漏洞类别:Amazon Linux' 漏洞等级: 漏洞信息 The skbs processed by ip_cmsg_recv() are not guaranteed to be linear (e.g. when sending UDP packets over loopback with MSGMORE). Using csum_partial() on potentially the whole skb len is dangerous; instead be on the safe side and u…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 An integer overflow flaw was found in the way vim handled tree length values when reading an undo file. This bug could result in vim crashing when trying to process corrupted undo files. (CVE-2017-6350 ) An integer overflow flaw wa…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.(CVE-2016-10168 ) The…
漏洞类别:Web Application 漏洞等级: 漏洞信息 Apache Struts is a framework for building web applications. Apache Struts was found to be prone to a remote code execution vulnerability described in CVE-2017-5638 The vulnerability exists due to improper handling of requests wi…
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for wireshark to fix the vulnerabilities. Affected Products: Oracle Linux 6 漏洞危害 Successful exploitation of the vulnerability allows a denial of service (application crash) via a crafted …
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for curl to fix the vulnerabilities. Affected Products: Oracle Linux 6 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 To resolve this issue, upgrade to the la…
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for samba to fix the vulnerabilities. Affected Products: Oracle Linux 6 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 To resolve this issue, upgrade to the l…
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for coreutils to fix the vulnerabilities. Affected Products: Oracle Linux 6 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 To resolve this issue, upgrade to t…
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for kernel to fix the vulnerabilities. Affected Products: Oracle Linux 6 漏洞危害 Successful exploitation of the vulnerability may allow denial of service or privilege escalation.Other attack…
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for qemu-kvm to fix the vulnerabilities. Affected Products: Oracle Linux 6 漏洞危害 Successful exploitation of the vulnerabilities may allow denial of service or arbitrary code execution. Oth…
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for samba4 to fix the vulnerabilities. Affected Products: Oracle Linux 6 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 To resolve this issue, upgrade to the …
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for glibc to fix the vulnerabilities. Affected Products: Oracle Linux 6 漏洞危害 Successful exploitation of the vulnerabilities may cause a denial of service or make it possible to execute ar…
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for quagga to fix the vulnerabilities. Affected Products: Oracle Linux 6 漏洞危害 Successful exploitation of the vulnerabilities may allow attackers to cause denials of service, buffer overfl…
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for libguestfs to fix the vulnerabilities. Affected Products: Oracle Linux 6 漏洞危害 Successful exploitation of the vulnerabilities allows buffer overflows and information leakage. 解决方案 To r…
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for bash to fix the vulnerabilities. Affected Products: Oracle Linux 6 漏洞危害 Successful exploitation of the vulnerability allows execution of arbitrary code. 解决方案 To resolve this issue, up…
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for tigervnc to fix the vulnerabilities. Affected Products: Oracle Linux 6 漏洞危害 Successful exploitation of the vulnerability may allow a denial of service attack or execution of arbitrary…
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for gnutls to fix the vulnerabilities. Affected Products: Oracle Linux 6 漏洞危害 Successful exploitation of the vulnerability allows the attacker to cause a denial of service attack or have …
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for ocaml to fix the vulnerabilities. Affected Products: Oracle Linux 6 漏洞危害 Successful exploitation of the vulnerability may allow buffer overflow attacks or allow the attacker the to ob…
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for icoutils to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 Successful exploitation of the vulnerability may allow a buffer overflow or denial of service attack. 解决方案 …
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for openjpeg to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 Successful exploitation of the vulnerability leads to denial of service or execution of arbitrary code. 解决方…
漏洞类别:CGI 漏洞等级: 漏洞信息 Advantech WebAccess HMI/SCADA is an application used for monitoring and controlling industrial processes. The application is exposed to the following vulnerabilities: CVE-2017-5152: Authentication bypass issue. CVE-2017-5154: SQL injection …
漏洞类别:Local 漏洞等级: 漏洞信息 Avast is an antivirus and security tool. A code injection vulnerability, called DoubleAgent, affects Avast Antivirus which allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any …
漏洞类别:Local 漏洞等级: 漏洞信息 Google Chrome is a web browser for multiple platforms developed by Google. This Google Chrome update fixes the following vulnerabilities: CVE-2017-5054: Heap buffer overflow in V8. CVE-2017-5052: Bad cast in Blink. CVE-2017-5056: Use afte…
CVE
CVE-2017-4902 VMware Workstation Pro, VMware Workstation Player and VMware Fusion Multiple Vulnerabilities. (VMSA-2017-0006)
漏洞类别:Local 漏洞等级: 漏洞信息 VMware Workstation is a hosted hypervisor that runs on x64 versions of Windows and Linux operating systems. A local user on the guest system can trigger a heap overflow in SVGA to execute arbitrary code on the host system [CVE-2017-4902].…