The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:
Elastic Logstash: information disclosure via Malformed URL
An attacker can bypass access restrictions to data via Malformed URL of Elastic Logstash, in order to obtain sensitive information...
Elasticsearch: privilege escalation via Restricted Index
An attacker can bypass restrictions via Restricted Index of Elasticsearch, in order to escalate his privileges...
WordPress Core: directory traversal via wp_crop_image
An attacker can traverse directories via wp_crop_image() of WordPress Core, in order to create a file outside the service root path...
WordPress Core: code execution via _wp_attached_file
An attacker can use a vulnerability via _wp_attached_file of WordPress Core, in order to run code...
WebSphere AS: information disclosure via TLS Configuration
An attacker can bypass access restrictions to data via TLS Configuration of WebSphere AS, in order to obtain sensitive information...
Jenkins Plugins: multiple vulnerabilities
An attacker can use several vulnerabilities of Jenkins Plugins...
Splunk Enterprise: Cross Site Scripting via Splunk Web
An attacker can trigger a Cross Site Scripting via Splunk Web of Splunk Enterprise, in order to run JavaScript code in the context of the web site...
Botan: information disclosure via ECC Generation
An attacker can bypass access restrictions to data via ECC Generation of Botan, in order to obtain sensitive information...
Ansible Core: directory traversal via Home Directories
An attacker can traverse directories via Home Directories of Ansible Core, in order to create a file outside the service root path...
GraphicsMagick: memory leak via WritePDFImage
An attacker can create a memory leak via WritePDFImage() of GraphicsMagick, in order to trigger a denial of service...
jackson-databind: code execution via Oracle JDBC Driver Deserialization
An attacker can use a vulnerability via Oracle JDBC Driver Deserialization of jackson-databind, in order to run code...
jackson-datatype-jsr310: denial of service via Input Validation
An attacker can trigger a fatal error via Input Validation of jackson-datatype-jsr310, in order to trigger a denial of service...
jackson-dataformat-xml: information disclosure via XmlMapper SSRF
An attacker can bypass access restrictions to data via XmlMapper SSRF of jackson-dataformat-xml, in order to obtain sensitive information...
jackson-databind: code execution via slf4j-ext
An attacker can use a vulnerability via slf4j-ext of jackson-databind, in order to run code...
jackson-databind: code execution via blaze-ds-opt
An attacker can use a vulnerability via blaze-ds-opt of jackson-databind, in order to run code...
jackson-databind: external XML entity injection via JDK Classes
An attacker can transmit malicious XML data via JDK Classes to jackson-databind, in order to read a file, scan sites, or trigger a denial of service...
jackson-databind: information disclosure via axis2-jaxws SSRF
An attacker can bypass access restrictions to data via axis2-jaxws SSRF of jackson-databind, in order to obtain sensitive information...
jackson-databind: code execution via Axis2-transport-jms Deserialization
An attacker can use a vulnerability via Axis2-transport-jms Deserialization of jackson-databind, in order to run code...
jackson-databind: code execution via Openjpa Deserialization
An attacker can use a vulnerability via Openjpa of jackson-databind, in order to run code...
jackson-databind: code execution via Jboss-common-core Deserialization
An attacker can use a vulnerability via Jboss-common-core Deserialization of jackson-databind, in order to run code...
jackson-databind: code execution via Jodd-db Deserialization
An attacker can use a vulnerability via Jodd-db Deserialization of jackson-databind, in order to run code...
Percona Server for MySQL: buffer overflow via Database Name Special Characters
An attacker can trigger a buffer overflow via Database Name Special Characters of Percona Server for MySQL, in order to trigger a denial of service, and possibly to run code...
Synology Note Station: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Synology Note Station, in order to run JavaScript code in the context of the web site...
Linux kernel: use after free via af_alg_release
An attacker can force the usage of a freed memory area via af_alg_release() of the Linux kernel, in order to trigger a denial of service, and possibly to run code...

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 899 900 901 902 903 904 905 906 907 909 911 912 913 914 915 916 917 918 919 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1132