2016年11月17日木曜日

17日 木曜日、先負

+ RHSA-2016:2780 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2016-2780.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066

+ RHSA-2016:2779 Moderate: nss and nss-util security update
https://rhn.redhat.com/errata/RHSA-2016-2779.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8635

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl

+ Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-ucm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6472

+ Cisco Firepower System Software FTP Malware Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6460

+ Cisco Email Security Appliance MIME Header Processing Filter Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-esa2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6463

+ Cisco Email Security Appliance MIME Header Processing Filter Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-esa1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6462

+ Cisco ASR 5000 Series ipsecmgr Service Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6466

+ Cisco ASA Input Validation File Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6461

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl

+ SA73719 Linux Kernel "sk_filter()" skb Truncation Denial of Service Vulnerability
https://secunia.com/advisories/73719/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8645

+ SA73757 McAfee Vulnerability Manager OpenSSL CRL Sanity Check Denial of Service Vulnerability
https://secunia.com/advisories/73757/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7052

+ VMSA-2016-0020 vRealize Operations update addresses REST API deserialization vulnerability.
http://www.vmware.com/security/advisories/VMSA-2016-0020.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7462

+ Apache Tomcat 6.0.48 Released
http://tomcat.apache.org/tomcat-6.0-doc/changelog.html#Tomcat_6.0.48_(violetagg)

+ Symantec Ghost Suite DLL Loading Error Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1037302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6590

+ VMware vRealize Operations REST API Deserialization Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1037297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7462

+ Linux Kernel EXT4 Memory Corruption / SLAB Out-Of-Bounds Read
https://cxsecurity.com/issue/WLB-2016110135

+ Linux Kernel Keyctl Null Pointer Dereference
https://cxsecurity.com/issue/WLB-2016110134

E-Maj 2.0.0 released
https://www.postgresql.org/about/news/1718/

記者の眼
ヤフーの「超リアル」なサイバーセキュリティ演習に見た凄み
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/111300720/?ST=security&itp_list_theme

ネット犯罪、日本と世界の意識の差が浮き彫りに---ノートン サイバーセキュリティ インサイトレポート 2016
http://itpro.nikkeibp.co.jp/atcl/news/16/111603409/?ST=security&itp_list_theme

「ナイジェリア詐欺」が進化、全世界で被害総額が60億円以上に、パロアルトネットワークスが発表
http://itpro.nikkeibp.co.jp/atcl/news/16/111603408/?ST=security&itp_list_theme

UPDATE: JVN#91002412 Windows 版 公的個人認証サービス 利用者クライアントソフトのインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN91002412/

UPDATE: JVNTA#94087669 細工された PDF による情報詐取について
http://jvn.jp/ta/JVNTA94087669/

VU#346175 Imagely NextGen Gallery plugin for Wordpress contains a local file inclusion vulnerability
http://www.kb.cert.org/vuls/id/346175

0 件のコメント:

コメントを投稿