Discover cve search, include the articles, news, trends, analysis and practical advice about cve search on alibabacloud.com
Principle Analysis of Word type Obfuscation Vulnerability (CVE-2015-1641) AforementionedWord does not verify the customXML object when parsing docx documents to process the displacedbymmxml attribute. It can pass in other tag objects for processing, resulting in type confusion and arbitrary memory writing, finally, the well-constructed labels and corresponding attribute values can cause remote arbitrary code execution.The Exploitation details of this
Release date:Updated on: Affected Systems:XenSource Xen 4.4.xDescription:--------------------------------------------------------------------------------CVE (CAN) ID: CVE-2014-3717Xen is an open-source Virtual Machine monitor developed by the University of Cambridge. In Xen 4.4.x, the 64-bit ARM client kernel loading address is not correctly verified. This allows local users to trigger buffer overflow throu
Samba nmbd NetBIOS Name Service Remote Code Execution Vulnerability (CVE-2014-3560) Release date:Updated on: Affected Systems:Samba 4.0.0-4.1.10Description:--------------------------------------------------------------------------------CVE (CAN) ID: CVE-2014-3560Samba is a set of programs that implement the SMB (Server Messages Block) protocol, cross-platform fil
ShellShock: CVE-2014-6271 vulnerability and emergency repair methods About this vulnerabilityHello, a Linux security vulnerability was found to be more serious than "heartbleed", that is, the ShellShock: CVE-2014-6271 vulnerability, attackers can remotely execute arbitrary commands, full control of your server, A lower operating threshold than "heartbleed" makes it more risky than the former. The vulnerabil
Note that when compiling a vulnerability exploits a program: gcc-lpthread dirtyc0w.c-o dirtyc0w The actual test under Ubuntu 15.10 needs to be changed to: Gcc-pthread Dirtyc0w.c-o dirtyc0w Or GCC dirtyc0w.c-o dirtyc0w -lpthread To compile correctly. Other vulnerabilities exploit code: Https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs Http://www.tuicool.com/articles/Rjiy2maHow to Patch and Protect Linux Kernel the Zero day local privilege escalation vulnerability ... Time 2016-10-21 16:
OpenSSL DTLS invalid segment vulnerability (CVE-2014-0195) Release date:Updated on: 2014-06-06 Affected Systems:OpenSSL Project OpenSSL OpenSSL Project OpenSSL OpenSSL Project OpenSSL Description:--------------------------------------------------------------------------------Bugtraq id: 67900CVE (CAN) ID: CVE-2014-0195OpenSSL is an open-source SSL implementation that implements high-strength encryption for
Linux 2.6.31 Local Code Execution Vulnerability (CVE-2014-0196) To put it simply, this is a local code execution vulnerability that has existed since Linux 2.6.31-rc3 for five years. As a result, attackers will obtain the root shell and it will not be fixed until May 3 this year. CVE-2014-0196A race condition in the pty (pseudo terminal) layer (writer buffer handling), which could be used by attackers to co
Release date:Updated on: Affected Systems:Apache Group Camel Apache Group Camel Description:--------------------------------------------------------------------------------Bugtraq id: 65902CVE (CAN) ID: CVE-2014-0003 Apache Camel is an open-source integration framework based on a known enterprise-level integration model. The XSLT component of Apache Camel 2.11.0-2.11.3 and Apache Camel 2.12.0-2.12.2 allows the XSL style sheet to call external Java met
OpenSSL cross-Protocol Attack Vulnerability (CVE-2016-0800)OpenSSL cross-Protocol Attack Vulnerability (CVE-2016-0800) Release date:Updated on:Affected Systems: OpenSSL Project OpenSSL OpenSSL Project OpenSSL Unaffected system: OpenSSL Project OpenSSL 1.0.2gOpenSSL Project OpenSSL 1.0.1s Description: CVE (CAN) ID: CVE
Apache WSS4J Information Leakage Vulnerability (CVE-2015-0226)Apache WSS4J Information Leakage Vulnerability (CVE-2015-0226) Release date:Updated on:Affected Systems: Apache Group WSS4J Apache Group WSS4J Description: Bugtraq id: 72553CVE (CAN) ID: CVE-2015-0226WSS4J implements WS-Security, which is the Security module of AXIS, but can also be used in othe
LibreSSL Memory leakage Vulnerability (CVE-2015-5333)LibreSSL Memory leakage Vulnerability (CVE-2015-5333) Release date:Updated on:Affected Systems: LibreSSL 2.0.0-2.3.0 Description: CVE (CAN) ID: CVE-2015-5333LibreSSL is a branch of the OpenSSL encryption software library and is an open source Implementation of
Xen arch/x86/mm. c mod_l2_entry Privilege Elevation Vulnerability (CVE-2015-7835)Xen arch/x86/mm. c mod_l2_entry Privilege Elevation Vulnerability (CVE-2015-7835) Release date:Updated on:Affected Systems: XenSource Xen 3.4-4.6.x Description: CVE (CAN) ID: CVE-2015-7835Xen is an open-source Virtual Machine monitor
Linux Kernel 'kernel/bpf/verifier. c' local information leakage (CVE-2017-17864)Linux Kernel 'kernel/bpf/verifier. c' local information leakage (CVE-2017-17864) Release date:Updated on:Affected Systems: Linux kernel Description: Bugtraq id: 102320CVE (CAN) ID: CVE-2017-17864Linux Kernel is the Kernel of the Linux operating system.Linux kernel *>Suggestion: Ven
ImageMagick coders/msl. c Multiple Information Leakage vulnerabilities (CVE-2017-17934)ImageMagick coders/msl. c Multiple Information Leakage vulnerabilities (CVE-2017-17934) Release date:Updated on:Affected Systems: ImageMagick ImageMagick 7.0.7-17 Q16 x86_64 Description: Bugtraq id: 102314CVE (CAN) ID: CVE-2017-17934ImageMagick is an open-source image viewing
ImageMagick WriteWEBPImage Stack Buffer Overflow Vulnerability (CVE-2017-17880)ImageMagick WriteWEBPImage Stack Buffer Overflow Vulnerability (CVE-2017-17880) Release date:Updated on:Affected Systems: ImageMagick ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21 Description: Bugtraq id: 102317CVE (CAN) ID: CVE-2017-17880ImageMagick is an open-source image viewing and e
Linux Kernel Local Denial of Service Vulnerability (CVE-2017-17807)Linux Kernel Local Denial of Service Vulnerability (CVE-2017-17807) Release date:Updated on:Affected Systems: Linux kernel Description: Bugtraq id: 102301CVE (CAN) ID: CVE-2017-17807Linux Kernel is the Kernel of the Linux operating system.In versions earlier than Linux kernel 4.14.6, the KE
Exiv2 Heap Buffer Overflow Vulnerability (CVE-2017-17669)Exiv2 Heap Buffer Overflow Vulnerability (CVE-2017-17669) Release date:Updated on:Affected Systems: Exiv2 Exiv2 0.26 Description: Bugtraq id: 102265CVE (CAN) ID: CVE-2017-17669Exiv2 is a C ++ class library used to extract the EXIF, LPTC, and XMP metadata information in the image.Exiv2 0.26, pngchunk_i
CURL/libcurl Vulnerability (CVE-2015-3153)CURL/libcurl Vulnerability (CVE-2015-3153) Release date:Updated on:Affected Systems: CURL Description: CVE (CAN) ID: CVE-2015-3153CURL/libcURL is a command line FILE transmission tool that supports FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE, and LDAP.In versions
Linux Kernel Multiple Memory Corruption Vulnerabilities (CVE-2018-8822)Linux Kernel Multiple Memory Corruption Vulnerabilities (CVE-2018-8822) Release date:Updated on:Affected Systems: Linux kernel Linux kernel 4.16-rc-4.16-rc6 Description: Bugtraq id: 103476CVE (CAN) ID: CVE-2018-8822Linux Kernel is the Kernel of the Linux operating system.In some Linux ke
CURL/libcURL Denial of Service Vulnerability (CVE-2018-1000121)CURL/libcURL Denial of Service Vulnerability (CVE-2018-1000121) Release date:Updated on:Affected Systems: Haxx curl 7.21.0-7.58.0Haxx libcURL 7.21.0-7.58.0 Description: Bugtraq id: 103415CVE (CAN) ID: CVE-2018-1000121LibcURL is a multi-protocol file transfer library.CURL/libcURL 7.21.0-7.58.0 ha
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
