2015年4月20日月曜日

20日 月曜日、仏滅

+ UPDATE: Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150320-openssl

+ UPDATE: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl

+ UPDATE: Cisco IOS XR Software BVI Routed Packet Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-iosxr

+ UPDATE: HPSBMU03264 rev.2 - HP Network Automation, Multiple Remote Vulnerabilities
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04574207&docLocale=ja_JP

+ Linux kernel 3.19.5, 3.14.39, 3.10.75, 3.4.107 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.5
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.39
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.75
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.107

+ PHP phar Unserialize Boundary Error Lets Remote Users Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1032146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783

+ PHP Stack Overflow in phar_set_inode() in Parsing tar/zip/phar Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1032145

+ Chrome 42.0.2311 HSTS Redirect sensitive information
http://cxsecurity.com/issue/WLB-2015040108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1244

+ Chrome 42.0.2311 CONTENT_SETTINGS_TYPE_FULLSCREEN DoS
http://cxsecurity.com/issue/WLB-2015040107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3336

+ Chrome 39.0.2171 bypass SafeBrowsing by the file system API
http://cxsecurity.com/issue/WLB-2015040106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1248

+ Apache Struts 2.3.20 Security Fixes
http://cxsecurity.com/issue/WLB-2014120048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7809

+ PHP 5.6.6 move_uploaded_file() NULL byte filename truncation
http://cxsecurity.com/issue/WLB-2015040104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2348

+ Apache Http Server 2.2.29 / 2.4.12 NULL Pointer Dereference
http://cxsecurity.com/issue/WLB-2015040103

+ PHP 5.6.7 apache2handler remote code execution vulnerability
http://cxsecurity.com/issue/WLB-2015040096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330

UPDATE: JVNVU#91812636 再帰的名前解決を行う DNS リゾルバの実装に名前解決を無限に繰り返す問題
http://jvn.jp/vu/JVNVU91812636/

News & Trend
標的型攻撃の“司令塔”、国内で7倍に
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/041600229/?ST=security

VU#750060 Hewlett-Packard Network Automation contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/750060

0 件のコメント:

コメントを投稿