漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for apache2 to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gain compl…
漏洞类别:Local 漏洞等级: 漏洞信息 iTunes is a digital media player application for Mac OS and Windows developed by Apple. Multiple vulnerabilities were reported in Apple iTunes for Windows. A remote user can cause arbitrary code to be executed on the target user's system.…
CVE
CVE-2017-11458 SAP NetWeaver AS Java ctcprotocol/Protocol Servlet Cross-Site Scripting vulnerbaility (SAP Security Note 2406783)
漏洞类别:CGI 漏洞等级: 漏洞信息 SAP NetWeaver Application Server (AS) or SAP Web Application Server is a component of the solution which works as a web application server to SAP solutions. SAP NetWeaver AS JAVA 7.3 is affected by a Cross-Site Scripting vulnerability in th…
CVE
CVE-2017-11460 SAP NetWeaver AS Java DataArchivingService Servlet Cross-Site Scripting vulnerbaility (SAP Security Note 2308535)
漏洞类别:CGI 漏洞等级: 漏洞信息 SAP NetWeaver Application Server (AS) or SAP Web Application Server is a component of the solution which works as a web application server to SAP solutions. SAP NetWeaver AS JAVA 7.4 is affected by a Cross-Site Scripting vulnerability in th…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that Quagga incorrectly handled certain BGP UPDATE messages. It was discovered that Quagga incorrectly handled memory in the telnet vty CLI. 漏洞危害 A remote attacker could possibly use this issue to cause Quagga to crash,…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered a heap-based buffer overflow in the tipc_msg_build() function in the Linux kernel. It was discovered that a race condition existed in the timerfd subsystem of the Linux kernel when handling might_cancel queuing. It was …
CVE
CVE-2017-1000252 Ubuntu Security Notification for Linux, Linux-raspi2 Vulnerabilities (USN-3468-1)
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. It was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that Poppler incorrectly handled certain files. 漏洞危害 If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. 解决方案 Refer to Ubuntu advisory USN-3467-1 for …
漏洞类别:Information gathering 漏洞等级: 漏洞信息 Java Development Kit/Java Runtime Environment 1.9 installed on the target machine. 漏洞危害 解决方案 0daybank
漏洞类别:RedHat 漏洞等级: 漏洞信息 Liblouis is an open source braille translator and back-translator named in honor of Louis Braille. Multiple flaws were found in the processing of translation tables in liblouis. An attacker could crash or potentially execute arbitrary co…
漏洞类别:Local 漏洞等级: 漏洞信息 iTunes is a digital media player application for Mac OS and Windows developed by Apple. An access control issue was addressed by restricting access to iOS backups to iTunes. Affected Versions: Apple iTunes prior to 12.7 Available for OS X…
CVE
CVE-2017-6627 Cisco IOS and IOS XE Software UDP Packet Processing Denial of Service Vulnerability (cisco-sa-20170906-ios-udp)
漏洞类别:Cisco 漏洞等级: 漏洞信息 A vulnerability in the UDP processing code of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and a d…
漏洞类别:Local 漏洞等级: 漏洞信息 Apache Struts is an open-source Model-View-Controller (MVC) framework for creating elegant, modern Java web applications. A RCE attack is possible when developer is using wrong construction in Freemarker tags (CVE-2017-12611). Affected so…
漏洞类别:AIX 漏洞等级: 漏洞信息 ISC BIND could allow a remote attacker to bypass security restrictions, caused by an error when an attacker can send and receive messages to an authoritative DNS server and has knowledge of a valid TSIG key name. Affected Versions: AIX 6.1,…
漏洞类别:AIX 漏洞等级: 漏洞信息 There are multiple vulnerabilities in IBM SDK Java Technology Edition Versions 6, 7, 7.1, 8 that are used by AIX. These issues were disclosed as part of the IBM Java SDK updates in July 2017. Affected Versions:- AIX 5.3, 6.1, 7.1, 7.2 漏洞危害 …
漏洞类别:Local 漏洞等级: 漏洞信息 Adobe ColdFusion is an application for developing Web sites. Adobe has released security hotfixes for ColdFusion version 11 and the 2016 release. These hotfixes resolve an input validation issue that could be used in reflected XSS (cross-…
漏洞类别:Local 漏洞等级: 漏洞信息 Adobe Flash Player is a Cross-platform plugin plays animations, videos and sound files in .SWF format. These vulnerabilities that could potentially allow an attacker to take control of the affected system. (CVE-2017-11281,CVE-2017-11282) …
漏洞类别:Office Application 漏洞等级: 漏洞信息 Microsoft released security updates that resolve vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. The following updates were released in September 201…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts (Red Hat), and pcmcia configuration files. An information-disclosure flaw was found in…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The kernel packages contain the Linux kernel, the core of any Linux operating system. A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a cl…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The kernel packages contain the Linux kernel, the core of any Linux operating system. A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a cl…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The kernel packages contain the Linux kernel, the core of any Linux operating system. A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a cl…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The kernel packages contain the Linux kernel, the core of any Linux operating system. A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a cl…
漏洞类别:RedHat 漏洞等级: 漏洞信息 Chromium is an open-source web browser, powered by WebKit (Blink). Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or di…
漏洞类别:Local 漏洞等级: 漏洞信息 IBM Domino (formerly IBM Lotus Domino) is an advanced platform for hosting social business applications. IBM Domino is affected with multiple cross-site scripting vulnerabilities which can be exploited by a remote attacker. Affected Versi…