tracing of IBM Spectrum Protect, in order to obtain sensitive information...
Drupal Paragraphs: privilege escalation via Entities
An attacker can bypass restrictions via Entities of Drupal Paragraphs, in order to escalate his privileges...
Drupal Session Limit: privilege escalation via Session List
An attacker can bypass restrictions via Session List of Drupal Session Limit, in order to escalate his privileges...
Drupal Decoupled Router: information disclosure via Entity Labels
An attacker can bypass access restrictions to data via Entity Labels of Drupal Decoupled Router, in order to obtain sensitive information...
WebKitGTK+: information disclosure via Cross-origin Image Data
An attacker can bypass access restrictions to data via Cross-origin Image Data of WebKitGTK+, in order to obtain sensitive information...
systemd: buffer overflow via dhcp6_option_append_ia
An attacker can generate a buffer overflow via dhcp6_option_append_ia() of systemd, in order to trigger a denial of service, and possibly to run code...
Roundcube Webmail: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Roundcube Webmail, in order to run JavaScript code in the context of the web site...
MuPDF: denial of service via Uninitialized Value
An attacker can generate a fatal error via Uninitialized Value of MuPDF, in order to trigger a denial of service...
MuPDF: assertion error
An attacker can force an assertion error of MuPDF, in order to trigger a denial of service...
Icecast: buffer overflow
An attacker can generate a buffer overflow of Icecast, in order to trigger a denial of service, and possibly to run code...
sharplibzip: directory traversal
An attacker can traverse directories of sharplibzip, in order to create a file outside the service root path. This vulnerability is a member of the Zip Slip family (VIGILANCE-VUL-26357)...
Poppler: denial of service via Parser-getObj
An attacker can generate a fatal error via Parser::getObj() of Poppler, in order to trigger a denial of service...
Cisco ASA: denial of service via SIP Inspection
An attacker can generate a fatal error via SIP Inspection of Cisco ASA, in order to trigger a denial of service...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 870 871 872 873 874 875 876 877 878 880 882 883 884 885 886 887 888 889 890 901 921 941 961 981 1001 1013