厂商或团体 debian 的搜索结果 (1188)

CVE-2018-5996(发布:2018-01-31 13:29:00)NM
CVSS6.8

[原文]Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.

CVE-2018-6360(发布:2018-01-27 21:29:01)NM
CVSS6.8

[原文]mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdl_hook.lua. For example, an av://lavfi:ladspa=file= URL signifies that the product should call dlopen on a shared object file located at an arbitrary local pathname. The issue exists because the product does not consider that youtube-dl can provide a potentially unsafe URL.

CVE-2018-5704(发布:2018-01-16 04:29:00)NM
CVSS9.3

[原文]Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site.

CVE-2018-5702(发布:2018-01-15 11:29:00)NM
CVSS6.8

[原文]Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.

CVE-2018-0486(发布:2018-01-13 13:29:00)NMP
CVSS6.4

[原文]Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD.

CVE-2015-2318(发布:2018-01-08 14:29:00)NMCP
CVSS6.8

[CNNVD]Mono 安全漏洞--Mono是一个自由开源的项目。该项目的目标是创建一系列符合ECMA标准(Ecma-334和Ecma-335)的.NET工具,包括C#编译器和通用语言架构。 Mono中存在安全漏洞。攻击者可利用该漏洞绕过安全限制,伪造客户端。

12345678下一页尾页 第1页 / 共198页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站