漏洞类别:CGI 漏洞等级: 漏洞信息 Cisco UCS Platform Emulator is the Cisco UCS Manager application bundled into a virtual machine (VM). The vulnerability exists due to improper validation of string input passed to IP/settings/ping function in the shell application. An unaut…
漏洞类别:RedHat 漏洞等级: 漏洞信息 PostgreSQL is an advanced object-relational database management system (DBMS). Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws …
漏洞类别:RedHat 漏洞等级: 漏洞信息 Chromium is an open-source web browser, powered by WebKit (Blink). Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or di…
漏洞类别:RedHat 漏洞等级: 漏洞信息 Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. It was found that when using remote logging with log4j socket server the log4j server would deserialize any log even…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or…
CVE
CVE-2017-12319 Cisco IOS XE Software Ethernet Virtual Private Network BGP Denial of Service Vulnerability (cisco-sa-20171103-bgp)
漏洞类别:Cisco 漏洞等级: 漏洞信息 A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service…
漏洞类别:Security Policy 漏洞等级: 漏洞信息 Microsoft Office 2007 has reached product End of Life in its support cycle. No further bug fixes, enhancements, security updates or technical support is available for this version. QID Detection Logic (Authenticated): This QID l…
漏洞类别:Local 漏洞等级: 漏洞信息 The GNU C Library (glibc) project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. The dynamic loader (ld.so) of glibc contains the following memory leak and…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Suc…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Suc…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Privilege escalation flaws were found in the initialization scripts of PostgreSQL. A remote attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.(CVE-2017-12172 ) INSER…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Apache Portable Runtime Utility (APR-util) fails to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can m…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak.(CVE-2017-12613 ) QID Detection Logic: …
漏洞类别:Web Application 漏洞等级: 漏洞信息 An XML External Entity (XXE) file inclusion error was detected. The web application is parsing user-controlled XML data without sanitization and an error was returned when unable to access the resource referred to by the injecte…
漏洞类别:Web Application Firewall 漏洞等级: 漏洞信息 When a XML/JSON message is invalid or malformed it could conduct to errors in parsing allowing an attacker to find a vulnerable entry point in the web service. 漏洞危害 When a malformed or invalid XML/JSON message is parsed…
漏洞类别:Local 漏洞等级: 漏洞信息 Symantec Endpoint Encryption (SEE), powered by PGP technology provides organizations with strong full-disk and removable media encryption and the ability to integrate with Symantec Data Loss Prevention. A denial of service (DoS) attack is…
漏洞类别:Local 漏洞等级: 漏洞信息 The HP Touchpoint Analytics client harvests telemetry information that is used by HP Touchpoint's analytical services. Reports suggest that this service is being pushed on user systems without permissions from the end user. 漏洞危害 N/A 解决方案 …
漏洞类别:Local 漏洞等级: 漏洞信息 In BIG-IP ASM, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted …
漏洞类别:RedHat 漏洞等级: 漏洞信息 Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory …
漏洞类别:RedHat 漏洞等级: 漏洞信息 The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the timer functionality in the Linux kernel ALSA subsystem is prone to a race condition between read and ioctl system call handlers, …
漏洞类别:CGI 漏洞等级: 漏洞信息 Tripwire delivers a robust file integrity monitoring (FIM) solution, able to monitor detailed system integrity: files, directories, registries, configuration parameters, DLLs, ports, services, protocols, etc. The Tripwire Enterprise Console…
漏洞类别:CentOS 漏洞等级: 漏洞信息 CentOS has released security update for procmail to fix the vulnerabilities. Affected Products: centos 7 漏洞危害 This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vul…
漏洞类别:CentOS 漏洞等级: 漏洞信息 CentOS has released security update for apr to fix the vulnerabilities. Affected Products: centos 6 centos 7 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Additionally this vulnerability can …
漏洞类别:CentOS 漏洞等级: 漏洞信息 CentOS has released security update for samba security update to fix the vulnerabilities. Affected Products: centos 7 漏洞危害 Successful exploitation allows attacker to execute arbitrary code. 解决方案 To resolve this issue, upgrade to the late…
漏洞类别:CentOS 漏洞等级: 漏洞信息 CentOS has released security update for curl to fix the vulnerabilities. Affected Products: centos 7 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Additionally this vulnerability can also be …