漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for bind to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially…
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for libreswan to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 A remote attacker could use a libreswan server with IKEv1 enabled in a network traffic amplification denia…
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for krb5 to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to d…
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for dhcp to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 A remote attacker able to establish TCP connections to one of these ports could use this flaw to cause dhcpd to…
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for ntp to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 A remote attacker could use a specially crafted NTP packet to crash ntpd. 解决方案 To resolve this issue, upgrade to…
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for glibc to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 An attacker could provide an excessively long network name, resulting in stack corruption and code execution. …
漏洞类别:Local 漏洞等级: 漏洞信息 WinRAR is a shareware file archiver and compressor utility for Windows. It can create archives in RAR or ZIP file formats and unpack numerous archive file formats. The file-execution functionality in WinRAR allows local users to escalate …
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that MoinMoin did not properly sanitize certain inputs, resulting in cross-site scripting (XSS) vulnerabilities. 漏洞危害 With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 A directory traversal flaw in lxc-attach. 漏洞危害 An attacker with access to an LXC container could exploit this flaw to access files outside of the container. 解决方案 Refer to Ubuntu advisory USN-3136-1 for affected packages and patching deta…
CVE
Ubuntu Security Notification for Gst-plugins-good0.10, Gst-plugins-good1.0 Vulnerability (USN-3135-1)
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that GStreamer Good Plugins did not correctly handle malformed FLC movie files. 漏洞危害 If a user were tricked into opening a crafted FLC movie file with a GStreamer application, an attacker could cause a denial of service…
CVE
CVE-2016-0772 Ubuntu Security Notification for Python2.7, Python3.2, Python3.4, Python3.5 Vulnerabilities (USN-3134-1)
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that the smtplib library in Python did not return an error when StartTLS fails. It was discovered that Python would not protect CGI applications from contents of the HTTP_PROXY environment variable when based on the con…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for akonadi to fix the vulnerabilities. 漏洞危害 The Update fixes the extensible cross-desktop Personal Information Management (PIM) storage service failure to start after applying the MySQL 5.5.53 securit…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for gst-plugins to fix the vulnerabilities. 漏洞危害 Successful Exploitation of the vulnerabilities can lead to the execution of arbitrary code. 解决方案 Refer to Debian security advisory DSA 3717-1 to address…
互联网时代,创投圈火热,补贴、红包、抽奖,花式获客拉新,催生一条特殊产业链。 黑客、卡商、刷客,捆绑成一个利益共同体,形成一支人数至少百万的黑产军团。 他们手头有2千多万个手机号码,流窜在各大互联网平台,专营漏洞,一单生意,少则十万,多则上千万,分秒间薅干一家平台。 他们是互联网时代的畸形产物,但他们的存在,又有着某种必然。 各大平台开始注意到他们的存在,和安全公司联合绞杀,而刷客军团迭代技术,利用人机配合,开始属于他们的“技术革命”。 真正的攻防恶战,才刚刚开始… 01 刷客销赃 10月底,电信旗下的翼支付,在部…
CVE
CVE-2016-6360 Cisco Email and Web Security Appliance Denial of Service Vulnerability (cisco-sa-20161026-esawsa3)
漏洞类别:Cisco 漏洞等级: 漏洞信息 A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to t…
漏洞类别:SUSE 漏洞等级: 漏洞信息 Suse has released security update for chromium to fix the vulnerabilities. Affected Products: openSUSE Leap 42.2 openSUSE Leap 42.1 openSUSE 13.2 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Upgrade to the la…
CVE
CVE-2016-6372 Cisco Email and Web Security Appliance MIME Header Bypass Vulnerability (cisco-sa-20161026-esawsa2)
漏洞类别:Cisco 漏洞等级: 漏洞信息 A vulnerability in the email filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated…
CVE
CVE-2016-1480 Cisco Email and Web Security Appliance Malformed MIME Header Vulnerability (cisco-sa-20161026-esawsa1)
漏洞类别:Cisco 漏洞等级: 漏洞信息 A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass co…
漏洞类别:Local 漏洞等级: 漏洞信息 Moxa SoftCMS is a central management software that manages large scale surveillance systems. Moxa SoftCMS contains the following vulnerabilities: CVE-2016-8360: A specially crafted URL request sent to the SoftCMS ASP Webserver can cause a…
漏洞类别:Local 漏洞等级: 漏洞信息 The BIG-IP platform is a smart evolution of Application Delivery Controller (ADC) technology. A remote attacker may be able to cause a denial-of-service (DoS) attack on the BIG-IP system's local instance of BIND by using a specially craft…
漏洞类别:Information gathering 漏洞等级: 漏洞信息 This is a list of outdated Python packages on the local system. It is suggested that all Python packages are updated so as to avoid related vulerabilities. NOTE: This QID needs python-pip to be installed on the local syste…
漏洞类别:RedHat 漏洞等级: 漏洞信息 he ipsilon packages provide the Ipsilon identity provider service for federated single sign-on (SSO). Ipsilon links authentication providers and applications or utilities to allow for SSO. It includes a server and utilities to configure …
漏洞类别:Local 漏洞等级: 漏洞信息 Moxa SoftCMS is a central management software that manages large scale surveillance systems. Moxa SoftCMS contains the following vulnerabilities: CVE-2015-6457: The vulnerability exists within the setStreamRecordData, setRecordPrefix, Aud…
漏洞类别:Local 漏洞等级: 漏洞信息 Moxa SoftCMS is a central management software that manages large scale surveillance systems. Moxa SoftCMS does not properly sanitize input fields, allowing an attacker to access the product by specially crafting the input. Affected Versio…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that tar incorrectly handled extracting files when path names are specified on the command line. 漏洞危害 If a user or automated system were tricked into processing a specially crafted archive, an attacker could possibly ov…