漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for linux to fix the vulnerabilities. 漏洞危害 Successful exploitation may lead to a denial of service, information leak or privilege escalation. 解决方案 Refer to Debian security advisory DSA 2745-1 to addres…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for openssl to fix the vulnerabilities. 漏洞危害 Successful exploitation may allow an attacker to cause a Denial of Service and a buffer overflow. 解决方案 Refer to Debian security advisory DSA 2998-1 to addre…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for openssl to fix the vulnerabilities. 漏洞危害 Successful exploitation of the vulnerabilities may allow an attacker to inject data from one connection into another or cause denial of service. 解决方案 Refer …
漏洞类别:AIX 漏洞等级: 漏洞信息 AIX is prone to the following vulnerabilities: OpenSSL is vulnerable to a denial of service, caused by the incorrect use of pointer arithmetic for heap-buffer boundary checks.(CVE-2016-2177) OpenSSL could allow a remote attacker to obtain s…
漏洞类别:Windows 漏洞等级: 漏洞信息 Microsoft has released a cumulative security update for Windows. The security update is rated Important for all affected Operating Systems. Microsoft has addressed the vulnerabilities by fixing: 1) How a Windows Crypto Driver handles ob…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 CVE-2016-8645 kernel: a BUG() statement can be hit in net/ipv4/tcp_input.c It was discovered that the Linux kernel since 3.6-rc1 with net.ipv4.tcp_fastopen; set to 1 can hit BUG() statement in tcp_collapse() function after making a…
CVE
CVE-2016-7867 Microsoft Windows Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (MS16-154)
漏洞类别:Internet Explorer 漏洞等级: 漏洞信息 The update addresses the vulnerabilities which are described in Adobe Security Bulletin APSB16-39, by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge.…
漏洞类别:Local 漏洞等级: 漏洞信息 Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux, which address a critical vulnerability that could potentially allow an attacker to take control of the affected system. Affected Versions: Adobe Fla…
漏洞类别:Local 漏洞等级: 漏洞信息 Adobe Digital Editions is an ebook reader software program from Adobe Systems built using Adobe Flash with support for acquiring, managing and reading eBooks, digital newspapers, and other digital publications. The software supports PDF, …
漏洞类别:CGI 漏洞等级: 漏洞信息 Oracle GlassFish Server Open Source Edition is an open source application server. Oracle GlassFish Server Open Source Edition is exposed to following vulnerablities: 1) An unauthenticated local file inclusion vulnerability that can be used …
漏洞类别:SUSE 漏洞等级: 漏洞信息 Suse has released security update for tomcat to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 12-SP2 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users cou…
CVE
CVE-2016-5285 SUSE Enterprise Linux Security Update for MozillaFirefox, mozilla-nss (SUSE-SU-2016:3080-1)
漏洞类别:SUSE 漏洞等级: 漏洞信息 Suse has released security update for mozillafirefox, mozilla-nss to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exp…
漏洞类别:SUSE 漏洞等级: 漏洞信息 Suse has released security update for tomcat to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 12-SP1 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users cou…
漏洞类别:SUSE 漏洞等级: 漏洞信息 Suse has released security update for java-1_8_0-ibm to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12…
漏洞类别:SUSE 漏洞等级: 漏洞信息 Suse has released security update for xen to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 漏洞危害 This vulnerability…
漏洞类别:RedHat 漏洞等级: 漏洞信息 Chromium is an open-source web browser, powered by WebKit (Blink). Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or di…
漏洞类别:Local 漏洞等级: 漏洞信息 Symantec Validation and ID Protection (VIP) Access Desktop is a free online security credential that you can download to your computer desktop. Symantec VIP Access Desktop does not verify the DLLs it loads from its startup path. Affected …
漏洞类别:Local 漏洞等级: 漏洞信息 Oracle released an update to fix 25 new security vulnerabilities for Oracle Berkeley DB. Affected Software: Oracle Berkeley DB 11.2.5.1.29 and prior Oracle Berkeley DB 11.2.5.2.42 and prior Oracle Berkeley DB 11.2.5.3.28 and prior Oracle …
漏洞类别:Local 漏洞等级: 漏洞信息 Nokogiri is an HTML, XML, SAX, and Reader parser with XPath and CSS selector support. Nokogiri is affected by series of vulnerabilities in libxml2 and libxslt, which are libraries Nokogiri depends on. It was discovered that libxml2 and li…
漏洞类别:Local 漏洞等级: 漏洞信息 Red Hat JBoss Portal is the open source implementation of the Java EE suite of services and Portal services running atop Red Hat JBoss Enterprise Application Platform. It was found that PortletBridge PortletRequestDispatcher did not respe…
事件综述 近期,有网络安全人员发现:Linux系统下的安全扫描软件McAfee中存在多个安全漏洞【软件传送门:(McAfee for Linux)】,黑客可利用其中一些漏洞盗用Linux系统的root权限,发动RCE攻击。 关于McAfee软件的情况介绍 McAfee VirusScan Enterprise for Linux,一款利用Linux独特访问扫描程序,对系统进行实时防护的安全检测软件,由Intel旗下的子公司McAfee推出。该软件适用于使用Linux系统的企业用户。它能够检测隐藏在存档文件中的Lin…
今日要闻推荐:欧洲刑警组织逮捕了几十名疑似参与发动DDoS攻击的青少年;朝鲜称指控其黑掉韩国的电脑是“幼稚的阴谋”;法国成立首支“网络部队” 2017年1月投入运作;国家电网App海量用户数据外流 淘宝店主叫卖住址;俄罗斯驻荷兰大使馆领事部被黑 护照号码和个人信息被盗。 [每日要闻] 欧洲刑警组织逮捕了几十名疑似参与发动DDoS攻击的青少年 http://t.cn/RI4ZHgv 朝鲜称指控其黑掉韩国的电脑是“幼稚的阴谋” http://t.cn/RIyVcUG 法国成立首支“网络部队” 2017年1月投入运作 h…
热点概要:Linux 应用权限不当可提权系列漏洞分析、UXSS on Microsoft Edge: 冒险在一个无尽的世界、XSS Bypass Cookbook、下一代office恶意软件 国内热词(以下内容部分摘自http://www.solidot.org/): Chrome向中国用户推荐搜狗搜索 三星将通过OTA更新关闭Galaxy Note 7的充电 京东调查用户数据大规模泄漏 在中国,获取一个人的隐私数据极其简单 Linux Kernel 4.9发布 资讯类: 《概念證明應用程式》即便手機設定成不接受來…
背景 我们在网上发现了一个有趣的 ELF 蠕虫,这可以帮助提高系统管理员的安全意识。这是个已知的 ELF 恶意软件,可能是 `Linux/PnScan` 的最新变种,在 x86-32 平台发现,从网络中受感染的结点到了我们手中。这个蠕虫针对嵌入式平台,我有点惊讶 i86 程序可以命中 Linux 目标。 在样本送到 MalwareMustDie ELF 分析团队之前,我在 2015 年 9 月 28 日发表过一篇讲述该威胁的[文章][1],我认为这种威胁现在已经消失了,但是我错了。因为恶意软件那时正处在蠕虫的感染阶…
一、引言 在2016年,勒索软件继续在全球范围内猖獗,收紧对数据、设备、个人和商业的控制。 下面的数据就能说明这些: 1.出现了62种新的勒索软件家族。 2.勒索软件变种增长了11倍。从1到3月份的2900个,增长到7到9月份的32091个。 3.对商业的攻击从一月到九月底增长了3倍:每2分钟有一次攻击,变成了每40秒有一次 4.对个人攻击的增幅从每20秒到每10秒。 5.在支付了勒索赎金的小型和中型企业中,有五分之一没有取回他们的数据。 在2016年,我们也看到了勒索软件增长在复杂性和多样性 例如:改变策略,如果…