Imagemagick PCX parser local memory destruction Vulnerability (CVE-2014-8355)
Release date:Updated on:
Affected Systems:ImageMagick 6.8.9-9Description:Bugtraq id: 70839CVE (CAN) ID: CVE-2014-8355
ImageMagick is an open-source image viewing and editing tool on Unix/Linux platforms.
The PCX parser of Imagemagick 6.8.9-9 has a security vulnerability. Attackers can exploit this vulnerability to cause DoS at
FFmpeg and Libav cross-border Denial of Service Vulnerability (CVE-2014-8548)
Release date: 2014-3 3Updated on:
Affected Systems:FFmpeg FFmpegDescription:Bugtraq id: 70888CVE (CAN) ID: CVE-2014-8548
FFmpeg is a free software that allows you to perform video, transfer, and stream functions in multiple formats of audio and video. Libav is a cross-platform free software that allows you to perform video, tra
FFmpeg and Libav cross-border Denial of Service Vulnerability (CVE-2014-8541)
Release date: 2014-3 3Updated on:
Affected Systems:FFmpeg FFmpegDescription:Bugtraq id: 70877CVE (CAN) ID: CVE-2014-8541
FFmpeg is a free software that allows you to perform video, transfer, and stream functions in multiple formats of audio and video. Libav is a cross-platform free software that allows you to perform video, tra
new Bash process, say_hello is a function in the new environment. Its evolution process is as follows:
1. When the new bash is started, the environment variable say_hello is scanned with parentheses and braces, which are determined to be a function definition.
2. bash uses say_hello as the function name and its value as the function body.
The typeset command can list all variables and function definitions in the current environment. Let's use typeset to see how this string becomes a function. C
Apache POI Denial of Service Vulnerability (CVE-2014-3574)
Released on: 2014-09-03Updated on:
Affected Systems:Apache Group POI 3.11.xApache Group POI 3.10.xDescription:Bugtraq id: 69648CVE (CAN) ID: CVE-2014-3574
Apache POI is an open-source cross-platform Java API written in Java. It can read and write Microsoft Office files.
Apache POI versions earlier than 3.10.1 and earlier than 3.11-beta2 have the
Bugzilla XSS Vulnerability (CVE-2014-1573)
Release date: 2014-10-09Updated on: 2014-10-09
Affected Systems:Bugzilla 4.5.1-4.5.5Bugzilla 4.3.1-4.4.5Bugzilla 4.1.1-4.2.10Bugzilla 2.17.1-4.0.14Unaffected system:Bugzilla 4.5.6Bugzilla 4.4.6Bugzilla 4.2.11Bugzilla 4.0.15Description:CVE (CAN) ID: CVE-2014-1573
Bugzilla is an open-source defect tracking system that manages the entire lifecycle of defects in softwa
Wireshark Netflow parser Denial of Service Vulnerability (CVE-2014-6424)
Release date:Updated on:
Affected Systems:Wireshark 1.12.0Description:Bugtraq id: 69862CVE (CAN) ID: CVE-2014-6424
Wireshark is the most popular network protocol parser.
Wireshark 1.12.0 has a denial of service vulnerability. Attackers can exploit this vulnerability to crash affected applications.
*>
Suggestion:Vendor patch:
Wir
Php dns txt record Processing Heap Buffer Overflow Vulnerability (CVE-2014-3597)
Release date:Updated on:
Affected Systems:PHPUnaffected system:PHP 5.xDescription:--------------------------------------------------------------------------------Bugtraq id: 69322CVE (CAN) ID: CVE-2014-3597
PHP is a widely used scripting language. It is especially suitable for Web development and can be embedded into HTML.
PHP
Apache OpenOffice Calc Command Injection Vulnerability (CVE-2014-3524)
Release date:Updated on:
Affected Systems:OpenOfficeUnaffected system:OpenOffice Description:--------------------------------------------------------------------------------Bugtraq id: 69351CVE (CAN) ID: CVE-2014-3524OpenOffice was originally Sun's commercial Office software-StarOffice. After Sun's public code, it was officially named Op
Analysis of privilege escalation vulnerability using F5 ICall script (CVE-2015-3628)
Earlier this year, GDS found a vulnerability in F5 BIG-IP LTM that allows restricted users to access the system for extraction and remote command execution after successful Elevation of Privilege.This article will show you how to manually exploit this vulnerability. Metasploit has also added corresponding modules. For details
#漏洞预警 # Popular Network tool wget was found to have a security vulnerability (cve-2014-4877).
When wget is used to recursively download an FTP site, an attacker can trigger the vulnerability by constructing a malicious symbolic link file that creates arbitrary files, directories, or symbolic links and sets access permissions on the wget user's system. Please pay attention to the use of their own version of the update, timely installation of patches/u
PostgreSQL Information Leakage Vulnerability (CVE-2014-8161)
Release date:Updated on:
Affected Systems:PostgreSQL 9.4PostgreSQL 9.1PostgreSQL 8.4Description:Bugtraq id: 72538CVE (CAN) ID: CVE-2014-8161
PostgreSQL is an advanced object-relational database management system that supports extended SQL standard subsets.
PostgreSQL 8.4, 9.1, and 9.4 have the information leakage vulnerability. authenticated remot
MS15-034/CVE-2015-1635HTTP Remote Code Execution Vulnerability Analysis
Preface
On patch day April, Microsoft fixed a remote code vulnerability MS15-034 in HTTP. SYS by marking a "high-risk" CVE-2015-1635 patch. According to Microsoft's announcement, when an HTTP server with this vulnerability receives a specially crafted HTTP request, remote code may be triggered to be executed in the target system with s
OpenSSL high-risk vulnerability: allows hackers to decrypt HTTPS traffic (CVE-2016-0701)
Maintainers of the OpenSSL encrypted code library announced that they had fixed a high-risk vulnerability. This vulnerability allows hackers to obtain keys for decryption of encrypted communication on HTTPS and other secure transmission layers.
OpenSSL vulnerability details
This vulnerability can be exploited when v
Oracle Java SE Hotspot child vulnerability (CVE-2016-0636)Oracle Java SE Hotspot child vulnerability (CVE-2016-0636)
Release date:Updated on:Affected Systems:
Oracle Java SE 8u74Oracle Java SE 8u73Oracle Java SE 7u97
Description:
CVE (CAN) ID: CVE-2016-0636Java SE is short for Java platform standard edition based
Samba CVE-2015-0240 Remote Code Execution Vulnerability exploitation practices1 demo2 Background
On February 23, 2015, Red Hat product security team released a Samba server smbd vulnerability announcement [1], the vulnerability number is CVE-2015-0240, affects almost all versions. The trigger of this vulnerability does not need to pass the account authentication of the Samba server, while the smbd server us
Apple TV and iOS Local Security Restriction Bypass Vulnerability (CVE-2015-1062)
Release date:Updated on:
Affected Systems:Apple TV Apple iOS Description:Bugtraq id: 73003CVE (CAN) ID: CVE-2015-1062
IOS is an operating system developed by Apple for mobile devices. It supports iPhone, iPod touch, iPad, and Apple TV.
In versions earlier than Apple TV 7.1 and earlier than iOS 8.2, MobileStorageMounter does
Google Chrome buffer overflow vulnerability in CVE-2015-1360)
Release date:Updated on:
Affected Systems:Google Chrome Description:Bugtraq id: 73077CVE (CAN) ID: CVE-2015-1360
Google Chrome is a Web browser tool developed by Google.
In Chrome versions earlier than 40.0.2214.91, Skia has a buffer overflow vulnerability. By processing errors caused by constructed data during font drawing, remote attackers can
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.