漏洞类别:RedHat 漏洞等级: 漏洞信息 Graphite2 is a project within SIL's Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Various vulnerabilities have been discovered in Graphite2. …
漏洞类别:RedHat 漏洞等级: 漏洞信息 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle refe…
漏洞类别:Local 漏洞等级: 漏洞信息 The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string. A…
漏洞类别:Local 漏洞等级: 漏洞信息 Certain values in a TLS abbreviated handshake when using a client SSL profile with the Session Ticket option enabled may cause disruption of service to the Traffic Management Microkernel (TMM). The Session Ticket option is disabled by def…
漏洞类别:Local 漏洞等级: 漏洞信息 Safari is a Web-browser developed by Apple which is based on the WebKit engine. The update addresses multiple vulnerabilities affecting WebKit and Safari for OS X Yosemite, El Capitan and macOS Sierra. 漏洞危害 Successful exploitation of the …
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Security Fix(es): A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, b…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. ( …
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for apport to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gain complete access to sensitive information. Malicious users co…
CVE
CVE-2016-9262 2017-07-26 21:16:34 SUSE Enterprise Linux Security Update for jasper (SUSE-SU-2017:1916-1)
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for jasper to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 漏洞危害 This vulnerabil…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2). It was found that the log file viewer in Red Hat JBoss Enterprise Applicat…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that libiberty incorrectly handled certain string operations. It was discovered that libiberty incorrectly handled parsing certain binaries. It was discovered that libiberty incorrectly handled parsing certain binaries.…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that gdb incorrectly handled certain malformed AOUT headers in PE executables. It was discovered that gdb incorrectly handled printing bad bytes in Intel Hex objects. It was discovered that gdb incorrectly handled certa…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. It was discovered that the JAR verifier in OpenJDK did not properly handle archives containing files missing digests. It was discovered…
CVE
CVE-2009-5147 Ubuntu Security Notification for Ruby1.9.1, Ruby2.0, Ruby2.3 Vulnerabilities (USN-3365-1)
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that Ruby DL::dlopen incorrectly handled opening libraries. It was discovered that the Ruby OpenSSL extension incorrectly handled hostname wildcard matching. It was discovered that Ruby Fiddle::Handle incorrectly handle…
CVE
CVE-2014-9900 Ubuntu Security Notification for Linux, Linux-raspi2, Linux-snapdragon Vulnerabilities (USN-3364-1)
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. It was discovered that the Linux kernel did not properly restrict access to /proc/iomem. A race condition in the Advanced Linux Sound Arch…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that ImageMagick incorrectly handled certain malformed image files. 漏洞危害 If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a den…
CVE
CVE-2017-10971 Ubuntu Security Notification for Xorg-server, Xorg-server-hwe-16.04, Xorg-server-lts-xenial Vulnerabilities (USN-3362-1)
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that the X.Org X server incorrectly handled endianness conversion of certain X events. It was discovered that the X.Org X server incorrectly handled endianness conversion of certain X events. It was discovered that the …
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for apache2 to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP3 SU…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2). It was discovered that under certain conditions RESTEasy could be for…
漏洞类别:RedHat 漏洞等级: 漏洞信息 Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to …
漏洞类别:RedHat 漏洞等级: 漏洞信息 Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resul…
漏洞类别:Local漏洞等级: 漏洞信息 McAfee ePolicy Orchestrator (ePO) software centralizes and streamlines management of endpoint, network, content security and compliance solutions. McAfee ePolicy Orchestrator is prone to a directory traversal vulnerability which allows rem…
漏洞类别:Local 漏洞等级: 漏洞信息 IBM WebSphere Application Server is designed to facilitate the creation of various enterprise Web applications. IBM WebSphere Application Server is vulnerable Cross-Site Scripting vulnerability which can lead to a potential credential dis…
漏洞类别:General remote services 漏洞等级: 漏洞信息 This Critical Patch Update contains 21 new security fixes for the Oracle E-Business Suite. Seventeen of these vulnerabilities may be remotely exploitable without authentication. Affected Products: Oracle E-Business Suite…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for gajim to fix the vulnerability. Affected OS: Fedora 24 Fedora 25 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. 解决方案 Fedora has issued updated packages …