漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for erlang to fix the vulnerabilities. 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Refer to Debian security advisory DSA 4057-1 to address this issue and obtain further …
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for openjdk-7 to fix the vulnerabilities. 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for libapr-util1 to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-S…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for php5 to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 漏洞危害 This vulnerability could be exploite…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for intel-sinit to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gain complete access to sensitive information. Malicious use…
CVE
CVE-2017-1000112 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2017:3265-1)
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for the linux kernel to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to g…
漏洞类别:Local 漏洞等级: 漏洞信息 Firefox is a free and open-source web browser developed for Windows, OS X, and Linux, with a mobile version for Android. Multiple vulnerabilities were reported in Mozilla Firefox.Buffer overflow when drawing and validating elements with A…
漏洞类别:Local 漏洞等级: 漏洞信息 Google Chrome is a web browser for multiple platforms developed by Google. This Google Chrome update fixes the following vulnerabilities: CVE-2017-15407: Out of bounds write in QUIC: CVE-2017-15408: Heap buffer overflow in PDFium: CVE-201…
漏洞类别:Local 漏洞等级: 漏洞信息 McAfee Network Security Manager allows remote management of McAfee sensors deployed throughout in a network. Exploitation of authorization vulnerability in the web interface in McAfee Network Security Manager (NSM) in all versions before …
CVE
CVE-2017-12243 Cisco UCS Platform Emulator Remote Code Execution Vulnerability (cisco-sa-20171101-arce)
漏洞类别:CGI 漏洞等级: 漏洞信息 Cisco UCS Platform Emulator is the Cisco UCS Manager application bundled into a virtual machine (VM). The vulnerability exists due to improper validation of string input passed to IP/settings/ping function in the shell application. An unaut…
漏洞类别:RedHat 漏洞等级: 漏洞信息 PostgreSQL is an advanced object-relational database management system (DBMS). Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws …
漏洞类别:RedHat 漏洞等级: 漏洞信息 Chromium is an open-source web browser, powered by WebKit (Blink). Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or di…
漏洞类别:RedHat 漏洞等级: 漏洞信息 Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. It was found that when using remote logging with log4j socket server the log4j server would deserialize any log even…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or…
CVE
CVE-2017-12319 Cisco IOS XE Software Ethernet Virtual Private Network BGP Denial of Service Vulnerability (cisco-sa-20171103-bgp)
漏洞类别:Cisco 漏洞等级: 漏洞信息 A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service…
漏洞类别:Security Policy 漏洞等级: 漏洞信息 Microsoft Office 2007 has reached product End of Life in its support cycle. No further bug fixes, enhancements, security updates or technical support is available for this version. QID Detection Logic (Authenticated): This QID l…
漏洞类别:Local 漏洞等级: 漏洞信息 The GNU C Library (glibc) project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. The dynamic loader (ld.so) of glibc contains the following memory leak and…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Suc…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Suc…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Privilege escalation flaws were found in the initialization scripts of PostgreSQL. A remote attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.(CVE-2017-12172 ) INSER…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Apache Portable Runtime Utility (APR-util) fails to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can m…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak.(CVE-2017-12613 ) QID Detection Logic: …
漏洞类别:Web Application 漏洞等级: 漏洞信息 An XML External Entity (XXE) file inclusion error was detected. The web application is parsing user-controlled XML data without sanitization and an error was returned when unable to access the resource referred to by the injecte…
漏洞类别:Web Application Firewall 漏洞等级: 漏洞信息 When a XML/JSON message is invalid or malformed it could conduct to errors in parsing allowing an attacker to find a vulnerable entry point in the web service. 漏洞危害 When a malformed or invalid XML/JSON message is parsed…
漏洞类别:Local 漏洞等级: 漏洞信息 Symantec Endpoint Encryption (SEE), powered by PGP technology provides organizations with strong full-disk and removable media encryption and the ability to integrate with Symantec Data Loss Prevention. A denial of service (DoS) attack is…