漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for gimp to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE…
漏洞类别:Local 漏洞等级: 漏洞信息 A vulnerability in macOS High Sierra operating system that allows an attacker with physical access to gain system administrator access without entering a password. The security bug can be triggered via the authentication dialog box in mac…
CVE
CVE-2017-13832 Apple macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan Not Installed
漏洞类别:Local 漏洞等级: 漏洞信息 Apple macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan Not Installed. An update is available to resolve multiple security vulnerabilities. Additional information regarding the update can …
漏洞类别:RedHat 漏洞等级: 漏洞信息 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an …
CVE
CVE-2017-12337 Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability (cisco-sa-20171115-vos)
漏洞类别:Cisco 漏洞等级: 漏洞信息 A vulnerability in the upgrade mechanism of Cisco Unified Communications Manager based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affec…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Package updates are available for Amazon Linux that fix the following vulnerabilities: CVE-2017-7546: * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal t…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Package updates are available for Amazon Linux that fix the following vulnerabilities: CVE-2017-1000116: A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Mercurial. This can be exploited t…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Package updates are available for Amazon Linux that fix the following vulnerabilities: CVE-2017-7805: * A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicio…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Package updates are available for Amazon Linux that fix the following vulnerabilities: CVE-2017-1000249: 1488053: CVE-2017-1000249 file: Stack-based buffer overflow in do_bid_note() An issue in file() was introduced in commit 9611f…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Package updates are available for Amazon Linux that fix the following vulnerabilities: CVE-2017-7674: 1480618: CVE-2017-7674 tomcat: Vary header not added by CORS filter leading to cache poisoning The CORS Filter in Apache Tomcat 9…
漏洞类别:Local 漏洞等级: 漏洞信息 Wireshark is a network protocol analyzer available for multiple operating systems. It lets you capture and interactively browse the traffic running on a computer network. This Wireshark update fixes the following vulnerabilities: The DOCS…
漏洞类别:Local 漏洞等级: 漏洞信息 Dell Active Roles (now Quest Active Roles) Server gives Active Directory administrators all the tools necessary to securely and efficiently manage Active Directory, overcoming the native shortcomings of AD and automates the most common AD…
CVE
CVE-2016-9191 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2017-3640)
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for unbreakable enterprise kernel to fix the vulnerabilities. Affected Products: Oracle Linux 7 Oracle Linux 6 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 …
CVE
CVE-2017-1000112 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2017-3631)
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for unbreakable enterprise kernel to fix the vulnerabilities. Affected Products: Oracle Linux 7 Oracle Linux 6 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 …
漏洞类别:CGI 漏洞等级: 漏洞信息 Bamboo is a continuous integration and deployment tool developed by Atlassian, that ties automated builds, tests and releases together in a single workflow. Affected versions of Bamboo have a REST endpoint that parses a YAML file that fails…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for yadifa to fix the vulnerabilities. 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Refer to Debian security advisory DSA 4001-1 to address this issue and obtain further …
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for konversation to fix the vulnerabilities. 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Refer to Debian security advisory DSA 4033-1 to address this issue and obtain fu…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for imagemagick to fix the vulnerabilities. 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change parti…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for ruby2.3 to fix the vulnerabilities. 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Additionally this vulnerability can also be used to cause a limited d…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for mupdf to fix the vulnerabilities. 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial con…
漏洞类别:VMware 漏洞等级: 漏洞信息 VMware vCenter is the centralized management tool for the vSphere suite. The target is missing Update U3d, which corrects the following security issue: VMware products running JRE 1.7 Update 75 or newer and JRE 1.6 Update 91 or newer are…
漏洞类别:VMware 漏洞等级: 漏洞信息 VMware vCenter is the centralized management tool for the vSphere suite. The target is missing Update U3f, which corrects the following security issue: The Flash-based vSphere Web Client (i.e. not the new HTML5-based vSphere Client) cont…
漏洞类别:CGI 漏洞等级: 漏洞信息 Bamboo is a continuous integration and deployment tool developed by Atlassian, that ties automated builds, tests and releases together in a single workflow. Affected versions of Bamboo have a REST endpoint that parses a YAML file that fails…
漏洞类别:CGI 漏洞等级: 漏洞信息 Bamboo is a continuous integration and deployment tool developed by Atlassian, that ties automated builds, tests and releases together in a single workflow. Affected versions of Bamboo have a REST endpoint that parses a YAML file that fails…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for yadifa to fix the vulnerabilities. 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Refer to Debian security advisory DSA 4001-1 to address this issue and obtain further …