漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that TeX Live incorrectly handled certain system commands. 漏洞危害 If a user were tricked into processing a specially crafted TeX file, a remote attacker could execute arbitrary code. 解决方案 Refer to Ubuntu advisory USN-3401…
漏洞类别:Backdoors and trojan horses 漏洞等级: 漏洞信息 UNITEDRAKE Malware is detected on the remote system. QID Detection Logic: This QID checks if the UNITEDRAKE Log file (~yh56816.tmp), or the installation log file (~yh23931.tmp) exists under "%SYSTEMROOT%\temp" 漏洞危害 S…
漏洞类别:Hardware 漏洞等级: 漏洞信息 The HPE Integrated Lights-Out (iLO) is an embedded server management technology that is useful as an out-of-band management technology. A potential security vulnerability has been identified in HPE Integrated Lights-out (iLO 4). The vu…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for libzypp, zypper to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 漏洞危害 This v…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that a vulnerability in PyJWT doesn't check invalid_strings properly for some public keys. 漏洞危害 A remote attacker could take advantage of a key confusion to craft JWTs from scratch. 解决方案 Refer to Ubuntu advisory USN-340…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that Ghostscript mishandles references. It was discovered that Ghostscript could allow a heap-based buffer over-read and application crash. An use-after-free vulnerability in Ghostscript. A lack of integer overflow chec…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that PySAML2 incorrectly handled certain SAML XML requests and responses. 漏洞危害 A remote attacker could use this issue to read arbitrary files. 解决方案 Refer to Ubuntu advisory USN-3402-1 for affected packages and patching …
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that TeX Live incorrectly handled certain system commands. 漏洞危害 If a user were tricked into processing a specially crafted TeX file, a remote attacker could execute arbitrary code. 解决方案 Refer to Ubuntu advisory USN-3401…
漏洞类别:CGI 漏洞等级: 漏洞信息 Genivia gSOAP (Simple Object Access Protocol) is a web services toolkit, that is used to enable devices communicate with the internet. Genivia gSOAP is prone to a stack-based buffer-overflow vulnerability because it fails to properly bounds…
漏洞类别:Web server 漏洞等级: 漏洞信息 REDDOXX is a leading supplier of solutions for e-mail archiving,encrypted and digitally signed e-mail traffic as well as spam protection. REDDOXX appliance suffers from multiple vulnerabilities: REDDOXX Appliance Remote Command Execu…
漏洞类别:RedHat 漏洞等级: 漏洞信息 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. A flaw was found in the way 389-ds-base handled authentication attempts against locked accounts. A remote attacker could potentially use this flaw to continue password …
漏洞类别:Local 漏洞等级: 漏洞信息 HP Operations Agent helps in monitoring a system by collecting metrics that indicate the health, performance, and availability of essential elements. HP Operations Agent is vulnerable to a remote cross-site scripting (XSS) attack. Affecte…
CVE
CVE-2016-10200 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2017-3605)
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for unbreakable enterprise kernel to fix the vulnerabilities. Affected Products: Oracle Linux 7 Oracle Linux 6 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 …
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for git to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 To resolve this issue, upgrade to the lat…
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for kernel to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could…
漏洞类别:CGI 漏洞等级: 漏洞信息 Apache Sling is a web framework that uses a Java Content Repository, such as Apache Jackrabbit, to store and manage content. The Javascript method Sling.evalString() uses the javascript 'eval' function to parse input strings, which allows f…
漏洞类别:CGI 漏洞等级: 漏洞信息 Drupal is a free and open-source content management framework written in PHP and distributed under the GNU General Public License. It is also used for knowledge management and business collaboration. Drupal contains the following security v…
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for kernel to fix the vulnerabilities. Affected Product: Oracle Linux 7 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 To resolve this issue, upgrade to the l…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for newsbeuter to fix the vulnerabilities. 漏洞危害 Successful exploitation of the vulnerability will allow a remote attacker to run an arbitrary shell command on the client machine. 解决方案 Refer to Debian s…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for libmspack to fix the vulnerabilities. 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for mariadb-10.0 to fix the vulnerabilities. 漏洞危害 This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. 解决方案 Refer to Debian se…
漏洞类别:Local 漏洞等级: 漏洞信息 A potential security vulnerability was identified in HPE Network Node Manager i (NNMi) Software. The vulnerability can result in local code execution Affected Software: HPE Network Node Manager i (NNMi) Software 10.00, 10.01, 10.10, 10.20…
漏洞类别:RedHat 漏洞等级: 漏洞信息 OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. A race-condition flaw was discovered in openstack-neutron where, following a minor overcloud update, …
漏洞类别:RedHat 漏洞等级: 漏洞信息 Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. A vulnerability was found in the way Mercurial handles path auditing and caches the results. An attacke…
漏洞类别:Local 漏洞等级: 漏洞信息 Foxit Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files. Foxit Reader is prone to the following vulnerabilities: A. Foxit Reader launchURL Command Injection Remote Code Execution V…