漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 <DIV> Issue Overview: HTTP authentication leak in redirectslibcurl might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers fi…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 <DIV> Issue Overview: SingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998)It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegist…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which d…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 An updated kernel release for Amazon Linux has been made available which prevents speculative execution of indirect branches within the kernel. This release incorporates latest stable open source Linux security improvements to addr…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Unsafe object deserialization through YAML formatted gem specifications:A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files w…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Weak ElGamal key parameters in PublicKey/ElGamal.py allow attackers to obtain sensitive information by reading ciphertext:lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Heap-based buffer overflow in mspack/lzxd.cmspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unsp…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Arbitrary code execution during go get via C compiler options: An arbitrary command execution flaw was found in the way Go s go get command handled gcc and clang sensitive options during the build. A remote attacker capable of host…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 DerValue unbounded memory allocation:It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this fl…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Incorrect documentation of CGI Servlet search algorithm may lead to misconfiguration:As part of the fix for bug 61201, the documentation for Apache Tomcat included an updated description of the search algorithm used by the CGI Serv…
漏洞类别:Amazon Linux漏洞等级: 漏洞信息 Late application of security constraints can lead to resource exposure for unauthorised users:Security constraints defined by annotations of Servlets in Apache Tomcat were only applied once a Servlet had been loaded. Because securit…
漏洞类别:Local 漏洞等级: 漏洞信息 IBM Tivoli Monitoring automates monitoring of essential system resources to detect bottlenecks and potential problems. There are several vulnerabilities in IBM SDK Java Technology Edition that is shipped as part of multiple IBM Tivoli Mon…
漏洞类别:Hardware 漏洞等级: 漏洞信息 Realtek provides Full Range of Connectivity, Multimedia, and Consumer Electronics Solutions. Realtek SDK Miniigd UPnP SOAP Command Execution. Different devices using the Realtek SDK with the miniigd daemon are vulnerable to OS command …
漏洞类别:RedHat 漏洞等级: 漏洞信息 Chromium is an open-source web browser, powered by WebKit (Blink). A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose se…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for samba to fix the vulnerability. Affected OS: Fedora 26 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Fedora has issued updated packages to fix this vulnerability. For …
漏洞类别:Local 漏洞等级: 漏洞信息 Google Chrome is a web browser for multiple platforms developed by Google. This Google Chrome update fixes the following vulnerability: CVE-2017-15429: UXSS in V8 Affected Versions: Google Chrome prior to 63.0.3239.108 QID Detection Logic…
漏洞类别:Local 漏洞等级: 漏洞信息 Cisco Jabber for Windows is a unified communications client within the Cisco Jabber suite of collaboration software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. Affecte…
漏洞类别:CGI 漏洞等级: 漏洞信息 McAfee Web Gateway Anti-Malware Engine, part of McAfee Web Protection, is a powerful in-line technology designed to protect against contemporary threats delivered via HTTP and HTTPS channels, taking web exploit detection, zero-day, and targ…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for imagemagick to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for imagemagick to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gain p…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for openssl to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP3 SU…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 A flaw was found in the patches used to fix the 'dirtycow' vulnerability (CVE-2016-5195 ). An attacker, able to run local code, can exploit a race condition in transparent huge pages to modify usually read-only huge pages. (CVE-201…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Unsanitized input when searching in local cache database It was found that sssd's sysdb_search_user_by_upn_res() function did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized log…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a gue…