漏洞类别：OEL 漏洞等级： 漏洞信息 Oracle Enterprise Linux has released security update for mariadb to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 on successful exploitation it could use this flaw to change permissions of arbitrary files writable by the m…

漏洞类别：OEL 漏洞等级： 漏洞信息 Oracle Enterprise Linux has released security update for gimp to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 An attacker could create a specially crafted XCF file which could cause GIMP to crash. (CVE-2016-4994) 解决方案 To …

漏洞类别：OEL 漏洞等级： 漏洞信息 Oracle Enterprise Linux has released security update for python to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 On successful exploitation it could cause a heap overflow, leading to arbitrary code execution. 解决方案 To resol…

漏洞类别：OEL 漏洞等级： 漏洞信息 Oracle Enterprise Linux has released security update for kernel to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a…

漏洞类别：OEL 漏洞等级： 漏洞信息 Oracle Enterprise Linux has released security update for qemu-kvm to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 A privileged guest user could use this flaw to crash the QEMU process instance. 解决方案 To resolve this issue,…

漏洞类别：OEL 漏洞等级： 漏洞信息 Oracle Enterprise Linux has released security update for libguestfs to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on …

漏洞类别：OEL 漏洞等级： 漏洞信息 Oracle Enterprise Linux has released security update for libreoffice to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 On successful exploitation a user is tricked into opening a specially crafted LWP document, an attacker …

漏洞类别：OEL 漏洞等级： 漏洞信息 Oracle Enterprise Linux has released security update for curl to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a prev…

漏洞类别：OEL 漏洞等级： 漏洞信息 Oracle Enterprise Linux has released security update for bind to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially…

漏洞类别：OEL 漏洞等级： 漏洞信息 Oracle Enterprise Linux has released security update for libreswan to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 A remote attacker could use a libreswan server with IKEv1 enabled in a network traffic amplification denia…

漏洞类别：OEL 漏洞等级： 漏洞信息 Oracle Enterprise Linux has released security update for krb5 to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to d…

漏洞类别：OEL 漏洞等级： 漏洞信息 Oracle Enterprise Linux has released security update for dhcp to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 A remote attacker able to establish TCP connections to one of these ports could use this flaw to cause dhcpd to…

漏洞类别：OEL 漏洞等级： 漏洞信息 Oracle Enterprise Linux has released security update for ntp to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 A remote attacker could use a specially crafted NTP packet to crash ntpd. 解决方案 To resolve this issue, upgrade to…

漏洞类别：OEL 漏洞等级： 漏洞信息 Oracle Enterprise Linux has released security update for glibc to fix the vulnerabilities. Affected Products: Oracle Linux 7 漏洞危害 An attacker could provide an excessively long network name, resulting in stack corruption and code execution. …

漏洞类别：Local 漏洞等级： 漏洞信息 WinRAR is a shareware file archiver and compressor utility for Windows. It can create archives in RAR or ZIP file formats and unpack numerous archive file formats. The file-execution functionality in WinRAR allows local users to escalate …

漏洞类别：Ubuntu 漏洞等级： 漏洞信息 It was discovered that MoinMoin did not properly sanitize certain inputs, resulting in cross-site scripting (XSS) vulnerabilities. 漏洞危害 With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a…

漏洞类别：Ubuntu 漏洞等级： 漏洞信息 A directory traversal flaw in lxc-attach. 漏洞危害 An attacker with access to an LXC container could exploit this flaw to access files outside of the container. 解决方案 Refer to Ubuntu advisory USN-3136-1 for affected packages and patching deta…

漏洞类别：Ubuntu 漏洞等级： 漏洞信息 It was discovered that GStreamer Good Plugins did not correctly handle malformed FLC movie files. 漏洞危害 If a user were tricked into opening a crafted FLC movie file with a GStreamer application, an attacker could cause a denial of service…

漏洞类别：Ubuntu 漏洞等级： 漏洞信息 It was discovered that the smtplib library in Python did not return an error when StartTLS fails. It was discovered that Python would not protect CGI applications from contents of the HTTP_PROXY environment variable when based on the con…

漏洞类别：Debian 漏洞等级： 漏洞信息 Debian has released security update for akonadi to fix the vulnerabilities. 漏洞危害 The Update fixes the extensible cross-desktop Personal Information Management (PIM) storage service failure to start after applying the MySQL 5.5.53 securit…

漏洞类别：Debian 漏洞等级： 漏洞信息 Debian has released security update for gst-plugins to fix the vulnerabilities. 漏洞危害 Successful Exploitation of the vulnerabilities can lead to the execution of arbitrary code. 解决方案 Refer to Debian security advisory DSA 3717-1 to address…

互联网时代，创投圈火热，补贴、红包、抽奖，花式获客拉新，催生一条特殊产业链。 黑客、卡商、刷客，捆绑成一个利益共同体，形成一支人数至少百万的黑产军团。 他们手头有2千多万个手机号码，流窜在各大互联网平台，专营漏洞，一单生意，少则十万，多则上千万，分秒间薅干一家平台。 他们是互联网时代的畸形产物，但他们的存在，又有着某种必然。 各大平台开始注意到他们的存在，和安全公司联合绞杀，而刷客军团迭代技术，利用人机配合，开始属于他们的“技术革命”。 真正的攻防恶战，才刚刚开始… 01 刷客销赃 10月底，电信旗下的翼支付，在部…

漏洞类别：Cisco 漏洞等级： 漏洞信息 A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to t…

漏洞类别：SUSE 漏洞等级： 漏洞信息 Suse has released security update for chromium to fix the vulnerabilities. Affected Products: openSUSE Leap 42.2 openSUSE Leap 42.1 openSUSE 13.2 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Upgrade to the la…

漏洞类别：Cisco 漏洞等级： 漏洞信息 A vulnerability in the email filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated…