漏洞类别:Local 漏洞等级: 漏洞信息 HPE ArcSight Data Platform (formerly ArcSight Logger) is a SIEM platform that unifies data collection and log management of machine data for security. An authorization bypass vulnerability exists that allows an authenticated, remote attac…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for svgsalamander to fix the vulnerabilities. 漏洞危害 Successful exploitation will allow server side request forgery. 解决方案 Refer to Debian security advisory DSA 3781-1 to address this issue and obtain fur…
漏洞类别:AIX 漏洞等级: 漏洞信息 IBM AIX is prone to the following vulnerabilities: OpenSSH is vulnerable to a denial of service, caused by an error in the kex_input_kexinit() function. By sending specially crafted data during the key exchange process, a remote attacker co…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's …
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 It was discovered that Subversion's mod_dontdothat module and Subversion clients using http(s):// are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. An authenticated remote attacker can cause d…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a null pointer and crash by supply…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 A stack overflow vulnerability was found in _nss_dns_getnetbyname_r. On systems with nsswitch configured to include "networks: dns" with a privileged or network-facing service that would attempt to resolve user-provided network nam…
漏洞类别:CGI 漏洞等级: 漏洞信息 WordPress is an open source blogging tool and content management system based on PHP and MySQL. It has many features including a plug-in architecture and a template system. WordPress versions prior to 4.7.2 contain the following unauthorize…
漏洞类别:SUSE 漏洞等级: 漏洞信息 Suse has released security update for mysql to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gain complet…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for spice to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 漏洞危害 This vulnerabili…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for guile to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP2 SUSE…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for spice to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gain complet…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for guile to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 Malicious users could use this vulnerability to chang…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for spice to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 漏洞危害 This vulnerabili…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for libxml2 to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 漏洞危害 This vulnerabi…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for gcc48 to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. 解决…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for libcap-ng to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gain com…
漏洞类别:CGI 漏洞等级: 漏洞信息 LxCenter Kloxo (formerly known as Lxadmin) is a free, opensource web hosting control panel for the Red Hat and CentOS Linux distributions. The vulnerability exists because an implemented /lbin/webcommand.php source file fails to properly sa…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that Nettle incorrectly mitigated certain timing side-channel attacks. 漏洞危害 A remote attacker could possibly use this flaw to recover private keys. 解决方案 Refer to Ubuntu advisory USN-3193-1 for affected packages and patc…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that Squid incorrectly handled processing HTTP conditional requests. It was discovered that Squid incorrectly handled certain HTTP Request headers when using the Collapsed Forwarding feature. 漏洞危害 A remote attacker coul…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. 漏洞危害 If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser secu…
CVE
CVE-2016-10147 Ubuntu Security Notification for Linux, Linux-raspi2, Linux-snapdragon Vulnerabilities (USN-3189-1)
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that the asynchronous multibuffer cryptographic daemon (mcryptd) in the Linux kernel did not properly handle being invoked with incompatible algorithms. It was discovered that the ICMP implementation in the Linux kernel…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. 漏洞危害 A remote attacker could use this to cause a denial of service (system crash). 解决方案 Refer to Ubuntu advisory USN-3188-…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. It was discovered that multiple memory leaks existed in the XFS implementation in the Linux kernel. 漏洞危害 A remote attacker…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The Red Hat Virtualization Manager is a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource…