漏洞类别:Amazon Linux漏洞等级: 漏洞信息 A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the…
漏洞类别:Amazon Linux漏洞等级: 漏洞信息 A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. (CV…
漏洞类别:Amazon Linux漏洞等级: 漏洞信息 Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processin…
漏洞等级: 漏洞信息 Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially craft…
漏洞等级: 漏洞信息 A flaw was found in the way Samba initiated signed DCE/RPC connections. A man-in-the-middle attacker could use this flaw to downgrade the connection to not use signing and therefore impersonate the server. 漏洞危害 Allows unauthorized disclosure of info…
漏洞等级: 漏洞信息 An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable "HTTP_PROXY" using the incoming "Proxy" HTTP-request header. The environment variable "HTTP_PROXY" is used by nume…
漏洞等级: 漏洞信息 curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session. (CVE-2016-5419 ) curl and libcurl before 7.50.1 do not…
发布时间:2016-08-17 23:48:47浏览次数:4 次点赞数:0 漏洞类别:Web Application漏洞等级: 漏洞信息 The list and details of unique forms submitted by the Web application scanner appear in the Results section. This list does not contain authentication forms (i.e. login forms) which are repor…
漏洞信息 An integer overflow in the Linux netfilter implementation. It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A use-after-free exis…
漏洞信息 An integer overflow in the Linux netfilter implementation. It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A use-after-free exis…
漏洞信息 An integer overflow in the Linux netfilter implementation. It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A use-after-free exis…
漏洞信息 A missing permission check when settings ACLs was discovered in nfsd. It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A use-afte…
漏洞信息 It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. An information leak in the netlink implementation of the Linux kernel. 漏洞危害 A lo…
漏洞信息 It was discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. It was discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. It w…
漏洞信息 It was discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. It was discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. It w…
漏洞信息 It was discovered that curl incorrectly handled client certificates when resuming a TLS session. It was discovered that curl incorrectly handled client certificates when reusing TLS connections. It was discovered that curl incorrectly reused a connection …
漏洞信息 Debian has released security update for openjdk-7 to fix the vulnerabilities. 漏洞危害 Successful exploitation allows remote attackers to affect integrity via vectors related to CORBA. 解决方案 Refer to Debian security advisory DSA 3641-1 to address this issue an…
漏洞信息 vBulletin is a web-based forum application implemented in PHP. A Server Side Request Forgery(SSRF) vulnerability has been identified in media uploads in vBulletin which allows remote code execution. Affected Versions: vBulletin version 5.2.2 and earlier v…
漏洞信息 WordPress is an open source blogging tool and content management system based on PHP and MySQL. It has many features including a plug-in architecture and a template system. The Welcart e-Commerce plugin assists you to build online shop system. An unspecif…
漏洞信息 vBulletin is a web-based forum application implemented in PHP. A SQL injection vulnerability has been identified in 'forumrunner/request.php' in vBulletin Forum Runner add-on which allows remote attackers to dump usernames and passwords. Affected Versions…
漏洞信息 KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix(es): * Quick emulator(Qemu) built wit…
漏洞信息 AIX is prone to the following vulnerabilities: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. (CVE-2015-7575) IBM AIX…
漏洞信息 GitLab, the software, is a web-based Git repository manager with wiki and issue tracking features. The GitLab update fixes the following vulnerabilities: - Unauthorized access to project build traces. - Cross-site scripting (XSS) vulnerability in Wiki pag…
漏洞信息 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to red…
漏洞信息 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to red…