2016年11月24日木曜日

24日 木曜日、仏滅

+ RHSA-2016:2820 Important: memcached security update
https://rhn.redhat.com/errata/RHSA-2016-2820.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8705

+ RHSA-2016:2819 Important: memcached security update
https://rhn.redhat.com/errata/RHSA-2016-2819.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8706

+ Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7428

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl

+ SA73827 Fortinet FortiOS (FortiGate) Flow-Based Protection Security Bypass Vulnerability
https://secunia.com/advisories/73827/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7541

+ SA73885 Apache Tomcat Multiple Vulnerabilities
https://secunia.com/advisories/73885/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8735

+ SA73894 Fortinet FortiOS (FortiGate) ANSI X9.31 Information Disclosure Vulnerability
https://secunia.com/advisories/73894/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8492

+ SA73855 Apache Tomcat Multiple Vulnerabilities
https://secunia.com/advisories/73855/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8735

+ SA73797 NTP Multiple Vulnerabilities
https://secunia.com/advisories/73797/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9311
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9312

+ SA73865 Apache Tomcat Multiple Vulnerabilities
https://secunia.com/advisories/73865/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8735

+ SA73867 Apache Tomcat Multiple Vulnerabilities
https://secunia.com/advisories/73867/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8735

+ VMSA-2016-0022 VMware product updates address information disclosure vulnerabilities
http://www.vmware.com/security/advisories/VMSA-2016-0022.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7460

+ VMSA-2016-0021 VMware product updates address partial information disclosure vulnerability
http://www.vmware.com/security/advisories/VMSA-2016-0021.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5334

+ JVNVU#99531229 NTP.org の ntpd に複数の脆弱性
http://jvn.jp/vu/JVNVU99531229/index.html

+ UPDATE: JVN#91002412 Windows 版 公的個人認証サービス 利用者クライアントソフトのインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN91002412/index.html

+ Apache Tomcat Lets Remote Users Conduct HTTP Response Splitting Attacks
http://www.securitytracker.com/id/1037332
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816

+ Apache Tomcat JmxRemoteLifecycleListener Bug Lets Remote Users Execute Arbitrary Code on the Target System
http://www.securitytracker.com/id/1037331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8735

+ Apache Tomcat HTTP/2 Header Parsing Error Lets Remote Users Deny Service
http://www.securitytracker.com/id/1037330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6817

+ ntpd 4.2.7.p22 / 4.3.0 Denial Of Service
https://cxsecurity.com/issue/WLB-2016110197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7434

DbWrench Database Design 4.0 Released
https://www.postgresql.org/about/news/1720/

UPDATE: JVNVU#97326740 WordPress 用プラグイン NextGEN Gallery に PHP ファイルインクルージョンの脆弱性
http://jvn.jp/vu/JVNVU97326740/index.html

焦点を読む
過少と過剰で揺れるセキュリティ対策、求められる「原価」の発想
http://itpro.nikkeibp.co.jp/atcl/column/14/531236/112100070/?ST=security&itp_list_theme

Oracle、大規模DDoS攻撃を受けたDNSサービスのDynを買収へ
http://itpro.nikkeibp.co.jp/atcl/news/16/112203466/?ST=security&itp_list_theme

0 件のコメント:

コメントを投稿