漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for dpkg to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 漏洞危害 This vulnerability could be exploited to gain partial access to sensiti…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for zziplib to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 S…
漏洞类别:Cisco 漏洞等级: 漏洞信息 A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an …
漏洞类别:Cisco 漏洞等级: 漏洞信息 A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service condition. The vulnerability is due to a race condition that co…
漏洞类别:Cisco 漏洞等级: 漏洞信息 Multiple vulnerabilities in the EnergyWise module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of servic…
漏洞类别:Local 漏洞等级: 漏洞信息 A heap overflow vulnerability has been identified in Citrix NetScaler Gateway that could allow a remote, authenticated user to execute arbitrary commands on the NetScaler Gateway appliance as a root user. The vulnerability affects the fol…
漏洞类别:Local 漏洞等级: 漏洞信息 VirtualBox is a general-purpose full virtualizer for x86 hardware, targeted at server, desktop and embedded use. Multiple vulnerabilities were reported in Oracle VM VirtualBox. A local user can cause denial of service conditions on the ta…
漏洞类别:Local 漏洞等级: 漏洞信息 Google Chrome is a web browser for multiple platforms developed by Google. This Google Chrome update fixes the following vulnerabilities: A remote user can create specially crafted content that, when loaded by the target user, will execut…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that Dovecot incorrectly handled some usernames. 漏洞危害 An attacker could possibly use this issue to cause Dovecot to hang or crash, resulting in a denial of service. 解决方案 Refer to Ubuntu advisory USN-3258-1 for affected …
漏洞类别:RedHat 漏洞等级: 漏洞信息 The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged u…
漏洞类别:RedHat 漏洞等级: 漏洞信息 Chromium is an open-source web browser, powered by WebKit (Blink). Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or di…
CVE
CVE-2017-1274 IBM Domino IMAP EXAMINE Buffer Overflow Vulnerability - (swg22002280) Shadow Broker - (EMPHASISMINE)
漏洞类别:Local 漏洞等级: 漏洞信息 IBM Domino (formerly IBM Lotus Domino) is an advanced platform for hosting social business applications. IBM Domino is vulnerable to a IMAP EXAMINE command stack buffer overflow vulnerability which can allow authenticated attackers to exe…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. A remote attacker could use this flaw to make named exit unexpectedly with an assertion fai…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or exec…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Remote crash via crafted LDAP messages: An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially c…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Sending SIGKILL to other processes with root privileges via su: A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with roo…
漏洞类别:Local 漏洞等级: 漏洞信息 Adobe ColdFusion is an application for developing Web sites. Adobe has released security hotfixes for ColdFusion versions 10, 11 and the 2016 release. These hotfixes resolve an input validation issue that could be used in reflected XSS (c…
在中小企业选择 云服务 的问题上,注意不是 云服务器 。我们摘录了两个方面的建议,大家对比看看。在为什么的问题上,中润云服的运营专家从企业IT运营的角度,给出了5个方面的理由;而在如何选择的问题上,绿盟科技的安全专家从企业安全角度,给出了2个方面的考虑。 中小企业为什么要选择云服务 1)节约基础设施成本 无需购买新服务器、操作系统、应用程序,你只需要按月支付给云服务商就可以实现提供IT服务的功能。由于服务器需要安装操作系统,而且也需要有相应的应用软件来实现功能运营,因此这笔不小的开支,对于中小企业来说,意义重大——…
万事达推出内置指纹扫描器的信用卡,内置生物指纹扫描器,允许用户使用指纹进行支付授权,而无需密码或签名。万事达正在南非测试新的生物识别支付卡以及板载芯片,并希望在2017年底之前推广至全球其他国家和地区。 别担心,作为备用选项,它仍然支持密码授权 等等——如果你觉得这一功能会导致无法将卡分享给配偶和子女使用,别担心——万事达也有解决办法。万事达已确认,即使被配置为需要指纹来授权,新信用卡仍支持密码授权作为备用选项,以防EMV刷卡机读取指纹失败或者卡主将卡交给子女购物。 虽然商店和零售商不需要购置新硬件 但银行需要采用…
本月初,俄罗斯黑客 Peter Levashov 于西班牙被捕,因涉嫌串谋诈骗、盗窃身份被指控八项罪名。此外,Levashov 还被认为代号为“ Severa”的黑客、操纵 Kelihos 僵尸网络(全球规模最大的垃圾邮件网络)的幕后黑手。 康涅狄格州联邦陪审团提交起诉书并于本周五列出美国法庭对 Levashov 提出的所有指控罪名,其中包括从事威胁损坏受保护计算机的阴谋活动以及对受保护计算机造成蓄意破坏、访问受保护计算机以促进诈骗与电信诈骗的身份窃取恶性行为。 36 岁的 Levashov 于 4 月 7 日在西…
据外媒报道,美国法院已强制谷歌交出在海外存储的 Gmail 私人邮件。理由很简单:能够在美国境内查看的信息必然受美国搜查令约束。 美国加利福尼亚州地方法官 Laurel Beeler 于 4 月 19 日听证会上否决了谷歌公司针对此事提出的异议。谷歌方面曾提交一份撤销该搜查令的动议,但被否决。此项搜查令发布于 2016 年 6 月 30 日,要求谷歌交出大量 Gmail 账户信息,包括邮件正文、附件、元数据与位置数据等。 目前谷歌已按照搜查令要求将所有请求数据交付美国特工,但拒绝交出两个帐户的相关信息以及另外两个账…
最近,央视曝光了一起离奇的电信诈骗案件。受害者既没有接到不明电话或短信,手机也没有中毒,账户里的钱莫名其妙地就被人全部盗刷。 随着调查的深入,民警发现这是违法分子利用用户在其它网站的泄漏密码使用“撞库”手段扫描用户网银的登录密码,再用非常规手段对用户网银绑定手机号修改所造成的案件。 中国人看事物,都习惯分个阴阳。往往明面上有多么繁荣,暗地里就有多么猖獗。记得年初看到一份报告《Bot Traffic Report 2016》,报告称2016年机器人流量占全网流量的51.8%,超过人类流量,而其中恶意机器人流量占据了全…
Hajime这个名字或许没那么为人熟知,但提及Mirai,很多人都想起了去年十月那次著名的DDOS攻击。Hajime和Mirai一样,同样参与了那场互联网攻击。自研究人员发现Hajime之日起,这个恶意程序虽然控制了大量IoT设备,但未发动过任何DDOS攻击,因此攻击者发起劫持的目的始终不得而知。前两天还有国外媒体将之说成是危害程度已经超越Mirai。 但就在这两天,事件仿佛出现了转折,Hajime由“黑”转“白”。研究人员认为,Hajime设计的初衷很可能是充当一顶“白帽子”,为人们敲响安全的警钟,而非发动大规模…
概述 随着科学技术的不断发展,智能手机、汽车、医疗设备、防盗设备、无人机、物联网设备、以及其他的工业级和消费级产品中都配备有各种各样的加速度计传感器。我们进行这项调查研究的目的是想弄清楚模拟声学注入攻击对电容式MEMS(微型机电系统)加速度计的数字完整性将会产生怎样的影响。攻击者可以通过这种声学攻击技术来干扰并欺骗传感器,并向微处理器和嵌入式系统发送任意的数字值,而这些恶意值可以破坏传感器输出数据的完整性。 我们此次研究的贡献有如下三点: 1. 设计恶意声学干扰MEMS加速度计的物理模型; 2. 对ME…
Lynis是一个为系统管理员提供的 Linux和Unix的审计工具 。 Lynis扫描系统的配置,并创建概述系统信息与安全问题所使用的专业审计,同时它也是一款开源审计工具,Lynis能够运行在几乎所有的Unix版本上,例如可在AIX、FreeBSD、HP-UX、Linux、Mac OS、NetBSD、OpenBSD、Solaris等系统环境下运行。甚至还可以运行在Raspberry Pi(树莓派)或者QNAP的存储设备上。值得注意的是,该工具由一系列的shell脚本构成,并具备通用性公开许可证(GPL)。 当Lyn…