+ cookie injection for other servers
https://curl.haxx.se/docs/adv_20161102A.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615
+ case insensitive password comparison
https://curl.haxx.se/docs/adv_20161102B.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616
+ OOB write via unchecked multiplication
https://curl.haxx.se/docs/adv_20161102C.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617
+ double-free in curl_maprintf
https://curl.haxx.se/docs/adv_20161102D.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618
+ glob parser write/read out of bounds
https://curl.haxx.se/docs/adv_20161102F.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620
+ curl_getdate read out of bounds
https://curl.haxx.se/docs/adv_20161102G.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621
+ URL unescape heap overflow via integer truncation
https://curl.haxx.se/docs/adv_20161102H.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622
+ Use-after-free via shared cookies
https://curl.haxx.se/docs/adv_20161102I.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623
+ invalid URL parsing with '#'
https://curl.haxx.se/docs/adv_20161102J.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624
+ IDNA 2003 makes curl use wrong host
https://curl.haxx.se/docs/adv_20161102K.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625
+ RHSA-2016:2142 Important: bind97 security update
https://rhn.redhat.com/errata/RHSA-2016-2142.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864
+ RHSA-2016:2141 Important: bind security update
https://rhn.redhat.com/errata/RHSA-2016-2141.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864
+ RHSA-2016:2141 Important: bind security update
https://rhn.redhat.com/errata/RHSA-2016-2141.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864
+ Red Hat Enterprise Linux 7.3 now available
https://access.redhat.com/announcements/2747541
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html
+ RHSA-2016:2606 Moderate: postgresql security and bug fix update
https://rhn.redhat.com/errata/RHSA-2016-2606.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5424
+ RHSA-2016:2599 Moderate: tomcat security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2016-2599.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5345
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0706
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0714
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092
+ RHSA-2016:2615 Important: bind security update
https://rhn.redhat.com/errata/RHSA-2016-2615.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864
+ RHSA-2016:2587 Moderate: wget security and bug fix update
https://rhn.redhat.com/errata/RHSA-2016-2587.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4971
+ RHSA-2016:2574 Important: kernel security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2016-2574.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4312
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8374
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8844
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8845
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3699
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4578
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4581
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6480
+ RHSA-2016:2598 Moderate: php security and bug fix update
https://rhn.redhat.com/errata/RHSA-2016-2598.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5399
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5768
+ RHSA-2016:2575 Moderate: curl security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2016-2575.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7141
+ RHSA-2016:2588 Moderate: openssh security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2016-2588.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8325
+ CESA-2016:2142 Important CentOS 5 bind97 Security Update
http://lwn.net/Alerts/705537/
+ CESA-2016:2141 Important CentOS 6 bind Security Update
http://lwn.net/Alerts/705536/
+ CESA-2016:2141 Important CentOS 5 bind Security Update
http://lwn.net/Alerts/705535/
+ UPDATE: Vulnerability in Linux Kernel Affecting Cisco Products: October 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux
+ Cisco TelePresence Endpoints Local Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6459
+ Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tl1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6441
+ Cisco Application Policy Infrastructure Controller Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-n9kapic
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6457
+ Cisco Email Security Appliance RAR File Attachment Scanner Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-esa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6458
+ Cisco Prime Home Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cph
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6452
+ Cisco Meeting Server Session Description Protocol Media Lines Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6448
+ Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6447
+ Cisco ASR 5500 Series with DPC2 Cards SESSMGR Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-asr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6455
+ curl 7.51.0 released
https://curl.haxx.se/changes.html#7_51_0
+ FreeBSD-SA-16:35.openssl OpenSSL Remote DoS vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:35.openssl.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8610
+ FreeBSD-SA-16:34.bind BIND Remote Denial of Service vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:34.bind.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864
+ FreeBSD-SA-16:33.openssh OpenSSH Remote Denial of Service vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:33.openssh.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8858
+ JDBC 1212 Released
https://www.postgresql.org/about/news/1716/
+ Samba 4.3.12 Available for Download
https://www.samba.org/samba/history/samba-4.3.12.html
+ UPDATE: JVNVU#97485903 Apache HTTPD の HTTP/2 通信における X.509 クライアント証明書の認証処理の問題
http://jvn.jp/vu/JVNVU97485903/index.html
+ UPDATE: JVNVU#95877131 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU95877131/index.html
+ UPDATE: JVNVU#96605606 Network Time Protocol daemon (ntpd) に複数の脆弱性
http://jvn.jp/vu/JVNVU96605606/index.html
+ UPDATE: JVNVU#707943 Windows プログラムの DLL 読み込みに脆弱性
http://jvn.jp/vu/JVNVU707943/index.html
+ JVNVU#92683474 ISC BIND の DNAME レコードを含む応答パケットの処理に脆弱性
http://jvn.jp/vu/JVNVU92683474/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864
+ MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x 'root' Privilege Escalation
https://cxsecurity.com/issue/WLB-2016110019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6664
+ Microsoft Internet Explorer 9 MSHTML CAttrArray Use-After-Free
https://cxsecurity.com/issue/WLB-2016110016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4141
pgBackRest 1.09 Released
https://www.postgresql.org/about/news/1715/
PostgreSQL Magazine presents : The Paper Elephant #01
https://www.postgresql.org/about/news/1714/
JVNDB-2016-000215 WFS-SR01 におけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000215.html
JVNDB-2016-000214 WFS-SR01 において任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000214.html
またもやBINDに深刻な脆弱性、直近3年で「緊急」の脆弱性が12件も
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/110100683/?ST=security&itp_list_theme
「電気やガスもサイバー攻撃の標的」、サイバーディフェンス研究所の名和氏
http://itpro.nikkeibp.co.jp/atcl/news/16/110203241/?ST=security&itp_list_theme
アイ・オー・データの「ポケドラ」一部機種にtelnetで遠隔操作される脆弱性、販売を一時停止
http://itpro.nikkeibp.co.jp/atcl/news/16/110203247/?ST=security&itp_list_theme
ラック、「Enterprise Mobility Suite」のコンサルと監視サービスを2017年に開始
http://itpro.nikkeibp.co.jp/atcl/news/16/110203240/?ST=security&itp_list_theme
UPDATE: JVNVU#91485132 CGI ウェブサーバがヘッダ Proxy の値を環境変数 HTTP_PROXY に設定する脆弱性
http://jvn.jp/vu/JVNVU91485132/index.html
UPDATE: JVN#89379547 Apache Commons FileUpload におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN89379547/index.html
JVN#18228200 WFS-SR01 における複数の脆弱性
http://jvn.jp/jp/JVN18228200/index.html
0 件のコメント:
コメントを投稿