2014年6月16日月曜日

16日 月曜日、大安












+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

+ UPDATE: Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140611-ipv6

+ HPSBUX03046 SSRT101590 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04336637-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
CVE-2014-0076
CVE-2014-0195
CVE-2014-0221
CVE-2014-0224
CVE-2014-3470

+ FreeBSD-9.3 Beta3 Available
http://lists.freebsd.org/pipermail/freebsd-stable/2014-June/078959.html

+ GCC 4.7.4 released
https://gcc.gnu.org/gcc-4.7/changes.html
https://gcc.gnu.org/onlinedocs/4.7.4/

+ libpng 1.6.12 released
http://www.libpng.org/pub/png/src/libpng-1.6.12-README.txt

+ ISC BIND 9.10.0 P1 remote denial of service
http://cxsecurity.com/issue/WLB-2014060084
CVE-2014-3214
CVE-2014-3859

+ Linux Kernel 3.15-rc3 media_enum_entities() Infoleak vulnerability
http://cxsecurity.com/issue/WLB-2014060085
CVE-2014-1739

+ DoS/PoC: PostgreSQL <= 8.4.1 JOIN Hashtable Size Integer Overflow Denial Of Service Vulnerability
http://www.exploit-db.com/exploits/33729
2010-0733

+ SA58697 GNU C Library "posix_spawn_file_actions_addopen()" Denial of Service Vulnerability
http://secunia.com/advisories/58697/

+ SA58832 Wireshark Frame Metadissector Denial of Service Vulnerability
http://secunia.com/advisories/58832/
CVE-2014-4020

+ GNU glibc 'xc_cpupool_getinfo()' Function Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/68006

+ PHP DNS TXT Record Handling Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/68007

JVNDB-2014-000055 SEIL シリーズにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000055.html

JVNDB-2014-000054 Spring Framework におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000054.html

巧妙化する標的型攻撃メール、事例で知るその手口ITpro
第1回 分析が暴いた標的型攻撃メールの特性
http://itpro.nikkeibp.co.jp/article/COLUMN/20140605/561867/?ST=security

巧妙化する標的型攻撃メール 事例で知るその手口
http://itpro.nikkeibp.co.jp/article/COLUMN/20140605/561866/?ST=security

ニコニコ動画に不正ログイン攻撃、約220万回の試行で17万円の被害
http://itpro.nikkeibp.co.jp/article/NEWS/20140613/564042/?ST=security

パスワードによるアクセス制御はもう限界
http://itpro.nikkeibp.co.jp/article/COLUMN/20140613/563877/?ST=security

UPDATE: JVN#61247051  OpenSSL における Change Cipher Spec メッセージの処理に脆弱性
http://jvn.jp/jp/JVN61247051/index.html

REMOTE: ZTE and TP-Link RomPager - DoS Exploit
http://www.exploit-db.com/exploits/33737

REMOTE: Yealink VoIP Phone SIP-T38G - Default Credentials
http://www.exploit-db.com/exploits/33739

REMOTE: Yealink VoIP Phone SIP-T38G - Local File Inclusion
http://www.exploit-db.com/exploits/33740

REMOTE: Yealink VoIP Phone SIP-T38G - Remote Command Execution
http://www.exploit-db.com/exploits/33741

REMOTE: Yealink VoIP Phone SIP-T38G - Privileges Escalation
http://www.exploit-db.com/exploits/33742

0 件のコメント:

コメントを投稿