漏洞类别:RedHat 漏洞等级: 漏洞信息 MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A dat…
漏洞类别:RedHat 漏洞等级: 漏洞信息 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticat…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. A stack overflow vulnerabi…
漏洞类别:RedHat 漏洞等级: 漏洞信息 Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. An out-of-bounds memory access issue was found in Quick Emulator (QEMU) in the VNC display driver. This flaw could occur while …
漏洞类别:RedHat 漏洞等级: 漏洞信息 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Multiple integer overflow flaws leading to heap-based buffer overflows were fou…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The X11 (Xorg) libraries provide library routines that are used within all X Window applications. An integer overflow flaw leading to a heap-based buffer overflow was found in libXpm. An attacker could use this flaw to crash an applicati…
漏洞类别:RedHat 漏洞等级: 漏洞信息 Libtasn1 is a library that provides Abstract Syntax Notation One (ASN.1, as specified by the X.680 ITU-T recommendation) parsing and structures management, and Distinguished Encoding Rules (DER, as per X.690) encoding and decoding functi…
漏洞类别:RedHat 漏洞等级: 漏洞信息 LibreOffice is an open source, community-developed office productivity suite. An out-of-bounds write flaw was found in the way Libreoffice rendered certain documents containing Polygon images. By tricking a user into opening a specially …
漏洞类别:RedHat 漏洞等级: 漏洞信息 The tcpdump packages contain the tcpdump utility for monitoring network traffic. Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create…
漏洞类别:RedHat 漏洞等级: 漏洞信息 Red Hat Certificate System is an enterprise software system designed to manage enterprise public key infrastructure (PKI) deployments. It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that LXC incorrectly handled the TIOCSTI ioctl. 漏洞危害 An attacker could possibly use this issue to escape LXC containers. 解决方案 Refer to Ubuntu advisory USN-3375-1 for affected packages and patching details, or update wit…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that RabbitMQ incorrectly handled MQTT (MQ Telemetry Transport) authentication. 漏洞危害 A remote attacker could use this issue to authenticate successfully with an existing username by omitting the password. 解决方案 Refer to …
CVE
CVE-2017-6746 Cisco Web Security Appliance Administrative Interface Access Control Bypass Vulnerability (cisco-sa-20170719-wsa1)
漏洞类别:Cisco 漏洞等级: 漏洞信息 A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administra…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The golang packages provide the Go programming language compiler. A carry propagation flaw was found in the implementation of the P-256 elliptic curve in golang. An attacker could possibly use this flaw to extract private keys when stati…
漏洞类别:RedHat 漏洞等级: 漏洞信息 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A denial of service flaw was found in the way Pidgin's Mxit plug-in handled emoticons. A malicious remote…
漏洞类别:RedHat 漏洞等级: 漏洞信息 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. The Python standard library HTTP client modules (such as htt…
漏洞类别:RedHat 漏洞等级: 漏洞信息 OpenLDAP is an open-source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. A double-free flaw was found in the way OpenLDAP's slapd server using the MDB backend handled LDAP searches. A remote at…
漏洞类别:Local 漏洞等级: 漏洞信息 TIBCO Spotfire is an analytics and business intelligence platform for analysis of data by predictive and complex statistics. TIBCO Spotfire Server contains multiple vulnerabilities which allows authorized users to perform SQL injection at…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 A vulnerability was reported in the CloudFormation bootstrap tools that allows an attacker to execute arbitrary code as root if they have local access to the system and are able to create files in a specific directory (CVE-2017-945…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Incorrect enforcement of certificate path restrictions: It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker coul…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that FreeRADIUS incorrectly handled memory when decoding packets. 漏洞危害 A remote attacker could use this issue to cause FreeRADIUS to crash or hang, resulting in a denial of service, or possibly execute arbitrary code. 解…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for poppler to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP3 SU…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for poppler to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 漏洞危害 This vulnerabi…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for apache2 to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gain parti…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for openjdk-8 to fix the vulnerabilities. 漏洞危害 Successful exploitation of the vulnerability will lead to sandbox bypass,use of insecure cryptography, side channel attacks, information disclosure, the e…