18日 水曜日、先負

+ RHSA-2016:1086 Moderate: libndp security update
https://rhn.redhat.com/errata/RHSA-2016-1086.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3698

+ Cisco Unified Computing System Central Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-ucs
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1401

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl

+ Cisco Adaptive Security Appliance VPN Memory Block Exhaustion Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-asa-vpn
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1379

+ Cisco Identity Services Engine Active Directory Integration Component Remote Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-ise
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1402

+ Cisco Adaptive Security Appliance XML Parser Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-asa-xml
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1385

+ SA70631 Apache HTTP Server mod_http2 Denial of Service Vulnerability
https://secunia.com/advisories/70631/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1546

+ SA70648 VMware Workstation / Player Privilege Escalation Vulnerability
https://secunia.com/advisories/70648/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2077

+ VMSA-2016-0005 VMware product updates address critical and important security issues
http://www.vmware.com/security/advisories/VMSA-2016-0005.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2077

+ VMware Workstation Player 7.1.4 released
https://my.vmware.com/en/web/vmware/free#desktop_end_user_computing/vmware_player/7_0|PLAYER-714|product_downloads

+ Apache Tomcat 8.0.35 Released
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.35_(markt)

+ FreeBSD-SA-16:19.sendmsg Incorrect argument handling in sendmsg(2)
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:19.sendmsg.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1887

+ FreeBSD-SA-16:18.atkbd Buffer overflow in keyboard driver
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:18.atkbd.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1886

+ JVNVU#91632741 複数の Apple 製品の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU91632741/index.html

+ Symantec Anti Virus Engine Heap Overflow in Processing Files Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1035903
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2208

+ VMware Workstation and Player for Windows Lets Local Users on a Host System Gain Elevated Privileges on the Host System
http://www.securitytracker.com/id/1035900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2077

+ PHP 5.6.7 Missing null byte checks for paths in various extensions
https://cxsecurity.com/issue/WLB-2016050083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3412

VU#586503 Chef Manage deserializes cookie data insecurely
https://www.kb.cert.org/vuls/id/586503

統計＆調査
［データは語る］特権ID管理市場は2015年度に前年度比12.9％増の38億5000万円―ITR
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/051700614/?ST=security