7月 - 2017 - 漏洞银行丨0daybank

漏洞类别：SUSE 漏洞等级：漏洞信息 SUSE has released security update for libreoffice to fix the vulnerabilities. Affected Products: openSUSE Leap 42.2 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use …

2017-07-31 0条评论 5193点热度 0人点赞 admin 阅读全文

漏洞类别：SUSE 漏洞等级：漏洞信息 SUSE has released security update for systemd to fix the vulnerabilities. Affected Products: openSUSE Leap 42.2 漏洞危害 This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availabi…

2017-07-31 0条评论 4950点热度 0人点赞 admin 阅读全文

漏洞类别：RedHat 漏洞等级：漏洞信息 Graphite2 is a project within SIL's Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Various vulnerabilities have been discovered in Graphite2. …

2017-07-31 0条评论 5080点热度 0人点赞 admin 阅读全文

漏洞类别：RedHat 漏洞等级：漏洞信息 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle refe…

2017-07-31 0条评论 5922点热度 0人点赞 admin 阅读全文

漏洞类别：Local 漏洞等级：漏洞信息 The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string. A…

2017-07-31 0条评论 5152点热度 0人点赞 admin 阅读全文

漏洞类别：Local 漏洞等级：漏洞信息 Certain values in a TLS abbreviated handshake when using a client SSL profile with the Session Ticket option enabled may cause disruption of service to the Traffic Management Microkernel (TMM). The Session Ticket option is disabled by def…

2017-07-31 0条评论 3881点热度 0人点赞 admin 阅读全文

漏洞类别：Local 漏洞等级：漏洞信息 Safari is a Web-browser developed by Apple which is based on the WebKit engine. The update addresses multiple vulnerabilities affecting WebKit and Safari for OS X Yosemite, El Capitan and macOS Sierra. 漏洞危害 Successful exploitation of the …

2017-07-31 0条评论 3697点热度 0人点赞 admin 阅读全文

漏洞类别：Amazon Linux 漏洞等级：漏洞信息 Security Fix(es): A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, b…

2017-07-31 0条评论 3886点热度 0人点赞 admin 阅读全文

漏洞类别：Amazon Linux 漏洞等级：漏洞信息 The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. ( …

2017-07-31 0条评论 3989点热度 0人点赞 admin 阅读全文

漏洞类别：SUSE 漏洞等级：漏洞信息 SUSE has released security update for apport to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gain complete access to sensitive information. Malicious users co…

2017-07-31 0条评论 3416点热度 0人点赞 admin 阅读全文

漏洞类别：SUSE 漏洞等级：漏洞信息 SUSE has released security update for jasper to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 漏洞危害 This vulnerabil…

2017-07-31 0条评论 3544点热度 0人点赞 admin 阅读全文

漏洞类别：RedHat 漏洞等级：漏洞信息 The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2). It was found that the log file viewer in Red Hat JBoss Enterprise Applicat…

2017-07-31 0条评论 3462点热度 0人点赞 admin 阅读全文

漏洞类别：Ubuntu 漏洞等级：漏洞信息 It was discovered that libiberty incorrectly handled certain string operations. It was discovered that libiberty incorrectly handled parsing certain binaries. It was discovered that libiberty incorrectly handled parsing certain binaries.…

2017-07-31 0条评论 3508点热度 0人点赞 admin 阅读全文

漏洞类别：Ubuntu 漏洞等级：漏洞信息 It was discovered that gdb incorrectly handled certain malformed AOUT headers in PE executables. It was discovered that gdb incorrectly handled printing bad bytes in Intel Hex objects. It was discovered that gdb incorrectly handled certa…

2017-07-31 0条评论 3452点热度 0人点赞 admin 阅读全文

漏洞类别：Ubuntu 漏洞等级：漏洞信息 It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. It was discovered that the JAR verifier in OpenJDK did not properly handle archives containing files missing digests. It was discovered…

2017-07-31 0条评论 3482点热度 0人点赞 admin 阅读全文

漏洞类别：Ubuntu 漏洞等级：漏洞信息 It was discovered that Ruby DL::dlopen incorrectly handled opening libraries. It was discovered that the Ruby OpenSSL extension incorrectly handled hostname wildcard matching. It was discovered that Ruby Fiddle::Handle incorrectly handle…

2017-07-31 0条评论 3422点热度 0人点赞 admin 阅读全文

漏洞类别：Ubuntu 漏洞等级：漏洞信息 It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. It was discovered that the Linux kernel did not properly restrict access to /proc/iomem. A race condition in the Advanced Linux Sound Arch…

2017-07-31 0条评论 3352点热度 0人点赞 admin 阅读全文

漏洞类别：Ubuntu 漏洞等级：漏洞信息 It was discovered that ImageMagick incorrectly handled certain malformed image files. 漏洞危害 If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a den…

2017-07-31 0条评论 3341点热度 0人点赞 admin 阅读全文

漏洞类别：Ubuntu 漏洞等级：漏洞信息 It was discovered that the X.Org X server incorrectly handled endianness conversion of certain X events. It was discovered that the X.Org X server incorrectly handled endianness conversion of certain X events. It was discovered that the …

2017-07-31 0条评论 3472点热度 0人点赞 admin 阅读全文

漏洞类别：SUSE 漏洞等级：漏洞信息 SUSE has released security update for apache2 to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP3 SU…

2017-07-31 0条评论 3577点热度 0人点赞 admin 阅读全文

漏洞类别：RedHat 漏洞等级：漏洞信息 The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2). It was discovered that under certain conditions RESTEasy could be for…

2017-07-31 0条评论 3128点热度 0人点赞 admin 阅读全文

漏洞类别：RedHat 漏洞等级：漏洞信息 Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to …

2017-07-31 0条评论 3088点热度 0人点赞 admin 阅读全文

漏洞类别：RedHat 漏洞等级：漏洞信息 Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resul…

2017-07-31 0条评论 3208点热度 0人点赞 admin 阅读全文

漏洞类别：Local漏洞等级：漏洞信息 McAfee ePolicy Orchestrator (ePO) software centralizes and streamlines management of endpoint, network, content security and compliance solutions. McAfee ePolicy Orchestrator is prone to a directory traversal vulnerability which allows rem…

2017-07-31 0条评论 3169点热度 0人点赞 admin 阅读全文

漏洞类别：Local 漏洞等级：漏洞信息 IBM WebSphere Application Server is designed to facilitate the creation of various enterprise Web applications. IBM WebSphere Application Server is vulnerable Cross-Site Scripting vulnerability which can lead to a potential credential dis…

2017-07-31 0条评论 3022点热度 0人点赞 admin 阅读全文

漏洞类别：General remote services 漏洞等级：漏洞信息 This Critical Patch Update contains 21 new security fixes for the Oracle E-Business Suite. Seventeen of these vulnerabilities may be remotely exploitable without authentication. Affected Products: Oracle E-Business Suite…

2017-07-31 0条评论 3109点热度 0人点赞 admin 阅读全文

CVE-2016-10327 OpenSUSE Security Update for libreoffice (openSUSE-SU-2017:1851-1)

CVE-2017-9217 OpenSUSE Security Update for systemd (openSUSE-SU-2017:1844-1)

CVE-2017-7771 Red Hat Update for graphite2 (RHSA-2017:1793)

CVE-2017-10053 21:25:36 Red Hat Update for java-1.8.0-openjdk (RHSA-2017:1789)

CVE-2016-6515 F5 BIG-IP ASM OpenSSH Denial of Service Vulnerability (K31510510)

CVE-2017-6141 F5 BIG-IP ASM TMM SSL/TLS Profile Vulnerability (K21154730)

CVE-2017-7060 Apple Safari 10.1.2 Not Installed (APPLE-SA-2017-07-19-5)

CVE-2017-3143 Amazon Linux Security Advisory for bind: ALAS-2017-858

CVE-2017-1000381 Amazon Linux Security Advisory for c-ares: ALAS-2017-859

CVE-2015-1338 SUSE Enterprise Linux Security Update for apport (SUSE-SU-2017:1938-1)

CVE-2016-9262 2017-07-26 21:16:34 SUSE Enterprise Linux Security Update for jasper (SUSE-SU-2017:1916-1)

CVE-2016-5018 Red Hat Update for jboss-ec2-eap (RHSA-2017:1552)

CVE-2016-2226 Ubuntu Security Notification for Libiberty Vulnerabilities (USN-3368-1)

CVE-2014-8501 Ubuntu Security Notification for Gdb Vulnerabilities (USN-3367-1)

CVE-2017-10053 Ubuntu Security Notification for Openjdk-8 Vulnerabilities (USN-3366-1)

CVE-2009-5147 Ubuntu Security Notification for Ruby1.9.1, Ruby2.0, Ruby2.3 Vulnerabilities (USN-3365-1)

CVE-2014-9900 Ubuntu Security Notification for Linux, Linux-raspi2, Linux-snapdragon Vulnerabilities (USN-3364-1)

CVE-2017-10928 Ubuntu Security Notification for Imagemagick Vulnerabilities (USN-3363-1)

CVE-2017-10971 Ubuntu Security Notification for Xorg-server, Xorg-server-hwe-16.04, Xorg-server-lts-xenial Vulnerabilities (USN-3362-1)

CVE-2017-9788 SUSE Enterprise Linux Security Update for apache2 (SUSE-SU-2017:1961-1)

CVE-2016-9606 Red Hat Update for eap7-jboss-ec2-eap (RHSA-2017:1412)

CVE-2016-5018 Red Hat Update for JBoss Enterprise Application Platform 6.4.16 (RHSA-2017:1749)

CVE-2016-9606 Red Hat Update for JBoss Enterprise Application Platform 7.0.6 (RHSA-2017:1411)

CVE-2017-3980 Intel McAfee ePolicy Orchestrator Directory Traversal Vulnerability (SB10196)

CVE-2016-8934 IBM WebSphere Cross-Site Scripting Vulnerability (swg21992315)

CVE-2017-10246 Oracle E-Business Suite Multiple Vulnerabilities (CPUJUL2017)