+ RHSA-2016:2045 Important: tomcat6 security and bug fix update
https://rhn.redhat.com/errata/RHSA-2016-2045.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5345
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0706
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0714
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6325
+ RHSA-2016:2047 Important: kernel security update
https://rhn.redhat.com/errata/RHSA-2016-2047.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7039
+ RHSA-2016:2046 Important: tomcat security update
https://rhn.redhat.com/errata/RHSA-2016-2046.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7810
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5346
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6325
+ CESA-2016:2006 Important CentOS 6 kernel Security Update
http://lwn.net/Alerts/702606/
+ squid 3.5.22 released
http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.22-RELEASENOTES.html
+ Wireshark 2.2.1, 2.0.7, 1.12.13 released
https://www.wireshark.org/docs/relnotes/wireshark-2.2.1.html
https://www.wireshark.org/docs/relnotes/wireshark-2.0.7.html
https://www.wireshark.org/docs/relnotes/wireshark-1.12.13.html
+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl
+ UPDATE: Cisco IOS and IOS XE Software Crafted Network Time Protocol Packets Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160804-wedge
+ Cisco Unified Intelligence Center (CUIC) Software Cross-Site Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6427
+ Cisco Unified Intelligence Center (CUIC) Software Unauthenticated User Account Creation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6426
+ Cisco Unified Intelligence Center (CUIC) Software Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6425
+ Cisco Nexus 7000 and 7700 Series Switches Overlay Transport Virtualization Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-otv
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1453
+ Cisco NX-OS Software-Based Products Authentication, Authorization, and Accounting Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-nxaaa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0721
+ Cisco Nexus 9000 Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-n9kinfo
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1455
+ Cisco IOS XR Software Command-Line Interface Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-iosxr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6428
+ Cisco IOS and IOS XE IKEv2 Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ios-ikev
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6423
+ Cisco Firepower Management Center Console Local File Inclusion Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6435
+ Cisco Firepower Management Center Console Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6434
+ Cisco Firepower Threat Management Console Remote Command Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6433
+ Cisco NX-OS Software Malformed DHCPv4 Packet Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-dhcp2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6393
+ Cisco NX-OS Software Crafted DHCPv4 Packet Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-dhcp1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6392
+ Cisco Host Scan Package Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-chs
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6436
+ Cisco IOS Software for Cisco Catalyst 6500 Series Switches and 7600 Series Routers ACL Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-catalyst
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6422
+ Cisco NX-OS Border Gateway Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-bgp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1454
+ Cisco ASA Software DHCP Relay Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-asa-dhcp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6424
+ UPDATE: IKEv1 Information Disclosure Vulnerability in Multiple Cisco Products
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1
+ Linux kernel 4.8.1, 4.7.7, 4.4.24 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.1
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.7
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.24
+ Wireshark Multiple Denial of Service Vulnerabilities
https://secunia.com/advisories/72873/
+ VMSA-2016-0015 VMware Horizon View updates address directory traversal vulnerability
http://www.vmware.com/security/advisories/VMSA-2016-0015.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7087
+ Log4j 2.7 released
http://logging.apache.org/log4j/2.x/changes-report.html#a2.7
+ FreeBSD libarchive Symlink/Hardlink Processing Bug Lets Local Users Overwrite Files or Modify Directory Permissions to Gain Elevated Privileges
http://www.securitytracker.com/id/1036978
+ FreeBSD bspatch Buffer Overflow in Processing Files Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1036977
+ FreeBSD portsnap File Validation Flaw Lets Remote Users Conduct Man-in-the-Middle Attacks to Execute Arbitrary Code on the Target System
http://www.securitytracker.com/id/1036976
+ Symantec Web Gateway Bug Lets Remote Authenticated Users Modify the Whitelist Configuration
http://www.securitytracker.com/id/1036973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5313
+ VMware Horizon View Connection Server Lets Remote Users Traverse the Directory to View Potentially Sensitive Information on the Target System
http://www.securitytracker.com/id/1036972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7087
+ Google Chrome Use-After-Free Memory Error and Other Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1036970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5178
+ Apache Tomcat JK ISAPI Connector Buffer Overflow May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1036969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6808
+ Wireshark Bluetooth L2CAP and NCP Dissector Bugs Let Remote Users Cause the Target Service to Crash
http://www.securitytracker.com/id/1036944
+ Apache Tomcat 8 / 7 / 6 Privilege Escalation
https://cxsecurity.com/issue/WLB-2016100093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5425
+ Linux Kernel net unbounded recursion in the vlan GRO processing
https://cxsecurity.com/issue/WLB-2016100096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7039
+ Linux Kernel 3.13.1 Recvmmsg Privilege Escalation
https://cxsecurity.com/issue/WLB-2016100094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0038
+ BIND 9 DNS Server Denial Of Service
https://cxsecurity.com/issue/WLB-2016100037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2776
repmgr 3.2 released
https://www.postgresql.org/about/news/1707/
pglogical 1.2 Now Available
https://www.postgresql.org/about/news/1706/
JVNDB-2016-000202 Usermin におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000202.html
JVNDB-2016-000201 SetucoCMS におけるセッション管理不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000201.html
JVNDB-2016-000200 SetucoCMS におけるコードインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000200.html
JVNDB-2016-000199 SetucoCMS におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000199.html
JVNDB-2016-000198 SetucoCMS における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000198.html
JVNDB-2016-000197 SetucoCMS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000197.html
JVNDB-2016-000196 SetucoCMS におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000196.html
JVNDB-2016-000195 Cryptography API: Next Generation (CNG) におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000195.html
木村岳史の極言暴論!
「セキュリティが最重要」って騒ぎすぎ、そんなわけないでしょ!
http://itpro.nikkeibp.co.jp/atcl/column/14/463805/100600108/?ST=security?itp_list_theme
マウス、Windows Hello対応の顔認証カメラと指紋認証リーダー
http://itpro.nikkeibp.co.jp/atcl/news/16/100602917/?ST=security?itp_list_theme
元NSA契約社員、機密情報窃盗の疑いで逮捕 ハッキングツール流出に関与か
http://itpro.nikkeibp.co.jp/atcl/news/16/100602915/?ST=security?itp_list_theme
米Yahoo!がメール利用者の全受信メッセージを監視か、「違憲」と非難の声
http://itpro.nikkeibp.co.jp/atcl/news/16/100502898/?ST=security?itp_list_theme
0 件のコメント:
コメントを投稿