The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Elasticsearch: external XML entity injection via find_file_structure API
An attacker can transmit malicious XML data via find_file_structure API to Elasticsearch, in order to read a file, scan sites, or trigger a denial of service...
Kubernetes: code execution via PowerShell Smb Mount
An attacker can use a vulnerability via PowerShell Smb Mount of Kubernetes, in order to run code...
IBM QRadar SIEM: information disclosure via Web Page Stored Locally
An attacker can bypass access restrictions to data via Web Page Stored Locally of IBM QRadar SIEM, in order to obtain sensitive information...
VLC: integer overflow via ReadKukiChunk
An attacker can generate an integer overflow via ReadKukiChunk() of VLC, in order to trigger a denial of service, and possibly to run code...
QEMU: privilege escalation via usb_mtp_write_data
An attacker, inside a guest system, can bypass restrictions via usb_mtp_write_data() of QEMU, in order to escalate his privileges on the host system...
GnuTLS: information disclosure via Side-channel Based Padding
An attacker can bypass access restrictions to data via Side-channel Based Padding of GnuTLS, in order to obtain sensitive information...
Nettle: information disclosure via Side-channel Based Padding
An attacker can bypass access restrictions to data via Side-channel Based Padding of Nettle, in order to obtain sensitive information...
ncurses: NULL pointer dereference via _nc_parse_entry
An attacker can force a NULL pointer to be dereferenced via _nc_parse_entry() of ncurses, in order to trigger a denial of service...
SUSE LE: privilege escalation via pam_access.so IP address/subnet
An attacker can bypass restrictions via pam_access.so IP address/subnet of SUSE LE, in order to escalate his privileges...
IBM MQ: denial of service via Console REST API
An attacker can generate a fatal error via Console REST API of IBM MQ, in order to trigger a denial of service...
Drupal Responsive Menus: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Drupal Responsive Menus, in order to run JavaScript code in the context of the web site...
Drupal Salesforce Suite: information disclosure via Title/ID
An attacker can bypass access restrictions to data via Title/ID of Drupal Salesforce Suite, in order to obtain sensitive information...
Drupal Password Policy: denial of service via Digit Placement
An attacker can generate a fatal error via Digit Placement of Drupal Password Policy, in order to trigger a denial of service...
Apple macOS: multiple vulnerabilities
An attacker can use several vulnerabilities of Apple macOS...
Apple iOS: multiple vulnerabilities
An attacker can use several vulnerabilities of Apple iOS...
Adobe Flash Player: two vulnerabilities
An attacker can use several vulnerabilities of Adobe Flash Player...
Chrome: multiple vulnerabilities
An attacker can use several vulnerabilities of Chrome...
NetApp Data ONTAP: information disclosure via Volume Space Usage
An attacker can bypass access restrictions to data via Volume Space Usage of NetApp Data ONTAP, in order to obtain sensitive information...
Linux kernel: information disclosure via crypto_report_one
A local attacker can read a memory fragment via crypto_report_one() of the Linux kernel, in order to obtain sensitive information...
FreeBSD: buffer overflow via bhyve
An attacker, inside a guest system, can generate a buffer overflow via bhyve of FreeBSD, in order to trigger a denial of service, and possibly to run code on the host system...
Jenkins Core: multiple vulnerabilities
An attacker can use several vulnerabilities of Jenkins Core...
Suricata: infinite loop via DetectEngineContentInspection
An attacker can generate an infinite loop via DetectEngineContentInspection of Suricata, in order to trigger a denial of service...
Poppler: NULL pointer dereference via _poppler_attachment_new
An attacker can force a NULL pointer to be dereferenced via _poppler_attachment_new() of Poppler, in order to trigger a denial of service...
Google Android/Pixel: multiple vulnerabilities of December 2018
An attacker can use several vulnerabilities of Google Android/Pixel...
Linux kernel: use after free via usb_audio_probe
An attacker can force the usage of a freed memory area via usb_audio_probe() of the Linux kernel, in order to trigger a denial of service, and possibly to run code...
WordPress Ninja Forms: open redirect
An attacker can deceive the user of WordPress Ninja Forms, in order to redirect him to a malicious site...
Kubernetes: code execution via API Server Proxied Requests
An attacker can use a vulnerability via API Server Proxied Requests of Kubernetes, in order to run code...
IBM QRadar SIEM: external XML entity injection
An attacker can transmit malicious XML data to IBM QRadar SIEM, in order to read a file, scan sites, or trigger a denial of service...
IBM QRadar SIEM: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of IBM QRadar SIEM, in order to run JavaScript code in the context of the web site...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 879 880 881 882 883 884 885 886 887 889 891 892 893 894 895 896 897 898 899 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1103