CNVD-ID CNVD-2022-88832 公开日期 2022-12-26 危害级别 低 (AV:L/AC:L/Au:N/C:N/I:P/A:N) 影响产品 Pbzip2 Pbzip2
CNVD-ID CNVD-2022-89762 公开日期 2022-12-26 危害级别 中 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 影响产品 Siemens Polarion ALM CVE ID CVE-2022-46265 漏洞描述 Polarion ALM是一种应用程序生命周期管理解决方案,它通过针对需求、编码、测试和发布的单一统一解决方案来改进软件开发过程。 Siemens Polarion ALM存在安全漏洞,攻击者利用该漏洞能够欺骗主机header信息并将用户重定向到恶意网站。 漏洞…
漏洞名称 GitLab 安全漏洞 厂商 GitLab CNNVD编号 CNNVD-202211-1973 危害等级 —— CVE编号 CVE-2022-2904 漏洞类型 其他 收录时间 2022-11-02 更新时间 2022-11-03 漏洞描述 漏洞简介 GitLab是美国GitLab公司的一个开源的端到端软件开发平台,具有内置的版本控制、问题跟踪、代码审查、CI/CD(持续集成和持续交付)等功能。 GitLab CE/EE 15.3 版本到 15.3.4 版本,15.4 版本到 15.4.1 版本存在安全漏…
漏洞基本信息 漏洞名称 Splunk 安全漏洞 厂商 Splunk CNNVD编号 CNNVD-202211-1960 危害等级 —— CVE编号 CVE-2022-43572 漏洞类型 其他 收录时间 2022-11-02 更新时间 2022-11-03 漏洞描述 漏洞简介 Splunk是美国Splunk公司的一套数据收集分析软件。该软件主要用于收集、索引和分析及其所产生的数据,包括所有IT系统和基础结构(物理、虚拟机和云)生成的数据。 Splunk Enterprise存在安全漏洞,该漏洞源于应用程序没有正确控…
Wordpress插件Yooslider Yoo Slider跨站请求伪造漏洞 CVE-2022-27846 CNVD-2022-73697-AVACAUCIA 发布: 2022-11-04 修订: 2022-11-04 WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 Wordpress插件Yooslider Yoo Slider 2.0.0及之前版本中存在跨站请求伪造漏洞,攻击者可利用该漏洞创建或修改滑块。 漏洞利用/PoC 暂无可用Exp或PoC…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for polkit to fix the vulnerability. Affected OS: Fedora 27 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Fedora has issued updated packages to fix this vulnerability. Fo…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for qutebrowser to fix the vulnerability. Affected OS: Fedora 27 Fedora 28 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Fedora has issued updated packages to fix this vu…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for suricata to fix the vulnerability. Affected OS: Fedora 28 Fedora 27 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Fedora has issued updated packages to fix this vulne…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for python34 to fix the vulnerability. Affected OS: Fedora 28 Fedora 27 漏洞危害 This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availabil…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for libxml2 to fix the vulnerability. Affected OS: Fedora 27 Fedora 28 漏洞危害 This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availabili…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for zziplib to fix the vulnerability. Affected OS: Fedora 28 漏洞危害 This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. 解决方案 F…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for bibutils to fix the vulnerability. Affected OS: Fedora 27 Fedora 28 漏洞危害 This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availabil…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for libtomcrypt to fix the vulnerability. Affected OS: Fedora 28 漏洞危害 This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. 解决…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for soundtouch to fix the vulnerability. Affected OS: Fedora 27 漏洞危害 Successful exploitation of the vulnerability will lead to denial of service attacks. 解决方案 Fedora has issued updated packages to fix…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for perl-archive-zip to fix the vulnerability. Affected OS: Fedora 27 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Fedora has issued updated packages to fix this vulnera…
漏洞类别:RedHat 漏洞等级: 漏洞信息 Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Security Fixes: mutt: Remote code injec…
漏洞类别:RedHat 漏洞等级: 漏洞信息 memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load.Security fix(es): memcached: UDP server support allo…
漏洞类别:RedHat 漏洞等级: 漏洞信息 OpenStack Compute (nova) launches and schedules large networks of virtualmachines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required toorchestrate a cloud, inclu…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The OpenStack Identity service (keystone) authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and pas…
漏洞类别:RedHat 漏洞等级: 漏洞信息 Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fixes: dpdk: Information exposure in unchecked guest physical to host virtual address trans…
CVE
CVE-2017-12624 Red Hat Update for JBoss Enterprise Application Platform 7.1.4 on RHEL 6 (RHSA-2018:2423)
漏洞类别:RedHat 漏洞等级: 漏洞信息 Red Hat JBoss Enterprise Application Platform is a platform for Javaapplications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.4 serves as a replacement for Red Hat JBoss Enterp…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that OpenJDK did not properly validate types in some situations. It was discovered that the PatternSyntaxException class in OpenJDK did not properly validate arguments passed to it. It was discovered a vulnerability in…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that APT incorrectly handled the mirror method (mirror://). 漏洞危害 If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages in environments con…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that wpa_supplicant and hostapd incorrectly handled certain messages. 漏洞危害 An attacker could possibly use this to access sensitive information. 解决方案 Refer to Ubuntu advisory USN-3745-1 for affected packages and patchin…
漏洞类别:VMware 漏洞等级: 漏洞信息 VMware vCenter is the centralized management tool for the vSphere suite. VMware vCenter is affected by the following vulnerability: This issue may allow a malicious VM running on a given CPU core to effectively read the hypervisor or an…
漏洞类别:VMware 漏洞等级: 漏洞信息 VMware vCenter is the centralized management tool for the vSphere suite. VMware vCenter is affected by the following vulnerability: This issue may allow a malicious VM running on a given CPU core to effectively read the hypervisor or an…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for intel-microcode to fix the vulnerabilities. 漏洞危害 This vulnerability could be exploited to gain complete access to sensitive information. 解决方案 Refer to Debian security advisory DSA 4273-1 to addres…
漏洞类别:General remote services 漏洞等级: 漏洞信息 An SSL certificate associates an entity (person, organization, host, etc.) with a public key. In an SSL connection a client authenticates the remote server using the server's certificate and extracts the public key in t…
漏洞类别:General remote services 漏洞等级: 漏洞信息 OCSP (Online Certificate Status Protocol) is a protocol to determine the status of an SSL certificate, specifically whether a certificate has been revoked by the issuing certificate authority. SSL servers can provide th…
漏洞类别:General remote services 漏洞等级: 漏洞信息 SSL Certificate Transparency is an industry effort to improve visibility into the process of how certificate authorities issue certificates. It is designed to allow the owners of domain names to find all certificates th…
CVE
CVE-2018-11776 Apache Struts 2 namespace Remote Code Execution Vulnerability (S2-057) (Tomcat Server Authentication Record)
漏洞类别:Local 漏洞等级: 漏洞信息 Apache Struts is an open-source Model-View-Controller (MVC) framework for creating elegant, modern Java web applications. The vulnerability exists when using result type with no namespace and in same time, its upper action(s) have no or …
漏洞类别:CGI 漏洞等级: 漏洞信息 Apache Struts is an open-source Model-View-Controller (MVC) framework for creating elegant, modern Java web applications. The vulnerability exists when using result type with no namespace and in same time, its upper action(s) have no or wi…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for xen to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gain complete…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for podofo to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 漏洞危害 This vulnerability could be exploited to gain part…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for ceph to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 漏洞危害 This vulnerabili…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for gtk2 to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gain partial…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for libcgroup to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 漏洞危害 This vulner…
CVE
CVE-2018-10140 Palo Alto Networks PAN-OS Management Web-Interface Denial of Service Vulnerability(PAN-SA-2018-0010)
漏洞类别:CGI 漏洞等级: 漏洞信息 A Denial of Service exists in PAN-OS Management Web Interface that allows an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. This vulnerability can be triggered …
CVE
CVE-2018-13392 Atlassian Fisheye and Crucible Cross-Site Scripting Vulnerability (FE-7081,CRUC-8304)
漏洞类别:CGI 漏洞等级: 漏洞信息 Atlassian FishEye is the on-premise source code repository browser for enterprise teams. It provides your developers with advanced browsing and search for SVN, Git, Mercurial, Perforce and CVS code repositories, from any web browser. Atlas…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that the MOTD update script incorrectly handled temporary files. 漏洞危害 A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled. 解决…
漏洞类别:VMware 漏洞等级: 漏洞信息 VMware vCenter is the centralized management tool for the vSphere suite. VMware vCenter is affected by the following vulnerability: This issue may allow a malicious VM running on a given CPU core to effectively read the hypervisor or an…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for jetty9 to fix the vulnerabilities. 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial c…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for mutt to fix the vulnerabilities. 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial con…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for php-horde-image to fix the vulnerabilities. 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change …
漏洞类别:Local 漏洞等级: 漏洞信息 The JMX server is exposed to sniffing attacks because It's authentication credentials are transferred via clear text. QID Detection Logic (Authenticated): This QID executes "ps auxf | grep -i 'jmxremote.ssl'|grep -i -v -E "(jmxremote\.ho…
漏洞类别:Local 漏洞等级: 漏洞信息 JMX authentication not enabled on localhost interface detected on the system. QID Detection Logic (Authenticated): This QID executes "ps auxf | grep -E "(jmxremote.host=localhost|jmxremote.host=127.0.0.1)"" commands to list all the runni…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for firefox to fix the vulnerability. Affected OS: Fedora 26 Fedora 27 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Fedora has issued updated packages to fix this vulnera…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for curl to fix the vulnerability. Affected OS: Fedora 26 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Fedora has issued updated packages to fix this vulnerability. For m…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for samba to fix the vulnerability. Affected OS: Fedora 26 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Fedora has issued updated packages to fix this vulnerability. For …
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for kernel to fix the vulnerability. Affected OS: Fedora 27 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Fedora has issued updated packages to fix this vulnerability. For…