2014年11月14日金曜日

14日 金曜日、赤口

+ UPDATE: GNU Bash Environment Variable Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

+ UPDATE: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle

+ Apache Tomcat 7.0.57 Released
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

+ PHP 5.6.3, 5.5.19 released
http://php.net/archive/2014.php#id2014-11-13-2
http://php.net/archive/2014.php#id2014-10-16-3

+ JVNDB-2014-000131 一太郎シリーズにおいて任意のコードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000131.html

+ 一太郎に緊急対策が必要な脆弱性発覚、標的型攻撃でPCを乗っ取られるリスク
http://itpro.nikkeibp.co.jp/atcl/news/14/111301901/?ST=security

+ VU#158647 Microsoft Windows Object Linking and Embedding (OLE) OleAut32 library SafeArrayRedim function vulnerable to remote code execution via Internet Explorer
http://www.kb.cert.org/vuls/id/158647
CVE-2014-6332

+ VU#505120 Microsoft Secure Channel (Schannel) vulnerable to remote code execution via specially crafted packets
http://www.kb.cert.org/vuls/id/505120
CVE-2014-6321

+ REMOTE: Internet Explorer OLE Automation Array Remote Code Execution
http://www.exploit-db.com/exploits/35229

+ REMOTE: Internet Explorer OLE Automation Array Remote Code Execution (msf)
http://www.exploit-db.com/exploits/35230

+ MS Office 2007 and 2010 OLE Arbitrary Command Execution
http://cxsecurity.com/issue/WLB-2014110081
CVE-2014-6352

+ Linux Kernel CVE-2014-7843 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/71082
CVE-2014-7843

+ Linux Kernel CVE-2014-7841 SCTP NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/71081
CVE-2014-7841

+ Multiple Ichitaro Products CVE-2014-7247 Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/71079
CVE-2014-7247

+ Linux Kernel KVM CVE-2014-7842 Local Denial of Service Vulnerabilit
http://www.securityfocus.com/bid/71078
CVE-2014-7842

+ Wireshark AMQP Dissector CVE-2014-8711 Denial of Service Vulnerability
http://www.securityfocus.com/bid/71070
CVE-2014-8711

攻撃検知でITインフラを自動制御、トレンドマイクロがSDN連携技術を発表
http://itpro.nikkeibp.co.jp/atcl/news/14/111301892/?ST=security

統計&調査
[データは語る]米国人の9割が「消費者は自身の個人情報を守れない」
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/111300010/?ST=security

フォーティネット、200万円台の中規模UTMに新モデル
http://itpro.nikkeibp.co.jp/atcl/news/14/111301888/?ST=security

ラベル:

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)