2016-10-18| 补丁编号:CNPD-2016-82522| 贡献者:CNVD 所属漏洞编号 CNVD-2016-09364 补丁链接 http://technet.microsoft.com/security/bulletin/MS16-121 补丁描述 Microsoft Office是微软公司开发的一套基于Windows操作系统的办公软件套装。 Office若未正确处理RTF文件在实现上存在Office RTF远程内存破坏漏洞。可使攻击者在当前用户上下文中执行任意代码。目前，供应商发布了安全公告及相关补…

2016-10-18| 补丁编号:CNPD-2016-82526| 贡献者:CNVD 所属漏洞编号 CNVD-2016-09370 补丁链接 http://www.vmware.com/security/advisories/VMSA-2016-0016.html 补丁描述 VMware vRealize Operations是美国威睿（VMware）公司的一套基于策略的自动化、智能化IT运维和管理软件。 VMware vRealize Operations中存在远程权限提升漏洞。远程攻击者可利用该漏洞获取受影响应…

2016-10-18| 补丁编号:CNPD-2016-82527| 贡献者:CNVD 所属漏洞编号 CNVD-2016-09371 补丁链接 https://www.kernel.org/ 补丁描述 Linux kernel是美国Linux基金会发布的操作系统Linux所使用的内核。 Linux kernel中存在栈缓冲区溢出漏洞。攻击者可利用该漏洞造成拒绝服务（无限循环和内核中的栈破坏）。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。 补丁附件 (无附件) 补丁状态 通过审核 补丁审核意见 (无审核意见…

2016-10-18| 补丁编号:CNPD-2016-82525| 贡献者:CNVD 所属漏洞编号 CNVD-2016-09369 补丁链接 http://technet.microsoft.com/security/bulletin/MS16-124 补丁描述 Microsoft Windows是流行的计算机操作系统。 Windows kernel API允许用户访问注册表信息在实现上存在权限提升漏洞。可使本地攻击者利用该漏洞通过构造的应用提升权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。 补丁附…

报送者:蓝盾信息安全技术有限公司 CNVD-ID CNVD-2016-09379 发布时间 2016-10-18 危害级别 高 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 影响产品 Microsoft Windows Server 2008 R2 SP1 Microsoft Windows Server 2008 R2 Microsoft Windows 7 SP1 Microsoft Windows Vista sp2 Microsoft Windows 8.1 Microsoft Windows …

所属漏洞编号 CNVD-2016-09370 补丁链接 http://www.vmware.com/security/advisories/VMSA-2016-0016.html 补丁描述 VMware vRealize Operations是美国威睿（VMware）公司的一套基于策略的自动化、智能化IT运维和管理软件。 VMware vRealize Operations中存在远程权限提升漏洞。远程攻击者可利用该漏洞获取受影响应用程序的完全控制权。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。 补丁附件…

漏洞类别：Ubuntu 漏洞等级： 漏洞信息 It was discovered that Tracker incorrectly handled certain malformed GIF images. 漏洞危害 If a user or automated system were tricked into downloading a specially-crafted GIF image, Tracker could crash, resulting in a denial of service. 解决方案 …

漏洞类别：Ubuntu 漏洞等级： 漏洞信息 It was discovered that the KDE-PIM Libraries incorrectly filtered URLs. 漏洞危害 A remote attacker could use this issue to perform an HTML injection attack in the KMail plain text viewer. 解决方案 Refer to Ubuntu advisory USN-3100-1 for affected…

漏洞类别：Ubuntu 漏洞等级： 漏洞信息 An unbounded recursion in the VLAN and TEB Generic Receive Offload (GRO) processing implementations in the Linux kernel. A use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A race conditi…

漏洞类别：Debian 漏洞等级： 漏洞信息 Debian has released security update for freeimage to fix the vulnerabilities. 漏洞危害 解决方案 Refer to Debian security advisory DSA 3692-1 to address this issue and obtain further details. Patch: Following are links for downloading patches to …

漏洞类别：Ubuntu 漏洞等级： 漏洞信息 An unbounded recursion in the VLAN and TEB Generic Receive Offload (GRO) processing implementations in the Linux kernel. A use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A race conditi…

漏洞类别：Debian 漏洞等级： 漏洞信息 Debian has released security update for ghostscript to fix the vulnerabilities. 漏洞危害 解决方案 Refer to Debian security advisory DSA 3691-1 to address this issue and obtain further details. Patch: Following are links for downloading patches t…

漏洞类别：Ubuntu 漏洞等级： 漏洞信息 A use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A race condition in the audit subsystem in the Linux kernel. A race condition in the Adaptec AAC RAID controller driver in the Linux ke…

漏洞类别：Debian 漏洞等级： 漏洞信息 Debian has released security update for icedove to fix the vulnerabilities. 漏洞危害 解决方案 Refer to Debian security advisory DSA 3690-1 to address this issue and obtain further details. Patch: Following are links for downloading patches to fi…

漏洞类别：Ubuntu 漏洞等级： 漏洞信息 A use-after-free was discovered in the V8 bindings in Blink. A use-after-free was discovered in the V8 bindings in Blink. An issue was discovered in V8. Multiple security issues were discovered in Chromium. A use-after-free was discovere…

漏洞类别：Debian 漏洞等级： 漏洞信息 Debian has released security update for php5 to fix the vulnerabilities. 漏洞危害 解决方案 Refer to Debian security advisory DSA 3689-1 to address this issue and obtain further details. Patch: Following are links for downloading patches to fix t…

漏洞类别：Debian 漏洞等级： 漏洞信息 Debian has released security update for nss to fix the vulnerabilities. 漏洞危害 解决方案 Refer to Debian security advisory DSA 3688-1 to address this issue and obtain further details. Patch: Following are links for downloading patches to fix th…

漏洞类别：Debian 漏洞等级： 漏洞信息 Debian has released security update for nspr to fix the vulnerabilities. 漏洞危害 解决方案 Refer to Debian security advisory DSA 3687-1 to address this issue and obtain further details. Patch: Following are links for downloading patches to fix t…

漏洞类别：Local 漏洞等级： 漏洞信息 Solarwinds Dameware Remote Mini Controller is a software for assisting in remote desktop connections for helpdesk support. Stack-based buffer overflow in the URI handler in DWRCC.exe in SolarWinds DameWare Mini Remote Control. Affected Ve…

漏洞类别：Debian 漏洞等级： 漏洞信息 Debian has released security update for icedove to fix the vulnerabilities. 漏洞危害 解决方案 Refer to Debian security advisory DSA 3686-1 to address this issue and obtain further details. Patch: Following are links for downloading patches to fi…

漏洞类别：Debian 漏洞等级： 漏洞信息 Debian has released security update for libav to fix the vulnerabilities. 漏洞危害 解决方案 Refer to Debian security advisory DSA 3685-1 to address this issue and obtain further details. Patch: Following are links for downloading patches to fix …

漏洞类别：Local 漏洞等级： 漏洞信息 Wireshark is a network protocol analyzer available for multiple operating systems. It lets you capture and interactively browse the traffic running on a computer network. The application is exposed to multiple denial of service vulnerabil…

漏洞类别：Fedora 漏洞等级： 漏洞信息 Fedora has released security update for xen to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 Successful exploitation allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet. 解决方案 Fedora has issued upda…

漏洞类别：Fedora 漏洞等级： 漏洞信息 Fedora has released security update for xen to fix the vulnerability. Affected OS: Fedora 24 漏洞危害 Successful exploitation allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet. 解决方案 Fedora has issued upda…

漏洞类别：Fedora 漏洞等级： 漏洞信息 Fedora has released security update for xen to fix the vulnerability. Affected OS: Fedora 23 漏洞危害 Successful exploitation allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet. 解决方案 Fedora has issued upda…