漏洞类别:RedHat 漏洞等级: 漏洞信息 The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel'…
漏洞类别:RedHat 漏洞等级: 漏洞信息 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and librarie…
CVE
Ubuntu Security Notification for Postgresql-9.1, Postgresql-9.3, Postgresql-9.5 Vulnerabilities (USN-3066-1)——漏洞银行丨0DAY BANK
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that PostgreSQL incorrectly handled certain nested CASE/WHEN expressions. It was discovered that PostgreSQL incorrectly handled special characters in database and role names. 漏洞危害 A remote attacker could possibly use th…
CVE
Ubuntu Security Notification for Libgcrypt11, Libgcrypt20 Vulnerability (USN-3065-1)——漏洞银行丨0DAY BANK
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that Libgcrypt incorrectly handled mixing functions in the random number generator. 漏洞危害 An attacker able to obtain 4640 bits from the RNG can trivially predict the next 160 bits of output. 解决方案 Refer to Ubuntu advisory…
洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that GnuPG incorrectly handled mixing functions in the random number generator. 漏洞危害 An attacker able to obtain 4640 bits from the RNG can trivially predict the next 160 bits of output. 解决方案 Refer to Ubuntu advisory USN-…
漏洞类别:Web server 漏洞等级: 漏洞信息 Oracle GlassFish Server is an implementation of Java Platform, Enterprise Edition (Java EE) 6 specification. An unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows rem…
漏洞类别:CGI 漏洞等级: 漏洞信息 phpMyAdmin is a free software tool written in PHP and intended to handle the administration of MySQL over the Internet. A vulnerability was discovered in the libraries/central_columns.lib.php source file that allows an SQL injection attack …
漏洞类别:SUSE 漏洞等级: 漏洞信息 Suse has released security update for cracklib to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 漏洞危害 This vulnerab…
漏洞类别:SUSE 漏洞等级: 漏洞信息 Suse has released security update for python to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE L…
CVE
SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2016:2105-1)——漏洞银行丨0DAY BANK
漏洞类别:SUSE 漏洞等级: 漏洞信息 Suse has released security update for the linux kernel to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-…
CVE
Cisco Prime Network Analysis Module IPv6 Denial of Service Vulnerability (cisco-sa-20160601-prime3)——漏洞银行丨0DAY BANK
漏洞类别:CGI 漏洞等级: 漏洞信息 A vulnerability in the IPv6 packet decode function of the Cisco Network Analysis Module (NAM) could allow an unauthenticated, remote attacker to cause a denial of service condition. The vulnerability is due to an improper calculation of the…
漏洞类别:CGI漏洞等级: 漏洞信息 Symantec Web Gateway is a web security gateway appliance. Symantec Web Gateway is exposed to multiple security issues: 1) The application improperly validates input passed via the "filename" parameter to spywall/pbcontrol.php. 2) Input passe…
漏洞概述 zabbix是一个开源的企业级性能监控解决方案。 漏洞等级: 官方网站:http://www.zabbix.com zabbix的jsrpc的profileIdx2参数存在insert方式的SQL注入漏洞,攻击者无需授权登陆即可登陆zabbix管理系统,也可通过script等功能轻易直接获取zabbix服务器的操作系统权限。 影响程度 攻击成本:低 危害程度:高 是否登陆:不需要 影响范围:2.2.x, 3.0.0-3.0.3。(其他版本未经测试) 漏洞测试 在您的zabbix的地址后面加上如下url:…
漏洞类别:Hardware 漏洞等级: 漏洞信息 Checkpoint security gateway is an integrated software solution that provides connectivity to corporate networks, branch offices and business partners via a secure channel. Multiple unspecified vulnerabilities exists in the Check Point …
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that OpenSSH incorrectly handled password hashing when authenticating non-existing users. It was discovered that OpenSSH did not limit password lengths. 漏洞危害 A remote attacker could perform a timing attack and enumerate…
CVE
Cisco Unified Computing System Platform Emulator Command Injection Vulnerability (cisco-sa-20160414-ucspe1)——漏洞银行丨0DAY BANK
漏洞类别:CGI 漏洞等级: 漏洞信息 A vulnerability in the Cisco Unified Computing System (UCS) Platform Emulator could allow an authenticated, local attacker to perform a command injection attack. The vulnerability occurs because the affected system improperly handles ucspe-…
CVE
Cisco ASA Access Control List ICMP Echo Request Code Filtering Vulnerability (cisco-sa-20160711-asa)——漏洞银行丨0DAY BANK
漏洞类别:Cisco漏洞等级: 漏洞信息 A vulnerability in the Cisco Adaptive Security Appliance (ASA) Software implementation of access control list (ACL) permit and deny filters for ICMP Echo Reply messages could allow an unauthenticated, remote attacker to bypass ACL configur…
漏洞类别:SUSE漏洞等级: 漏洞信息 Suse has released security update for chromium to fix the vulnerabilities. Affected Products: openSUSE 13.1 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Upgrade to the latest packages which contain a patch. To…
漏洞类别:SUSE漏洞等级: 漏洞信息 Suse has released security update for dropbear to fix the vulnerabilities. Affected Products: openSUSE 13.1 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Upgrade to the latest packages which contain a patch. To…
漏洞类别:SUSE漏洞等级: 漏洞信息 Suse has released security update for go to fix the vulnerabilities. Affected Products: openSUSE 13.2 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Upgrade to the latest packages which contain a patch. To insta…
漏洞类别:SUSE漏洞等级: 漏洞信息 Suse has released security update for mbedtls to fix the vulnerabilities. Affected Products: openSUSE Leap 42.1 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Upgrade to the latest packages which contain a patch…
漏洞类别:SUSE漏洞等级: 漏洞信息 Suse has released security update for dropbear to fix the vulnerabilities. Affected Products: openSUSE Leap 42.1 openSUSE 13.2 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Upgrade to the latest packages which …
漏洞类别:SUSE漏洞等级: 漏洞信息 Suse has released security update for tiff to fix the vulnerabilities. Affected Products: openSUSE 13.2 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Upgrade to the latest packages which contain a patch. To ins…
漏洞类别:SUSE漏洞等级: 漏洞信息 Suse has released security update for python to fix the vulnerabilities. Affected Products: openSUSE Leap 42.1 openSUSE 13.2 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Upgrade to the latest packages which co…
漏洞类别:SUSE漏洞等级: 漏洞信息 Suse has released security update for karchive to fix the vulnerabilities. Affected Products: openSUSE Leap 42.1 openSUSE 13.2 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Upgrade to the latest packages which …