漏洞类别:VMware 漏洞等级: 漏洞信息 VMware vCenter is the centralized management tool for the vSphere suite. VMware vCenter is affected by the following vulnerability: This issue may allow a malicious VM running on a given CPU core to effectively read the hypervisor or an…
漏洞类别:VMware 漏洞等级: 漏洞信息 VMware vCenter is the centralized management tool for the vSphere suite. VMware vCenter is affected by the following vulnerability: This issue may allow a malicious VM running on a given CPU core to effectively read the hypervisor or an…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for intel-microcode to fix the vulnerabilities. 漏洞危害 This vulnerability could be exploited to gain complete access to sensitive information. 解决方案 Refer to Debian security advisory DSA 4273-1 to addres…
漏洞类别:General remote services 漏洞等级: 漏洞信息 An SSL certificate associates an entity (person, organization, host, etc.) with a public key. In an SSL connection a client authenticates the remote server using the server's certificate and extracts the public key in t…
漏洞类别:General remote services 漏洞等级: 漏洞信息 OCSP (Online Certificate Status Protocol) is a protocol to determine the status of an SSL certificate, specifically whether a certificate has been revoked by the issuing certificate authority. SSL servers can provide th…
漏洞类别:General remote services 漏洞等级: 漏洞信息 SSL Certificate Transparency is an industry effort to improve visibility into the process of how certificate authorities issue certificates. It is designed to allow the owners of domain names to find all certificates th…
CVE
CVE-2018-11776 Apache Struts 2 namespace Remote Code Execution Vulnerability (S2-057) (Tomcat Server Authentication Record)
漏洞类别:Local 漏洞等级: 漏洞信息 Apache Struts is an open-source Model-View-Controller (MVC) framework for creating elegant, modern Java web applications. The vulnerability exists when using result type with no namespace and in same time, its upper action(s) have no or …
漏洞类别:CGI 漏洞等级: 漏洞信息 Apache Struts is an open-source Model-View-Controller (MVC) framework for creating elegant, modern Java web applications. The vulnerability exists when using result type with no namespace and in same time, its upper action(s) have no or wi…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for xen to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gain complete…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for podofo to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 漏洞危害 This vulnerability could be exploited to gain part…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for ceph to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 漏洞危害 This vulnerabili…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for gtk2 to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gain partial…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for libcgroup to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 漏洞危害 This vulner…
CVE
CVE-2018-10140 Palo Alto Networks PAN-OS Management Web-Interface Denial of Service Vulnerability(PAN-SA-2018-0010)
漏洞类别:CGI 漏洞等级: 漏洞信息 A Denial of Service exists in PAN-OS Management Web Interface that allows an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. This vulnerability can be triggered …
CVE
CVE-2018-13392 Atlassian Fisheye and Crucible Cross-Site Scripting Vulnerability (FE-7081,CRUC-8304)
漏洞类别:CGI 漏洞等级: 漏洞信息 Atlassian FishEye is the on-premise source code repository browser for enterprise teams. It provides your developers with advanced browsing and search for SVN, Git, Mercurial, Perforce and CVS code repositories, from any web browser. Atlas…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that the MOTD update script incorrectly handled temporary files. 漏洞危害 A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled. 解决…
漏洞类别:VMware 漏洞等级: 漏洞信息 VMware vCenter is the centralized management tool for the vSphere suite. VMware vCenter is affected by the following vulnerability: This issue may allow a malicious VM running on a given CPU core to effectively read the hypervisor or an…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for jetty9 to fix the vulnerabilities. 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial c…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for mutt to fix the vulnerabilities. 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial con…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for php-horde-image to fix the vulnerabilities. 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change …
漏洞类别:Local 漏洞等级: 漏洞信息 The JMX server is exposed to sniffing attacks because It's authentication credentials are transferred via clear text. QID Detection Logic (Authenticated): This QID executes "ps auxf | grep -i 'jmxremote.ssl'|grep -i -v -E "(jmxremote\.ho…
漏洞类别:Local 漏洞等级: 漏洞信息 JMX authentication not enabled on localhost interface detected on the system. QID Detection Logic (Authenticated): This QID executes "ps auxf | grep -E "(jmxremote.host=localhost|jmxremote.host=127.0.0.1)"" commands to list all the runni…