漏洞类别:General remote services 漏洞等级: 漏洞信息 Juniper JUNOS is the network operating system used in Juniper Networks hardware systems. Receipt of a malformed BGP OPEN message may cause the routing protocol daemon (rpd) process to crash and restart. By continuously s…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 A vulnerability was discovered in GD Graphics Library (aka libgd), as used in PHP that does not zero colorMap arrays before use. 漏洞危害 A specially crafted GIF image could use the uninitialized tables to read bytes from the top of the stac…
CVE
CVE-2017-7533 Ubuntu Security Notification for Linux, Linux-aws, Linux-gke, Linux-raspi2, Linux-snapdragon Regression (USN-3392-1)
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 USN-3378-1 fixed vulnerabilities in the Linux kernel. Unfortunately, a regression was introduced that prevented conntrack from working correctly in some situations. This update fixes the problem. A race condition between inotify events a…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 Multiple security issues were discovered in Firefox. 漏洞危害 If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting (XSS) attacks, bypass sandbox restric…
CVE
CVE-2017-7546 Ubuntu Security Notification for Postgresql-9.3, Postgresql-9.5, Postgresql-9.6 Vulnerabilities (USN-3390-1)
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that PostgreSQL allowed the use of empty passwords in some authentication methods, contrary to expected behaviour. It was discovered that PostgreSQL incorrectly handled the pg_user_mappings catalog view. It was discover…
CVE
CVE-2017-10053 SUSE Enterprise Linux Security Update for java-1_8_0-openjdk (SUSE-SU-2017:2175-1)
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for java-1_8_0-openjdk to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desk…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for jackson-databind to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Fedora has issued updated packages to fix this vulnerab…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter. (CVE-2017-12065 ) Cross-site scripting (XSS) vulnerability in aggregate_graphs.php…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Security constrained bypass in error page mechanism: While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to …
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Vulnerabilities in the Graphite 2 library (MFSA 2017-16) A heap-based buffer overflow flaw related to "lz4::decompress" has been reported in graphite2. An attacker could exploit this issue to cause a crash or, possibly, execute arb…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Out-of-bounds heap write in bitset_set_range() An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() du…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Buffer overflow in mp_override_legacy_irq(): Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 4.12.2 allows local users to gain privileges via a crafted ACPI table.…
近日来自中国的1937CN黑客组织制作了影片,向印度总理莫迪以及印度人民喊话。 https://youtu.be/9bbEXi3Rquo 视频中黑客自称来自“中国非政府组织1937CN TEAM”,该组织声称: 印度军队越界阻挠中方修路,这是属于入侵行为,中方多次要求印度撤军,没有得到满意答复,现在中印对峙很有可能滑向战争,这是中印两国人民都不想看到的结果,这是印度政治家的错误。 1962年印度侵略中国领土,中国军队自卫反击,打击了印度尼赫鲁政府的霸权主义和扩张政策。如今印度再次入侵中国西藏,中国人民强烈…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Out-of-bounds heap write in bitset_set_range(): An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() d…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 A vulnerability was reported in the CloudFormation bootstrap tools, different from the one in CVE-2017-9450 , where default behavior in the handling of cfn-init metadata can provide escalated privileges to an attacker with local ac…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Out-of-bounds read in fr_dhcp_decode_options(): An out-of-bounds read flaw was found in the way FreeRADIUS server handles decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a s…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 possible OP-TEE Bleichenbacher attack: The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which …
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 ap_find_token() buffer overread: A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Security constrained bypass in error page mechanism: A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly includin…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for nasm to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Mal…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for nasm to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 漏洞危害 This vulnerability could be exploite…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for the linux kernel to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 漏洞危害 This …
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for libzypp, zypper to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 漏洞危害 This v…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for mariadb to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP3 SU…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for wireshark to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability can be used to cause a limited…