漏洞类别:Cisco 漏洞等级: 漏洞信息 A vulnerability in the UDP processing code of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and a d…
漏洞类别:Local 漏洞等级: 漏洞信息 Apache Struts is an open-source Model-View-Controller (MVC) framework for creating elegant, modern Java web applications. A RCE attack is possible when developer is using wrong construction in Freemarker tags (CVE-2017-12611). Affected so…
漏洞类别:AIX 漏洞等级: 漏洞信息 ISC BIND could allow a remote attacker to bypass security restrictions, caused by an error when an attacker can send and receive messages to an authoritative DNS server and has knowledge of a valid TSIG key name. Affected Versions: AIX 6.1,…
漏洞类别:AIX 漏洞等级: 漏洞信息 There are multiple vulnerabilities in IBM SDK Java Technology Edition Versions 6, 7, 7.1, 8 that are used by AIX. These issues were disclosed as part of the IBM Java SDK updates in July 2017. Affected Versions:- AIX 5.3, 6.1, 7.1, 7.2 漏洞危害 …
漏洞类别:Local 漏洞等级: 漏洞信息 Adobe ColdFusion is an application for developing Web sites. Adobe has released security hotfixes for ColdFusion version 11 and the 2016 release. These hotfixes resolve an input validation issue that could be used in reflected XSS (cross-…
漏洞类别:Local 漏洞等级: 漏洞信息 Adobe Flash Player is a Cross-platform plugin plays animations, videos and sound files in .SWF format. These vulnerabilities that could potentially allow an attacker to take control of the affected system. (CVE-2017-11281,CVE-2017-11282) …
漏洞类别:Office Application 漏洞等级: 漏洞信息 Microsoft released security updates that resolve vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. The following updates were released in September 201…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts (Red Hat), and pcmcia configuration files. An information-disclosure flaw was found in…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The kernel packages contain the Linux kernel, the core of any Linux operating system. A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a cl…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The kernel packages contain the Linux kernel, the core of any Linux operating system. A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a cl…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The kernel packages contain the Linux kernel, the core of any Linux operating system. A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a cl…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The kernel packages contain the Linux kernel, the core of any Linux operating system. A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a cl…
漏洞类别:RedHat 漏洞等级: 漏洞信息 Chromium is an open-source web browser, powered by WebKit (Blink). Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or di…
漏洞类别:Local 漏洞等级: 漏洞信息 IBM Domino (formerly IBM Lotus Domino) is an advanced platform for hosting social business applications. IBM Domino is affected with multiple cross-site scripting vulnerabilities which can be exploited by a remote attacker. Affected Versi…
漏洞类别:Local 漏洞等级: 漏洞信息 HPE Network Automation software automates network configuration and change management (NCCM) from provisioning to policy-based change and security. HPE Network Automation is affected by a Java object deserialization vulnerability in Apach…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for qemu to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 漏洞危害 This vulnerability can also be used to cause a limited denial of servic…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for evince to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUS…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for the linux kernel to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to g…
漏洞类别:VMware 漏洞等级: 漏洞信息 VMware vCenter is the centralized management tool for the vSphere suite. The target is missing Update 2a, which corrects the following security issue: vCenter Server contains an XML External Entity (XXE) vulnerability in the Log Browser,…
漏洞类别:Hardware 漏洞等级: 漏洞信息 D-Link Router DIR-600 discloses admin credentials via LFI leading to authentication bypass. Affected Routers: D-Link Router DIR-600 firmware version 2.01B1. Older versions may also be affected. Detection Logic (Unauthenticated): This Q…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that an information disclosure vulnerability existed in the Service Discovery Protocol (SDP) implementation in BlueZ. 漏洞危害 A physically proximate unauthenticated attacker could use this to disclose sensitive information…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that file incorrectly handled certain ELF files. 漏洞危害 An attacker could use this to cause file to crash, resulting in a denial of service. 解决方案 Refer to Ubuntu advisory USN-3412-1 for affected packages and patching deta…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It discovered that Bazaar did not properly handle host names in 'bzr+ssh://' URLs. 漏洞危害 A remote attacker could use this to construct a bazaar repository URL that when accessed could run arbitrary code with the privileges of the user. 解决…
漏洞类别:Information gathering 漏洞等级: 漏洞信息 This system currently uses NTLMv2 Authentication. 漏洞危害 解决方案 0daybank
漏洞类别:RedHat 漏洞等级: 漏洞信息 Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. An unsigned integer wrap around that led to a buffer over-read was found when parsing OFPT_QUEUE_GET_…