漏洞类别:Cisco 漏洞等级: 漏洞信息 A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to prop…
漏洞类别:Local 漏洞等级: 漏洞信息 The Microsoft Malware Protection Engine is a part of several Microsoft antimalware products. A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leadin…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that the firmware for several Intel WLAN devices incorrectly handled WPA2 in relation to Wake on WLAN. 漏洞危害 A remote attacker could use this issue with key reinstallation attacks to obtain sensitive information. (CVE-20…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that libxml2 incorrecty handled certain parameter entities. 漏洞危害 An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service. 解决方案 Refer to …
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that Evince incorrectly handled printing certain DVI files. 漏洞危害 If a user were tricked into opening and printing a specially-named DVI file, an attacker could use this issue to execute arbitrary code. 解决方案 Refer to Ubu…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 Multiple security issues were discovered in Thunderbird. 漏洞危害 If a user were tricked in to opening a specially crafted website in a browsing-like context, an attacker could potentially exploit these to bypass same-origin restrictions, ca…
漏洞类别:CGI 漏洞等级: 漏洞信息 Splunk Enterprise captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards, and visualizations. Splunk Enterprise is affected by multiple SAML vulnerabilities:…
漏洞类别:RedHat 漏洞等级: 漏洞信息 Liblouis is an open source braille translator and back-translator named in honor of Louis Braille. A missing fix for one stack-based buffer overflow in findTable() for CVE-2014-8184 was discovered. An attacker could cause denial of servi…
CVE
CVE-2017-1000405 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2017:3226-1)
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for the linux kernel to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 漏洞危害 This …
CVE
CVE-2017-1000405 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2017:3225-1)
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for the linux kernel to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 漏洞危害 This …
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for shibboleth-sp to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for libxcursor to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP3…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for mozillafirefox to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Suc…
CVE
CVE-2017-12172 Amazon Linux Security Advisory for postgresql92,postgresql93,postgresql94: ALAS-2017-931
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Privilege escalation flaws were found in the initialization scripts of PostgreSQL. A remote attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.( CVE-2017-12172 ) Inva…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Privilege escalation flaws were found in the initialization scripts of PostgreSQL. A remote attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.(CVE-2017-12172 ) INSER…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Apache Portable Runtime Utility (APR-util) fails to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can m…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak.(CVE-2017-12613 ) QID Detection Logic: …
漏洞类别:RedHat 漏洞等级: 漏洞信息 Mozilla Firefox is an open source web browser. Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the pr…
漏洞类别:Local 漏洞等级: 漏洞信息 Oracle Tuxedo is an application server for non-Java languages. It provides a bunch of facilities that help customers build and deploy enterprise applications written in C, C++, COBOL, and with the SALT add-on applications written in Pytho…
漏洞类别:Local 漏洞等级: 漏洞信息 VMware Workstation is a hosted hypervisor that runs on x64 versions of Windows and Linux operating systems. Multiple vulnerabilities were reported in VMware Workstation and Fusion. A local user on the guest system can trigger a heap overf…
漏洞类别:CGI 漏洞等级: 漏洞信息 Webmin is a Web-based interface for system administration of Unix and Linux operating systems. Webmin prior to 1.500 suffers from several critical vulnerabilities Affected Software: Webmin Versions prior to 1.500 QID Detection Logic (Unauth…
漏洞类别:General remote services 漏洞等级: 漏洞信息 The following buffer overflow conditions exist in Intel Active Management Technology (AMT): CVE-2017-5711: Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10…
漏洞类别:Database 漏洞等级: 漏洞信息 Apache CouchDB is a free open source document oriented database written in the Erlang programming language. This Apache CouchDB update fixes the following vulnerabilities: CVE-2017-12635:Remote Code Execution. CVE-2017-12636:Execution …
漏洞类别:Web server 漏洞等级: 漏洞信息 A Remote Code Execution vulnerability has been identified in HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, and HP OfficeJet Enterprise printers. The vulnerability exists due to Insuff…