2016年8月8日月曜日

8日 月曜日、赤口

+ UPDATE: Cisco Meeting Server Persistent Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160714-ms

+ UPDATE: Cisco Unified Communications Manager IM and Presence Service SIP Packet Processing Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-ucm

+ Cisco IOS Software Crafted Network Time Protocol Packets Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160804-wedge
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1478

+ SA71966 VMware Multiple Products vmhgfs.dll Insecure Library Loading Vulnerability
https://secunia.com/advisories/71966/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5330

+ VMware vCenter Server / ESXi HTTP Header Injection Vulnerability
https://secunia.com/advisories/71956/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5331

+ VMSA-2016-0010 VMware product updates address multiple important security issues
http://www.vmware.com/security/advisories/VMSA-2016-0010.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5331

+ glibc 2.24 released
https://www.sourceware.org/ml/libc-alpha/2016-08/msg00212.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3706
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5417

+ JVNVU#90289707 プロキシ自動設定ファイル (proxy.pac) から完全な形の HTTPS URL へアクセスできる問題
http://jvn.jp/vu/JVNVU90289707/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1801

+ JVNVU#99702250 Apple iOS にメモリ破損の脆弱性
http://jvn.jp/vu/JVNVU99702250/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4654

+ JVN#09470233 Android ブラウザにおけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN09470233/

+ Docker Unspecified Flaw Lets Remote Authenticated Users Deny Service on the Target Swarm Cluster
http://www.securitytracker.com/id/1036548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6595

+ Internet Explorer 11 VBScript Engine Memory Corruption
https://cxsecurity.com/issue/WLB-2016080061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0189

+ TLS session resumption client cert bypass
https://curl.haxx.se/docs/adv_20160803A.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419

+ Re-using connections with wrong client cert
https://curl.haxx.se/docs/adv_20160803B.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420

+ use of connection struct after free
https://curl.haxx.se/docs/adv_20160803C.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5421

+ curl 7.50.1 released
https://curl.haxx.se/changes.html#7_50_1

JVNDB-2016-000134 アイ・オー・データ製の複数のレコーディングハードディスクにおけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000134.html

瀧口範子のシリコンバレー通信
創設者が私物化する「WikiLeaks」にがっかり
http://itpro.nikkeibp.co.jp/atcl/column/15/060200138/080500063/?ST=security

SSLはもう古い TLSがおもしろい
SSLはなぜ「もう古い」なの?
http://itpro.nikkeibp.co.jp/atcl/column/16/072100153/072100001/?ST=security

0 件のコメント:

コメントを投稿