2015年3月27日金曜日

27日 金曜日、先負











+ RHSA-2015:0729 Important: setroubleshoot security update
https://rhn.redhat.com/errata/RHSA-2015-0729.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1815

+ RHSA-2015:0728 Moderate: ipa and slapi-nis security and bug fix update
https://rhn.redhat.com/errata/RHSA-2015-0728.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0283
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1827

+ RHSA-2015:0726 Important: kernel security and bug fix update
https://rhn.redhat.com/errata/RHSA-2015-0726.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1421

+ CESA-2015:0718 Critical CentOS 6 firefox Security Update
http://lwn.net/Alerts/638022/

+ CESA-2015:0718 Critical CentOS 5 firefox Security Update
http://lwn.net/Alerts/638023/

+ UPDATE: Cisco IOS Software and IOS XE Software mDNS Gateway Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-mdns

+ UPDATE: Cisco IOS Software Virtual Routing and Forwarding ICMP Queue Wedge Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-wedge

+ UPDATE: Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150320-openssl

+ UPDATE: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl

+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd

+ HPSBMU03294 rev.1 - HP Process Automation running OpenSSL, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04597376&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ UPDATE: HPSBMU03291 rev.2 - HP Operations Orchestration running Powershell Operations, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04595417&docLocale=ja_JP

+ Linux kernel 3.19.3, 3.14.37, 3.10.73 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.3
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.37
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.73

+ PHP ZIP Library Integer Overflow Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1031985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331

SSL/TLS (FREAK) vulnerability: affected Sophos products and versions
http://www.sophos.com/en-us/support/knowledgebase/122007.aspx

JVNDB-2015-000044 WordPress 用テーマ flashy におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000044.html

JVNDB-2015-000043 Fumy Teacher's Schedule Board におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000043.html

チェックしておきたい脆弱性情報<2015.03.27>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/032300047/?ST=security

世界のセキュリティ・ラボから
家庭内ネットワークを嗅ぎまわるマルウエア
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/032300038/?ST=security

VU#930956 Multiple ANTlabs InnGate models allow unauthenticated read/write to filesystem
http://www.kb.cert.org/vuls/id/930956

REMOTE: QNAP admin shell via Bash Environment Variable Code Injection
http://www.exploit-db.com/exploits/36503/

REMOTE: QNAP Web Server Remote Code Execution via Bash Environment Variable Code Injection
http://www.exploit-db.com/exploits/36504/

REMOTE: WebGate eDVR Manager Stack Buffer Overflow
http://www.exploit-db.com/exploits/36505/

LOCAL: Mini-stream Ripper v2.7.7.100 Local Buffer Overflow
http://www.exploit-db.com/exploits/36501/

LOCAL: RM Downloader 2.7.5.400 Local Buffer Overflow
http://www.exploit-db.com/exploits/36502/

0 件のコメント:

コメントを投稿