漏洞类别：SUSE 漏洞等级： 漏洞信息 SUSE has released security update for bash to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 Malicious users could use this vulnerability to change…

漏洞类别：SUSE 漏洞等级： 漏洞信息 SUSE has released security update for rpcbind to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 漏洞危害 This vulnerability can be used to cause a complete denial of service…

漏洞类别：SUSE 漏洞等级： 漏洞信息 SUSE has released security update for kdelibs4 to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1…

漏洞类别：SUSE 漏洞等级： 漏洞信息 SUSE has released security update for rpcbind to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 漏洞危害 This vulnerability can be used to cause a complete denial of service…

漏洞类别：Local 漏洞等级： 漏洞信息 VMware Workstation is a hosted hypervisor that runs on x64 versions of Windows and Linux operating systems. VMware Workstation update addresses multiple security issues a. VMware Workstation Insecure library loading vulnerability b. VMwar…

漏洞类别：Local 漏洞等级： 漏洞信息 Undisclosed traffic patterns received while software SYN cookie protection is engaged may cause a disruption of service to the Traffic Management Microkernel (TMM) on specific platforms and configurations. Affected Versions: BIG-IP 12.1.0…

漏洞类别：General remote services 漏洞等级： 漏洞信息 Dropbear is a software package that provides a Secure Shell-compatible server and client. It is designed as a replacement for standard OpenSSH for environments with low memory and processor resources, such as embedded sy…

漏洞类别：General remote services 漏洞等级： 漏洞信息 A vulnerability in the web framework of the Cisco TelePresence IX5000 Series could allow an unauthenticated, remote attacker to access arbitrary files on an affected device. The vulnerability is due to insufficient input…

漏洞类别：Cisco 漏洞等级： 漏洞信息 A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interf…

漏洞类别：Cisco 漏洞等级： 漏洞信息 A vulnerability in the Telnet CLI command of Cisco NX-OS System Software running on Cisco Nexus 5000 Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insuffici…

漏洞类别：Cisco 漏洞等级： 漏洞信息 A vulnerability in the CLI of Cisco NX-OS System Software running on Cisco Nexus 5000 Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input valid…

漏洞类别：Ubuntu 漏洞等级： 漏洞信息 It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. 漏洞危害 If a user or automated system using JasPer were tricked into opening a specially crafted image, an attacker could exploit this to cause a den…

漏洞类别：RedHat 漏洞等级： 漏洞信息 The libtirpc packages contain SunLib's implementation of transport-independent remote procedure call (TI-RPC) documentation, which includes a library required by programs in the nfs-utils and rpcbind packages. It was found that due to th…

漏洞类别：RedHat 漏洞等级： 漏洞信息 The rpcbind utility is a server that converts Remote Procedure Call (RPC) program numbers into universal addresses. It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafte…

漏洞类别：CGI 漏洞等级： 漏洞信息 Tenable virtual appliances deliver power, deployment speed and all around ease of use by virtually eliminating installation, configuration and maintenance problems. The Tenable Appliance contain several vulnerabilities. One exists in the un…

漏洞类别：CGI 漏洞等级： 漏洞信息 Apache ActiveMQ is an open source message broker written in Java together with a full Java Message Service (JMS) client. The vulnerability exists because the Apache ActiveMQ client failed to impose sufficient security restrictions on a remo…

漏洞类别：SUSE 漏洞等级： 漏洞信息 SUSE has released security update for the linux kernel to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 漏洞危害 This …

漏洞类别：SUSE 漏洞等级： 漏洞信息 SUSE has released security update for git to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP2 SUSE L…

漏洞类别：Web Application 漏洞等级： 漏洞信息 The web application uses http client library for making server-side HTTP requests. The http library used is vulnerable to httpoxy attack. The library uses environment variable "HTTP_PROXY" to configure an outgoing proxy. As spec…

漏洞类别：Web Application 漏洞等级： 漏洞信息 Path traversal vulnerability potentially allows an attacker to access restricted files on a web server, outside of the web server root directory, due to improper access control on the web server's resources. 漏洞危害 This vulnerabil…

漏洞类别：Web Application 漏洞等级： 漏洞信息 Apache Axis2 is a Web Services/SOAP/WSDL engine. The instance of Axis2 on the target allows administrative access with default credentials of username "admin" and password as "axis2". 漏洞危害 A remote attacker could exploit this to…

漏洞类别：Backdoors and trojan horses 漏洞等级： 漏洞信息 EternalRocks is a worm that is reportedly spreading by exploiting a flaw in the SMB protocol. The spreading mechanism is designed on the ETERNALBLUE, ETERNALCHAMPION, ETERNALROMANCE and ETERNALSYNERGY exploits that w…

漏洞类别：Debian 漏洞等级： 漏洞信息 Debian has released security update for kde4libs to fix the vulnerabilities. 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. 解决方案 Refer to Debian security advisory DSA 3849-1 to address this is…

漏洞类别：CGI 漏洞等级： 漏洞信息 Jenkins is an open source automation server written in Java. Jenkins contains the following security vulnerabilities: CVE-2017-1000353: An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java S…

漏洞类别：OEL 漏洞等级： 漏洞信息 Oracle Enterprise Linux has released security update for qemu-kvm to fix the vulnerabilities. Affected Products: Oracle Linux 6 漏洞危害 This vulnerability can also be used to cause a limited denial of service in the form of interruptions in re…