漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for curl to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 Successful exploitation of the vulnerability may allow heap-based buffer over-read. 解决方案 Fedora has issued updated packages to fix this vu…
漏洞类别:CGI 漏洞等级: 漏洞信息 Moxa MXview network management software is designed for configuring, monitoring, and diagnosing networking devices in industrial networks. Moxa MXview fails to implement sufficient security restrictions on the private key file. This file ca…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2017-5337: * Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted Open…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2017-6353: It was found that the code in net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association pee…
柯力士信息安全 柯力士信息安全 4月10日,开放网页应用安全计划(OWASP)发布了其2017年10大安全漏洞提案初版,提出了2个新的漏洞类型。而这距离上次更新,已经过去了四年,可以这么说,OWASP TOP 10的变化,反映的就是近年来信息安全界的整体变化! OWASP是什么? 开放式Web应用程序安全项目(OWASP,Open Web Application Security Project)是一个组织,它提供有关计算机和互联网应用程序的公正、实际、有成本效益的信息。其目的是协助个人、企业和机构来发现和使用可信…
作者:雪碧 0xroot@360 Unicorn Team 作者博客:www.cn0xroot.com 预估稿费:500RMB 投稿方式:发送邮件至linwei#360.cn,或登陆网页版在线投稿 0x00 概览 LimeSDR部分特性: USB 3.0 ; 4 x Tx 发射天线接口 6 x Rx 接收天线接口; 可用于Wi-Fi, GSM, UMTS, LTE, LoRa, Bluetooth, Zigbee, RFID等开发测试环境中。 RTL电视棒、HackRF、BladeRF、USRP、LimeSD…
翻译:shan66 预估稿费:200RMB 投稿方式:发送邮件至linwei#360.cn,或登陆网页版在线投稿 前言 FireEye最近检测到利用CVE-2017-0199安全漏洞的恶意Microsoft Office RTF文档,要知道CVE-2017-0199可是此前尚未公开的漏洞。当用户打开包含该漏洞利用代码的文档时,恶意代码就会下载并执行包含PowerShell命令的Visual Basic脚本。 FireEye已经发现了一些通过CVE-2017-0199漏洞下载并执行各种臭名昭著的恶意软件系列的有效载荷…
传送门 【漏洞分析】CVE-2017-0199:分析 Microsoft Office RTF 漏洞 微步在线威胁情报通报 编号:TB-2017-0003 报告置信度:90 TAG:微软、Office、0day、漏洞、钓鱼邮件、Dridex TLP:黄 (仅限接受报告的组织内部使用) 日期:2017-04-11 更新 微步在线于北京时间4月11日向相关客户发出了本预警报告。 北京时间4月12日,微软发布了该漏洞的紧急修复补丁,漏洞编号CVE-2017-0199。鉴于该漏洞广泛存在于Office所有版本,且目前已经用…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The coreutils packages contain the GNU Core Utilities and represent a combination of the previously used GNU fileutils, sh-utils, and textutils packages. A race condition was found in the way su handled the management of child processes.…
漏洞类别:RedHat 漏洞等级: 漏洞信息 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configura…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read…
漏洞类别:RedHat 漏洞等级: 漏洞信息 Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine archi…
漏洞类别:RedHat 漏洞等级: 漏洞信息 Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. An integer overflow flaw and an out-of-bounds read flaw were found in the way QEMU's VGA emulator set certain VGA registers whi…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. A denial of service flaw was found in the way the TLS/SSL protocol defined…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The libguestfs packages contain a library, which is used for accessing and modifying virtual machine (VM) disk images. An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessivel…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-20…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 libcurl's implementation of the printf() functions triggers a buffer overflow when doing a large floating point output. If there are any application that accepts a format string from the outside without necessary input filtering, i…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for rpm-ostree to fix the vulnerability. Affected OS: Fedora 24 Fedora 25 漏洞危害 Successful exploitation of the vulnerability may lead to memory leakage. 解决方案 Fedora has issued updated packages to fix th…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for rabbitmq-server to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vuln…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for knot-resolver to fix the vulnerability. Affected OS: Fedora 24 Fedora 25 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Fedora has issued updated packages to fix this v…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for openslp to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerabilit…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for cloud-init to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Fedora has issued updated packages to fix this vulnerability.…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for qemu to fix the vulnerability. Affected OS: Fedora 24 漏洞危害 Successful exploitation of the vulnerabilities may lead to memory leakage and cause arbitrary code execution. 解决方案 Fedora has issued updat…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for qemu to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. 解决方案 Fedor…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for xen to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. 解决方案 Fedora…