漏洞类别:Local 漏洞等级: 漏洞信息 Adobe Flash Player is a Cross-platform plugin plays animations, videos and sound files in .SWF format. These vulnerabilities that could potentially allow an attacker to take control of the affected system. ( CVE-2017-3058, CVE-2017-3059, …
CVE
Local Schneider Electric Interactive Graphical SCADA System Remote Code Execution Vulnerability.
漏洞类别:Local 漏洞等级: 漏洞信息 Interactive Graphical SCADA (IGSS) is full featured automation software - a SCADA system for process control and supervision. The vulnerability identified is related to two sets of Windows files that can be hijacked.Certain OCX and DLL fi…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for jasper to fix the vulnerabilities. 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial co…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for gstreamer to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 漏洞危害 This vulnera…
CVE
CVE-2017-5843 SUSE Enterprise Linux Security Update for gstreamer-plugins-bad (SUSE-SU-2017:0962-1)
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for gstreamer-plugins-bad to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 漏洞危害 …
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for jasper to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP2 SUS…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for dracut to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 漏洞危害 This vulnerability could be exploited to gain partial access to sensi…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for libpng15 to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for ruby to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gain partial …
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for ghostscript to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. 解决方…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for xen to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 Successful exploitation of the vulnerability allows privilege escalation, host crashes and information leaks. 解决方案 Fedora has issued update…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for curl to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 Successful exploitation of the vulnerability may allow heap-based buffer over-read. 解决方案 Fedora has issued updated packages to fix this vu…
漏洞类别:CGI 漏洞等级: 漏洞信息 Moxa MXview network management software is designed for configuring, monitoring, and diagnosing networking devices in industrial networks. Moxa MXview fails to implement sufficient security restrictions on the private key file. This file ca…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2017-5337: * Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted Open…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2017-6353: It was found that the code in net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association pee…
柯力士信息安全 柯力士信息安全 4月10日,开放网页应用安全计划(OWASP)发布了其2017年10大安全漏洞提案初版,提出了2个新的漏洞类型。而这距离上次更新,已经过去了四年,可以这么说,OWASP TOP 10的变化,反映的就是近年来信息安全界的整体变化! OWASP是什么? 开放式Web应用程序安全项目(OWASP,Open Web Application Security Project)是一个组织,它提供有关计算机和互联网应用程序的公正、实际、有成本效益的信息。其目的是协助个人、企业和机构来发现和使用可信…
作者:雪碧 0xroot@360 Unicorn Team 作者博客:www.cn0xroot.com 预估稿费:500RMB 投稿方式:发送邮件至linwei#360.cn,或登陆网页版在线投稿 0x00 概览 LimeSDR部分特性: USB 3.0 ; 4 x Tx 发射天线接口 6 x Rx 接收天线接口; 可用于Wi-Fi, GSM, UMTS, LTE, LoRa, Bluetooth, Zigbee, RFID等开发测试环境中。 RTL电视棒、HackRF、BladeRF、USRP、LimeSD…
翻译:shan66 预估稿费:200RMB 投稿方式:发送邮件至linwei#360.cn,或登陆网页版在线投稿 前言 FireEye最近检测到利用CVE-2017-0199安全漏洞的恶意Microsoft Office RTF文档,要知道CVE-2017-0199可是此前尚未公开的漏洞。当用户打开包含该漏洞利用代码的文档时,恶意代码就会下载并执行包含PowerShell命令的Visual Basic脚本。 FireEye已经发现了一些通过CVE-2017-0199漏洞下载并执行各种臭名昭著的恶意软件系列的有效载荷…
传送门 【漏洞分析】CVE-2017-0199:分析 Microsoft Office RTF 漏洞 微步在线威胁情报通报 编号:TB-2017-0003 报告置信度:90 TAG:微软、Office、0day、漏洞、钓鱼邮件、Dridex TLP:黄 (仅限接受报告的组织内部使用) 日期:2017-04-11 更新 微步在线于北京时间4月11日向相关客户发出了本预警报告。 北京时间4月12日,微软发布了该漏洞的紧急修复补丁,漏洞编号CVE-2017-0199。鉴于该漏洞广泛存在于Office所有版本,且目前已经用…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The coreutils packages contain the GNU Core Utilities and represent a combination of the previously used GNU fileutils, sh-utils, and textutils packages. A race condition was found in the way su handled the management of child processes.…
漏洞类别:RedHat 漏洞等级: 漏洞信息 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configura…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read…
漏洞类别:RedHat 漏洞等级: 漏洞信息 Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine archi…
漏洞类别:RedHat 漏洞等级: 漏洞信息 Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. An integer overflow flaw and an out-of-bounds read flaw were found in the way QEMU's VGA emulator set certain VGA registers whi…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. A denial of service flaw was found in the way the TLS/SSL protocol defined…