漏洞类别:RedHat 漏洞等级: 漏洞信息 Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support; the issue could occ…
漏洞类别:RedHat 漏洞等级: 漏洞信息 JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, p…
漏洞类别:General remote services 漏洞等级: 漏洞信息 A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, …
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for flash-player to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Desktop 12-SP1 漏洞危害 This vulnerability could be exploited to gain complete access to sensitive information. Malicious u…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for libsndfile to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability can also be used to cause a l…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for tomcat to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 12-SP2 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users cou…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for botan to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 漏洞危害 This vulnerability could be exploit…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for samba to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gain partial…
CVE
CVE-2017-6615 Cisco IOS XE Software Simple Network Management Protocol Subsystem Denial of Service Vulnerability (cisco-sa-20170419-ios-xe-snmp)
漏洞类别:Cisco 漏洞等级: 漏洞信息 A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a race con…
漏洞类别:Local 漏洞等级: 漏洞信息 IBM WebSphere Application Server is designed to facilitate the creation of various enterprise Web applications. IBM WebSphere Application Server is vulnerable to a HTTP response splitting attack. This can be exploited by sending a special…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that rtmpdump incorrectly handled certain malformed streams. 漏洞危害 If a user were tricked into processing a specially crafted stream, a remote attacker could cause rtmpdump to crash, resulting in a denial of service, or …
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that FreeType did not correctly handle certain malformed font files. 漏洞危害 If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, resulting in a denial of servic…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that Apache Fop incorrectly handled XML external entities. 漏洞危害 A remote attacker could possibly use this issue to obtain sensitive files from the filesystem, or cause a denial of service. 解决方案 Refer to Ubuntu advisory …
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that Apache Batik incorrectly handled XML external entities. 漏洞危害 A remote attacker could possibly use this issue to obtain sensitive files from the filesystem, or cause a denial of service. 解决方案 Refer to Ubuntu advisor…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that the Apache mod_session_crypto module was encrypting data and cookies using either CBC or ECB modes. It was discovered that the Apache mod_auth_digest module incorrectly handled malicious input. It was discovered th…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 Integer overflows in shadow utilities. A race condition in su. 漏洞危害 A local attacker could possibly cause them to crash or potentially gain privileges via crafted input. (CVE-2016-6252) A local attacker could cause su to send SIGKILL to …
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for git to fix the vulnerabilities. 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Refer to Debian security advisory DSA 3848-1 to address this issue and obtain further det…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for xen to fix the vulnerabilities. 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. 解决方案 Refer to Debian security advisory DSA 3847-1 to address this issue a…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for libytnef to fix the vulnerabilities. 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial …
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for libtirpc to fix the vulnerabilities. 漏洞危害 Successful exploitation of the vulnerability may allow attackers to cause Denial of Service attacks. 解决方案 Refer to Debian security advisory DSA 3845-1 to a…
漏洞类别:Local 漏洞等级: 漏洞信息 McAfee ePolicy Orchestrator (ePO) software centralizes and streamlines management of endpoint, network, content security and compliance solutions. McAfee ePO Deep Command version 2.1 and 2.2 are vulnerable to an unquoted binary path explo…
漏洞类别:CGI 漏洞等级: 漏洞信息 Joomla! is a free and open-source content management system written in PHP. It uses object oriented programming techniques and is built on a model-view-controller web application framework. It includes features such as page caching, RSS fee…
漏洞类别:CGI 漏洞等级: 漏洞信息 concrete5 is an open source content management system (CMS) for publishing content on the World Wide Web and intranets. concrete5 contains a cross-site request forgery vulnerability in the Thumbnail Editor, that is implemented in the File M…
英特尔芯片出现一个远程劫持漏洞,它潜伏了 7 年之久。本月 5 日,一名科技分析师刊文称,漏洞比想象的严重得多,黑客利用漏洞可以获得大量计算机的控制权,不需要输入密码。 英特尔主动管理技术(AMT)功能允许系统管理者通过远程连接执行多种繁重的任务,包括:改变启动计算机代码、接入鼠标键盘和显示器、加载并执行程序、通过远程方式启动设备等。 许多 vPro 处理器都支持 AMT 技术,如果想通过浏览器界面远程使用它必须输入密码,然而,英特尔的验证机制输入任何文本串(或者连文本都不要)都可以绕过。Tenable Netwo…
据外媒 7 日报道,欧洲刑警组织联合斯洛伐克警方 NAKA 捣毁网络黑市 Bloomsfield ,并从非法在线活动中查获大量毒品与军火武器。 警方在其中一个搜查地点发现五枚枪支与 600 余发不同口径弹药。 随着调查工作的不断深入,一个设计巧妙的室内大麻种植园也浮出水面,内藏 58 株大麻与一个价值 203,000 欧元的比特币钱包。目前,安全专家正着手分析执法部门检获的网络黑市服务器并搜索其他证据。斯洛伐克当局与欧洲刑警组织已将调查范围扩大至网络黑市用户与供应商。 调查表明,兴起于两年前的网络黑市 Blooms…