漏洞类别:SUSE 漏洞等级: 漏洞信息 Suse has released security update for ghostscript-library to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-SP1 SUSE…
国家信息安全漏洞共享平台 CNVD-ID CNVD-2016-08934 发布时间 2016-10-14 危害级别 高 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 影响产品 Microsoft Windows 7 for x64-based Systems SP1 BUGTRAQ ID 93279 漏洞描述 Microsoft Windows是美国微软(Microsoft)公司发布的一系列操作系统。kernel是其中的内核。 Microsoft Windows存在本地代码执行漏洞,由于未能充分过滤用户…
国家信息安全漏洞共享平台 CNVD-ID CNVD-2016-08938 发布时间 2016-10-14 危害级别 高 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 影响产品 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Edge 0 BUGTRAQ ID 93381 CVE ID CVE-2016-3387 漏洞描述 Microsoft Internet Explorer(IE)和Micro…
国家信息安全漏洞共享平台 CNVD-ID CNVD-2016-08940 发布时间 2016-10-14 危害级别 高 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 影响产品 Microsoft Windows 7 SP1 Microsoft Windows Vista sp2 Microsoft Windows 8.1 Microsoft Windows 10 Gold Microsoft Windows 10 1511 Microsoft Windows 10 1607 BUGTRAQ ID 933…
CNVD-ID CNVD-2016-07112 发布时间 2016-10-15 危害级别 中 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 影响产品 WordPress Border Loading Bar 1.0 漏洞描述 WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress插件Border Loading Bar存在跨站脚本漏洞,允许攻击者利用该漏洞窃取基于cookie的身份验…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands w…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm (DSA) signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another …
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) …
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unser…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 A possible heap overflow was discovered in the EscapeParenthesis() function (CVE-2016-7447 ). Various issues were found in the processing of SVG files in GraphicsMagick (CVE-2016-7446 ). The TIFF reader had a bug pertaining to use …
漏洞类别:AIX 漏洞等级: 漏洞信息 IBM AIX is prone to the following vulnerabilities: When the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment…
漏洞类别:Local 漏洞等级: 漏洞信息 OpManager offers network monitoring, physical and virtual server monitoring, flow-based bandwidth analysis, firewall log analysis and archiving, configuration and change management, and IP address and switch port management, thereby provi…
CVE
CVE-2016-4076 Wireshark Multiple Denial of Service Vulnerabilities (wnpa-sec-2016-19 to wnpa-sec-2016-28)
漏洞类别:Local 漏洞等级: 漏洞信息 Wireshark is a network protocol analyzer available for multiple operating systems. It lets you capture and interactively browse the traffic running on a computer network. The application is exposed to multiple denial of service vulnerabil…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Tran…
漏洞类别:RedHat 漏洞等级: 漏洞信息 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to t…
漏洞类别:RedHat 漏洞等级: 漏洞信息 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization scr…
漏洞类别:SUSE 漏洞等级: 漏洞信息 Suse has released security update for systemd to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 漏洞危害 This vulnerabi…
漏洞类别:SUSE 漏洞等级: 漏洞信息 Suse has released security update for xen to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 漏洞危害 This vulnerability…
漏洞类别:SUSE 漏洞等级: 漏洞信息 Suse has released security update for libreoffice to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 漏洞危害 This vulnerability could be exploited to gain par…
漏洞类别:SUSE 漏洞等级: 漏洞信息 Suse has released security update for compat-openssl098 to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Desktop 12-SP1 漏洞危…
漏洞类别:Windows 漏洞等级: 漏洞信息 This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Microsoft Video Control fails to properly handle objects in memory. This security update is rated Critical on the…
CVE
CVE-2016-4273 Microsoft Windows Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (MS16-127)
漏洞类别:Internet Explorer 漏洞等级: 漏洞信息 Microsoft released an update for Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10. The update addresses the vulnerabilities described in Adobe Security bulletin APSB16-32. This security …
漏洞类别:Windows 漏洞等级: 漏洞信息 An elevation of privilege vulnerability exists in the Windows Diagnostics Hub Standard Collector Service when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input that could lead to unsecure library lo…
漏洞类别:Windows 漏洞等级: 漏洞信息 - A remote code execution vulnerability exists due to the way the Windows GDI component handles objects in the memory. - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted emb…
漏洞类别:Windows 漏洞等级: 漏洞信息 Multiple elevation of privilege vulnerabilities exist in Microsoft Windows when a Windows kernel API improperly allows a user to access sensitive registry information. Microsoft released a security update to correct how the kernel API r…