2014年7月14日月曜日

14日 月曜日、大安









+ マイクロソフト セキュリティ アドバイザリ 2982792 不適切に発行されたデジタル証明書により、なりすましが行われる
https://technet.microsoft.com/ja-jp/library/security/2982792

+ HPSBNS03067 rev.1 - HP NonStop SSL running OpenSSL, Remote Code Execution, Unauthorized Access, Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04367164-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ HPSBNS03066 rev.1 - HP NonStop XYGATE User Authentication (XUA) running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04366622-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ Linux kernel 3.2.61 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.61

+ Juniper ScreenOS SSL/TLS Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030564
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2842

+ Juniper Junos SRX Input Validation Flaw in Web Authentication Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1030563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3821

+ Juniper Junos PIM Routing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030561
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3819

+ Juniper Junos SRX Series IPv6/IPv4 Translation flowd Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3822

+ Juniper Junos Unspecified Command Line Interface Flaw Lets Local Users Gain Root Privileges
http://www.securitytracker.com/id/1030559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3816

+ Juniper Junos SRX Series NAT flowd Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3817

+ Juniper Junos SRX Series SIP ALG flowd Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3815

+ SA56800 PHP Two Use-After-Free Vulnerabilities
http://secunia.com/advisories/56800/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4698

+ SA59633 Linux Kernel ptrace SYSRET Path Privilege Escalation Vulnerability
http://secunia.com/advisories/59633/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4699

+ PHP 'ext/spl/spl_dllist.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/68513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670

+ PHP 'ext/spl/spl_array.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/68511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4698

【実例で解き明かす、標的型サイバー攻撃の危険度】
実例で解き明かす、標的型サイバー攻撃の危険度
http://itpro.nikkeibp.co.jp/article/COLUMN/20140701/567904/?ST=security

【実例で解き明かす、標的型サイバー攻撃の危険度】
最大の弱点は「人間」、攻撃者が情報を盗むまでの6ステップ
http://itpro.nikkeibp.co.jp/article/COLUMN/20140701/567912/?ST=security

外付け機器でのデータ持ち出しを防止、ラネクシーがPC操作ログ管理ソフト新版
http://itpro.nikkeibp.co.jp/article/NEWS/20140710/570762/?ST=security

JVNVU#94415561 Raritan PX Power Distribution ソフトウェアに cipher zero 攻撃を受ける脆弱性
http://jvn.jp/vu/JVNVU94415561/

UPDATE: JVN#61247051 OpenSSL における Change Cipher Spec メッセージの処理に脆弱性
http://jvn.jp/jp/JVN61247051/index.html

VU#917348 Datum Systems satellite modem devices contain multiple vulnerabilities
http://www.kb.cert.org/vuls/id/917348

0 件のコメント:

コメントを投稿