漏洞类别：Local 漏洞等级： 漏洞信息 Java Runtime Environment (JRE) is a platform that supports the execution of programs that are developed using the Java programming language. The JRE platform also supports Java Applets, which can be loaded from Web pages. JRE and JDK are …

漏洞类别：Solaris 漏洞等级： 漏洞信息 The target does not have Solaris 11.3 SRU 16.3.0 applied. The Support Repository Updates provide patch bundles/updates that primarily contain bug fixes. 漏洞危害 Exploitation could allow an attacker to compromise a vulnerable system. 解决方案 A…

漏洞类别：Database 漏洞等级： 漏洞信息 Oracle released a Critical Patch Update advisory for January 2017 that addresses several security vulnerabilities. The following Oracle database component are affected: - OJVM - RDBMS Security 漏洞危害 An attacker could affect the confiden…

漏洞类别：Database 漏洞等级： 漏洞信息 Oracle Database Patch Set Updates are proactive cumulative patches containing recommended bug fixes that are released on a regular schedule. Affected Software: Oracle Database 12.1.0.2 漏洞危害 Failure to apply this patch could lead to los…

漏洞类别：Database 漏洞等级： 漏洞信息 This Critical Patch Update contains 27 new security fixes for Oracle MySQL. 5 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. Affect…

漏洞类别：Database 漏洞等级： 漏洞信息 Oracle Database Patch Set Updates are proactive cumulative patches containing recommended bug fixes that are released on a regular schedule. Affected Software: Oracle Database 11.2.0.4 漏洞危害 Failure to apply this patch could lead to los…

漏洞类别：DNS and BIND 漏洞等级： 漏洞信息 ISC BIND (Berkley Internet Domain Name) is an implementation of DNS protocols. Two vulnerabilities exist in BIND: 1) An error may allow access to the cache via recursion even though an ACL disallows it. 2) An error when processing …

漏洞类别：DNS and BIND 漏洞等级： 漏洞信息 ISC BIND (Berkley Internet Domain Name) is an implementation of DNS protocols. ISC BIND is prone to a remote denial of service vulnerability because the software fails to handle certain record types. An attacker can exploit this is…

漏洞类别：RedHat 漏洞等级： 漏洞信息 The kernel packages contain the Linux kernel, the core of any Linux operating system. A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow exec…

漏洞类别：DNS and BIND 漏洞等级： 漏洞信息 ISC BIND is open source software that implements the Domain Name System (DNS) protocols for the Internet. Parsing a malformed DNSSEC key can cause a validating resolver to exit due to a failed assertion in buffer.c. It is possible …

漏洞类别：Fedora 漏洞等级： 漏洞信息 Fedora has released security update for php-phpmailer to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 CVE-2016-10033:-To exploit the vulnerability an attacker could target common website components such as contact/feedback forms, r…

漏洞类别：Fedora 漏洞等级： 漏洞信息 Fedora has released security update for tinymce to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 Successful exploitation could lead to XSS attacks. 解决方案 Fedora has issued updated packages to fix this vulnerability. Updates can be in…

漏洞类别：CGI 漏洞等级： 漏洞信息 Firebird is an open source SQL relational database management system. The version of Firebird on the remote host uses default credentials to control access, an attacker can gain administrative access to the affected application. 漏洞危害 On suc…

漏洞类别：CGI 漏洞等级： 漏洞信息 Joomla! is a free open-source content management system written in PHP. It uses object oriented programming techniques and is built on a model-view-controller web application framework. It includes features such as page caching, RSS feeds, …

漏洞类别：General remote services 漏洞等级： 漏洞信息 Nagios Core is a free and open source computer-software application that monitors systems, networks and infrastructure. The vulnerability is caused by the implementation of a vulnerable component for handling RSS news fe…

漏洞类别：Local 漏洞等级： 漏洞信息 Cross-platform plugin plays animations, videos and sound files in .SWF format. These vulnerabilities that could potentially allow an attacker to take control of the affected system. (CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2…

漏洞类别：Local 漏洞等级： 漏洞信息 Adobe Reader and Acrobat are applications for handling PDF files. They are prone to multiple vulnerabilities that could potentially allow an attacker to take control of an affected system. Affected Software: Acrobat DC Continuous 15.020.2…

漏洞类别：Office Application 漏洞等级： 漏洞信息 A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. The security update addresses the vulnerability by correcting how affected version…

漏洞类别：Windows 漏洞等级： 漏洞信息 Microsoft Edge fails to enforce cross-domain policies with regards to about:blank, this could allow information from one domain to be injected in to another leading to elevation of privilege. Microsoft has assigned this advisory as Impo…

漏洞类别：Windows 漏洞等级： 漏洞信息 The Local Security Authority Subsystem Service (LSASS) is a process in windows which is helps in enforcing security policies on a system. The updates fixes a fixes a denial of service attack by changing the way LSASS handles specially c…

漏洞类别：Internet Explorer 漏洞等级： 漏洞信息 The update addresses the vulnerabilities which are described in Adobe Security Bulletin APSB17-02, by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge.…

漏洞类别：SUSE 漏洞等级： 漏洞信息 SUSE has released security update for gstreamer-plugins-good to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 漏洞危害 This vulnerability could be exploited to gain partial…

漏洞类别：CGI 漏洞等级： 漏洞信息 Joomla! is a free open-source content management system written in PHP. It uses object oriented programming techniques and is built on a model-view-controller web application framework. It includes features such as page caching, RSS feeds, …

漏洞类别：CGI 漏洞等级： 漏洞信息 DNN (formerly DotNetNuke) is a web content management system based on Microsoft .NET. DotNetNuke fails to impose sufficient security restrictions on the installation wizard as a result of which, an unauthenticated attacker can create a new …

漏洞类别：OEL 漏洞等级： 漏洞信息 Oracle Enterprise Linux has released security update for ghostscript to fix the vulnerabilities. Affected Products: Oracle Linux 6 漏洞危害 Successful exploitation of the vulnerabilities can cause remote code execution and information disclosur…