漏洞类别:RedHat 漏洞等级: 漏洞信息 Mozilla Firefox is an open source web browser. Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the pr…
漏洞类别:Local 漏洞等级: 漏洞信息 Oracle Tuxedo is an application server for non-Java languages. It provides a bunch of facilities that help customers build and deploy enterprise applications written in C, C++, COBOL, and with the SALT add-on applications written in Pytho…
漏洞类别:Local 漏洞等级: 漏洞信息 VMware Workstation is a hosted hypervisor that runs on x64 versions of Windows and Linux operating systems. Multiple vulnerabilities were reported in VMware Workstation and Fusion. A local user on the guest system can trigger a heap overf…
漏洞类别:CGI 漏洞等级: 漏洞信息 Webmin is a Web-based interface for system administration of Unix and Linux operating systems. Webmin prior to 1.500 suffers from several critical vulnerabilities Affected Software: Webmin Versions prior to 1.500 QID Detection Logic (Unauth…
漏洞类别:General remote services 漏洞等级: 漏洞信息 The following buffer overflow conditions exist in Intel Active Management Technology (AMT): CVE-2017-5711: Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10…
漏洞类别:Database 漏洞等级: 漏洞信息 Apache CouchDB is a free open source document oriented database written in the Erlang programming language. This Apache CouchDB update fixes the following vulnerabilities: CVE-2017-12635:Remote Code Execution. CVE-2017-12636:Execution …
漏洞类别:Web server 漏洞等级: 漏洞信息 A Remote Code Execution vulnerability has been identified in HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, and HP OfficeJet Enterprise printers. The vulnerability exists due to Insuff…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for mxml to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 漏洞危害 This vulnerability can be used to cause a complete denial of service and could render the …
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for graphicsmagick to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive inform…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that OptiPNG incorrectly handled memory. 漏洞危害 A remote attacker could use this issue with a specially crafted image file to cause OptiPNG to crash, resulting in a denial of service, or possibly execute arbitrary code. 解…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that XML::LibXML incorrectly handled memory when processing a replaceChild call. 漏洞危害 A remote attacker could possibly use this issue to execute arbitrary code. 解决方案 Refer to Ubuntu advisory USN-3494-1 for affected pack…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that Exim incorrectly handled memory in the ESMTP CHUNKING extension. 漏洞危害 A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code. The default…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that LibRaw incorrectly handled photo files. 漏洞危害 If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, res…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that the ldns-keygen tool incorrectly set permissions on private keys. It was discovered that ldns incorrectly handled memory when processing data. 漏洞危害 A local attacker could possibly use this issue to obtain generated…
CVE
CVE-2017-5705 Intel Management Engine Multiple Privilege Escalation And Buffer Overflow Vulnerabilities
漏洞类别:General remote services 漏洞等级: 漏洞信息 The following buffer overflow and privilege escalation conditions exist in Intel Management Engine (ME): CVE-2017-5705: Multiple buffer overflows allow attacker with local access to the system to execute arbitrary code. …
漏洞类别:RedHat 漏洞等级: 漏洞信息 Samba is an open-source implementation of the Server Message Block (SMB) protocol. A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requ…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 漏洞危害 This vulnerability could be exploited to gain complete access to sensitive in…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for samba to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 漏洞危害 This vulnerabili…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for samba to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 漏洞危害 This vulnerabili…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for liblouis to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gain complete access to sensitive information. Malicious users …
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for gimp to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE…
漏洞类别:Local 漏洞等级: 漏洞信息 A vulnerability in macOS High Sierra operating system that allows an attacker with physical access to gain system administrator access without entering a password. The security bug can be triggered via the authentication dialog box in mac…
CVE
CVE-2017-13832 Apple macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan Not Installed
漏洞类别:Local 漏洞等级: 漏洞信息 Apple macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan Not Installed. An update is available to resolve multiple security vulnerabilities. Additional information regarding the update can …
漏洞类别:RedHat 漏洞等级: 漏洞信息 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an …
CVE
CVE-2017-12337 Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability (cisco-sa-20171115-vos)
漏洞类别:Cisco 漏洞等级: 漏洞信息 A vulnerability in the upgrade mechanism of Cisco Unified Communications Manager based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affec…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Package updates are available for Amazon Linux that fix the following vulnerabilities: CVE-2017-7546: * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal t…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Package updates are available for Amazon Linux that fix the following vulnerabilities: CVE-2017-1000116: A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Mercurial. This can be exploited t…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Package updates are available for Amazon Linux that fix the following vulnerabilities: CVE-2017-7805: * A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicio…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Package updates are available for Amazon Linux that fix the following vulnerabilities: CVE-2017-1000249: 1488053: CVE-2017-1000249 file: Stack-based buffer overflow in do_bid_note() An issue in file() was introduced in commit 9611f…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Package updates are available for Amazon Linux that fix the following vulnerabilities: CVE-2017-7674: 1480618: CVE-2017-7674 tomcat: Vary header not added by CORS filter leading to cache poisoning The CORS Filter in Apache Tomcat 9…
漏洞类别:Local 漏洞等级: 漏洞信息 Wireshark is a network protocol analyzer available for multiple operating systems. It lets you capture and interactively browse the traffic running on a computer network. This Wireshark update fixes the following vulnerabilities: The DOCS…
漏洞类别:Local 漏洞等级: 漏洞信息 Dell Active Roles (now Quest Active Roles) Server gives Active Directory administrators all the tools necessary to securely and efficiently manage Active Directory, overcoming the native shortcomings of AD and automates the most common AD…
CVE
CVE-2016-9191 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2017-3640)
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for unbreakable enterprise kernel to fix the vulnerabilities. Affected Products: Oracle Linux 7 Oracle Linux 6 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 …
CVE
CVE-2017-1000112 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2017-3631)
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for unbreakable enterprise kernel to fix the vulnerabilities. Affected Products: Oracle Linux 7 Oracle Linux 6 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 …
漏洞类别:CGI 漏洞等级: 漏洞信息 Bamboo is a continuous integration and deployment tool developed by Atlassian, that ties automated builds, tests and releases together in a single workflow. Affected versions of Bamboo have a REST endpoint that parses a YAML file that fails…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for yadifa to fix the vulnerabilities. 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Refer to Debian security advisory DSA 4001-1 to address this issue and obtain further …
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for konversation to fix the vulnerabilities. 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Refer to Debian security advisory DSA 4033-1 to address this issue and obtain fu…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for imagemagick to fix the vulnerabilities. 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change parti…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for ruby2.3 to fix the vulnerabilities. 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Additionally this vulnerability can also be used to cause a limited d…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for mupdf to fix the vulnerabilities. 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial con…
漏洞类别:VMware 漏洞等级: 漏洞信息 VMware vCenter is the centralized management tool for the vSphere suite. The target is missing Update U3d, which corrects the following security issue: VMware products running JRE 1.7 Update 75 or newer and JRE 1.6 Update 91 or newer are…
漏洞类别:VMware 漏洞等级: 漏洞信息 VMware vCenter is the centralized management tool for the vSphere suite. The target is missing Update U3f, which corrects the following security issue: The Flash-based vSphere Web Client (i.e. not the new HTML5-based vSphere Client) cont…
漏洞类别:CGI 漏洞等级: 漏洞信息 Bamboo is a continuous integration and deployment tool developed by Atlassian, that ties automated builds, tests and releases together in a single workflow. Affected versions of Bamboo have a REST endpoint that parses a YAML file that fails…
漏洞类别:CGI 漏洞等级: 漏洞信息 Bamboo is a continuous integration and deployment tool developed by Atlassian, that ties automated builds, tests and releases together in a single workflow. Affected versions of Bamboo have a REST endpoint that parses a YAML file that fails…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for yadifa to fix the vulnerabilities. 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Refer to Debian security advisory DSA 4001-1 to address this issue and obtain further …
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for imagemagick to fix the vulnerabilities. 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change parti…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for ruby2.3 to fix the vulnerabilities. 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Additionally this vulnerability can also be used to cause a limited d…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for mupdf to fix the vulnerabilities. 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial con…
漏洞类别:VMware 漏洞等级: 漏洞信息 VMware vCenter is the centralized management tool for the vSphere suite. The target is missing Update U2e, which corrects the following security issue: VMware products running JRE 1.7 Update 75 or newer and JRE 1.6 Update 91 or newer are…
漏洞类别:VMware 漏洞等级: 漏洞信息 VMware vCenter is the centralized management tool for the vSphere suite. The target is missing Update U3d, which corrects the following security issue: VMware products running JRE 1.7 Update 75 or newer and JRE 1.6 Update 91 or newer are…