漏洞类别:CGI 漏洞等级: 漏洞信息 Joomla! is a free open-source content management system written in PHP. It uses object oriented programming techniques and is built on a model-view-controller web application framework. It includes features such as page caching, RSS feeds, …
漏洞类别:CGI 漏洞等级: 漏洞信息 WordPress is an open source blogging tool and content management system based on PHP and MySQL. It has many features including a plug-in architecture and a template system. WordPress versions prior to 4.7.5 contain the following unauthorize…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for libtirpc to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 漏洞危害 This vulnerab…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for libxslt to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP2 SU…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for libtirpc to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 漏洞危害 This vulnerab…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for botan to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Ma…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for the linux kernel to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to g…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for libxslt to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gain parti…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that Bash incorrectly expanded the hostname when displaying the prompt. It was discovered that Bash incorrectly handled the SHELLOPTS and PS4 environment variables. It was discovered that Bash incorrectly handled the po…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that KVM implementation in the Linux kernel improperly emulated the VMXON instruction. It was discovered that the generic SCSI (sg) subsystem in the Linux kernel contained a stack-based buffer overflow. It was discovere…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 A heap overflow in the MACsec module in the Linux kernel. 漏洞危害 An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. 解决方案 Refer to Ubuntu advisory USN-3292-1 for affected packages and …
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that the generic SCSI (sg) subsystem in the Linux kernel contained a stack-based buffer overflow. It was discovered that a NULL pointer dereference existed in the Direct Rendering Manager (DRM) driver for VMWare devices…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that the TCP implementation in the Linux kernel mishandles socket buffer (skb) truncation. 漏洞危害 A local attacker could use this to cause a denial of service (system crash). 解决方案 Refer to Ubuntu advisory USN-3290-1 for a…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that QEMU incorrectly handled VirtFS directory sharing. It was discovered that QEMU incorrectly handled the Cirrus VGA device. It was discovered that QEMU incorrectly handled the Cirrus VGA device when being used with a…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that libytnef incorrectly handled malformed TNEF streams. 漏洞危害 If a user were tricked into opening a specially crafted TNEF attachment, an attacker could cause a denial of service or possibly execute arbitrary code. 解决方…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that the Git restricted shell incorrectly filtered allowed commands. 漏洞危害 A remote attacker could possibly use this issue to run an interactive pager and access sensitive information. 解决方案 Refer to Ubuntu advisory USN-3…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that the KDE-Libs Kauth component incorrectly checked services invoking D-Bus. 漏洞危害 A local attacker could use this issue to gain root privileges. 解决方案 Refer to Ubuntu advisory USN-3286-1 for affected packages and patch…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 Multiple security issues were discovered in Thunderbird. Multiple security issues were discovered in Thunderbird. A flaw was discovered in the DRBG number generation in NSS. 漏洞危害 If a user were tricked in to opening a specially crafted m…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged u…
CVE
CVE-2017-8291 SUSE Enterprise Linux Security Update for ghostscript-library (SUSE-SU-2017:1322-1)
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for ghostscript-library to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited t…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for bash to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 漏洞危害 Malicious users c…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for mariadb to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP2 SU…
背景内容 在分析iOS平台上与沙盒逃逸有关的攻击面时,我们在iCloud钥匙串同步功能的OTR实现中发现了一个严重的安全漏洞。 iCloud钥匙串同步功能允许用户以一种安全的方式跨设备共享自己的密码。该协议与其他跨设备密码共享机制(例如谷歌Chrome的密码同步功能)相比,安全性有显著的提升,因为它所采用的端到端加密使用了设备绑定型(device-specific)密钥,而这种加密方式能够显著提升iCloud钥匙串同步机制的安全性,即使用户的密码被盗或者iCloud后台服务器受到攻击,用户的安全也能够得到有效的保障…
*本文原创作者:tocttou,本文属FreeBuf原创奖励计划,未经许可禁止转载 HSTS是让浏览器强制使用HTTPS访问网站的一项安全策略。HSTS的设计初衷是缓解中间人攻击带来的风险。本文主要介绍HSTS及其他Web功能带来的一些隐私问题,比如如何利用它们来探测浏览器的用户历史纪录。 一、背景:什么是HSTS HSTS的英文全称是HTTP Strict Transport Security,中文译作HTTP严格传输安全。2012年11月IETF发布RFC 6797,在这篇文档中正式定义了HSTS。HSTS的开…
作者:360代码卫士 翻译:360代码卫士 投稿方式:发送邮件至linwei#360.cn,或登陆网页版在线投稿 当Windows用户都在担心操作系统遭受想哭勒索蠕虫劫持时,苹果用户还在高枕无忧地认为恶意软件的攻击奈何不了他们。但实际并非如此,苹果产品也并非刀枪不入,一本电子书就能黑掉Mac、iPhone和iPad。 周一,苹果为iOS、macOS、Safari、tvOS、iCloud、iTunes和watchOS发布软件更新,修复了共69个安全漏洞,其中很多漏洞都可被用于在受影响系统上执行远程代码。 其中包含多个…