漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that Paramiko's SSH server implementation did not properly require authentication before processing requests. 漏洞危害 An unauthenticated remote attacker could possibly use this to execute arbitrary code. 解决方案 Refer to Ubun…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that LibTIFF incorrectly handled certain malformed images. 漏洞危害 If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of se…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Access to automounted volumes can lock upA race condition was found in systemd. This could result in automount requests not being serviced and processes using them could hang, causing denial of service.(CVE-2018-1049 ) 漏洞危害 Allows …
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Omapi code doesn't free socket descriptors when empty message is received allowing denial-of-serviceIt was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to co…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Speculative execution branch target injectionAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There ar…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Insufficient validation of trust of .desktop files with execute permissionAn untrusted .desktop file with executable permission set could choose its displayed name and icon, and execute commands without warning when opened by the u…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Stack-based out-of-bounds read via vmcall instructionLinux kernel compiled with the KVM virtualization (CONFIG_KVM) support is vulnerable to an out-of-bounds read access issue. It could occur when emulating vmcall instructions invo…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Remote DoS via search filters in slapi_filter_sprintf in slapd/util.cA stack buffer overflow flaw was found in the way 389-ds-base handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this f…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Improper fetch cleanup sequencing in the resolver can cause named to crashA use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A re…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for qemu to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 漏洞危害 This vulnerability could be exploited to gain partial access to sensiti…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for crash to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 漏洞危害 This vulnerability could be exploited to gain complet…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for postgresql94 to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gain …
CVE
CVE-2018-1050 SUSE Enterprise Linux Security Update for samba, talloc, tevent (SUSE-SU-2018:0754-1)
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for samba, talloc, tevent to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 漏洞危害 …
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 <DIV> Issue Overview: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary v…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for openjdk-8 to fix the vulnerabilities. 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. 解决方案 Refer to Debian security advisory DSA 4144-1 to address this i…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 <DIV> Issue Overview: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary v…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 <DIV> Issue Overview: HTTP authentication leak in redirectslibcurl might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers fi…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 <DIV> Issue Overview: SingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998)It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegist…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which d…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 An updated kernel release for Amazon Linux has been made available which prevents speculative execution of indirect branches within the kernel. This release incorporates latest stable open source Linux security improvements to addr…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Unsafe object deserialization through YAML formatted gem specifications:A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files w…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Weak ElGamal key parameters in PublicKey/ElGamal.py allow attackers to obtain sensitive information by reading ciphertext:lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Heap-based buffer overflow in mspack/lzxd.cmspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unsp…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Arbitrary code execution during go get via C compiler options: An arbitrary command execution flaw was found in the way Go s go get command handled gcc and clang sensitive options during the build. A remote attacker capable of host…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 DerValue unbounded memory allocation:It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this fl…