SecLens 情报中心

网安资讯,一网打尽。汇集权威漏洞通告与行业要闻,结合分组浏览、智能过滤、RSS订阅 和 Webhook 推送,多通道拓展您的安全情报视野。

厂商发布

厂商对产品安全、配置或策略的更新说明。

  • Fragnesia Local Privilege Escalation report via ESP-in-TCP in the Linux Kernel

    发布时间 2026-05-14 10:17 (UTC+08:00) 抓取时间 2026-05-14 11:15 (UTC+08:00)

    This is an ongoing issue. Information is subject to change. Please refer to our Security Bulletin (ID: 2026-030-AWS) for the most updated patching information.

    扩展字段 
    {
  "author": "[email protected]",
  "bulletin_id": "2026-029-AWS",
  "content_type": "Important (requires attention)",
  "details": {
    "Bulletin ID": "2026-029-AWS",
    "Content Type": "Important (requires attention)",
    "Publication Date": "05/13/2026 18:45 PM PDT",
    "Scope": "AWS"
  },
  "publication_detail": "05/13/2026 18:45 PM PDT",
  "scope": "AWS"
}
    AWS 安全公告 bulletin:2026-029-aws severity:important-requires-attention vendor:aws official_advisory vulnerability_alert

  • Ongoing updates on Copy.fail and variants

    发布时间 2026-05-14 10:15 (UTC+08:00) 抓取时间 2026-05-14 11:15 (UTC+08:00)

    This is an ongoing issue. This bulletin will be updated as more information becomes available.

    扩展字段 
    {
  "author": "[email protected]",
  "bulletin_id": "2026-030-AWS",
  "content_type": "Important (requires attention)",
  "details": {
    "Bulletin ID": "2026-030-AWS",
    "Content Type": "Important (requires attention)",
    "Publication Date": "05/13/2026 10:00 PM PDT",
    "Scope": "AWS"
  },
  "publication_detail": "05/13/2026 10:00 PM PDT",
  "scope": "AWS"
}
    AWS 安全公告 bulletin:2026-030-aws severity:important-requires-attention vendor:aws official_advisory vulnerability_alert

  • CVE-2026-8178 - Remote Code Execution via Unsafe Class Loading in Amazon Redshift JDBC Driver

    发布时间 2026-05-09 02:42 (UTC+08:00) 抓取时间 2026-05-14 11:15 (UTC+08:00)

    Amazon Redshift JDBC Driver is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs). We identified an issue in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An

    扩展字段 
    {
  "author": "[email protected]",
  "bulletin_id": "2026-028-AWS",
  "content_type": "Important (requires attention)",
  "details": {
    "Bulletin ID": "2026-028-AWS",
    "Content Type": "Important (requires attention)",
    "Impacted versions": "Amazon Redshift JDBC Driver < 2.2.2",
    "Publication Date": "2026/05/08 11:30 AM PDT",
    "Scope": "AWS"
  },
  "publication_detail": "2026/05/08 11:30 AM PDT",
  "scope": "AWS"
}
    AWS 安全公告 bulletin:2026-028-aws severity:important-requires-attention vendor:aws official_advisory vulnerability_alert

  • CVE-2026-7424 - Integer Underflow in DHCPv6 Sub-Option Parser in FreeRTOS-Plus-TCP

    发布时间 2026-04-30 03:30 (UTC+08:00) 抓取时间 2026-05-14 11:15 (UTC+08:00)

    FreeRTOS-Plus-TCP is an open-source, scalable TCP/IP stack for FreeRTOS. We identified CVE-2026-7424, where an integer underflow issue in the DHCPv6 sub-option parser could allow an adjacent network user to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service (IP task freeze requiring hardware res

    扩展字段 
    {
  "author": "[email protected]",
  "bulletin_id": "2026-022-AWS",
  "content_type": "Important (requires attention)",
  "details": {
    "Bulletin ID": "2026-022-AWS",
    "Content Type": "Important (requires attention)",
    "Impacted versions": "FreeRTOS-Plus-TCP >=V4.0.0 AND <=V4.2.5, >=V4.3.0 AND <= V4.4.0",
    "Publication Date": "2026/04/29 12:20 PM PDT",
    "Scope": "AWS"
  },
  "publication_detail": "2026/04/29 12:20 PM PDT",
  "scope": "AWS"
}
    AWS 安全公告 bulletin:2026-022-aws severity:important-requires-attention vendor:aws official_advisory vulnerability_alert

  • Issue with FreeRTOS-Plus-TCP - MAC Address Validation Bypass and ICMP Echo Reply Integer Underflow

    发布时间 2026-04-30 03:25 (UTC+08:00) 抓取时间 2026-05-14 11:15 (UTC+08:00)

    FreeRTOS-Plus-TCP is a scalable, open source, and thread-safe TCP/IP stack for FreeRTOS. - CVE-2026-7422: Insufficient packet validation in the IPv4 and IPv6 receive paths allows an adjacent network device to send a packet that bypasses checksum and minimum-size validation by spoofing the Ethernet source MAC address to match one of the target device's own re

    扩展字段 
    {
  "author": "[email protected]",
  "bulletin_id": "2026-021-AWS",
  "content_type": "Important (requires attention)",
  "details": {
    "Bulletin ID": "2026-021-AWS",
    "Content Type": "Important (requires attention)",
    "Impacted versions": ">=V4.0.0 AND <=V4.2.5, >=V4.3.0 AND <=V4.4.0",
    "Publication Date": "2026/04/29 12:00 PM PDT",
    "Scope": "AWS"
  },
  "publication_detail": "2026/04/29 12:00 PM PDT",
  "scope": "AWS"
}
    AWS 安全公告 bulletin:2026-021-aws severity:important-requires-attention vendor:aws official_advisory vulnerability_alert

  • CVE-2026-7191- Arbitrary Code Execution via Sandbox Bypass in QnABot on AWS

    发布时间 2026-04-28 04:21 (UTC+08:00) 抓取时间 2026-05-14 11:15 (UTC+08:00)

    QnABot on AWS is an open-source solution that provides a multi-channel, multi-language conversational interface powered by Amazon Lex, Amazon OpenSearch Service, and optionally Amazon Bedrock.

    扩展字段 
    {
  "author": "[email protected]",
  "bulletin_id": "2026-020-AWS",
  "content_type": "Important (requires attention)",
  "details": {
    "Bulletin ID": "2026-020-AWS",
    "Content Type": "Important (requires attention)",
    "Impacted versions": "<=7.2.4",
    "Publication Date": "2026/04/27 13:15 PM PDT",
    "Scope": "AWS"
  },
  "publication_detail": "2026/04/27 13:15 PM PDT",
  "scope": "AWS"
}
    AWS 安全公告 bulletin:2026-020-aws severity:important-requires-attention vendor:aws official_advisory vulnerability_alert

  • CVE-2026-6437 - Mount Option Injection in Amazon EFS CSI Driver

    发布时间 2026-04-18 02:59 (UTC+08:00) 抓取时间 2026-05-14 11:15 (UTC+08:00)

    The Amazon EFS CSI Driver is a Container Storage Interface driver that allows Kubernetes clusters to use Amazon Elastic File System.

    扩展字段 
    {
  "author": "[email protected]",
  "bulletin_id": "2026-016-AWS",
  "content_type": "Important (requires attention)",
  "details": {
    "Bulletin ID": "2026-016-AWS",
    "Content Type": "Important (requires attention)",
    "Impacted versions": "EFS CSI Driver <&equal; v3.0.0",
    "Publication Date": "2026/04/17 11:15 AM PDT",
    "Scope": "AWS"
  },
  "publication_detail": "2026/04/17 11:15 AM PDT",
  "scope": "AWS"
}
    AWS 安全公告 bulletin:2026-016-aws severity:important-requires-attention vendor:aws official_advisory vulnerability_alert

  • CVE-2026-5747 - Out-of-bounds Write in Firecracker virtio-pci Transport

    发布时间 2026-04-15 01:38 (UTC+08:00) 抓取时间 2026-05-14 11:15 (UTC+08:00)

    Firecracker is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant container and function-based services.

    扩展字段 
    {
  "author": "[email protected]",
  "bulletin_id": "2026-015-AWS",
  "content_type": "Important (requires attention)",
  "details": {
    "Bulletin ID": "2026-015-AWS",
    "Content Type": "Important (requires attention)",
    "Impacted versions": "Firecracker >= 1.13.0 AND <= 1.14.3 AND 1.15.0",
    "Publication Date": "2026/04/07 15:30 PM PDT",
    "Scope": "AWS"
  },
  "publication_detail": "2026/04/07 15:30 PM PDT",
  "scope": "AWS"
}
    AWS 安全公告 bulletin:2026-015-aws severity:important-requires-attention vendor:aws official_advisory vulnerability_alert