漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2016-8654 , CVE-2016-9560 , CVE-2016-10…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their pr…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that FreeRADIUS incorrectly handled the TLS session cache. 漏洞危害 A remote attacker could possibly use this issue to bypass authentication by resuming an unauthenticated session. 解决方案 Refer to Ubuntu advisory USN-3316-1 f…
CVE
CVE-2016-9604 漏洞信息:Ubuntu Security Notification for Linux, Linux-raspi2 Vulnerabilities (USN-3314-1)
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that the keyring implementation in the Linux kernel in some situations did not prevent special internal keyrings from being joined by userspace keyrings. It was discovered that a buffer overflow existed in the trace sub…
CVE
CVE-2017-0605 漏洞信息:Ubuntu Security Notification for Linux, Linux-raspi2 Vulnerability (USN-3313-1)
漏洞类别:Ubuntu' 漏洞等级: 漏洞信息 It was discovered that a buffer overflow existed in the trace subsystem in the Linux kernel. 漏洞危害 A privileged local attacker could use this to execute arbitrary code. 解决方案 Refer to Ubuntu advisory USN-3313-1 for affected packages and p…
CVE
CVE-2016-7913漏洞信息: Ubuntu Security Notification for Linux, Linux-aws, Linux-gke, Linux-raspi2, Linux-snapdragon Vulnerabilities (USN-3312-1)
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that the netfilter netlink implementation in the Linux kernel did not properly validate batch messages. A heap-based buffer overflow in the tipc_msg_build() function in the Linux kernel. It was discovered that the keyri…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that libnl incorrectly handled memory when performing certain operations. 漏洞危害 A local attacker could possibly use this issue to cause libnl to crash, resulting in a denial of service, or execute arbitrary code. 解决方案 Re…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that lintian incorrectly handled deserializing certain YAML files. 漏洞危害 If a user or automated system were tricked into running lintian on a specially crafted package, a remote attacker could possibly use this issue to …
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that GnuTLS incorrectly handled certain assignments files. 漏洞危害 If a user were tricked into processing a specially crafted assignments file, a remote attacker could possibly execute arbirary code. 解决方案 Refer to Ubuntu a…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that Puppet incorrectly handled the search path. It was discovered that Puppet incorrectly handled YAML deserialization. 漏洞危害 A local attacker could use this issue to possibly execute arbitrary code. (CVE-2014-3248) A r…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that OpenLDAP incorrectly handled certain search requests. 漏洞危害 A remote attacker could use this issue to cause slapd to crash, resulting in a denial of service. 解决方案 Refer to Ubuntu advisory USN-3307-1 for affected pac…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that libsndfile incorrectly handled certain malformed files. 漏洞危害 A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. 解决方案 Refer to …
CVE
CVE-2017-0350 漏洞信息:Ubuntu Security Notification for Nvidia-graphics-drivers-375 Vulnerabilities (USN-3305-1)
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that the NVIDIA graphics drivers contained flaws in the kernel mode layer. 漏洞危害 A local attacker could use these issues to cause a denial of service or potentially escalate their privileges on the system. 解决方案 Refer to …
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for perl to fix the vulnerabilities. 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Refer to Debian security advisory DSA 3873-1 to address this issue and obtain further de…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for nss to fix the vulnerabilities. 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial conte…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for zookeeper to fix the vulnerabilities. 漏洞危害 Successful exploitation of the vulnerability cause denial of service attacks. 解决方案 Refer to Debian security advisory DSA 3871-1 to address this issue and …
漏洞类别:RedHat 漏洞等级: 漏洞信息 Chromium is an open-source web browser, powered by WebKit (Blink). Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or di…
漏洞类别:RedHat 漏洞等级: 漏洞信息 Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. A remote…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for imagemagick to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 漏洞危害 This vulne…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for libnettle to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 漏洞危害 This vulnera…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for strongswan to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability can be used to cause a complete denial of service and could render the resource com…
CVE
CVE-2017-8779 漏洞信息:SUSE Enterprise Linux Security Update for libtirpc, rpcbind (SUSE-SU-2017:1468-1)
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for libtirpc, rpcbind to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability can be used to cause a…
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for sudo to fix the vulnerabilities. Affected Products: Oracle Linux 5 漏洞危害 A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypass…
CVE
CVE-2016-6087 漏洞信息: IBM Domino TLS server's Diffie-Hellman parameter Vulnerability (swg22002808)
漏洞类别:Local 漏洞等级: 漏洞信息 IBM Domino (formerly IBM Lotus Domino) is an advanced platform for hosting social business applications. IBM Domino is vulnerable to a information disclosure vulnerability which allows an attacker to steal credentials with the help of usi…
漏洞类别:Local 漏洞等级: 漏洞信息 Google Chrome is a web browser for multiple platforms developed by Google. This Google Chrome update fixes the following vulnerabilities: CVE-2017-5070 Type confusion in V8. CVE-2017-5071 Out of bounds read in V8. CVE-2017-5072 Address sp…