漏洞类别:Local 漏洞等级: 漏洞信息 Instance metadata is data about your instance that you can use to configure or manage the running instance. 漏洞危害 解决方案 For more information about metadata please visit Instance Metadata. 0day
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 An insufficient bytecode verification flaw was discovered in the Hotspot component in OpenJDK. An untrusted Java application or applet could use this flaw to completely bypass Java sandbox restrictions. (CVE-2016-3606 ) Multiple de…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 It was discovered that lighttpd class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an at…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 It was found that the lightweight resolver could crash due to an error when asked to resolve a query name which, when combined with a search list entry, exceeds the maximum allowable length. A remote attacker could use this flaw to…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 A design flaw was found in the libgcrypt PRNG (Pseudo-Random Number Generator). An attacker who can obtain the first 580 bytes of the PRNG output can trivially predict the following 20 bytes. 漏洞危害 Allows unauthorized disclosure of …
漏洞类别:Office Application 漏洞等级: 漏洞信息 This security update resolves vulnerabilities in Microsoft Office. The security update addresses the vulnerabilities by correcting how: Microsoft Office saves documents. Click-to-Run components handle memory addresses. affect…
漏洞类别:Local 漏洞等级: 漏洞信息 Adobe Flash Player is a multimedia application for multiple platforms. Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of …
漏洞类别:Local 漏洞等级: 漏洞信息 Adobe Digital Editions is an ebook reader software program from Adobe Systems built using Adobe Flash with support for acquiring, managing and reading eBooks, digital newspapers, and other digital publications. The software supports PDF, …
漏洞类别:Database 漏洞等级: 漏洞信息 Oracle MySQL is an open-source relational database management system (RDBMS). The vulnerability exists in the mysqld_safe script which is used by many default installations/packages of MySQL as a wrapper to start the MySQL service proc…
漏洞类别:Security Policy 漏洞等级: 漏洞信息 Support for Red Hat Enterprise Linux 6.5 ended on November 30, 2015. No further bug fixes, enhancements, security updates or technical support is available for this version. 漏洞危害 The system is at high risk of being exposed to se…
漏洞类别:Security Policy 漏洞等级: 漏洞信息 Support for Red Hat Enterprise Linux 6.4 ended on March 3, 2015. No further bug fixes, enhancements, security updates or technical support is available for this version. 漏洞危害 The system is at high risk of being exposed to securi…
漏洞类别:Security Policy 漏洞等级: 漏洞信息 Support for Red Hat Enterprise Linux 6.3 ended on June 30, 2014. No further bug fixes, enhancements, security updates or technical support is available for this version. 漏洞危害 The system is at high risk of being exposed to securi…
漏洞类别:Security Policy 漏洞等级: 漏洞信息 Support for Red Hat Enterprise Linux 6.0 ended on November 30, 2012. No further bug fixes, enhancements, security updates or technical support is available for this version. 漏洞危害 The system is at high risk of being exposed to se…
漏洞类别:Security Policy 漏洞等级: 漏洞信息 Support for Red Hat Enterprise Linux 5.9 ended on March 31, 2015. No further bug fixes, enhancements, security updates or technical support is available for this version. 漏洞危害 The system is at high risk of being exposed to secur…
漏洞类别:Security Policy 漏洞等级: 漏洞信息 Support for Red Hat Enterprise Linux 5.6 ended on July 31, 2013. No further bug fixes, enhancements, security updates or technical support is available for this version. 漏洞危害 The system is at high risk of being exposed to securi…
漏洞类别:Security Policy 漏洞等级: 漏洞信息 Support for Red Hat Enterprise Linux 5.4 ended on July 31, 2011. No further bug fixes, enhancements, security updates or technical support is available for this version. 漏洞危害 The system is at high risk of being exposed to securi…
漏洞类别:Security Policy 漏洞等级: 漏洞信息 Support for Red Hat Enterprise Linux 5.3 ended on November 30, 2010. No further bug fixes, enhancements, security updates or technical support is available for this version. 漏洞危害 The system is at high risk of being exposed to se…
漏洞类别:Security Policy 漏洞等级: 漏洞信息 Support for Red Hat Enterprise Linux 5.2 ended on March 31, 2010. No further bug fixes, enhancements, security updates or technical support is available for this version. 漏洞危害 The system is at high risk of being exposed to secur…
漏洞类别:Security Policy 漏洞等级: 漏洞信息 Support for Red Hat Enterprise Linux 4.7 ended on August 31st, 2011. No further bug fixes, enhancements, security updates or technical support is available for this version. 漏洞危害 The system is at high risk of being exposed to se…
漏洞类别:Security Policy 漏洞等级: 漏洞信息 Support for Red Hat Enterprise Linux 4.5 ended on January 31, 2009. No further bug fixes, enhancements, security updates or technical support is available for this version. 漏洞危害 The system is at high risk of being exposed to sec…
漏洞类别:Security Policy 漏洞等级: 漏洞信息 PHP is a general purpose scripting language that is suited for web development and can be embedded in HTML. PHP 5.5 series reached End of Life in its support cycle on July 21, 2016. Since there are no further bug fixes or securi…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for rails to fix the vulnerabilities. 漏洞危害 Successful exploitation allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag han…
漏洞类别:Database 漏洞等级: 漏洞信息 Oracle MySQL is an open-source relational database management system (RDBMS). The vulnerability exists in the mysqld_safe script which is used by many default installations/packages of MySQL as a wrapper to start the MySQL service proc…
概要 Mysql (5.7, 5.6, 和 5.5版本)的所有默认安装配置,包括最新的版本,攻击者可以远程和本地利用该漏洞。该漏洞需要认证访问MYSQL数据库(通过网络连接或者像phpMyAdmin的web接口),以及通过SQL注入利用。攻击者成功利用该漏洞可以以ROOT权限执行代码,完全控制服务器。 利用条件:首先你要有一个Mysql低权限用户,仅需有FIle权限(例如:虚拟主机通常会提供,因为需要导入导出文件),即可实现Root权限提升,进而控制服务器 漏洞影响 MySQL <= 5.7.15 …