漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for libxml2 to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gain parti…
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for firefox to fix the vulnerabilities. Affected Products: Oracle Linux 7 Oracle Linux 6 漏洞危害 Successful exploitation of the vulnerability may lead to may lead to the execution of arbitra…
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for qemu-kvm to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 This vulnerability can also be used to cause a limited denial of service in the form of interruptions in re…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for perltidy to fix the vulnerability. Affected OS: Fedora 24 Fedora 25 漏洞危害 Malicious users could use this vulnerability to change partial contents or configuration on the system. 解决方案 Fedora has issu…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for systemd to fix the vulnerability. Affected OS: Fedora 24 漏洞危害 This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. 解决方案 Fe…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for mingw-poppler to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. 解…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for mingw-poppler to fix the vulnerability. Affected OS: Fedora 24 漏洞危害 This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. 解…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for libsndfile to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. 解决方案…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for picocom to fix the vulnerability. Affected OS: Fedora 24 漏洞危害 This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerabili…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root. (CVE-2…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Escape out of git-shell A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote authenticated attacker could use this flaw to bypass git-shell restrictions, to view …
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow with…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Memory leak when failing to parse XDR strings or bytearrays It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of m…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Selectivity estimators bypass SELECT privilege checks It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileg…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code in the context of the ghostscri…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2016-8654 , CVE-2016-9560 , CVE-2016-10…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their pr…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that FreeRADIUS incorrectly handled the TLS session cache. 漏洞危害 A remote attacker could possibly use this issue to bypass authentication by resuming an unauthenticated session. 解决方案 Refer to Ubuntu advisory USN-3316-1 f…
CVE
CVE-2016-9604 漏洞信息:Ubuntu Security Notification for Linux, Linux-raspi2 Vulnerabilities (USN-3314-1)
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that the keyring implementation in the Linux kernel in some situations did not prevent special internal keyrings from being joined by userspace keyrings. It was discovered that a buffer overflow existed in the trace sub…
CVE
CVE-2017-0605 漏洞信息:Ubuntu Security Notification for Linux, Linux-raspi2 Vulnerability (USN-3313-1)
漏洞类别:Ubuntu' 漏洞等级: 漏洞信息 It was discovered that a buffer overflow existed in the trace subsystem in the Linux kernel. 漏洞危害 A privileged local attacker could use this to execute arbitrary code. 解决方案 Refer to Ubuntu advisory USN-3313-1 for affected packages and p…
CVE
CVE-2016-7913漏洞信息: Ubuntu Security Notification for Linux, Linux-aws, Linux-gke, Linux-raspi2, Linux-snapdragon Vulnerabilities (USN-3312-1)
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that the netfilter netlink implementation in the Linux kernel did not properly validate batch messages. A heap-based buffer overflow in the tipc_msg_build() function in the Linux kernel. It was discovered that the keyri…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that libnl incorrectly handled memory when performing certain operations. 漏洞危害 A local attacker could possibly use this issue to cause libnl to crash, resulting in a denial of service, or execute arbitrary code. 解决方案 Re…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that lintian incorrectly handled deserializing certain YAML files. 漏洞危害 If a user or automated system were tricked into running lintian on a specially crafted package, a remote attacker could possibly use this issue to …
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that GnuTLS incorrectly handled certain assignments files. 漏洞危害 If a user were tricked into processing a specially crafted assignments file, a remote attacker could possibly execute arbirary code. 解决方案 Refer to Ubuntu a…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that Puppet incorrectly handled the search path. It was discovered that Puppet incorrectly handled YAML deserialization. 漏洞危害 A local attacker could use this issue to possibly execute arbitrary code. (CVE-2014-3248) A r…