漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Package updates are available for Amazon Linux that fix the following vulnerabilities: CVE-2016-8745: 1403824: CVE-2016-8745 tomcat: information disclosure due to incorrect Processor sharing CVE-2016-8735: The JmxRemoteLifecycleLis…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Package updates are available for Amazon Linux that fix the following vulnerabilities: CVE-2016-3630: The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, o…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Package updates are available for Amazon Linux that fix the following vulnerabilities: CVE-2016-9675: * A vulnerability was found in the patch for CVE-2013-6045 for OpenJPEG. A specially crafted JPEG2000 image, when read by an appl…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Package updates are available for Amazon Linux that fix the following vulnerabilities: CVE-2016-9147: * A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remot…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. 漏洞危害 Allows unauthorized disclosure of information; all…
漏洞类别:Local 漏洞等级: 漏洞信息 Panasonic FPWIN Pro is the Panasonic programming software developed according to the international standard IEC 61131-3. This update fixes the following vulnerabilities: - Heap based buffer overflow - Access of uninitialized pointer - Out…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for erlang to fix the vulnerability. Affected OS: Fedora 24 漏洞危害 Successful exploitation the vulnerability may lead to Heap-buffer overflow attacks. 解决方案 Fedora has issued updated packages to fix this …
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for moodle to fix the vulnerability. Affected OS: Fedora 24 Fedora 25 漏洞危害 Depending on the vulnerability being exploited, a remote attacker could conduct cross-site scripting or SQL injection attacks …
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for kernel to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 Successful exploitation of the vulnerability can lead to Denial of service (use-after-free and system crash) or possibly have unspecifie…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for sane-backends to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 Successful exploitation allows remote attackers to obtain sensitive memory information. 解决方案 Fedora has issued updated packages t…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for tcpreplay to fix the vulnerability. Affected OS: Fedora 24 Fedora 25 漏洞危害 Successful exploitation of the vulnerability allows an attacker to cause a buffer overflow attack. 解决方案 Fedora has issued u…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for firefox to fix the vulnerability. Affected OS: Fedora 25 Fedora 24 漏洞危害 If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for kernel to fix the vulnerability. Affected OS: Fedora 24 漏洞危害 Successful exploitation of the vulnerability can lead to Denial of service (use-after-free and system crash) or possibly have unspecifie…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for chromium to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when …
漏洞类别:General remote services 漏洞等级: 漏洞信息 The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source. This update fixes multiple denial of service and stack based buffer overflow vuln…
漏洞类别:General remote services 漏洞等级: 漏洞信息 TLS session ticket is a mechanism to distribute encrypted session-state information to the client in the form of a ticket and a mechanism to present the ticket back to the server, it's used to speed up repeated TLS conne…
漏洞类别:Information gathering 漏洞等级: 漏洞信息 The Canonical Livepatch Service is intended to address high and critical severity Linux kernel security vulnerabilities, without requiring a reboot in order to take effect. 漏洞危害 解决方案 0day
漏洞类别:Local 漏洞等级: 漏洞信息 PuTTY is a client program for the SSH, Telnet and Rlogin network protocols. It is integrated in multiple applications on multiple operating systems for providing SSH, Telnet and Rlogin protocol support. A heap-corrupting integer overflow …
漏洞类别:Local 漏洞等级: 漏洞信息 IBM Domino (formerly IBM Lotus Domino) is an advanced platform for hosting social business applications. The software does not properly filter HTML code from user-supplied input before displaying the input. A remote user can cause arbitra…
漏洞类别:Local 漏洞等级: 漏洞信息 The kernel packages contain the Linux kernel, the core of any Linux operating system. Race condition in drivers/tty/n_hdlc.c in the Linux kernel allows local users to gain privileges or cause a denial of service (double free) by setting t…
CVE
CVE-2017-7308 Ubuntu Security Notification for Linux, Linux-aws, Linux-gke, Linux-raspi2, Linux-snapdragon, (USN-3256-1)
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that the AF_PACKET implementation in the Linux kernel did not properly validate certain block-size data. 漏洞危害 A local attacker could use this to cause a denial of service (system crash). 解决方案 Refer to Ubuntu advisory US…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that LightDM incorrectly handled home directory creation for guest users. 漏洞危害 A local attacker could use this issue to gain ownership of arbitrary directory paths and possibly gain administrative privileges. 解决方案 Refer…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that Django incorrectly handled numeric redirect URLs. It was discovered that Django incorrectly handled certain URLs when the jango.views.static.serve() view is being used. 漏洞危害 A remote attacker could possibly use thi…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that Nagios incorrectly handled certain long strings. It was discovered that Nagios incorrectly handled certain long messages to cmd.cgi. It was discovered that Nagios incorrectly handled symlinks when accessing log fil…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for jasper to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability can also be used to cause a limit…