Discover cve details, include the articles, news, trends, analysis and practical advice about cve details on alibabacloud.com
Imagemagick PCX parser local memory destruction Vulnerability (CVE-2014-8355) Release date:Updated on: Affected Systems:ImageMagick 6.8.9-9Description:Bugtraq id: 70839CVE (CAN) ID: CVE-2014-8355 ImageMagick is an open-source image viewing and editing tool on Unix/Linux platforms. The PCX parser of Imagemagick 6.8.9-9 has a security vulnerability. Attackers can exploit this vulnerability to cause DoS at
FFmpeg and Libav cross-border Denial of Service Vulnerability (CVE-2014-8548) Release date: 2014-3 3Updated on: Affected Systems:FFmpeg FFmpegDescription:Bugtraq id: 70888CVE (CAN) ID: CVE-2014-8548 FFmpeg is a free software that allows you to perform video, transfer, and stream functions in multiple formats of audio and video. Libav is a cross-platform free software that allows you to perform video, tra
FFmpeg and Libav cross-border Denial of Service Vulnerability (CVE-2014-8541) Release date: 2014-3 3Updated on: Affected Systems:FFmpeg FFmpegDescription:Bugtraq id: 70877CVE (CAN) ID: CVE-2014-8541 FFmpeg is a free software that allows you to perform video, transfer, and stream functions in multiple formats of audio and video. Libav is a cross-platform free software that allows you to perform video, tra
new Bash process, say_hello is a function in the new environment. Its evolution process is as follows: 1. When the new bash is started, the environment variable say_hello is scanned with parentheses and braces, which are determined to be a function definition. 2. bash uses say_hello as the function name and its value as the function body. The typeset command can list all variables and function definitions in the current environment. Let's use typeset to see how this string becomes a function. C
Apache POI Denial of Service Vulnerability (CVE-2014-3574) Released on: 2014-09-03Updated on: Affected Systems:Apache Group POI 3.11.xApache Group POI 3.10.xDescription:Bugtraq id: 69648CVE (CAN) ID: CVE-2014-3574 Apache POI is an open-source cross-platform Java API written in Java. It can read and write Microsoft Office files. Apache POI versions earlier than 3.10.1 and earlier than 3.11-beta2 have the
Bugzilla XSS Vulnerability (CVE-2014-1573) Release date: 2014-10-09Updated on: 2014-10-09 Affected Systems:Bugzilla 4.5.1-4.5.5Bugzilla 4.3.1-4.4.5Bugzilla 4.1.1-4.2.10Bugzilla 2.17.1-4.0.14Unaffected system:Bugzilla 4.5.6Bugzilla 4.4.6Bugzilla 4.2.11Bugzilla 4.0.15Description:CVE (CAN) ID: CVE-2014-1573 Bugzilla is an open-source defect tracking system that manages the entire lifecycle of defects in softwa
Bugzilla unauthorized account Creation Vulnerability (CVE-2014-1572) Release date: 2014-10-09Updated on: 2014-10-09 Affected Systems:Bugzilla 4.5.1-4.5.5Bugzilla 4.3.1-4.4.5Bugzilla 4.1.1-4.2.10Bugzilla 2.23.3-4.0.14Unaffected system:Bugzilla 4.5.6Bugzilla 4.4.6Bugzilla 4.2.11Bugzilla 4.0.15Description:CVE (CAN) ID: CVE-2014-1572 Bugzilla is an open-source defect tracking system that manages the entire life
Apache Qpid Security Restriction Bypass Vulnerability (CVE-2015-0223) Release date:Updated on: Affected Systems:Apache Group Qpid Description:Bugtraq id: 72319CVE (CAN) ID: CVE-2015-0223 Apache Qpid (Open Source AMQP Messaging) is a cross-platform enterprise communication solution that implements the Advanced Message Queue Protocol. Apache Qpid versions earlier than qpidd 0.31 have security vulnerabilit
Wireshark Netflow parser Denial of Service Vulnerability (CVE-2014-6424) Release date:Updated on: Affected Systems:Wireshark 1.12.0Description:Bugtraq id: 69862CVE (CAN) ID: CVE-2014-6424 Wireshark is the most popular network protocol parser. Wireshark 1.12.0 has a denial of service vulnerability. Attackers can exploit this vulnerability to crash affected applications. *> Suggestion:Vendor patch: Wir
Php dns txt record Processing Heap Buffer Overflow Vulnerability (CVE-2014-3597) Release date:Updated on: Affected Systems:PHPUnaffected system:PHP 5.xDescription:--------------------------------------------------------------------------------Bugtraq id: 69322CVE (CAN) ID: CVE-2014-3597 PHP is a widely used scripting language. It is especially suitable for Web development and can be embedded into HTML. PHP
Apache OpenOffice Calc Command Injection Vulnerability (CVE-2014-3524) Release date:Updated on: Affected Systems:OpenOfficeUnaffected system:OpenOffice Description:--------------------------------------------------------------------------------Bugtraq id: 69351CVE (CAN) ID: CVE-2014-3524OpenOffice was originally Sun's commercial Office software-StarOffice. After Sun's public code, it was officially named Op
Analysis of privilege escalation vulnerability using F5 ICall script (CVE-2015-3628) Earlier this year, GDS found a vulnerability in F5 BIG-IP LTM that allows restricted users to access the system for extraction and remote command execution after successful Elevation of Privilege.This article will show you how to manually exploit this vulnerability. Metasploit has also added corresponding modules. For details
#漏洞预警 # Popular Network tool wget was found to have a security vulnerability (cve-2014-4877). When wget is used to recursively download an FTP site, an attacker can trigger the vulnerability by constructing a malicious symbolic link file that creates arbitrary files, directories, or symbolic links and sets access permissions on the wget user's system. Please pay attention to the use of their own version of the update, timely installation of patches/u
PostgreSQL Information Leakage Vulnerability (CVE-2014-8161) Release date:Updated on: Affected Systems:PostgreSQL 9.4PostgreSQL 9.1PostgreSQL 8.4Description:Bugtraq id: 72538CVE (CAN) ID: CVE-2014-8161 PostgreSQL is an advanced object-relational database management system that supports extended SQL standard subsets. PostgreSQL 8.4, 9.1, and 9.4 have the information leakage vulnerability. authenticated remot
MS15-034/CVE-2015-1635HTTP Remote Code Execution Vulnerability Analysis Preface On patch day April, Microsoft fixed a remote code vulnerability MS15-034 in HTTP. SYS by marking a "high-risk" CVE-2015-1635 patch. According to Microsoft's announcement, when an HTTP server with this vulnerability receives a specially crafted HTTP request, remote code may be triggered to be executed in the target system with s
OpenSSL high-risk vulnerability: allows hackers to decrypt HTTPS traffic (CVE-2016-0701) Maintainers of the OpenSSL encrypted code library announced that they had fixed a high-risk vulnerability. This vulnerability allows hackers to obtain keys for decryption of encrypted communication on HTTPS and other secure transmission layers. OpenSSL vulnerability details This vulnerability can be exploited when v
Oracle Java SE Hotspot child vulnerability (CVE-2016-0636)Oracle Java SE Hotspot child vulnerability (CVE-2016-0636) Release date:Updated on:Affected Systems: Oracle Java SE 8u74Oracle Java SE 8u73Oracle Java SE 7u97 Description: CVE (CAN) ID: CVE-2016-0636Java SE is short for Java platform standard edition based
Samba CVE-2015-0240 Remote Code Execution Vulnerability exploitation practices1 demo2 Background On February 23, 2015, Red Hat product security team released a Samba server smbd vulnerability announcement [1], the vulnerability number is CVE-2015-0240, affects almost all versions. The trigger of this vulnerability does not need to pass the account authentication of the Samba server, while the smbd server us
Apple TV and iOS Local Security Restriction Bypass Vulnerability (CVE-2015-1062) Release date:Updated on: Affected Systems:Apple TV Apple iOS Description:Bugtraq id: 73003CVE (CAN) ID: CVE-2015-1062 IOS is an operating system developed by Apple for mobile devices. It supports iPhone, iPod touch, iPad, and Apple TV. In versions earlier than Apple TV 7.1 and earlier than iOS 8.2, MobileStorageMounter does
Google Chrome buffer overflow vulnerability in CVE-2015-1360) Release date:Updated on: Affected Systems:Google Chrome Description:Bugtraq id: 73077CVE (CAN) ID: CVE-2015-1360 Google Chrome is a Web browser tool developed by Google. In Chrome versions earlier than 40.0.2214.91, Skia has a buffer overflow vulnerability. By processing errors caused by constructed data during font drawing, remote attackers can
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
