报送者:恒安嘉新 CNVD-ID CNVD-2016-07643 发布时间 2016-09-18 危害级别 中 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 影响产品 Open-Xchange OX Guard <=2.4.2 BUGTRAQ ID 92920 CVE ID CVE-2016-6854 漏洞描述 Open-Xchange OX Guard是美国Open-Xchange公司的一套针对电子邮件和文件的安全防护软件。 Open-Xchange OX Guard 2.4.2及之前的版本中存…
CNVD-ID CNVD-2016-07644 发布时间 2016-09-18 危害级别 中 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 影响产品 Open-Xchange AppSuite BUGTRAQ ID 92922 CVE ID CVE-2016-5740 漏洞描述 Open-Xchange AppSuite(OX AppSuite)是美国Open-Xchange公司的一套Web云桌面环境。该环境允许用户更直观的管理电子邮件、任务和文件等。 OX AppSuite中存在跨站脚本漏洞,该漏洞源…
CNVD-ID CNVD-2016-07646 发布时间 2016-10-22 危害级别 中 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 影响产品 方正集团 方正防火墙 漏洞描述 方正防火墙是方正集团研发的一款维护信息安全的防护系统。 方正防火墙存在未授权访问漏洞,允许攻击者利用该漏洞获取配置备份文件,未授权访问,可获取设备的敏感信息。 参考链接 漏洞解决方案 添加权限验证等。 漏洞发现者 袁健威 厂商补丁 方正防火墙存在未授权访问漏洞 验证信息 已验证 报送时间 2016-09-07 收录时间 20…
漏洞类别:Local 漏洞等级: 漏洞信息 Java Runtime Environment (JRE) is a platform that supports the execution of programs that are developed using the Java programming language. The JRE platform also supports Java Applets, which can be loaded from Web pages. JRE and JDK are …
漏洞类别:Solaris 漏洞等级: 漏洞信息 The target does not have Solaris 11.3 SRU 13.4.0 applied. The Support Repository Updates provide patch bundles/updates that primarily contain bug fixes. 漏洞危害 Exploitation could allow an attacker to compromise a vulnerable system. 解决方案 A…
漏洞类别:Database 漏洞等级: 漏洞信息 This Critical Patch Update contains 31 new security fixes for Oracle MySQL. 2 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. Affect…
CVE
CVE-2016-3562 Oracle Database October 2016 Security Update Multiple Vulnerabilities (CPUOCT2016)
漏洞类别:Database 漏洞等级: 漏洞信息 Oracle released a Critical Patch Update advisory for October 2016 that addresses several security vulnerabilities. The following Oracle database component are affected: - OJVM - Kernel PDB - RDBMS Security - Application Express - RDBMS…
CVE
CVE-2016-5572 Oracle Database October 2016 Patch Set Update (PSU) 12.1.0.2.161018 Not Installed (Patch 24433133)
漏洞类别:Database 漏洞等级: 漏洞信息 Oracle Database Patch Set Updates are proactive cumulative patches containing recommended bug fixes that are released on a regular schedule. Affected Software: Oracle Database 12.1.0.2 漏洞危害 Failure to apply this patch could lead to los…
CVE
CVE-2016-5505 Oracle Database October 2016 Patch Set Update (PSU) 11.2.0.4.161018 Not Installed (Patch 24433791)
漏洞类别:Database 漏洞等级: 漏洞信息 Oracle Database Patch Set Updates are proactive cumulative patches containing recommended bug fixes that are released on a regular schedule. Affected Software: Oracle Database 11.2.0.4 漏洞危害 Failure to apply this patch could lead to los…
漏洞类别:Local 漏洞等级: 漏洞信息 IBM WebSphere Application Server is designed to facilitate the creation of various enterprise Web applications. IBM WebSphere Application Server could allow remote attackers to execute arbitrary Java code with a serialized object from unt…
漏洞类别:CGI 漏洞等级: 漏洞信息 WordPress is an open source blogging tool and content management system based on PHP and MySQL. It has many features including a plug-in architecture and a template system. MailCWP is a mail client plugin for WordPress. The MailCWP WordPres…
漏洞类别:CGI 漏洞等级: 漏洞信息 WordPress is an open source blogging tool and content management system based on PHP and MySQL. It has many features including a plug-in architecture and a template system. MP3-jPlayer is an audio plugin for WordPress. The "mp3-jplayer/down…
漏洞类别:CGI 漏洞等级: 漏洞信息 WordPress is an open source blogging tool and content management system based on PHP and MySQL. It has many features including a plug-in architecture and a template system. DukaPress is an open source e-commerce solution built for WordPress…
漏洞类别:CGI 漏洞等级: 漏洞信息 TestLink is an open source, web-based test management system that facilitates software quality assurance. The platform offers support for test cases, test suites, test plans, test projects and user management, as well as various reports and…
漏洞类别:CGI 漏洞等级: 漏洞信息 TestLink is an open source, web-based test management system that facilitates software quality assurance. It is developed and maintained by Teamtest. The platform offers support for test cases, test suites, test plans, test projects and use…
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for openssl to fix the vulnerabilities. Affected Products: Oracle Linux 5 漏洞危害 Successful exploitation allows remote attackers to cause a denial of service (false-positive packet drops) v…
漏洞类别:RedHat 漏洞等级: 漏洞信息 OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * A flaw was found in the way OpenSSL en…
漏洞类别:RedHat 漏洞等级: 漏洞信息 Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 54.0.2840.59. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing mal…
所属漏洞编号 CNVD-2016-09375 补丁链接 http://technet.microsoft.com/security/bulletin/MS16-124 补丁描述 Microsoft Windows是美国微软(Microsoft)公司发布的一系列操作系统。kernel是其中的内核。 Microsoft Windows中的内核存在本地特权提升漏洞,该漏洞源于内核API未能正确限制注册表信息的访问。本地攻击者可借助特制的应用程序利用该漏洞获取提升的权限。目前,供应商发布了安全公告及相关补丁信息,修复了此漏…
所属漏洞编号 CNVD-2016-09376 补丁链接 http://technet.microsoft.com/security/bulletin/MS16-124 补丁描述 Microsoft Windows是美国微软(Microsoft)公司发布的一系列操作系统。kernel是其中的内核。 Microsoft Windows中的内核存在本地特权提升漏洞,该漏洞源于内核API未能正确限制注册表信息的访问。本地攻击者可借助特制的应用程序利用该漏洞获取提升的权限。目前,供应商发布了安全公告及相关补丁信息,修复了此漏…
所属漏洞编号 CNVD-2016-09379 补丁链接 http://technet.microsoft.com/security/bulletin/MS16-123 补丁描述 Microsoft Windows是美国微软(Microsoft)公司发布的一系列操作系统。win32k.sys是Windows子系统的内核部分,是一个内核模式设备驱动程序,它包含有窗口管理器、后台控制窗口和屏幕输出管理等。 Microsoft Windows中的kernel-mode驱动程序存在特权提升漏洞,该漏洞源于程序没有正确处理内存…
所属漏洞编号 CNVD-2016-09361 补丁链接 http://source.android.com/security/bulletin/2016-10-01.html 补丁描述 Qualcomm Innovation Center(QuIC)Android contributions for MSM是一款用于MSM项目支持用户建立基于Android平台并包含其他增强功能的高通芯片产品。QDSP6v2 Voice Service driver for the Linux kernel是一个用于Linux系统内…
所属漏洞编号 CNVD-2016-09380 补丁链接 http://source.android.com/security/bulletin/2016-10-01.html 补丁描述 Android on Nexus 9是美国谷歌(Google)公司和开放手持设备联盟(简称OHA)共同开发的一套运行于Nexus 9(平板电脑)中并以Linux为基础的开源操作系统。NVIDIA profiler是其中的一个NVIDIA分析工具。 Nexus 9设备上的Android 2016-10-05之前的版本中的NVIDIA分…
所属漏洞编号 CNVD-2016-09358 补丁链接 http://source.android.com/security/bulletin/2016-10-01.html 补丁描述 Android on Nexus 6P和Android One是美国谷歌(Google)公司和开放手持设备联盟(简称OHA)共同开发的一套运行于Nexus 6P和Android One(智能手机)中并以Linux为基础的开源操作系统。Synaptics touchscreen driver是其中的一个触屏驱动。 基于Nexus 6P…
所属漏洞编号 CNVD-2016-09377 补丁链接 http://technet.microsoft.com/security/bulletin/MS16-118 补丁描述 Internet Explorer是微软公司推出的一款网页浏览器。 Internet Explorer 10和11版本的处理内存对象中存在远程内存破坏漏洞。允许攻击者利用该漏洞破坏内存,在当前用户上下文中执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。 补丁附件 (无附件) 补丁状态 通过审核 补丁审核意见 (无审核意…