漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for nss to fix the vulnerabilities. Affected Products: Oracle Linux 5 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 To resolve this issue, upgrade to the lat…
漏洞类别:Information gathering 漏洞等级: 漏洞信息 A redirect from a HTTPS connection to HTTP was detected. Communications sent over HTTP are not encrypted and its is recommended to use HTTPS instead as it is more secure. 漏洞危害 解决方案 0day
漏洞类别:Information gathering 漏洞等级: 漏洞信息 Cisco Identity Services Engine (ISE) is a network administration product that enables the creation and enforcement of security and access policies for endpoint devices connected to the company's routers and switches. The r…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for collectd to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. 解决方案 F…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for collectd to fix the vulnerability. Affected OS: Fedora 24 漏洞危害 This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. 解决方案 F…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for tigervnc to fix the vulnerability. Affected OS: Fedora 24 漏洞危害 This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. 解决方案 F…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for dovecot to fix the vulnerability. Affected OS: Fedora 24 Fedora 25 漏洞危害 Successful exploitation of the vulnerability allows denial of service attacks. 解决方案 Fedora has issued updated packages to fix…
漏洞类别:Hardware 漏洞等级: 漏洞信息 A privilege escalation vulnerability resides in Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology, which may allow an unprivileged attacker to gain control of the manageab…
漏洞类别:Windows 漏洞等级: 漏洞信息 ERRATICGOPHER is an exploit from the recent Shadow Brokers leak. This zero day exploit is remotely exploitable on systems running SMBv1. This information comes from the Shadow Brokers' "Equation Group" data dump. This Zero Day is active…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for ghostscript to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for mysql to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability can be used to cause a limited den…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for minicom to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users co…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for kvm to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability can also be used to cause a limited denial of service in the form of interruptions in reso…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. A use-after-free vulnerability in the color management module of Ghostscript. A divide-by-zero error in the scan conversion code in Gh…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 An integer overflow in the xsltAddTextString() function in Libxslt. It was discovered that Libxslt mishandled namespace nodes. A use-after-error existed in the xsltDocumentFunctionLoadDocument() function in Libxslt. A type confusion erro…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. It was discovered that NSS incorrectly handled Base64 decoding. This update refreshes the NSS package to version 3.28.4 which includes the latest …
CVE
CVE-2017-3302 Ubuntu Security Notification for Mysql-5.5, Mysql-5.7 Vulnerabilities (USN-3269-1)
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.55 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04 have been u…
据外媒 1 日报道,澳大利亚国家审计署(ANAO) 近日发布声明称:虽然澳大利亚税务局(ATO) 硬件存储设备存有安全隐患,但目前已足够抵御外部威胁。 2016 年 12 月 12 日,澳大利亚税务局网站突然 “ 离线 ” ,经调查后显示该事故由 HPE 公司提供的硬件存储设备引起,已导致澳大利亚税务局丢失 1 PB 数据。 在向公众和信托联合委员会提交的一份报告文件中,ATO 承认 12 月份发生的一系列设备运行中断事故后,需在其服务器上禁用部分白名单系统。虽然 ATO 系统在 11 月就已完全符合 Window…
据外媒 30 日报道,联想 IBM Storwize 磁盘阵列附带的 USB 闪存驱动器的初始化工具内含恶意文件。 调查显示,以下系统型号的 01AC585 USB 闪存驱动器初始化工具可能含有恶意文件: V3500 – 6096 型号的 02A 、 10A V3700 – 6099 型号的 12C、24C 、 2DC V5000 – 6194 型号的 12C 、 24C 此外,联想IBM Storwize 序列号以 78D2 开头的设备不受该恶意软件影响。 不过联想也专家表示,恶意软件并不影响存储系统的完整性或性…
北约大规模网络防御演习 “锁定盾牌 2017” 于上周五正式落幕,今年为期 5 天的网络演习由爱沙尼亚国防军、芬兰国防军、瑞典国防大学、英国联合军队、美国欧洲司令部、空中作战部队和塔林理工大学联合举办,涉及来自 25 个国家约 800 名专家参与。 据外媒报道,此次美国和其他部分国家扮演“蓝队”角色,不仅负责维护虚拟国家网络安全,还需回应媒体和法律问题。据报道,今年演习还包含“假新闻”一项,参与者必须应对来自敌对势力散布的虚假新闻消息。 此次模拟演习中,空中基地对其电网系统、无人机、军事指挥控制系统、关键信息基础设…
雅虎为 Flickr 帐户劫持漏洞猎手 Michael Reizelman 授予 7,000 美元赏金。 Reizelman 是一位颇受欢迎的漏洞猎手,善于挖掘 Badoo、Dropbox、GitHub、Google、Imgur、Slack、Twitter 与 Uber 等多种网络服务漏洞。他在不久前发现,如果将存在于雅虎图像与视频托管服务的三个漏洞配合使用可成功接管 Flickr 帐户。 Reizelman 发现用户每次登录 Flickr.com 帐户都会被重定向至 login.yahoo.com 域进行身份验证…
蓝光光碟可能要担心自己的地位了!近日,在埃塞俄比亚出现一款能够直接传输最新电影到USB硬盘的机器。机器伪装成取款机的外形,这款机器是一台成熟的自助式多媒体传输机器。它已遍布该国的不少地方商城。不过,机器的使用依旧面临法律问题。 据线人透露,在今年年初,当地版的沃尔玛就引进了这款机器。其实这只是一个带有USB插口的显示器,还有专人维护它。你只需要插入自己的U盘,然后从庞大的影音库里面选取自己要拷贝的电影。据传是一家名为Escape Computing的公司维护这个机器,并提供售价从1到4美元不等的套餐。有专人每天下载…
微软明天将举办新的活动,这一次将重点放在公司的教育业务上,微软将为我们带来了几款新产品,包括新版本Windows 10操作系统。5月2日,微软公司预计将发布名为Windows 10 Cloud或Windows 10 S的新操作系统。Windows 10 S将限于Windows Store应用程序,并将提升公司在教育业务方面的努力,Windows 10 S将主要安装在更经济实惠的设备上,并且将挑战Google Chromebook在这方面的霸主地位。 因此,Windows 10 S或多或少是Windows RT的继任…
近两年,俄罗斯黑客似乎异常活跃,他们的魔爪伸向了全球范围内各个行业,尤以屡次干扰政治活动带来了最为恶劣的影响。 这一次,趋势科技为我们揭秘了俄罗斯黑客针对谷歌用户的最新钓鱼手段——利用OAuth协议(第三方无需使用用户的用户名与密码就可以申请获得该用户资源的授权),并冒充谷歌应用诱骗用户落入陷阱。 也就是说,虽然谷歌为用户设置了双重认证方式,钓鱼攻击仍然能够顺利进行。 俄罗斯的黑客团体是影响美国与欧洲选举活动的罪魁祸首,他们通过诱使受害者主动泄露密码、甚至窃取访问令牌的方式黑入重要的电子邮件账户。 趋势科技在其周二…
Shadow Brokers组织泄露了NSA方程式组织的一些工具,其中名为DoublePulsar的后门程序可利用部分Windows系统漏洞进行恶意代码注入。微软官方目前仍拒绝承认此次过万Windows计算机被NSA后门程序感染,而这起事件的研究空缺正由私人研究员接手处理。最新的进展是在本周二,一种可远程卸除DoublePulsar后门的安全工具已被开放在GitHub上,用户可以自行下载,进行检测并进行相关操作。 影响持续扩大 在上周五的傍晚,微软官方发布了申明,称他们对多起互联网范围内的扫描检测所呈现的从30,0…