漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for smb4k to fix the vulnerabilities. Affected Products: openSUSE Leap 42.2 漏洞危害 This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this …
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for qemu to fix the vulnerabilities. Affected Products: openSUSE Leap 42.1 漏洞危害 This vulnerability can also be used to cause a complete denial of service and could render the resource completely unavailabl…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for tomcat to fix the vulnerabilities. Affected Products: openSUSE Leap 42.2 openSUSE Leap 42.1 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users c…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for rzip to fix the vulnerabilities. Affected Products: openSUSE Leap 42.2 openSUSE Leap 42.1 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users cou…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for graphite2 to fix the vulnerabilities. Affected Products: openSUSE Leap 42.2 openSUSE Leap 42.1 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Upgrade to the latest packages…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for kauth, kdelibs4 to fix the vulnerabilities. Affected Products: openSUSE Leap 42.2 openSUSE Leap 42.1 漏洞危害 This vulnerability could be exploited to gain complete access to sensitive information. Malicio…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for roundcubemail to fix the vulnerabilities. Affected Products: openSUSE Leap 42.2 openSUSE Leap 42.1 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious …
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for swftools to fix the vulnerabilities. Affected Products: openSUSE Leap 42.2 openSUSE Leap 42.1 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users…
漏洞类别:CGI 漏洞等级: 漏洞信息 CubeCart is a free responsive open source PHP ecommerce software system. The directory traversal exists in the maintenance restore tool whereby the filename is not properly sanitized, disclosing sensitive files to an attacker. This vulnerab…
漏洞类别:CGI 漏洞等级: 漏洞信息 CubeCart is a free responsive open source PHP ecommerce software system. CubeCart contains the following directory traversal vulnerabilities: CVE-2017-2090: Directory traversal vulnerability in CubeCart allows remote authenticated attackers…
漏洞类别:CGI 漏洞等级: 漏洞信息 WBCE is an easy to use content management system basing on PHP/MySQL. The open source CMS is free for personal and commercial use. WBCE CMS contains the following vulnerabilities: CVE-2017-2118: Cross-site scripting vulnerability allows rem…
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for kdelibs to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 Successful exploitation of the vulnerability may allow privilege escalation. 解决方案 To resolve this issue, upg…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for samba to fix the vulnerability. Affected OS: Fedora 24 漏洞危害 Successful exploitation allows a remote attacker to execute arbitrary code on a targeted system. 解决方案 Fedora has issued updated packages …
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for libtasn1-6 to fix the vulnerabilities. 漏洞危害 Successful exploitation of the vulnerability may allow an attacker to cause a denial-of-service or potentially execute arbitrary code. 解决方案 Refer to Debi…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size data. A l…
漏洞类别:AIX 漏洞等级: 漏洞信息 AIX is prone to the following vulnerabilities: tcpdump is vulnerable to multiple buffer overflow vulnerabilities caused by improper bounds checking by the parser. Affected Platforms: AIX 5.3, 6.1, 7.1, 7.2 Note:The detection requires root p…
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for libtirpc to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 Successful exploitation of the vulnerability may cause denial of service attacks. 解决方案 To resolve this issu…
CVE
漏洞编号:CVE-2016-10149 Red Hat OpenStack 9 Update for python-defusedxml and python-pysaml2 (RHSA-2017:0937)
漏洞类别:Local 漏洞等级: 漏洞信息 The defusedxml package contains several Python-only updates for security vulnerabilities in Python's XML libraries. Defusedxml functions and classes can be used instead of the originals to protect against entity-expansion and DTD-retrieva…
漏洞类别:General remote services 漏洞等级: 漏洞信息 The target is determined to be a pfSense device, which uses protocols such as SSH for configuration management. These services can be accessed and are an invitation for malicious users to break in. If this is found exter…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty. 漏洞危害 A local attacker in some configurations could possibly use this to overwrite any file on the files…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. 漏洞危害 If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser secu…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that ImageMagick incorrectly handled certain malformed image files. 漏洞危害 If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a den…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that the strongSwan gmp plugin incorrectly validated RSA public keys. It was discovered that strongSwan incorrectly parsed ASN.1 CHOICE types. 漏洞危害 A remote attacker could use this issue to cause strongSwan to crash, re…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that juju did not set permissions on a Unix domain socket. 漏洞危害 A local attacker could use this flaw to gain administrative privileges. 解决方案 Refer to Ubuntu advisory USN-3300-1 for affected packages and patching details…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 Some security information preloaded in Firefox was due to expire before the next scheduled release. 漏洞危害 This update bumps the expiration times. 解决方案 Refer to Ubuntu advisory USN-3299-1 for affected packages and patching details, or upda…