漏洞类别:Hardware 漏洞等级: 漏洞信息 Juniper JUNOS is the network operating system used in Juniper Networks hardware systems. The Juniper Enhanced jdhcpd daemon may experience high CPU utilization, or crash and restart upon receipt of an invalid IPv6 UDP packet. Both high…
漏洞类别:Hardware 漏洞等级: 漏洞信息 Juniper JUNOS is the network operating system used in Juniper Networks hardware systems. When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with…
漏洞类别:Hardware 漏洞等级: 漏洞信息 Juniper JUNOS is the network operating system used in Juniper Networks hardware systems. A denial of service vulnerability in rpd daemon of Juniper Networks Junos OS allows a malformed MPLS ping packet to crash the rpd daemon. Repeated…
CVE
CVE-2017-2314 Juniper JUNOS BGP OPEN Message RPD Crash Denial of Service Vulnerability (JSA10779)
漏洞类别:General remote services 漏洞等级: 漏洞信息 Juniper JUNOS is the network operating system used in Juniper Networks hardware systems. Receipt of a malformed BGP OPEN message may cause the routing protocol daemon (rpd) process to crash and restart. By continuously s…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 A vulnerability was discovered in GD Graphics Library (aka libgd), as used in PHP that does not zero colorMap arrays before use. 漏洞危害 A specially crafted GIF image could use the uninitialized tables to read bytes from the top of the stac…
CVE
CVE-2017-7533 Ubuntu Security Notification for Linux, Linux-aws, Linux-gke, Linux-raspi2, Linux-snapdragon Regression (USN-3392-1)
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 USN-3378-1 fixed vulnerabilities in the Linux kernel. Unfortunately, a regression was introduced that prevented conntrack from working correctly in some situations. This update fixes the problem. A race condition between inotify events a…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 Multiple security issues were discovered in Firefox. 漏洞危害 If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting (XSS) attacks, bypass sandbox restric…
CVE
CVE-2017-7546 Ubuntu Security Notification for Postgresql-9.3, Postgresql-9.5, Postgresql-9.6 Vulnerabilities (USN-3390-1)
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that PostgreSQL allowed the use of empty passwords in some authentication methods, contrary to expected behaviour. It was discovered that PostgreSQL incorrectly handled the pg_user_mappings catalog view. It was discover…
CVE
CVE-2017-10053 SUSE Enterprise Linux Security Update for java-1_8_0-openjdk (SUSE-SU-2017:2175-1)
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for java-1_8_0-openjdk to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desk…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for jackson-databind to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Fedora has issued updated packages to fix this vulnerab…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter. (CVE-2017-12065 ) Cross-site scripting (XSS) vulnerability in aggregate_graphs.php…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Security constrained bypass in error page mechanism: While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to …
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Vulnerabilities in the Graphite 2 library (MFSA 2017-16) A heap-based buffer overflow flaw related to "lz4::decompress" has been reported in graphite2. An attacker could exploit this issue to cause a crash or, possibly, execute arb…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Out-of-bounds heap write in bitset_set_range() An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() du…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Buffer overflow in mp_override_legacy_irq(): Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 4.12.2 allows local users to gain privileges via a crafted ACPI table.…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Out-of-bounds heap write in bitset_set_range(): An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() d…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Out-of-bounds read in fr_dhcp_decode_options(): An out-of-bounds read flaw was found in the way FreeRADIUS server handles decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a s…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 possible OP-TEE Bleichenbacher attack: The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which …
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 ap_find_token() buffer overread: A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Security constrained bypass in error page mechanism: A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly includin…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for nasm to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Mal…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for nasm to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 漏洞危害 This vulnerability could be exploite…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for the linux kernel to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 漏洞危害 This …
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for libzypp, zypper to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 漏洞危害 This v…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for mariadb to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP3 SU…