漏洞信息 vBulletin is a web-based forum application implemented in PHP. A SQL injection vulnerability has been identified in 'forumrunner/request.php' in vBulletin Forum Runner add-on which allows remote attackers to dump usernames and passwords. Affected Versions…

漏洞信息 KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix(es): * Quick emulator(Qemu) built wit…

漏洞信息 AIX is prone to the following vulnerabilities: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. (CVE-2015-7575) IBM AIX…

漏洞信息 GitLab, the software, is a web-based Git repository manager with wiki and issue tracking features. The GitLab update fixes the following vulnerabilities: - Unauthorized access to project build traces. - Cross-site scripting (XSS) vulnerability in Wiki pag…

漏洞信息 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to red…

漏洞信息 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to red…

漏洞信息 KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix(es): * Quick Emulator(Qemu) built wit…

漏洞信息 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to red…

漏洞信息 MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb (5.5.50). Security Fix(es): * This update fixes several vulnerabilities in the…

漏洞信息 vBulletin is a web-based forum application implemented in PHP. A SQL injection vulnerability has been identified in 'forumrunner/request.php' in vBulletin Forum Runner add-on which allows remote attackers to dump usernames and passwords. Affected Versions…

漏洞信息 KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix(es): * Quick emulator(Qemu) built wit…

漏洞信息 AIX is prone to the following vulnerabilities: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. (CVE-2015-7575) IBM AIX…

漏洞信息 It was discovered that QEMU incorrectly handled 53C9X Fast SCSI controller emulation. It was discovered that QEMU incorrectly handled the VMWare VGA module. It was discovered that QEMU incorrectly handled VMWARE PVSCSI paravirtual SCSI bus emulation suppo…

漏洞信息 Debian has released security update for chromium-browser to fix the vulnerabilities. 漏洞危害 Successful exploitation allows remote attackers to cause a denial of service vulnerability. 解决方案 Refer to Debian security advisory DSA 3645-1 to address this issue a…

漏洞信息 It was discovered that LibreOffice incorrectly handled presentation files. 漏洞危害 If a user were tricked into opening a specially crafted presentation file, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. 解决方案 Refer …

漏洞信息 Debian has released security update for fontconfig to fix the vulnerabilities. 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Refer to Debian security advisory DSA 3644-1 to address this issue and obtain further details. Patch…

漏洞信息 It was discovered that PHP incorrectly handled certain SplMinHeap::compare operations. It was discovered that PHP incorrectly handled recursive method calls. It was discovered that PHP incorrectly validated certain Exception objects when unserializing dat…

漏洞信息 Debian has released security update for kde4libs to fix the vulnerabilities. 漏洞危害 Successful exploitation allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads. 解决方案…

漏洞信息 An out-of-bounds read during XML parsing in some circumstances. It was discovered that once a favicon is requested from a site, the remote server can keep the network connection open even after the page is closed. Multiple memory safety issues in Firefox.…

漏洞信息 Safari is a Web browser developed by Apple. The target is missing the Safari 9.1.2 update. This update resolve multiple issues in Safari and WebKit. 漏洞危害 Successful exploitation of these vulnerabilities will allow an attacker to execute arbitrary code in …

漏洞信息 Multiple security issues were discovered in Chromium. It was discovered that the PPAPI implementation does not validate the origin of IPC messages to the plugin broker process. It was discovered that Blink does not prevent window creation by a deferred fr…

漏洞信息 Foxit Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files. Foxit Reader is prone to the following vulnerabilities: A remote user can create a specially crafted file that, when loaded by the target us…

漏洞信息 Debian has released security update for wordpress to fix the vulnerabilities. 漏洞危害 Successful exploitation allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT…

漏洞信息 Google Chrome is a web browser for multiple platforms developed by Google. This Google Chrome update fixes the following vulnerabilities: A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code …

漏洞信息 Debian has released security update for curl to fix the vulnerabilities. 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Refer to Debian security advisory DSA 3638-1 to address this issue and obtain further details. Patch: Foll…