CVE-2017-7407 Fedora Security Update for curl (FEDORA-2017-b38b98727e)

漏洞类别：Fedora 漏洞等级：漏洞信息 Fedora has released security update for curl to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 Successful exploitation of the vulnerability may allow heap-based buffer over-read. 解决方案 Fedora has issued updated packages to fix this vu…

2017年4月13日 0条评论 1153点热度 0人点赞小助手阅读全文

漏洞类别：CGI 漏洞等级：漏洞信息 Moxa MXview network management software is designed for configuring, monitoring, and diagnosing networking devices in industrial networks. Moxa MXview fails to implement sufficient security restrictions on the private key file. This file ca…

2017年4月13日 0条评论 1082点热度 0人点赞小助手阅读全文

漏洞类别：Amazon Linux 漏洞等级：漏洞信息 Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2017-5337: * Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted Open…

2017年4月13日 0条评论 1192点热度 0人点赞小助手阅读全文

漏洞类别：Amazon Linux 漏洞等级：漏洞信息 Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2017-6353: It was found that the code in net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association pee…

2017年4月13日 0条评论 1145点热度 0人点赞小助手阅读全文

柯力士信息安全柯力士信息安全 4月10日，开放网页应用安全计划(OWASP)发布了其2017年10大安全漏洞提案初版，提出了2个新的漏洞类型。而这距离上次更新，已经过去了四年，可以这么说，OWASP TOP 10的变化，反映的就是近年来信息安全界的整体变化！ OWASP是什么？开放式Web应用程序安全项目（OWASP，Open Web Application Security Project）是一个组织，它提供有关计算机和互联网应用程序的公正、实际、有成本效益的信息。其目的是协助个人、企业和机构来发现和使用可信…

2017年4月13日 0条评论 1516点热度 0人点赞小助手阅读全文

作者：雪碧 0xroot@360 Unicorn Team 作者博客：www.cn0xroot.com 预估稿费：500RMB 投稿方式：发送邮件至linwei#360.cn，或登陆网页版在线投稿 0x00 概览 LimeSDR部分特性： USB 3.0 ； 4 x Tx 发射天线接口 6 x Rx 接收天线接口；可用于Wi-Fi, GSM, UMTS, LTE, LoRa, Bluetooth, Zigbee, RFID等开发测试环境中。 RTL电视棒、HackRF、BladeRF、USRP、LimeSD…

2017年4月13日 0条评论 1141点热度 0人点赞小助手阅读全文

翻译：shan66 预估稿费：200RMB 投稿方式：发送邮件至linwei#360.cn，或登陆网页版在线投稿前言 FireEye最近检测到利用CVE-2017-0199安全漏洞的恶意Microsoft Office RTF文档，要知道CVE-2017-0199可是此前尚未公开的漏洞。当用户打开包含该漏洞利用代码的文档时，恶意代码就会下载并执行包含PowerShell命令的Visual Basic脚本。 FireEye已经发现了一些通过CVE-2017-0199漏洞下载并执行各种臭名昭著的恶意软件系列的有效载荷…

2017年4月13日 0条评论 1446点热度 0人点赞小助手阅读全文

传送门【漏洞分析】CVE-2017-0199：分析 Microsoft Office RTF 漏洞微步在线威胁情报通报编号：TB-2017-0003 报告置信度：90 TAG：微软、Office、0day、漏洞、钓鱼邮件、Dridex TLP：黄 (仅限接受报告的组织内部使用) 日期：2017-04-11 更新微步在线于北京时间4月11日向相关客户发出了本预警报告。北京时间4月12日，微软发布了该漏洞的紧急修复补丁，漏洞编号CVE-2017-0199。鉴于该漏洞广泛存在于Office所有版本，且目前已经用…

2017年4月13日 0条评论 1147点热度 0人点赞小助手阅读全文

漏洞类别：RedHat 漏洞等级：漏洞信息 The coreutils packages contain the GNU Core Utilities and represent a combination of the previously used GNU fileutils, sh-utils, and textutils packages. A race condition was found in the way su handled the management of child processes.…

2017年4月12日 0条评论 1395点热度 0人点赞小助手阅读全文

漏洞类别：RedHat 漏洞等级：漏洞信息 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configura…

2017年4月12日 0条评论 1647点热度 0人点赞小助手阅读全文

漏洞类别：RedHat 漏洞等级：漏洞信息 The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read…

2017年4月12日 0条评论 1172点热度 0人点赞小助手阅读全文

漏洞类别：RedHat 漏洞等级：漏洞信息 Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine archi…

2017年4月12日 0条评论 1249点热度 0人点赞小助手阅读全文

漏洞类别：RedHat 漏洞等级：漏洞信息 Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. An integer overflow flaw and an out-of-bounds read flaw were found in the way QEMU's VGA emulator set certain VGA registers whi…

2017年4月12日 0条评论 1175点热度 0人点赞小助手阅读全文

漏洞类别：RedHat 漏洞等级：漏洞信息 The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. A denial of service flaw was found in the way the TLS/SSL protocol defined…

2017年4月12日 0条评论 1227点热度 0人点赞小助手阅读全文

漏洞类别：RedHat 漏洞等级：漏洞信息 The libguestfs packages contain a library, which is used for accessing and modifying virtual machine (VM) disk images. An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessivel…

2017年4月12日 0条评论 1063点热度 0人点赞小助手阅读全文

漏洞类别：Amazon Linux 漏洞等级：漏洞信息 Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-20…

2017年4月12日 0条评论 1151点热度 0人点赞小助手阅读全文

漏洞类别：Amazon Linux 漏洞等级：漏洞信息 libcurl's implementation of the printf() functions triggers a buffer overflow when doing a large floating point output. If there are any application that accepts a format string from the outside without necessary input filtering, i…

2017年4月12日 0条评论 1222点热度 0人点赞小助手阅读全文

漏洞类别：Fedora 漏洞等级：漏洞信息 Fedora has released security update for rpm-ostree to fix the vulnerability. Affected OS: Fedora 24 Fedora 25 漏洞危害 Successful exploitation of the vulnerability may lead to memory leakage. 解决方案 Fedora has issued updated packages to fix th…

2017年4月12日 0条评论 1206点热度 0人点赞小助手阅读全文

漏洞类别：Fedora 漏洞等级：漏洞信息 Fedora has released security update for rabbitmq-server to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vuln…

2017年4月12日 0条评论 1128点热度 0人点赞小助手阅读全文

漏洞类别：Fedora 漏洞等级：漏洞信息 Fedora has released security update for knot-resolver to fix the vulnerability. Affected OS: Fedora 24 Fedora 25 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Fedora has issued updated packages to fix this v…

2017年4月12日 0条评论 969点热度 0人点赞小助手阅读全文

漏洞类别：Fedora 漏洞等级：漏洞信息 Fedora has released security update for openslp to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerabilit…

2017年4月12日 0条评论 1108点热度 0人点赞小助手阅读全文

漏洞类别：Fedora 漏洞等级：漏洞信息 Fedora has released security update for cloud-init to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Fedora has issued updated packages to fix this vulnerability.…

2017年4月12日 0条评论 1123点热度 0人点赞小助手阅读全文

漏洞类别：Fedora 漏洞等级：漏洞信息 Fedora has released security update for qemu to fix the vulnerability. Affected OS: Fedora 24 漏洞危害 Successful exploitation of the vulnerabilities may lead to memory leakage and cause arbitrary code execution. 解决方案 Fedora has issued updat…

2017年4月12日 0条评论 1034点热度 0人点赞小助手阅读全文

漏洞类别：Fedora 漏洞等级：漏洞信息 Fedora has released security update for qemu to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. 解决方案 Fedor…

2017年4月12日 0条评论 1047点热度 0人点赞小助手阅读全文

漏洞类别：Fedora 漏洞等级：漏洞信息 Fedora has released security update for xen to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. 解决方案 Fedora…

2017年4月12日 0条评论 1064点热度 0人点赞小助手阅读全文

1…11 121314 15…25

CVE-2017-7407 Fedora Security Update for curl (FEDORA-2017-b38b98727e)

CVE-2017-7455 Moxa MXview Private Key Disclosure Vulnerability

CVE-2017-5335 Amazon Linux Security Advisory for gnutls: ALAS-2017-815

CVE-2017-6353 Amazon Linux Security Advisory for kernel: ALAS-2017-814

时隔四年！2017 OWASP 10大安全漏洞初版提案（柯力士首发中文化）出炉：新增2大漏洞类型

【技术分享】LimeSDR Getting Started Quickly LimeSDR 上手指南

【漏洞分析】CVE-2017-0199：分析 Microsoft Office RTF 漏洞

【漏洞预警】传播银行类木马的Office 0day漏洞

CVE-2017-2616 Red Hat Update for coreutils Security (RHSA-2017:0654)

CVE-2015-8325 Red Hat Update for openssh Security (RHSA-2017:0641)

CVE-2013-4075 Red Hat Update for wireshark Security (RHSA-2017:0631)

CVE-2016-10207 Red Hat Update for tigervnc Security (RHSA-2017:0630)

CVE-2016-3712 Red Hat Update for qemu-kvm Security (RHSA-2017:0621)

CVE-2016-8610 Red Hat Update for gnutls Security (RHSA-2017:0574)

CVE-2015-8869 Red Hat Update for libguestfs Security (RHSA-2017:0564)

CVE-2016-5139 Amazon Linux Security Advisory for openjpeg: ALAS-2017-807

CVE-2016-9586 Amazon Linux Security Advisory for curl: ALAS-2017-806

CVE-2017-2623 Fedora Security Update for rpm-ostree (FEDORA-2017-003fa5648c)

CVE-2016-9877 Fedora Security Update for rabbitmq-server (FEDORA-2017-534e23bad9)

Fedora Fedora Security Update for knot-resolver (FEDORA-2017-df53d02da7)

CVE-2016-7567 Fedora Security Update for openslp (FEDORA-2017-47a4910f07)

Fedora Security Update for cloud-init (FEDORA-2017-837115524e)

CVE-2017-5525 Fedora Security Update for qemu (FEDORA-2017-62ac1230f7)

CVE-2016-7907 Fedora Security Update for qemu (FEDORA-2017-31b976672b)

CVE-2016-9603 Fedora Security Update for xen (FEDORA-2017-3d16d348eb)