漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for tnef to fix the vulnerability. Affected OS: Fedora 24 Fedora 25 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulne…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for libnl3 to fix the vulnerability. Affected OS: Fedora 24 漏洞危害 This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerabilit…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for community-mysql to fix the vulnerability. Affected OS: Fedora 25 Fedora 24 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Additionally this vulnerabilit…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for bouncycastle to fix the vulnerability. Affected OS: Fedora 24 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. 解决方案 Fedora has issued updated packages to …
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for drupal8 to fix the vulnerability. Affected OS: Fedora 24 Fedora 25 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vu…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for libreoffice to fix the vulnerability. Affected OS: Fedora 24 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerab…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for log4j to fix the vulnerability. Affected OS: Fedora 24 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability …
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for roundcubemail to fix the vulnerability. Affected OS: Fedora 25 Fedora 24 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use t…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for batik to fix the vulnerability. Affected OS: Fedora 25 Fedora 24 漏洞危害 This vulnerability could be exploited to gain complete access to sensitive information. 解决方案 Fedora has issued updated packages…
E安全5月16日讯 窃取并公开美国国家安全局(简称:NSA)网络武器库的“影子经纪人”(Shadow Brokers)黑客组织刚刚宣称:将从今年6月开始,逐月出售包括浏览器、路由器、手机漏洞及相关工具、新的攻击行动disk(和此次传播勒索蠕虫病毒的Windows武器库一样,包括NSA支持的Windows 10网络攻击武器),还有更多的SWIFT供应商和央行入侵数据,以及针对中国、俄罗斯、伊朗和朝鲜的导弹和核弹计划的内部网络数据。 就在昨天晚间,某宣称代表影子经纪人的人士在Steemit网站上发布了一条新消息。根据这…
传送门 【权威报告】WanaCrypt0r勒索蠕虫完全分析报告 一、 事件时间线 1) 2017年5月12日 Malware Tech在twitter上发布了一条通过SMB传播的勒索软件WannaCrypt,之后相关kill switch url被注册监管,之后该twitter作者编写了文章“How to Accidentally Stop a Global Cyber Attacks”,在该文章中记录了他是如何第一时间注意到这次攻击事件,并迅速做出相应的过程。 2) 2017年5月12日 360发布紧急通告,对一…
本文作者:李勤 2017-05-16 10:43 导语:5月16日上午,雷锋网编辑从朋友圈看到,一位名为“雷锋”的网络安全圈人士称:卧槽,今天腾讯抽风了,大批量黑客QQ群、技术群、开发群,各种交流群封了一大片!!! 5月16日上午,雷锋网编辑从朋友圈看到,一位名为“雷锋”的网络安全圈人士称:卧槽,今天腾讯抽风了,大批量黑客QQ群、技术群、开发群,各种交流群封了一大片!!! 随后,引发多人评论。 【该截图由安全圈人士“雷锋”提供】 雷锋网编辑随后展开了调查,发现果然很多黑客QQ群被封禁,只是,不仅是黑客QQ群。 从截…
漏洞类别:Security Policy 漏洞等级: 漏洞信息 Apache Tomcat software is a web server. Support for Apache Tomcat 6.0.x ended on December, 31 2016. No further bug fixes, enhancements, security updates or technical support is available for this version. 漏洞危害 The system is at h…
CVE
CVE-2015-0701 Cisco UCS Central Software Arbitrary Command Execution Vulnerability (cisco-sa-20150506-ucsc)
漏洞类别:Cisco 漏洞等级: 漏洞信息 A vulnerability in the web framework of Cisco UCS Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to improper input validation. QID Detection L…
漏洞列表
Information gathering 2017-05-15 22:28:08 Cisco UCS (Unified Computing System) Central Software Detected
漏洞类别:Information gathering 漏洞等级: 漏洞信息 Cisco UCS (Unified Computing System) Central Software is installed on the host. QID Detection Logic (Authenticated): This QID reviews the Cisco UCS central version via "show version". The QID is posted if Cisco UCS central…
漏洞类别:RedHat 漏洞等级: 漏洞信息 Chromium is an open-source web browser, powered by WebKit (Blink). A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose se…
漏洞类别:RedHat 漏洞等级: 漏洞信息 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit…
漏洞类别:RedHat 漏洞等级: 漏洞信息 IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further …
漏洞类别:CGI 漏洞等级: 漏洞信息 Pexip Infinity is a video communications software that can be deployed on infrastructure of organizations in public, private or hybrid cloud environments. Pexip Infinity is vulnerable to input validation failure vulnerabilities in multiple …
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for jasper to fix the vulnerabilities. Affected Products: Oracle Linux 7 Oracle Linux 6 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicio…
漏洞列表
Security Policy 2017-05-15 22:28:08 EOL/Obsolete Software: Cisco ASA Software Version 9.5 Detected
漏洞类别:Security Policy 漏洞等级: 漏洞信息 An obsolete version of Cisco ASA was detected on the host. Support for Cisco ASA version 9.5 ended on May 3, 2017. No further releases or security fixes will be available for Cisco ASA version 9.5. QID Detection Logic (Authentic…
漏洞类别:Web Application 漏洞等级: 漏洞信息 The logout links discovered by the Web Application Scanning engine are provided in the Results section. These links were present on the target Web Application, but were not crawled. Crawling these links will terminate the active…
今天,网友都被这样的一则新闻刷了屏:中国大批高校出现勒索病毒感染情况,众多师生电脑文件都被病毒加了密,只有支付高达5万元的赎金才能恢复,已经有学生因此耽误了答辩可能毕不了业。 这是在国内,全球已经有近100个国家遭遇勒索病毒的袭击,在英格兰,至少16家医院和相关机构遭遇了攻击,苏格兰还有5家。每家医院除了面临约400万人民币的勒索,还面临电脑系统瘫痪、电话线路被切断、急诊病人被迫转移…… 在NSA黑客工具“永恒之蓝”的助力下,这一波勒索病毒让800万毕业生深陷肄业风险,交通、能源、教育等行业也笼罩在勒索病毒的重重阴…
日期:2017-5-13 0x1 前言 360互联网安全中心近日发现全球多个国家和地区的机构及个人电脑遭受到了一款新型勒索软件攻击,并于5月12日国内率先发布紧急预警,外媒和多家安全公司将该病毒命名为“WanaCrypt0r”(直译:“想哭勒索蠕虫”),常规的勒索病毒是一种趋利明显的恶意程序,它会使用加密算法加密受害者电脑内的重要文件,向受害者勒索赎金,除非受害者交出勒索赎金,否则加密文件无法被恢复,而新的“想哭勒索蠕虫”尤其致命,它利用了窃取自美国国家安全局的黑客工具EternalBlue(直译:“永恒之蓝”)实…
下载NSA武器库免疫工具:http://dl.360safe.com/nsa/nsatool.exe 全球爆发勒索病毒攻击 昨日英国、意大利、俄罗斯等全球多个国家爆发勒索病毒攻击,中国大批高校也出现感染情况,众多师生的电脑文件被病毒加密,只有支付赎金才能恢复。据360安全卫士紧急公告,不法分子使用NSA泄漏的黑客武器攻击Windows漏洞,把ONION、WNCRY等勒索病毒在校园网快速传播感染,建议电脑用户尽快使用360“NSA武器库免疫工具”进行防御。 据360安全中心分析,此次校园网勒索病毒是由NSA泄漏的“永…