漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for zsh to fix the vulnerability. Affected OS: Fedora 27 漏洞危害 This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. 解决方案 Fedora…
CVE
CVE-2011-3923 Apache Struts "ParametersInterceptor" Remote Code Execution Vulnerability (S2-009)
漏洞类别:Web Application 漏洞等级: 漏洞信息 Apache Struts is a framework for building web applications. Apache Struts on the target web application was found to be vulnerable to a remote code execution vulnerability as described in Security Bulletin S2-009. The assigned C…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for squid3 to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability can be used to cause a limited denial of service in the form of interruptions in resour…
漏洞类别:Information gathering 漏洞等级: 漏洞信息 Java Platform, Standard Edition (Java SE) lets you develop and deploy Java applications on desktops, servers, and embedded environments, while offering user interface, performance, versatility, portability, and security th…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c:A flaw was found in the Linux kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily writ…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 It was discovered that the memcached daemon listened on UDP port 11211 by default. An attacker could use memcached for UDP amplification denial-of-service attacks. The UDP port has been disabled by default, but can still be enabled…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that Paramiko's SSH server implementation did not properly require authentication before processing requests. 漏洞危害 An unauthenticated remote attacker could possibly use this to execute arbitrary code. 解决方案 Refer to Ubun…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that LibTIFF incorrectly handled certain malformed images. 漏洞危害 If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of se…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Access to automounted volumes can lock upA race condition was found in systemd. This could result in automount requests not being serviced and processes using them could hang, causing denial of service.(CVE-2018-1049 ) 漏洞危害 Allows …
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Omapi code doesn't free socket descriptors when empty message is received allowing denial-of-serviceIt was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to co…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Speculative execution branch target injectionAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There ar…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Insufficient validation of trust of .desktop files with execute permissionAn untrusted .desktop file with executable permission set could choose its displayed name and icon, and execute commands without warning when opened by the u…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Stack-based out-of-bounds read via vmcall instructionLinux kernel compiled with the KVM virtualization (CONFIG_KVM) support is vulnerable to an out-of-bounds read access issue. It could occur when emulating vmcall instructions invo…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Remote DoS via search filters in slapi_filter_sprintf in slapd/util.cA stack buffer overflow flaw was found in the way 389-ds-base handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this f…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Improper fetch cleanup sequencing in the resolver can cause named to crashA use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A re…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for qemu to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 漏洞危害 This vulnerability could be exploited to gain partial access to sensiti…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for crash to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 漏洞危害 This vulnerability could be exploited to gain complet…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for postgresql94 to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gain …
CVE
CVE-2018-1050 SUSE Enterprise Linux Security Update for samba, talloc, tevent (SUSE-SU-2018:0754-1)
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for samba, talloc, tevent to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 漏洞危害 …
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 <DIV> Issue Overview: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary v…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for openjdk-8 to fix the vulnerabilities. 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. 解决方案 Refer to Debian security advisory DSA 4144-1 to address this i…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 <DIV> Issue Overview: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary v…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 <DIV> Issue Overview: HTTP authentication leak in redirectslibcurl might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers fi…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 <DIV> Issue Overview: SingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998)It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegist…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which d…