漏洞类别:Local 漏洞等级: 漏洞信息 HP Operations Agent helps in monitoring a system by collecting metrics that indicate the health, performance, and availability of essential elements. HP Operations Agent is vulnerable to a remote cross-site scripting (XSS) attack. Affecte…
CVE
CVE-2017-5645 Red Hat Update for JBoss Enterprise Application Platform 6.4.17 on RHEL 6 (RHSA-2017:2635)
漏洞类别:RedHat 漏洞等级: 漏洞信息 Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. It was found that when using remote logging with log4j socket server the log4j server would deserialize any log even…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The docker-distribution package provides the tool set to support the Docker Registry version 2. It was found that docker-distribution did not properly restrict memory allocation size for a registry instance through the manifest endpoint.…
漏洞类别:Local 漏洞等级: 漏洞信息 Google Chrome is a web browser for multiple platforms developed by Google. This Google Chrome update fixes the following vulnerabilities: CVE-2017-5111: Use after free in PDFium. CVE-2017-5112: Heap buffer overflow in WebGL. CVE-2017-5113…
漏洞类别:Local 漏洞等级: 漏洞信息 BladeLogic Server Automation from BMC allows quick and secure solution to configure, patch and maintain physical, virtual, and cloud servers. The Windows RSCD Agent is affected by a authorization bypass vulnerability which allows remote s…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for gdk-pixbuf to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP3…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for gcc48 to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. 解决…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for postgresql96 to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-S…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for expat to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability can also be used to cause a limite…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that TeX Live incorrectly handled certain system commands. 漏洞危害 If a user were tricked into processing a specially crafted TeX file, a remote attacker could execute arbitrary code. 解决方案 Refer to Ubuntu advisory USN-3401…
漏洞类别:Backdoors and trojan horses 漏洞等级: 漏洞信息 UNITEDRAKE Malware is detected on the remote system. QID Detection Logic: This QID checks if the UNITEDRAKE Log file (~yh56816.tmp), or the installation log file (~yh23931.tmp) exists under "%SYSTEMROOT%\temp" 漏洞危害 S…
漏洞类别:Hardware 漏洞等级: 漏洞信息 The HPE Integrated Lights-Out (iLO) is an embedded server management technology that is useful as an out-of-band management technology. A potential security vulnerability has been identified in HPE Integrated Lights-out (iLO 4). The vu…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for libzypp, zypper to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 漏洞危害 This v…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that a vulnerability in PyJWT doesn't check invalid_strings properly for some public keys. 漏洞危害 A remote attacker could take advantage of a key confusion to craft JWTs from scratch. 解决方案 Refer to Ubuntu advisory USN-340…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that Ghostscript mishandles references. It was discovered that Ghostscript could allow a heap-based buffer over-read and application crash. An use-after-free vulnerability in Ghostscript. A lack of integer overflow chec…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that PySAML2 incorrectly handled certain SAML XML requests and responses. 漏洞危害 A remote attacker could use this issue to read arbitrary files. 解决方案 Refer to Ubuntu advisory USN-3402-1 for affected packages and patching …
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that TeX Live incorrectly handled certain system commands. 漏洞危害 If a user were tricked into processing a specially crafted TeX file, a remote attacker could execute arbitrary code. 解决方案 Refer to Ubuntu advisory USN-3401…
漏洞类别:CGI 漏洞等级: 漏洞信息 Genivia gSOAP (Simple Object Access Protocol) is a web services toolkit, that is used to enable devices communicate with the internet. Genivia gSOAP is prone to a stack-based buffer-overflow vulnerability because it fails to properly bounds…
漏洞类别:Web server 漏洞等级: 漏洞信息 REDDOXX is a leading supplier of solutions for e-mail archiving,encrypted and digitally signed e-mail traffic as well as spam protection. REDDOXX appliance suffers from multiple vulnerabilities: REDDOXX Appliance Remote Command Execu…
漏洞类别:RedHat 漏洞等级: 漏洞信息 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. A flaw was found in the way 389-ds-base handled authentication attempts against locked accounts. A remote attacker could potentially use this flaw to continue password …
漏洞类别:Local 漏洞等级: 漏洞信息 HP Operations Agent helps in monitoring a system by collecting metrics that indicate the health, performance, and availability of essential elements. HP Operations Agent is vulnerable to a remote cross-site scripting (XSS) attack. Affecte…
CVE
CVE-2016-10200 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2017-3605)
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for unbreakable enterprise kernel to fix the vulnerabilities. Affected Products: Oracle Linux 7 Oracle Linux 6 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 …
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for git to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 To resolve this issue, upgrade to the lat…
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for kernel to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could…
漏洞类别:CGI 漏洞等级: 漏洞信息 Apache Sling is a web framework that uses a Java Content Repository, such as Apache Jackrabbit, to store and manage content. The Javascript method Sling.evalString() uses the javascript 'eval' function to parse input strings, which allows f…