漏洞类别：Local 漏洞等级： 漏洞信息 VMware Player, Workstation are virtualization applications available for multiple platforms. A remote user can execute arbitrary code on the target system. A local user on the guest system can cause denial of service conditions on the hos…

漏洞类别：Fedora 漏洞等级： 漏洞信息 Fedora has released security update for puppet to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 Successful exploitation of the vulnerability could result in the execution of arbitrary code. 解决方案 Fedora has issued updated packages to…

漏洞类别：Fedora 漏洞等级： 漏洞信息 Fedora has released security update for kernel to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerabilit…

漏洞类别：CGI 漏洞等级： 漏洞信息 MultiThreaded is a simple HTTP Server. MultiThreaded HTTP server contains a vulnerability that could allow an unauthenticated, remote attacker to gain access to sensitive information by means of directory traversal attacks. Affected Version…

漏洞类别：CGI 漏洞等级： 漏洞信息 CubeCart is a free responsive open source PHP ecommerce software system. The directory traversal exists in the maintenance restore tool whereby the filename is not properly sanitized, disclosing sensitive files to an attacker. This vulnerab…

漏洞类别：CGI 漏洞等级： 漏洞信息 CubeCart is a free responsive open source PHP ecommerce software system. CubeCart contains the following directory traversal vulnerabilities: CVE-2017-2090: Directory traversal vulnerability in CubeCart allows remote authenticated attackers…

漏洞类别：CGI 漏洞等级： 漏洞信息 WBCE is an easy to use content management system basing on PHP/MySQL. The open source CMS is free for personal and commercial use. WBCE CMS contains the following vulnerabilities: CVE-2017-2118: Cross-site scripting vulnerability allows rem…

漏洞类别：OEL 漏洞等级： 漏洞信息 Oracle Enterprise Linux has released security update for kdelibs to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 Successful exploitation of the vulnerability may allow privilege escalation. 解决方案 To resolve this issue, upg…

漏洞类别：Fedora 漏洞等级： 漏洞信息 Fedora has released security update for samba to fix the vulnerability. Affected OS: Fedora 24 漏洞危害 Successful exploitation allows a remote attacker to execute arbitrary code on a targeted system. 解决方案 Fedora has issued updated packages …

漏洞类别：Debian 漏洞等级： 漏洞信息 Debian has released security update for libtasn1-6 to fix the vulnerabilities. 漏洞危害 Successful exploitation of the vulnerability may allow an attacker to cause a denial-of-service or potentially execute arbitrary code. 解决方案 Refer to Debi…

漏洞类别：RedHat 漏洞等级： 漏洞信息 The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size data. A l…

漏洞类别：AIX 漏洞等级： 漏洞信息 AIX is prone to the following vulnerabilities: tcpdump is vulnerable to multiple buffer overflow vulnerabilities caused by improper bounds checking by the parser. Affected Platforms: AIX 5.3, 6.1, 7.1, 7.2 Note:The detection requires root p…

漏洞类别：OEL 漏洞等级： 漏洞信息 Oracle Enterprise Linux has released security update for libtirpc to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 Successful exploitation of the vulnerability may cause denial of service attacks. 解决方案 To resolve this issu…

漏洞类别：Local 漏洞等级： 漏洞信息 The defusedxml package contains several Python-only updates for security vulnerabilities in Python's XML libraries. Defusedxml functions and classes can be used instead of the originals to protect against entity-expansion and DTD-retrieva…

漏洞类别：General remote services 漏洞等级： 漏洞信息 The target is determined to be a pfSense device, which uses protocols such as SSH for configuration management. These services can be accessed and are an invitation for malicious users to break in. If this is found exter…

漏洞类别：Ubuntu 漏洞等级： 漏洞信息 It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty. 漏洞危害 A local attacker in some configurations could possibly use this to overwrite any file on the files…

漏洞类别：Ubuntu 漏洞等级： 漏洞信息 A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. 漏洞危害 If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser secu…

漏洞类别：Ubuntu 漏洞等级： 漏洞信息 It was discovered that ImageMagick incorrectly handled certain malformed image files. 漏洞危害 If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a den…

漏洞类别：Ubuntu 漏洞等级： 漏洞信息 It was discovered that the strongSwan gmp plugin incorrectly validated RSA public keys. It was discovered that strongSwan incorrectly parsed ASN.1 CHOICE types. 漏洞危害 A remote attacker could use this issue to cause strongSwan to crash, re…

漏洞类别：Ubuntu 漏洞等级： 漏洞信息 It was discovered that juju did not set permissions on a Unix domain socket. 漏洞危害 A local attacker could use this flaw to gain administrative privileges. 解决方案 Refer to Ubuntu advisory USN-3300-1 for affected packages and patching details…

漏洞类别：Ubuntu 漏洞等级： 漏洞信息 Some security information preloaded in Firefox was due to expire before the next scheduled release. 漏洞危害 This update bumps the expiration times. 解决方案 Refer to Ubuntu advisory USN-3299-1 for affected packages and patching details, or upda…

漏洞类别：RedHat 漏洞等级： 漏洞信息 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A…

漏洞类别：SUSE 漏洞等级： 漏洞信息 SUSE has released security update for libxml2 to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 漏洞危害 This vulnerabi…

漏洞类别：SUSE 漏洞等级： 漏洞信息 SUSE has released security update for sudo to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 漏洞危害 This vulnerabilit…

漏洞类别：SUSE 漏洞等级： 漏洞信息 SUSE has released security update for java-1_8_0-openjdk to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 漏洞危害 This vulnerability could be exploited to gain partial acc…