The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Tuxedo

FreeType: buffer overflow via t1_builder_close_contour
An attacker can generate a buffer overflow via t1_builder_close_contour() of FreeType, in order to trigger a denial of service, and possibly to run code...
cpuapr2019, cpuapr2020, cpuoct2020, CVE-2017-8287, DLA-931-1, DSA-2020-289, DSA-3839-1, FEDORA-2017-5760b80676, FEDORA-2017-950cc68400, openSUSE-SU-2018:0420-1, SSA:2017-136-01, SUSE-SU-2018:0414-1, USN-3282-1, USN-3282-2, VIGILANCE-VUL-22601
Apache Batik: external XML entity injection
An attacker can transmit malicious XML data to Apache Batik, in order to read a file, scan sites, or trigger a denial of service...
cpuapr2018, cpujul2018, cpuoct2017, CVE-2017-5662, DLA-926-1, DSA-4215-1, FEDORA-2017-43b46cd2da, FEDORA-2017-aff3dd3101, RHSA-2017:2546-01, RHSA-2017:2547-01, RHSA-2018:0319-01, USN-3280-1, VIGILANCE-VUL-22591
FreeType: buffer overflow via Font
An attacker can generate a buffer overflow via Font of FreeType, in order to trigger a denial of service, and possibly to run code...
cpuapr2019, cpuapr2020, cpuoct2020, CVE-2017-8105, DLA-918-1, DSA-2020-289, DSA-3839-1, FEDORA-2017-5760b80676, FEDORA-2017-950cc68400, openSUSE-SU-2018:0420-1, SUSE-SU-2018:0414-1, USN-3282-1, USN-3282-2, VIGILANCE-VUL-22572
Mozilla NSS: two vulnerabilities
An attacker can use several vulnerabilities of Mozilla NSS...
bulletinapr2017, bulletinjan2019, CERTFR-2017-AVI-126, CERTFR-2017-AVI-134, cpujan2018, cpuoct2017, CVE-2017-5461, CVE-2017-5462, DLA-906-1, DLA-946-1, DSA-2020-289, DSA-3831-1, DSA-3872-1, FEDORA-2017-31c64a0bbf, FEDORA-2017-82265ed89e, FEDORA-2017-87e23bcc34, FEDORA-2017-9042085060, MFSA-2017-10, MFSA-2017-11, MFSA-2017-12, MFSA-2017-13, openSUSE-SU-2017:1099-1, openSUSE-SU-2017:1196-1, openSUSE-SU-2017:1268-1, RHSA-2017:1100-01, RHSA-2017:1101-01, RHSA-2017:1102-01, RHSA-2017:1103-01, SA150, SSA:2017-112-01, SSA:2017-114-01, SUSE-SU-2017:1175-1, SUSE-SU-2017:1248-1, SUSE-SU-2017:1669-1, SUSE-SU-2017:2235-1, USN-3260-1, USN-3260-2, USN-3270-1, USN-3278-1, USN-3372-1, VIGILANCE-VUL-22505
Apache log4j: code execution via Socket Server Deserialization
An attacker can use a vulnerability via Socket Server Deserialization of Apache log4j, in order to run code...
cpuapr2018, cpuapr2019, cpuapr2020, cpuapr2021, cpujan2018, cpujan2019, cpujan2020, cpujan2021, cpujul2018, cpujul2019, cpujul2020, cpuoct2018, cpuoct2020, CVE-2017-5645, ESA-2017-05, FEDORA-2017-2ccfbd650a, FEDORA-2017-511ebfa8a3, FEDORA-2017-7e0ff7f73a, FEDORA-2017-8348115acd, FEDORA-2017-b8358cda24, JSA10838, RHSA-2017:1801-01, RHSA-2017:1802-01, RHSA-2017:2423-01, RHSA-2017:2633-01, RHSA-2017:2635-01, RHSA-2017:2636-01, RHSA-2017:2637-01, RHSA-2017:2638-01, RHSA-2017:2808-01, RHSA-2017:2809-01, RHSA-2017:2810-01, RHSA-2017:2811-01, RHSA-2017:2888-01, RHSA-2017:2889-01, RHSA-2017:3244-01, RHSA-2017:3399-01, RHSA-2017:3400-01, VIGILANCE-VUL-22460
Node.js jquery: Cross Site Scripting via Ajax request
An attacker can trigger a Cross Site Scripting via Ajax requests in Node.js jquery, in order to run JavaScript code in the context of the web site...
6413705, 6449664, bulletinjul2018, cpuapr2019, cpujan2019, cpuoct2018, cpuoct2019, CVE-2015-9251, CVE-2017-16012-REJECT, openSUSE-SU-2020:0395-1, SUSE-SU-2020:0737-1, VIGILANCE-VUL-22215
Apache Struts: code execution via Jakarta Multipart CD/CL
An attacker can use a malicious Content-Disposition/Content-Length header on Apache Struts with Jakarta Multipart installed, in order to run code...
498123, CERTFR-2017-ALE-004, cisco-sa-20170310-struts2, cpuapr2017, cpujul2017, CVE-2017-5638, ESA-2017-042, S2-045, S2-046, VIGILANCE-VUL-22190
Apache Struts: code execution via Jakarta Multipart CT
An attacker can use a malicious Content-Type header on Apache Struts with Jakarta Multipart installed, in order to run code...
498123, CERTFR-2017-ALE-004, CERTFR-2017-AVI-071, cisco-sa-20170310-struts2, cpuapr2017, cpujul2017, CVE-2017-5638, ESA-2017-042, S2-045, S2-046, VIGILANCE-VUL-22047, VMSA-2017-0004, VMSA-2017-0004.6, VU#834067
OpenSSL: denial of service via the "Encrypt-Then-Mac" option
An attacker can change the state of the "Encrypt-Then-Mac" TLS option in a renegotiation with a server or client based on OpenSSL, in order to trigger a denial of service...
2003480, 2003620, 2003673, 2004940, CERTFR-2017-AVI-035, cisco-sa-20170130-openssl, cpuapr2019, cpujan2018, cpuoct2017, CVE-2017-3733, HPESBGN03728, VIGILANCE-VUL-21871
libevent: three vulnerabilities
An attacker can use several vulnerabilities of libevent...
bulletinjul2018, CERTFR-2017-AVI-134, cpujul2017, CVE-2016-10195, CVE-2016-10196, CVE-2016-10197, CVE-2017-10195-ERROR, CVE-2017-10196-ERROR, CVE-2017-10197-ERROR, DLA-824-1, DSA-2020-030, DSA-2020-289, DSA-3789-1, FEDORA-2017-31c64a0bbf, FEDORA-2017-82265ed89e, FEDORA-2017-87e23bcc34, MFSA-2017-10, MFSA-2017-11, MFSA-2017-12, MFSA-2017-13, openSUSE-SU-2018:0220-1, RHSA-2017:1201-01, SSA:2017-112-01, SUSE-SU-2017:1669-1, SUSE-SU-2017:2235-1, USN-3228-1, USN-3278-1, VIGILANCE-VUL-21846
Our database contains other pages. You can request a free trial to read them.

Display information about Tuxedo: