漏洞信息 Foxit Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files. Foxit Reader is prone to the following vulnerabilities: A remote user can create a specially crafted file that, when loaded by the target us…

漏洞信息 Debian has released security update for wordpress to fix the vulnerabilities. 漏洞危害 Successful exploitation allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT…

漏洞信息 Google Chrome is a web browser for multiple platforms developed by Google. This Google Chrome update fixes the following vulnerabilities: A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code …

漏洞信息 Debian has released security update for curl to fix the vulnerabilities. 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Refer to Debian security advisory DSA 3638-1 to address this issue and obtain further details. Patch: Foll…

漏洞信息 IBM WebSphere Service Registry and Repository is a Lifecycle management application to track lifecycle, versions and availability of services. Multiple security issues have been found in IBM WebSphere Service Registry and Repository application which allo…

漏洞信息 A vulnerability in processing of NTP packets of Cisco IOS could allow an unauthenticated, remote attacker to cause a interface wedge and eventual denial of service condition on the affected device. The vulnerability is due to insufficient checks on cleari…

漏洞信息 Suse has released security update for java-1_7_0-openjdk to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive…

漏洞信息 Suse has released security update for squid3 to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive informati…

漏洞信息 Suse has released security update for the linux kernel to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Real Time Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 漏洞危害 This vulnerability could be exploited to gain complete acces…

漏洞信息 Suse has released security update for gimp to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 漏洞危害 This vulnerability…

漏洞信息 Suse has released security update for sqlite3 to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 漏洞危害 This vulnerability could be ex…

漏洞信息 Suse has released security update for sqlite3 to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 漏洞危害 This vulnerability could be ex…

漏洞信息 Suse has released security update for libvirt to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 漏洞危害 Malicious users could use th…

漏洞信息 Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 52.0.2743.116. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content co…

漏洞信息 net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments. An attacker which knows a connections client IP, server IP and server port can abuse the challenge ACK mechanism to determine the accuracy …

漏洞信息 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es): * It was found that the fix for CVE-2016-4051 released via RHSA-2016:1138 did not properly prevent the stack overflow in the…

漏洞信息 The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Securi…

漏洞信息 - Multiple remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory. - An information disclosure vulnerability exists when Microsoft OneNote improperly discloses its memor…

漏洞信息 A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. This security update is rated Critical for all supported editions of Windows 8.1, Windows Server 2012, Windows RT 8.1, Windows Server 201…

漏洞信息 Microsoft Windows Authentication is vulnerable to multiple Elevation of Privilege issues. The security update resolves the following vulnerabilities: An elevation of privilege vulnerability exists when Windows Netlogon improperly establishes a secure comm…

漏洞信息 A security feature bypass vulnerability exists when Windows Secure Boot improperly loads a boot manager that is affected by the vulnerability. An attacker who successfully exploited this vulnerability could disable code integrity checks, allowing test-sig…

漏洞信息 This security update resolves a vulnerability in Microsoft Windows. The update addresses the vulnerability by preventing Universal Outlook from disclosing usernames and passwords. This security update is rated Important for Windows 10 and Windows 10 Versi…

漏洞信息 This security update is rated Critical for Internet Explorer 9 (IE 9), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Wi…

漏洞信息 The security update addresses the vulnerabilities by correcting how the Windows font library handles embedded fonts. This security update is rated Critical for: - All supported releases of Microsoft Windows. - Affected editions of Microsoft Office 2007 an…

漏洞信息 Multiple elevation of privilege vulnerabilities exist when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could run arbitrary code in kernel mode. An attacker could t…