Fedora 20 : kernel-3.14.5-200.fc20 (2014-7033)

The 3.14.5 stable update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

Fedora 19 : smb4k-1.1.2-1.fc19 (2014-6255)

New upstream release. Update to Smb4K 1.1.1, the first bug fix release of the stable 1.1 branch. This release fixes a crash bug and a potential security issue Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...

Fedora 19 : perl-LWP-Protocol-https-6.04-2.fc19 (2014-6369)

This release fixes a server certification validation when a certificate authority is defined by HTTPSCADIR or HTTPSCAFILE environement variable. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

Fedora 19 : xen-4.2.4-4.fc19 (2014-5941)

HVMOPsetmemtype allows invalid P2M entries to be created Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issue...

Vulnerability is how the number of CVE/CAN vulnerabilities early warning-the black bar safety net

In some articles and reports often referred to security vulnerability CVE-1 9 9 9-1 0 4 6 This CVE at the beginning of the vulnerability number, this article will Common Vulnerability ID representation of the method to do the following description: 1, with CVE in the beginning, such as CVE-1 9 9...

Fedora 20 : fish-2.1.0-9.fc20 (2014-5794)

Requesting a direct push to stable. CVE-2014-2905 in particular is severe. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducin...

phpBB remote denial of service vulnerability-vulnerability warning-the black bar safety net

phpBB remote denial of service vulnerability Vulnerability version: phpBB phpBB 3.0.8 phpBB phpBB 3.0.7 phpBB phpBB 3.0.6 phpBB phpBB 3.0.5 phpBB phpBB 3.0.4 phpBB phpBB 3.0.3 phpBB phpBB 3.0.2 phpBB phpBB 3.0.1 phpBB phpBB 3.0 phpBB phpBB 2.0.21 phpBB phpBB 2.0.19 phpBB phpBB 2.0.17 phpBB phpBB...

EMC Cloud Tiering Appliance (CTA)本地信息泄漏漏洞

Bugtraq ID:66937 CVE ID:CVE-2014-0645 EMC Cloud Tiering Appliance能够协助存储管理人员有效简单的管理以档案为单位的非结构性数据。 EMC Cloud Tiering Appliance把root, super, admin内置账户的默认密码使用DES加密算法存储，允许攻击者利用漏洞可恢复这些密码。 0 EMC Cloud Tiering Appliance CTA 10 EMC Cloud Tiering Appliance CTA 10 SP1 EMC Cloud Tiering Appliance CTA 9.x EMC...

Fedora 20 : kernel-3.13.10-200.fc20 (2014-5235)

The 3.13.10 stable update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

Qemu 'vmxnet3.c'拒绝服务漏洞

Bugtraq ID:66955 CVE ID:CVE-2013-4544 QEMU是一款面向完整PC系统的开源仿真器。 QEMU 'vmxnet3.c'校验hw/net/vmxnet3.c中的中断和队列配置时存在多个错误，允许本地攻击者利用漏洞使系统崩溃。 0 Qemu 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： https://github.com/qemu/qemu/commit/f12d048a523780dbda702027d4a91b62af1a08d7...

HP Universal Configuration Management Database远程代码执行漏洞

Bugtraq ID:66962 CVE ID:CVE-2013-6214 HP Universal Configuration Management Database是惠普公司的统一配置管理数据库应用。 HP Universal Configuration Management Database存在一个未明安全漏洞，允许远程攻击者利用漏洞获取敏感信息。 0 HP Universal Configuration Management Database Integration Service v9.05 HP Universal Configuration Management...

Atmail Webmail 6.x < 6.6.4 / 7.x < 7.1.2 Multiple Vulnerabilities

According to its version, the Atmail Webmail install on the remote host is version 6.x prior to 6.6.4 or 7.x prior to 7.1.2. It is, therefore potentially affected by numerous, unspecified errors having unspecified impacts via unspecified vectors. %NASLMINLEVEL 70300 C Tenable Network Security, In...

WordPress Unconfirmed Plugin 's'插件跨站脚本漏洞

Bugtraq ID:66781 WordPress是一种使用PHP语言开发的博客平台，用户可以在支持PHP和MySQL数据库的服务器上架设自己的网志。 WordPress Unconfirmed插件不正确过滤's'参数，远程攻击者可以利用漏洞构建恶意URI，诱使用户解析，可获得敏感Cookie，劫持会话或在客户端上进行恶意操作。 0 WordPress Unconfirmed Plugin 1.2.4 WordPress Unconfirmed 1.2.5版本已修复该漏洞，建议用户下载使用： http://wordpress.org/plugins/unconfirmed...

OpenAFS GetStatistics64 RPC远程拒绝服务漏洞

Bugtraq ID:66776 CVE ID:CVE-2014-0159 OpenAFS是一款开放源代码的分布式文件系统。 OpenAFS GetStatistics64 RPC存在错误，允许攻击者利用漏洞发送特殊的请求触发缓冲区溢出和使应用程序崩溃。 0 OpenAFS 1.4.8 - 1.6.6 OpenAFS 1.6.7版本已修复该漏洞，建议用户下载使用： http://openafs.org/...

PivotX多个跨站脚本漏洞

Bugtraq ID:66800 CVE ID:CVE-2014-0341 PivotX是一款功能强大的开源博客CMS系统。 PivotX overview screens存在跨站脚本漏洞，允许远程攻击者可以利用漏洞构建恶意URI，诱使用户解析，可获得敏感Cookie，劫持会话或在客户端上进行恶意操作。 0 PivotX 2.3.8 PivotX 2.3.9版本已修复该漏洞，建议用户下载使用： http://pivotx.net/...

CGIScript.net csUpload验证绕过漏洞

Bugtraq ID:65752 CGIScript.net csUpload是一款上传脚本。 CGIScript.net csUpload不正确处理用户请求，允许攻击者利用漏洞绕过验证，进行未授权访问。 0 CGIScript.net csUpload 目前没有详细解决方案： http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=12...

Fedora 19 : squid-3.3.12-1.fc19 (2014-4800)

Use the version from Fedora 20. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

OpenSSL 'ssl3_release_read_buffer()'释放后使用内存破坏漏洞

Bugtraq ID:66801 OpenSSL是一款开放源码的SSL实现，用来实现网络通信的高强度加密。 OpenSSL 'ssl3releasereadbuffer'存在一个释放后使用竞争条件漏洞，允许攻击者利用漏洞把数据从一个链接注入到另一个链接。 0 OpenSSL 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/008openssl.patch...

Open-Xchange AppSuite信息泄露漏洞

Bugtraq ID:66694 CVE ID:CVE-2014-2391 Open-Xchange Server是部分开源的项目，主要开发协同软件，例如电子邮件、日历等。 Open-Xchange AppSuite 7.4.2 及更早版本在实现上存在信息泄露漏洞，本地用户可利用此漏洞访问敏感信息。 0 open-xchange OX App Suite 7.4.2 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： http://www.open-xchange.com/home.html...

Linux Kernel 'cma_req_handler()'函数拒绝服务漏洞

Bugtraq ID:66716 Linux Kernel是Linux操作系统的内核。 Linux kernel在cmareqhandler函数的实现上存在拒绝服务漏洞，攻击者可利用此漏洞造成内核崩溃。 0 Linux kernel 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： http://www.kernel.org/...