漏洞类别：SUSE 漏洞等级： 漏洞信息 Suse has released security update for qemu to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 漏洞危害 This vulnerability can also be used to cause a limited denial of servic…

漏洞类别：SUSE 漏洞等级： 漏洞信息 Suse has released security update for perl-dbd-mysql to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability can also be used to cause…

漏洞类别：SUSE 漏洞等级： 漏洞信息 Suse has released security update for squid to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 12-SP1 漏洞危害 Malicious users could use this vulnerability to change partial contents or configuration on the system. 解决方…

漏洞类别：Local 漏洞等级： 漏洞信息 Java Runtime Environment (JRE) is a platform that supports the execution of programs that are developed using the Java programming language. The JRE platform also supports Java Applets, which can be loaded from Web pages. JRE and JDK are …

漏洞类别：Solaris 漏洞等级： 漏洞信息 The target does not have Solaris 11.3 SRU 16.3.0 applied. The Support Repository Updates provide patch bundles/updates that primarily contain bug fixes. 漏洞危害 Exploitation could allow an attacker to compromise a vulnerable system. 解决方案 A…

漏洞类别：Database 漏洞等级： 漏洞信息 Oracle released a Critical Patch Update advisory for January 2017 that addresses several security vulnerabilities. The following Oracle database component are affected: - OJVM - RDBMS Security 漏洞危害 An attacker could affect the confiden…

漏洞类别：Database 漏洞等级： 漏洞信息 Oracle Database Patch Set Updates are proactive cumulative patches containing recommended bug fixes that are released on a regular schedule. Affected Software: Oracle Database 12.1.0.2 漏洞危害 Failure to apply this patch could lead to los…

漏洞类别：Database 漏洞等级： 漏洞信息 This Critical Patch Update contains 27 new security fixes for Oracle MySQL. 5 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. Affect…

漏洞类别：Database 漏洞等级： 漏洞信息 Oracle Database Patch Set Updates are proactive cumulative patches containing recommended bug fixes that are released on a regular schedule. Affected Software: Oracle Database 11.2.0.4 漏洞危害 Failure to apply this patch could lead to los…

漏洞类别：DNS and BIND 漏洞等级： 漏洞信息 ISC BIND (Berkley Internet Domain Name) is an implementation of DNS protocols. Two vulnerabilities exist in BIND: 1) An error may allow access to the cache via recursion even though an ACL disallows it. 2) An error when processing …

漏洞类别：DNS and BIND 漏洞等级： 漏洞信息 ISC BIND (Berkley Internet Domain Name) is an implementation of DNS protocols. ISC BIND is prone to a remote denial of service vulnerability because the software fails to handle certain record types. An attacker can exploit this is…

漏洞类别：RedHat 漏洞等级： 漏洞信息 The kernel packages contain the Linux kernel, the core of any Linux operating system. A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow exec…

漏洞类别：DNS and BIND 漏洞等级： 漏洞信息 ISC BIND is open source software that implements the Domain Name System (DNS) protocols for the Internet. Parsing a malformed DNSSEC key can cause a validating resolver to exit due to a failed assertion in buffer.c. It is possible …

漏洞类别：Fedora 漏洞等级： 漏洞信息 Fedora has released security update for php-phpmailer to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 CVE-2016-10033:-To exploit the vulnerability an attacker could target common website components such as contact/feedback forms, r…

漏洞类别：Fedora 漏洞等级： 漏洞信息 Fedora has released security update for tinymce to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 Successful exploitation could lead to XSS attacks. 解决方案 Fedora has issued updated packages to fix this vulnerability. Updates can be in…

漏洞类别：CGI 漏洞等级： 漏洞信息 Firebird is an open source SQL relational database management system. The version of Firebird on the remote host uses default credentials to control access, an attacker can gain administrative access to the affected application. 漏洞危害 On suc…

漏洞类别：CGI 漏洞等级： 漏洞信息 Joomla! is a free open-source content management system written in PHP. It uses object oriented programming techniques and is built on a model-view-controller web application framework. It includes features such as page caching, RSS feeds, …

漏洞类别：General remote services 漏洞等级： 漏洞信息 Nagios Core is a free and open source computer-software application that monitors systems, networks and infrastructure. The vulnerability is caused by the implementation of a vulnerable component for handling RSS news fe…

漏洞类别：Local 漏洞等级： 漏洞信息 Cross-platform plugin plays animations, videos and sound files in .SWF format. These vulnerabilities that could potentially allow an attacker to take control of the affected system. (CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2…

漏洞类别：Local 漏洞等级： 漏洞信息 Adobe Reader and Acrobat are applications for handling PDF files. They are prone to multiple vulnerabilities that could potentially allow an attacker to take control of an affected system. Affected Software: Acrobat DC Continuous 15.020.2…

漏洞类别：Office Application 漏洞等级： 漏洞信息 A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. The security update addresses the vulnerability by correcting how affected version…

漏洞类别：Windows 漏洞等级： 漏洞信息 Microsoft Edge fails to enforce cross-domain policies with regards to about:blank, this could allow information from one domain to be injected in to another leading to elevation of privilege. Microsoft has assigned this advisory as Impo…

漏洞类别：Windows 漏洞等级： 漏洞信息 The Local Security Authority Subsystem Service (LSASS) is a process in windows which is helps in enforcing security policies on a system. The updates fixes a fixes a denial of service attack by changing the way LSASS handles specially c…

漏洞类别：Internet Explorer 漏洞等级： 漏洞信息 The update addresses the vulnerabilities which are described in Adobe Security Bulletin APSB17-02, by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge.…

十、在Necurs僵尸网络生命的前24小时 Necurs是一个臭名昭著、极端危险的僵尸网络，在全球传播像“wildfire”这样的恶意软件，直到2015年十月份，在一个国际执法部门的努力下，它被下线了。然而，几个月后，这个神秘的僵尸网络又出现了，并开始传播Dridex和Locky恶意软件，在2016年六月份又一次消失了。几周之后，又出现了，并开始传播Locky恶意软件。为了更好的理解Necurs，及它是如何工作的，Cyren的安全专家重现并分析了一个真实的Necurs僵尸网络前24小时的活动。 第一天： 9:46 …