漏洞类别：RedHat 漏洞等级： 漏洞信息 Chromium is an open-source web browser, powered by WebKit (Blink). A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose se…

漏洞类别：RedHat 漏洞等级： 漏洞信息 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit…

漏洞类别：RedHat 漏洞等级： 漏洞信息 IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further …

漏洞类别：CGI 漏洞等级： 漏洞信息 Pexip Infinity is a video communications software that can be deployed on infrastructure of organizations in public, private or hybrid cloud environments. Pexip Infinity is vulnerable to input validation failure vulnerabilities in multiple …

漏洞类别：OEL 漏洞等级： 漏洞信息 Oracle Enterprise Linux has released security update for jasper to fix the vulnerabilities. Affected Products: Oracle Linux 7 Oracle Linux 6 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicio…

漏洞类别：Security Policy 漏洞等级： 漏洞信息 An obsolete version of Cisco ASA was detected on the host. Support for Cisco ASA version 9.5 ended on May 3, 2017. No further releases or security fixes will be available for Cisco ASA version 9.5. QID Detection Logic (Authentic…

漏洞类别：Web Application 漏洞等级： 漏洞信息 The logout links discovered by the Web Application Scanning engine are provided in the Results section. These links were present on the target Web Application, but were not crawled. Crawling these links will terminate the active…

今天，网友都被这样的一则新闻刷了屏：中国大批高校出现勒索病毒感染情况，众多师生电脑文件都被病毒加了密，只有支付高达5万元的赎金才能恢复，已经有学生因此耽误了答辩可能毕不了业。 这是在国内，全球已经有近100个国家遭遇勒索病毒的袭击，在英格兰，至少16家医院和相关机构遭遇了攻击，苏格兰还有5家。每家医院除了面临约400万人民币的勒索，还面临电脑系统瘫痪、电话线路被切断、急诊病人被迫转移…… 在NSA黑客工具“永恒之蓝”的助力下，这一波勒索病毒让800万毕业生深陷肄业风险，交通、能源、教育等行业也笼罩在勒索病毒的重重阴…

日期：2017-5-13 0x1 前言 360互联网安全中心近日发现全球多个国家和地区的机构及个人电脑遭受到了一款新型勒索软件攻击，并于5月12日国内率先发布紧急预警，外媒和多家安全公司将该病毒命名为“WanaCrypt0r”（直译：“想哭勒索蠕虫”），常规的勒索病毒是一种趋利明显的恶意程序，它会使用加密算法加密受害者电脑内的重要文件，向受害者勒索赎金，除非受害者交出勒索赎金，否则加密文件无法被恢复，而新的“想哭勒索蠕虫”尤其致命，它利用了窃取自美国国家安全局的黑客工具EternalBlue（直译：“永恒之蓝”）实…

下载NSA武器库免疫工具：http://dl.360safe.com/nsa/nsatool.exe 全球爆发勒索病毒攻击 昨日英国、意大利、俄罗斯等全球多个国家爆发勒索病毒攻击，中国大批高校也出现感染情况，众多师生的电脑文件被病毒加密，只有支付赎金才能恢复。据360安全卫士紧急公告，不法分子使用NSA泄漏的黑客武器攻击Windows漏洞，把ONION、WNCRY等勒索病毒在校园网快速传播感染，建议电脑用户尽快使用360“NSA武器库免疫工具”进行防御。 据360安全中心分析，此次校园网勒索病毒是由NSA泄漏的“永…

漏洞类别：Backdoors and trojan horses 漏洞等级： 漏洞信息 WannaCrypt/WannaCry/Wanna Decryptor is a ransomware worm that is reportedly spreading by exploiting a flaw in SMB. It is said to exploit the SMB vulnerability. The spreading mechanism is said to be designed on the ET…

漏洞类别：Amazon Linux 漏洞等级： 漏洞信息 Infinite recursion in ahash.c by triggering EBUSY on a full queue: A vulnerability was found in crypto/ahash.c in the Linux kernel which allows attackers to cause a denial of service (API operation calling its own callback, and inf…

漏洞类别：Amazon Linux 漏洞等级： 漏洞信息 Improper re-use of NTLM authenticated connections (Networking, 8163520): It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a diff…

漏洞类别：Local 漏洞等级： 漏洞信息 HP audio driver on some HP-manufactured computers records users' keystrokes and stores them in a world-readable plaintext file. QID Detection Logic (Authenticated): Check if "C:\Windows\System32\MicTray64.exe" or "C:\Windows\System32\MicT…

漏洞类别：Security Policy 漏洞等级： 漏洞信息 Support for Windows 10 Version 1507 (Build 10240) ended on May 9th, 2017. Microsoft will no longer release security patches and quality updates. Refer to Windows 10 version 1507 will no longer receive security updates for more i…

漏洞类别：Local 漏洞等级： 漏洞信息 Adobe Flash Player is a Cross-platform plugin plays animations, videos and sound files in .SWF format. These vulnerabilities that could potentially allow an attacker to take control of the affected system. ( CVE-2017-3068, CVE-2017-3069, …

漏洞类别：Office Application 漏洞等级： 漏洞信息 Microsoft releases security updates on May 2017 to fix following vulnerabilities: - Microsoft Office Memory Corruption Vulnerability (CVE-2017-0254). - Microsoft SharePoint XSS Vulnerability (CVE-2017-02545). - Microsoft Offi…

漏洞类别：Internet Explorer 漏洞等级： 漏洞信息 Internet Explorer is a web-browser developed by Microsoft which is included in Microsoft Windows Operating Systems. Microsoft has released Cumulative Security Updates for Internet Explorer which addresses various vulnerabiliti…

漏洞类别：SUSE 漏洞等级： 漏洞信息 SUSE has released security update for libosip2 to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 …

漏洞类别：SUSE 漏洞等级： 漏洞信息 SUSE has released security update for the linux kernel to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 漏洞危害 This …

漏洞类别：SUSE 漏洞等级： 漏洞信息 SUSE has released security update for audiofile to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gain par…

漏洞类别：SUSE 漏洞等级： 漏洞信息 SUSE has released security update for mozillafirefox, mozilla-nss, mozilla-nspr to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerabilit…

漏洞类别：SUSE 漏洞等级： 漏洞信息 SUSE has released security update for wireshark to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability can be used to cause a complet…

漏洞类别：Debian 漏洞等级： 漏洞信息 Debian has released security update for ghostscript to fix the vulnerabilities. 漏洞危害 This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. 解决方案 Refer to Debian sec…

漏洞类别：Debian 漏洞等级： 漏洞信息 Debian has released security update for tiff to fix the vulnerabilities. 漏洞危害 This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. 解决方案 Refer to Debian security a…