漏洞信息 It was discovered that curl incorrectly handled client certificates when resuming a TLS session. It was discovered that curl incorrectly handled client certificates when reusing TLS connections. It was discovered that curl incorrectly reused a connection …

漏洞信息 Debian has released security update for openjdk-7 to fix the vulnerabilities. 漏洞危害 Successful exploitation allows remote attackers to affect integrity via vectors related to CORBA. 解决方案 Refer to Debian security advisory DSA 3641-1 to address this issue an…

漏洞信息 vBulletin is a web-based forum application implemented in PHP. A Server Side Request Forgery(SSRF) vulnerability has been identified in media uploads in vBulletin which allows remote code execution. Affected Versions: vBulletin version 5.2.2 and earlier v…

漏洞信息 WordPress is an open source blogging tool and content management system based on PHP and MySQL. It has many features including a plug-in architecture and a template system. The Welcart e-Commerce plugin assists you to build online shop system. An unspecif…

漏洞信息 vBulletin is a web-based forum application implemented in PHP. A SQL injection vulnerability has been identified in 'forumrunner/request.php' in vBulletin Forum Runner add-on which allows remote attackers to dump usernames and passwords. Affected Versions…

漏洞信息 KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix(es): * Quick emulator(Qemu) built wit…

漏洞信息 AIX is prone to the following vulnerabilities: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. (CVE-2015-7575) IBM AIX…

漏洞信息 GitLab, the software, is a web-based Git repository manager with wiki and issue tracking features. The GitLab update fixes the following vulnerabilities: - Unauthorized access to project build traces. - Cross-site scripting (XSS) vulnerability in Wiki pag…

漏洞信息 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to red…

漏洞信息 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to red…

漏洞信息 KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix(es): * Quick Emulator(Qemu) built wit…

漏洞信息 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to red…

漏洞信息 MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb (5.5.50). Security Fix(es): * This update fixes several vulnerabilities in the…

漏洞信息 vBulletin is a web-based forum application implemented in PHP. A SQL injection vulnerability has been identified in 'forumrunner/request.php' in vBulletin Forum Runner add-on which allows remote attackers to dump usernames and passwords. Affected Versions…

漏洞信息 KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix(es): * Quick emulator(Qemu) built wit…

漏洞信息 AIX is prone to the following vulnerabilities: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. (CVE-2015-7575) IBM AIX…

漏洞信息 It was discovered that QEMU incorrectly handled 53C9X Fast SCSI controller emulation. It was discovered that QEMU incorrectly handled the VMWare VGA module. It was discovered that QEMU incorrectly handled VMWARE PVSCSI paravirtual SCSI bus emulation suppo…

漏洞信息 Debian has released security update for chromium-browser to fix the vulnerabilities. 漏洞危害 Successful exploitation allows remote attackers to cause a denial of service vulnerability. 解决方案 Refer to Debian security advisory DSA 3645-1 to address this issue a…

漏洞信息 It was discovered that LibreOffice incorrectly handled presentation files. 漏洞危害 If a user were tricked into opening a specially crafted presentation file, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. 解决方案 Refer …

漏洞信息 Debian has released security update for fontconfig to fix the vulnerabilities. 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Refer to Debian security advisory DSA 3644-1 to address this issue and obtain further details. Patch…

漏洞信息 It was discovered that PHP incorrectly handled certain SplMinHeap::compare operations. It was discovered that PHP incorrectly handled recursive method calls. It was discovered that PHP incorrectly validated certain Exception objects when unserializing dat…

漏洞信息 Debian has released security update for kde4libs to fix the vulnerabilities. 漏洞危害 Successful exploitation allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads. 解决方案…

漏洞信息 An out-of-bounds read during XML parsing in some circumstances. It was discovered that once a favicon is requested from a site, the remote server can keep the network connection open even after the page is closed. Multiple memory safety issues in Firefox.…

漏洞信息 Safari is a Web browser developed by Apple. The target is missing the Safari 9.1.2 update. This update resolve multiple issues in Safari and WebKit. 漏洞危害 Successful exploitation of these vulnerabilities will allow an attacker to execute arbitrary code in …

漏洞信息 Multiple security issues were discovered in Chromium. It was discovered that the PPAPI implementation does not validate the origin of IPC messages to the plugin broker process. It was discovered that Blink does not prevent window creation by a deferred fr…