漏洞类别:Debian
漏洞等级: 
漏洞信息
Debian has released security update for python-django to fix the vulnerabilities.
漏洞危害
Successful exploitation allows attacker to compromise the system.
解决方案
Refer to Debian security advisory DSA 3678-1 to address this issue and obtain further details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
漏洞类别:Debian
漏洞等级:
漏洞信息
Debian has released security update for libarchive to fix the vulnerabilities.
漏洞危害
The sandboxing code in libarchive mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.
解决方案
Refer to Debian security advisory DSA 3677-1 to address this issue and obtain further details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
漏洞类别:Debian
漏洞等级:
漏洞信息
Debian has released security update for unadf to fix the vulnerabilities.
漏洞危害
Successful exploitation allows attacker to compromise the system.
解决方案
Refer to Debian security advisory DSA 3676-1 to address this issue and obtain further details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
漏洞类别:Local
漏洞等级:
漏洞信息
Cisco AnyConnect is a VPN Client for multiple platforms.
Cisco AnyConnect Secure Mobility Client contains a vulnerability that could allow an authenticated, local attacker to execute arbitrary code with elevated privileges.
Affected Versions:
Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier
漏洞危害
On successful exploitation allows local users to gain privileges via crafted IPC messages that trigger use of root privileges for a software-package installation
解决方案
Solution or updates are not available.
0day
漏洞类别:Local
漏洞等级: 
漏洞信息
HPE Data Protector software provides comprehensive data backup and recovery across physical, virtual and hybrid environments.
Hewlett Packard Enterprise is announcing the version discontinuance of HP Data Protector 6.0x
Affected Version :
HP Data Protector 6.0x
漏洞危害
The system is at high risk of being exposed to security vulnerabilities. Since the vendor no longer provides updates, obsolete software is highly prone to vulnerabilities.
解决方案
Please visit HP Data Protector 6.0x for more information.
0day
漏洞类别:CGI
漏洞等级: 
漏洞信息
Joomla! is a free open-source content management system written in PHP. It uses object oriented programming techniques and is built on a model-view-controller web application framework. It includes features such as page caching, RSS feeds, printable versions of pages, news flashes, blogs, polls, search, and support for language internationalization. Huge-IT Video Gallery is a Joomla! video gallery component.
The vulnerability exists in the components/com_videogallerylite/ajax_url.php source file that fails to sanitize user supplied input received via the load_videos_content argument. An unauthenticated, remote attacker could exploit this vulnerability by transmitting crafted HTTP GET requests to inject malicious SQL code in a targeted Joomla! installation.
Affected versions:
Joomla Huge-IT Video Gallery (com_videogallerylite) component 3.3.6
漏洞危害
Successful exploitation allows an unauthenticated, remote attacker to manipulate SQL queries by injecting arbitrary SQL code or further exploit latent vulnerabilities in the underlying database.
解决方案
The vendor has not confirmed this vulnerability.
Workaround:
Although the vendor has not confirmed this vulnerability, updated version is available, which may fix the vulnerability. Customers are advised to install the updated version.
0day
漏洞类别:OEL
漏洞等级:
漏洞信息
Oracle Enterprise Linux has released security update for openssl to fix the vulnerabilities.
Affected Products:
Oracle Linux 7
Oracle Linux 6
漏洞危害
Successful exploitation allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records.
解决方案
To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 7 Oracle Linux 6 for updates and patch information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
漏洞类别:SUSE
漏洞等级:
漏洞信息
Suse has released security update for openssh to fix the vulnerabilities.
Affected Products:
SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1
SUSE Manager 2.1
SUSE Linux Enterprise Server 11-SP3-LTSS
SUSE Linux Enterprise Point of Sale 11-SP3
SUSE Linux Enterprise Debuginfo 11-SP3
漏洞危害
This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system. Additionally this vulnerability can also be used to cause a complete denial of service and could render the resource completely unavailable.
解决方案
Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2016:2388-1 to address this issue and obtain further details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
漏洞类别:SUSE
漏洞等级:
漏洞信息
Suse has released security update for libtcnative-1-0 to fix the vulnerabilities.
Affected Products:
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
漏洞危害
Malicious users could use this vulnerability to change partial contents or configuration on the system.
解决方案
Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2016:2385-1 to address this issue and obtain further details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
漏洞类别:CGI
漏洞等级:
漏洞信息
Drupal is a free and open-source content-management framework written in PHP and distributed under the GNU General Public License.
Drupal 5 has been detected on the host. Drupal 5 has reached end of life on January 6, 2011 and will no longer be supported for security advisories. Since there will be no further bug fixes or security updates for this version, it is recommended that you migrate from version 5 to Drupal supported releases such as 7 or Drupal 8.
漏洞危害
Depending on the vulnerability being exploited, an unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the targeted system.
解决方案
Customers are advised to upgrade to Drupal 7,8 or later versions to remediate this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day