焦点漏洞

焦点漏洞

LIVE555 streaming media RTSP服务器远程代码执行漏洞

CVE ID:CVE-2018-4013

NSFOCUS ID:41633

受影响版本

Live Networks LIVE555 Media Server 0.92

漏洞点评

Live555 Streaming Media是一组多媒体流C++库,用于实现流媒体应用。近日,安全研究人员发现Live Networks LIVE555中存在一个高危远程代码执行漏洞,该漏洞源于LIVE555 RTSP服务器库的HTTP数据包解析功能,攻击者可以通过发送一个特制的数据包造成堆栈的缓冲区溢出,从而导致代码执行。目前厂商已经发布了升级补丁,请用户及时到厂商主页下载补丁修复这个安全问题。

互联网安全威胁态势

最近一周CVE公告总数与前期相比有明显增长。

威胁信息回顾

标题:jQuery File Upload Plugin Vulnerable for 8 Years and Only Hackers Knew

时间:2018-10-22

简介:Of the thousands of plugins for the jQuery framework, one of the most popular of them harbored for at least three years an oversight in code that eluded the security community, despite public availability of tutorials that explained how it could be exploited.The bug affects the widely used jQuery File Upload widget and allowed an attacker to upload arbitrary files on web servers, including command shells for sending out commands.

-file-upload-plugin-vulnerable-for-8-years-and-only-hackers-knew/

标题:Mac malware intercepts encrypted web traffic for ad injection

时间:2018-10-24

简介:A new piece of Mac malware that exhibits some troubling behaviors, including intercepting encrypted web traffic to inject ads. Let’s take a closer look at this adware, which Malwarebytes for Mac detects as OSX.SearchAwesome, to see how it’s installed, its behavior, and the implications of this kind of attack.

-analysis/2018/10/mac-malware-intercepts-encrypted-web-traffic-for-ad-injection/

标题:Facebook Fined £500,000 for Cambridge Analytica Data Scandal

时间:2018-10-25

简介:Facebook has finally been slapped with its first fine of £500,000 for allowing political consultancy firm Cambridge Analytica to improperly gather and misuse data of 87 million users.

(数据来源:绿盟科技 威胁情报与网络安全实验室 收集整理)

漏洞研究

漏洞统计

截止到2018年10月26日,绿盟科技漏洞库已收录总条目达到41768条。本周新增漏洞记录136条,其中高危漏洞数量18条,中危漏洞数量94条,低危漏洞数量24条。

LIVE NETWORKS LIVE555 streaming media RTSP服务器远程代码执行漏洞(CVE-2018-4013)

危险等级:高

cve编号:CVE-2018-4013

Oracle PeopleSoft Enterprise PeopleTools组件安全漏洞(CVE-2018-3193)

危险等级:中

cve编号:CVE-2018-3193

Oracle Java SE/Java SE Embedded/JRockit组件安全漏洞(CVE-2018-3149)

危险等级:高

cve编号:CVE-2018-3149

Oracle MySQL Server组件安全漏洞(CVE-2018-3285)

危险等级:低

cve编号:CVE-2018-3285

Oracle MySQL Server组件安全漏洞(CVE-2018-3280)

危险等级:低

cve编号:CVE-2018-3280

Oracle MySQL Server组件安全漏洞(CVE-2018-3186)

危险等级:低

cve编号:CVE-2018-3186

Oracle MySQL Server组件安全漏洞(CVE-2018-3212)

危险等级:低

cve编号:CVE-2018-3212

Oracle MySQL Server组件安全漏洞(CVE-2018-3170)

危险等级:低

cve编号:CVE-2018-3170

Oracle MySQL Server组件安全漏洞(CVE-2018-3195)

危险等级:中

cve编号:CVE-2018-3195

Oracle MySQL Server组件安全漏洞(CVE-2018-3145)

危险等级:中

cve编号:CVE-2018-3145

Oracle MySQL Server组件安全漏洞(CVE-2018-3182)

危险等级:中

cve编号:CVE-2018-3182

Oracle MySQL Server组件安全漏洞(CVE-2018-3203)

危险等级:中

cve编号:CVE-2018-3203

Oracle MySQL Server组件安全漏洞(CVE-2018-3137)

危险等级:中

cve编号:CVE-2018-3137

(数据来源:绿盟科技安全研究部&产品规则组)