2017年2月28日火曜日

28日 火曜日、仏滅









+ MantisBT 2.2.0 and 2.1.1 Released
https://www.mantisbt.org/bugs/changelog_page.php?version_id=267
https://www.mantisbt.org/bugs/changelog_page.php?version_id=270

+ UPDATE: Cisco Smart Install Protocol Misuse
https://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20170214-smi

+ Linux kernel 3.16.41, 3.2.86 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.41
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.86

+ SA75611 JustSystems Ichitaro Multiple Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/75611/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2791

+ UPDATE: JVNVU#95841181 Microsoft Windows の SMB Tree Connect Response パケットの処理にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU95841181/index.html

+ JVNVU#98045645 一太郎シリーズにバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU98045645/index.html

+ Linux Kernel 4.4.0 Ubuntu DCCP Double-Free Crash
https://cxsecurity.com/issue/WLB-2017020262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6074

+ Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free Privilege Escalation
https://cxsecurity.com/issue/WLB-2017020261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6074

イスラエルレポート
「イスラエルの技術を独り占めしたい」という本音
http://itpro.nikkeibp.co.jp/atcl/column/17/022000038/022200005/?ST=security&itp_list_theme

経営の本音
「あぐらをかかないよう不安定にします」、ラック次期社長(下)
http://itpro.nikkeibp.co.jp/atcl/column/16/113000287/022700026/?ST=security&itp_list_theme

0 件のコメント:
ラベル: ,

2017年2月27日月曜日

27日 月曜日、先負

+ RHSA-2017:0323 Important: kernel security update
https://rhn.redhat.com/errata/RHSA-2017-0323.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6074

+ CESA-2017:0323 Important CentOS 5 kernel Security Update
https://lwn.net/Alerts/715689/

+ CESA-2017:0307 Moderate CentOS 6 kernel Security Update
https://lwn.net/Alerts/715674/

+ CESA-2017:0309 Important CentOS 6 qemu-kvm Security Update
https://lwn.net/Alerts/715675/

+ curl 7.53.1 released
https://curl.haxx.se/changes.html#7_53_1

+ SSL_VERIFYSTATUS ignored
https://curl.haxx.se/docs/adv_20170222.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2629

+ Linux kernel 4.10.1, 4.9.13, 4.4.52 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.1
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.52

+ SA75549 Microsoft Edge "HandleColumnBreakOnColumnSpanningElement()" Type Confusion Vulnerability
https://secuniaresearch.flexerasoftware.com/advisories/75549/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0037

+ SA75547 Microsoft Internet Explorer "HandleColumnBreakOnColumnSpanningElement()" Type Confusion Vulnerability
https://secuniaresearch.flexerasoftware.com/advisories/75547/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0037

+ Dovecot 2.2.28 released
http://www.dovecot.org/list/dovecot-news/2017-February/000337.html

+ Microsoft Edge Type Confusion Error in HandleColumnBreakOnColumnSpanningElement() May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1037906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0037

+ Microsoft Internet Explorer Type Confusion Error in HandleColumnBreakOnColumnSpanningElement() May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1037905
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0037

+ Ghostscript Use-after-Free Memory Errors Let Remote Users Cause the Target Application to Crash
http://www.securitytracker.com/id/1037899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6196

+ Linux Kernel tcp_splice_read() Infinite Loop Lets Remote Consume Excessive CPU Resources on the Target System
http://www.securitytracker.com/id/1037897
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6214

+ Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution
https://cxsecurity.com/issue/WLB-2017020253

+ Microsoft Edge / Internet Explorer HandleColumnBreakOnColumnSpanningElement Type Confusion
https://cxsecurity.com/issue/WLB-2017020234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0037

記者の眼
クッキーやセクシー画像にも潜んでいる、ウイルスの怪しい通信の隠し方
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/022200783/?ST=security&itp_list_theme

イスラエルレポート
イスラエルがセキュリティでカネを集められる理由
http://itpro.nikkeibp.co.jp/atcl/column/17/022000038/022200004/?ST=security&itp_list_theme

経営の本音
「優秀な人材が出ていくのは悔しいけれど…」、ラック次期社長(中)
http://itpro.nikkeibp.co.jp/atcl/column/16/113000287/022400025/?ST=security&itp_list_theme

アズム、ICカードでデスクトップを呼び出せるシンクライアント
http://itpro.nikkeibp.co.jp/atcl/news/17/022400620/?ST=security&itp_list_theme

ソースネクスト、無期限で使えるパスワード管理サービス
http://itpro.nikkeibp.co.jp/atcl/news/17/022400619/?ST=security&itp_list_theme

個人データの保管・流通を担う「情報銀行」、政府が中間とりまとめへ
http://itpro.nikkeibp.co.jp/atcl/news/17/022400616/?ST=security&itp_list_theme

ついに破られた「SHA-1」、Googleが衝突攻撃に成功
http://itpro.nikkeibp.co.jp/atcl/news/17/022400615/?ST=security&itp_list_theme

0 件のコメント:
ラベル:

2017年2月24日金曜日

24日 金曜日、仏滅










+ RHSA-2017:0307 Moderate: kernel security and bug fix update
https://rhn.redhat.com/errata/RHSA-2017-0307.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9555

+ RHSA-2017:0309 Important: qemu-kvm security and bug fix update
https://rhn.redhat.com/errata/RHSA-2017-0309.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2857
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2615

+ CESA-2017:0294 Important CentOS 7 kernel Security Update
https://lwn.net/Alerts/715371/

+ CESA-2017:0293 Important CentOS 6 kernel Security Update
https://lwn.net/Alerts/715372/

+ PDFCreator 2.5.1 BugFix
http://www.pdfforge.org/blog/pdfcreator-251-bugfix

+ UPDATE: Cisco AsyncOS Software for Cisco ESA and Cisco WSA Filtering Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-asyncos

+FreeBSD-SA-17:02.openssl OpenSSL multiple vulnerabilities
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:02.openssl.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732

+ Linux kernel 4.9.12, 4.4.51, 3.16.40, 3.2.85 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.12
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.51
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.40
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.85

+ Google Chrome 'layout' Out-of-Bounds Read
https://cxsecurity.com/issue/WLB-2017020210

セキュリティ国家試験、解けますか?
やるべきテストは決まってる?
http://itpro.nikkeibp.co.jp/atcl/column/17/021700034/021700005/?ST=security&itp_list_theme

ニュース解説
マイナンバーの誤送付、 漏洩への誤解を払拭すべし
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/022300846/?ST=security&itp_list_theme

経営の本音
「トレンドさんはすごいと思うんですよ」、ラック次期社長(上)
http://itpro.nikkeibp.co.jp/atcl/column/16/113000287/022100024/?ST=security&itp_list_theme

0 件のコメント:
ラベル: ,

2017年2月23日木曜日

23日 木曜日、先負

+ 2017 年 2 月のマイクロソフト セキュリティ情報の概要
https://technet.microsoft.com/ja-jp/library/security/ms17-feb

+ RHSA-2017:0293 Important: kernel security update
https://rhn.redhat.com/errata/RHSA-2017-0293.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6074

+ RHSA-2017:0294 Important: kernel security update
https://rhn.redhat.com/errata/RHSA-2017-0294.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6074

+ CESA-2017:0190 Critical CentOS 7 firefox Security Update
https://lwn.net/Alerts/715247/

+ CESA-2017:0190 Critical CentOS 6 firefox Security Update
https://lwn.net/Alerts/715246/

+ CESA-2017:0190 Critical CentOS 5 firefox Security Update
https://lwn.net/Alerts/715245/

+ curl 7.53.0 released
https://curl.haxx.se/changes.html#7_53_0

+ SA75500 Microsoft Windows Adobe Flash Player Multiple Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/75500/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2996

+ Linux Kernel DCCP Double-Free Memory Error Lets Local Users Obtain Root Privileges
http://www.securitytracker.com/id/1037876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6074

+ cURL OCSP Stapling Verification Bug Lets Remote Users Bypass CURLOPT_SSL_VERIFYSTATUS Security Restrictions on the Target System
http://www.securitytracker.com/id/1037871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2629

+ Microsoft Office PowerPoint 2010 MSO/OART Heap Out-of-Bounds Access
https://cxsecurity.com/issue/WLB-2017020205

+ Microsoft Office PowerPoint 2010 'MSO!Ordinal5429' Missing Length Check Heap Corruption
https://cxsecurity.com/issue/WLB-2017020204

+ Microsoft Office PowerPoint 2010 GDI 'GDI32!ConvertDxArray' Insufficient Bounds Check
https://cxsecurity.com/issue/WLB-2017020203

UPDATE: JVNVU#99002156 Apple GarageBand および Logic Pro X の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99002156/index.html

セキュリティ国家試験、解けますか?
デジタル証明書や認証局における「CRL」の役割って?
http://itpro.nikkeibp.co.jp/atcl/column/17/021700034/021700004/?ST=security&itp_list_theme

社長に「よし、分かった」と言わせるセキュリティ会話術
「マルウエア」では通じない、プロトコルを合わせよう
http://itpro.nikkeibp.co.jp/atcl/column/17/021400032/021400001/?ST=security&itp_list_theme

0 件のコメント:
ラベル:

2017年2月22日水曜日

22日 水曜日、友引

+ MS17-005 - Critical Security Update for Adobe Flash Player (4010250)
https://technet.microsoft.com/en-us/library/security/MS17-005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2996

+ RHSA-2017:0190 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2017-0190.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396

+ Selenium Standalone Server 3.1.0 released
http://docs.seleniumhq.org/download/

+ The Internet Explorer Driver Server 3.1 released
https://raw.githubusercontent.com/SeleniumHQ/selenium/master/cpp/iedriverserver/CHANGELOG

+ Selenium Client & WebDriver 3.1.0 released
https://raw.githubusercontent.com/SeleniumHQ/selenium/master/java/CHANGELOG

+ About the security content of Logic Pro X 10.3.1
https://support.apple.com/ja-jp/HT207519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2374

+ CESA-2017:0286 Moderate CentOS 6 openssl Security Update
https://lwn.net/Alerts/715121/

+ CESA-2017:0286 Moderate CentOS 7 openssl Security Update
https://lwn.net/Alerts/715122/

+ PuTTY 0.68 released
http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html

セキュリティ国家試験、解けますか?
ファイヤウオールのダイナミックパケットフィルタリングは何をしている?
http://itpro.nikkeibp.co.jp/atcl/column/17/021700034/021700003/?ST=security&itp_list_theme

ニュース解説
サイバー防御をレベルアップ、ファイア・アイらがセキュリティインテリジェンスを進化
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/022100836/?ST=security&itp_list_theme

国立情報学研究所、「匿名加工情報」の加工方法をまとめた報告書を公表
http://itpro.nikkeibp.co.jp/atcl/news/17/022100571/?ST=security&itp_list_theme

NEC、サイバーセキュリティー経営のためのコンサル8種を体系化
http://itpro.nikkeibp.co.jp/atcl/news/17/022100570/?ST=security&itp_list_theme

シマンテック日本法人が3月にも社長交代へ、営業組織を4月に再編
http://itpro.nikkeibp.co.jp/atcl/news/17/022100567/?ST=security&itp_list_theme

「特権アカウントセキュリティの浸透図る」、専業ベンダーの米CyberArkが日本法人設立
http://itpro.nikkeibp.co.jp/atcl/news/17/022100564/?ST=security&itp_list_theme

「ブルーコートとの連携強化」、米シマンテックCEOが戦略説明
http://itpro.nikkeibp.co.jp/atcl/news/17/022100562/?ST=security&itp_list_theme

0 件のコメント:
ラベル:

2017年2月21日火曜日

21日 火曜日、先勝

+ RHSA-2017:0286 Moderate: openssl security update
https://rhn.redhat.com/errata/RHSA-2017-0286.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8610
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731

+ JDBC 42.0.0 Released
https://www.postgresql.org/about/news/1736/

+ InterstageやSystemwalker関連製品:TLS1.0実装におけるセキュリティ脆弱性の問題 (2017年1月20日)
http://www.fujitsu.com/jp/products/software/resources/condition/security/products-fujitsu/solution/interstage-systemwalker-tls-201501.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8730

+ PHP 7.1.2 Released
http://www.php.net/ChangeLog-7.php#7.1.2

JVNDB-2017-000032 サイボウズ ガルーンのメール機能におけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000032.html

JVNDB-2017-000031 サイボウズ ガルーンのワークフローおよびマルチレポート機能におけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000031.html

JVNDB-2017-000030 サイボウズ ガルーンにおける情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000030.html

JVNDB-2017-000029 サイボウズ ガルーンにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000029.html

JVNDB-2017-000028 サイボウズ ガルーンの電話メモ機能におけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000028.html

JVNDB-2017-000027 サイボウズ ガルーンにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000027.html

編集長の眼
イスラエル出張で日本のセキュリティ産業を憂う、しかし憂いてばかりはいられない
http://itpro.nikkeibp.co.jp/atcl/watcher/16/110700001/021400020/?ST=security&itp_list_theme

セキュリティ国家試験、解けますか?
POODLE(プードル)攻撃ってどんな攻撃?
http://itpro.nikkeibp.co.jp/atcl/column/17/021700034/021700002/?ST=security&itp_list_theme

盗聴の恐れがある対話型人形「Cayla」、ドイツ当局が使用を禁止
http://itpro.nikkeibp.co.jp/atcl/news/17/022000544/?ST=security&itp_list_theme

JVNVU#99625371 Objective Systems ASN1C で生成したソースコードにバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU99625371/index.html

JVN#73182875 サイボウズ ガルーンにおける複数の脆弱性
http://jvn.jp/jp/JVN73182875/index.html

0 件のコメント:
ラベル:

2017年2月20日月曜日

20日 月曜日、赤口

+ Ubuntu 16.04.2 LTS released
http://cdimage.ubuntu.com/ubuntu/releases/16.04.2/release/

+ UPDATE: Cisco ASA Clientless SSL VPN CIFS Heap Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170208-asa

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170130-openssl

+ UPDATE: Cisco Unified Communications Manager Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm3

+ Linux kernel 4.10, 4.9.11, 4.4.50 released
https://www.kernel.org/
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.50

+ SA75408 Hitachi Multiple Cosminexus / uCosminexus Products Information Disclosure Vulnerability
https://secuniaresearch.flexerasoftware.com/advisories/75408/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0887

+ SA75378 Trend Micro InterScan Web Security Virtual Appliance Multiple Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/75378/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9314
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9315
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9316

+ SA75406 Hitachi Multiple Cosminexus / uCosminexus Products Security Bypass Vulnerability
https://secuniaresearch.flexerasoftware.com/advisories/75406/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816

+ SA75403 Hitachi HiRDB Control Manager Denial of Service Vulnerability
https://secuniaresearch.flexerasoftware.com/advisories/75403/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092

+ SA75355 Microsoft Windows EMF EMR_SETDIBITSTODEVICE Record Processing Information Disclosure Vulnerability
https://secuniaresearch.flexerasoftware.com/advisories/75355/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0038

+ hitachi-sec-2017-108 Vulnerability in Cosminexus HTTP Server and Hitachi Web Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-108/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0887

+ hitachi-sec-2017-107 Vulnerability in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-107/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816

+ hitachi-sec-2017-106 Vulnerability in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-106/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0762

+ hitachi-sec-2017-105 DoS Vulnerability in HiRDB Control Manager - Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-105/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092

+ hitachi-sec-2017-104 Cross-site Scripting Vulnerability in uCosminexus Portal Framework, Groupmax Collaboration, Hitachi Navigation Platform and JP1/Navigation Platform
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-104/index.html

+ hitachi-sec-2017-108 Cosminexus HTTP Server, Hitachi Web Serverにおける脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-108/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0887

+ hitachi-sec-2017-107 Cosminexusにおける脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-107/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816

+ hitachi-sec-2017-106 Cosminexusにおける脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-106/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0762

+ hitachi-sec-2017-105 HiRDB Control Manager - ServerにおけるDoS脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-105/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092

+ hitachi-sec-2017-104 uCosminexus Portal Framework, Groupmax Collaboration, Hitachi Navigation PlatformおよびJP1/Navigation Platformにおけるクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-104/index.html

+ JVNDB-2017-000024 7-ZIP32.DLL で作成された自己解凍書庫における任意の DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000024.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2107

+ JVNVU#90017300 OpenSSL にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU90017300/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3733

+ Microsoft SQL Server Clr Stored Procedure Payload Execution
https://cxsecurity.com/issue/WLB-2017020181

+ QEMU Host Filesystem Arbitrary Access
https://cxsecurity.com/issue/WLB-2017020179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9602

+ Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Remote Root
https://cxsecurity.com/issue/WLB-2017020170

+ Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Privilege Escalation
https://cxsecurity.com/issue/WLB-2017020169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9315

+ Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Arbitrary File Write
https://cxsecurity.com/issue/WLB-2017020168

セキュリティ国家試験、解けますか?
NTPリフレクション攻撃の特徴とは?
http://itpro.nikkeibp.co.jp/atcl/column/17/021700034/021700001/?ST=security&itp_list_theme

マイナンバー1992名分を誤送付、静岡県湖西市が表計算ソフトの操作ミスで
http://itpro.nikkeibp.co.jp/atcl/news/17/021700529/?ST=security&itp_list_theme

UPDATE: JVN#87662835 脆弱性体験学習ツール AppGoat における DNS リバインディングの脆弱性
http://jvn.jp/jp/JVN87662835/

0 件のコメント:
ラベル:

2017年2月17日金曜日

17日 金曜日、先負

+ UPDATE: Cisco Secure Access Control System XML External Entity Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs1

+ OpenSSL Security Advisory [16 Feb 2017]
https://www.openssl.org/news/secadv/20170216.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3733

+ OpenSSL 1.1.0e is now available
https://www.openssl.org/

+ SA75302 Linux Kernel RDMA "mem_check_range()" Integer Overflow Vulnerability
https://secuniaresearch.flexerasoftware.com/advisories/75302/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8636

+ PHP 7.0.16 Released
http://www.php.net/ChangeLog-7.php#7.0.16

+ JVNVU#99002156 Apple GarageBand の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99002156/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2374

+ Trend Micro InterScan Web Security Virtual Appliance Bugs Let Remote Users Conduct Cross-Site Scripting Attacks and Let Remote Authenticated Users Execute Arbitrary Commands and Gain Elevated Privileges
http://www.securitytracker.com/id/1037849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9314
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9315
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9316

+ OpenSSL Flaw in Encrypt-Then-Mac Extension Negotiation Lets Remote Authenticated Users Cause the Target Service to Crash
http://www.securitytracker.com/id/1037846
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3733

+ Microsoft GDI32.DLL EMR_SETDIBITSTODEVICE Boundary Error Lets Local Users View Portions of System Memory on the Target System
http://www.securitytracker.com/id/1037845
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0038

JVNVU#93522863 複数の Hughes Satellite Modem に複数の脆弱性
http://jvn.jp/vu/JVNVU93522863/

セマネ試験直前猛特訓
内部不正防止に役立つのは、人事評価や処罰の制度、従業員の良好なコミュニケーション
http://itpro.nikkeibp.co.jp/atcl/column/17/020800024/020800005/?ST=security&itp_list_theme

0 件のコメント:
ラベル:

2017年2月16日木曜日

16日 木曜日、友引

+ RHSA-2017:0276 Moderate: bind security update
https://rhn.redhat.com/errata/RHSA-2017-0276.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3135

+ CESA-2017:0276 Moderate CentOS 7 bind Security Update
https://lwn.net/Alerts/714570/

+ Cisco UCS Director Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-ucs
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3801

+ Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-ucm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3833

+ Cisco Prime Collaboration Assurance Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-pcp3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3845

+ Cisco Prime Collaboration Assurance Directory Listing Unauthorized Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-pcp2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3844

+ Cisco Prime Collaboration Assurance Arbitrary File Download Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-pcp1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3843

+ Cisco Identity Services Engine SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-ise
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3835

+ Cisco Intrusion Prevention System Device Manager Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-idm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3842

+ Cisco Firepower Management Center Web Framework Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-fpmc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3847

+ Cisco Unified Communications Manager Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3836

+ Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3829

+ Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3828

+ Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3821

+ Cisco Meeting Server HTTP Packet Processing Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cms1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3837

+ Cisco Meeting Server API Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cms
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3830

+ Cisco AsyncOS Software for Cisco ESA and Cisco WSA Filtering Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-asyncos
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3827

+ Cisco Secure Access Control System Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3841

+ Cisco Secure Access Control System Open Redirect Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3840

+ Cisco Secure Access Control System XML External Entity Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3839

+ Cisco Secure Access Control System Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3838

+ Linux kernel 4.9.10, 4.4.49 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.49

+ Microsoft Edge - TypedArray.sort Use-After-Free
https://cxsecurity.com/issue/WLB-2017020157

VU#614751 Hughes satellite modems contain multiple vulnerabilities
https://www.kb.cert.org/vuls/id/614751

JVNDB-2017-000026 Apache Brooklyn におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000026.html

JVNDB-2017-000025 Apache Brooklyn におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000025.html

セマネ試験直前猛特訓
内部不正対策には証拠保全や従業員教育、コンプライアンスが不可欠
http://itpro.nikkeibp.co.jp/atcl/column/17/020800024/020800004/?ST=security&itp_list_theme

マイナンバー、トラブル続出の深層
マイナンバーのシステム問題、多発の根本原因はガバナンスの欠如だ
http://itpro.nikkeibp.co.jp/atcl/column/17/021000029/021000004/?ST=security&itp_list_theme

ブロックチェーンでデータ保護、ランサムウエア対策強化の「Acronis True Image」新版
http://itpro.nikkeibp.co.jp/atcl/news/17/021500504/?ST=security&itp_list_theme

予想よりも多かった4175人、情報処理安全確保支援士の初回申請者数
http://itpro.nikkeibp.co.jp/atcl/news/17/021500493/?ST=security&itp_list_theme

「今月は遅れます」、マイクロソフトが2017年2月のパッチ公開を延期
http://itpro.nikkeibp.co.jp/atcl/news/17/021500486/?ST=security&itp_list_theme

0 件のコメント:
ラベル:

2017年2月15日水曜日

15日 水曜日、先勝

+ About the security content of GarageBand 10.1.6
https://support.apple.com/ja-jp/HT207518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2374

+ APSB17-04 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb17-04.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2996

+ APSB17-05 Security update available for Adobe Digital Editions
https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2977
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2980
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2981

+ APSB17-06 Security update available for Adobe Campaign
https://helpx.adobe.com/security/products/campaign/apsb17-06.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2968
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2969

+ CESA-2017:0269 Critical CentOS 7 java-1.7.0-openjdk Security Update
https://lwn.net/Alerts/714480/

+ CESA-2017:0269 Critical CentOS 6 java-1.7.0-openjdk Security Update
https://lwn.net/Alerts/714479/

+ CESA-2017:0269 Critical CentOS 5 java-1.7.0-openjdk Security Update
https://lwn.net/Alerts/714478/

+ Cisco Smart Install Protocol Misuse
https://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20170214-smi

+ UPDATE: JVNVU#93384765 ISC BIND にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU93384765/index.html

Registrations now open for pgDay Asia 2017
https://www.postgresql.org/about/news/1735/

ネットワーク・ホットトピックス
2014年登場のマルウエアの変種が猛威、Android 6.0より前の端末は要注意
http://itpro.nikkeibp.co.jp/atcl/column/14/277462/020300054/?ST=security&itp_list_theme

セマネ試験直前猛特訓
重要情報を外部に流出させないための内部不正対策とは?
http://itpro.nikkeibp.co.jp/atcl/column/17/020800024/020800003/?ST=security&itp_list_theme

ニュース解説
知られざる暗号の“2017年問題”、安全サイトが突如警告サイトに
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/021300824/?ST=security&itp_list_theme

マイナンバー、トラブル続出の深層
後手に回る自治体のセキュリティ対策、マイナンバーを守れるのか
http://itpro.nikkeibp.co.jp/atcl/column/17/021000029/021000003/?ST=security&itp_list_theme

日本マイクロソフト、セキュリティ強化へイニシアティブを設立
http://itpro.nikkeibp.co.jp/atcl/news/17/021400484/?ST=security&itp_list_theme

高いマルウエア検出率でも「動作負荷は気付かないほど」、CylanceがAI技術を説明
http://itpro.nikkeibp.co.jp/atcl/news/17/021400477/?ST=security&itp_list_theme

0 件のコメント:
ラベル:

2017年2月14日火曜日

14日 火曜日、赤口










+ RHSA-2017:0269 Critical: java-1.7.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2017-0269.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3289

+ UPDATE: Vulnerability in GNU glibc Affecting Cisco Products: February 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160218-glibc

+ UPDATE: OSPF LSA Manipulation Vulnerability in Multiple Cisco Products
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130801-lsaospf

+ [openssl-announce] Forthcoming OpenSSL release
https://mta.openssl.org/pipermail/openssl-announce/2017-February/000095.html

+ UPDATE: JVNVU#93384765 ISC BIND にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU93384765/

PostgreSQL@SCaLE15x - March 2-3, 2017, Pasadena Convention Center
https://www.postgresql.org/about/news/1734/

編集長の眼
社長の「セキュリティ無茶振り」に困っていませんか?
http://itpro.nikkeibp.co.jp/atcl/watcher/16/110700001/020700019/?ST=security&itp_list_theme

セマネ試験直前猛特訓
トイレにあったUSBメモリー、持ち主を探そうとパソコンにつなぐのはセキュリティ違反?
http://itpro.nikkeibp.co.jp/atcl/column/17/020800024/020800002/?ST=security&itp_list_theme

ティエスエスリンク、暗号強度を高めた情報漏洩対策ソフト最新版
http://itpro.nikkeibp.co.jp/atcl/news/17/021300466/?ST=security&itp_list_theme

Microsoft、法人向け「Office 365」にセキュリティ採点機能など追加
http://itpro.nikkeibp.co.jp/atcl/news/17/021300458/?ST=security&itp_list_theme

0 件のコメント:
ラベル: ,

2017年2月13日月曜日

13日 月曜日、大安

+ Security vulnerabilities fixed in Firefox 51.0.3
https://www.mozilla.org/en-US/security/advisories/mfsa2017-04/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5397

+ Linux kernel 3.10.105 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.105

+ CentOS7 kernel crashing by rsyslog daemon vulnerability DoS
https://cxsecurity.com/issue/WLB-2017020112

JVNDB-2017-000023 Android アプリ「TVer」における SSL サーバ証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000023.html

JVNDB-2017-000015 Norton Download Manager における任意の DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000015.html

JVNVU#98953608 Accellion FTP server に複数の脆弱性
http://jvn.jp/vu/JVNVU98953608/

インタビュー&トーク
セキュリティ施策を不要にする、「秘密分散技術」を日本から世界に
http://itpro.nikkeibp.co.jp/atcl/interview/14/262522/020600316/?ST=security&itp_list_theme

セマネ試験直前猛特訓
意外と知られていない、セキュリティマネジメント試験でよく取り上げられる公開文書
http://itpro.nikkeibp.co.jp/atcl/column/17/020800024/020800001/?ST=security&itp_list_theme

「Office 2007とVistaは速やかな移行を」、IPAがサポート切れ迫る2ソフトに注意喚起
http://itpro.nikkeibp.co.jp/atcl/news/17/021000449/?ST=security&itp_list_theme

上場企業の3割以上がランサムウエアや標的型攻撃の被害に、CSIRTは1割超が設置
http://itpro.nikkeibp.co.jp/atcl/news/17/020900444/?ST=security&itp_list_theme

0 件のコメント:
ラベル:

2017年2月10日金曜日

10日 金曜日、友引

+ Linux kernel 4.9.9, 4.4.48 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.9
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.48

+ PostgreSQL 9.6.2, 9.5.6, 9.4.11, 9.3.16 and 9.2.20 released!
https://www.postgresql.org/about/news/1733/
https://www.postgresql.org/docs/9.6/static/release-9-6-2.html
https://www.postgresql.org/docs/9.5/static/release-9-5-6.html
https://www.postgresql.org/docs/9.4/static/release-9-4-11.html
https://www.postgresql.org/docs/9.3/static/release-9-3-16.html
https://www.postgresql.org/docs/9.2/static/release-9-2-20.html

+ JVNVU#93384765 ISC BIND にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU93384765/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3135

+ BIND RPZ and DNS64 State Error Lets Remote Users Cause the Target Service to Crash
http://www.securitytracker.com/id/1037801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3135

+ Microsoft Office Word Malicious Macro Execution
https://cxsecurity.com/issue/WLB-2017020086

JVNDB-2017-000021 脆弱性体験学習ツール AppGoat におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000021.html

JVNDB-2017-000020 脆弱性体験学習ツール AppGoat における認証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000020.html

JVNDB-2017-000019 脆弱性体験学習ツール AppGoat における DNS リバインディングの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000019.html

JVNDB-2017-000018 脆弱性体験学習ツール AppGoat において任意のコードが実行可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000018.html

JVNDB-2017-000022 Webmin における複数のクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000022.html

データは語る
2017年のFinTech関連IT支出は110億円、3年後には3倍に
http://itpro.nikkeibp.co.jp/atcl/column/16/072600158/020900031/?ST=security&itp_list_theme

趙 章恩「Korea on the Web」
韓国の警察サイバー安全局が「ランサムウエア注意報」、感染被害13万人
http://itpro.nikkeibp.co.jp/atcl/column/14/549762/020800130/?ST=security&itp_list_theme

ロックオン、HASHコンサルティングと組んでECサイトの脆弱性診断サービスを提供
http://itpro.nikkeibp.co.jp/atcl/news/17/020900438/?ST=security&itp_list_theme

0 件のコメント:
ラベル:

2017年2月9日木曜日

9日 木曜日、先勝

+ Mozilla Thunderbird 45.7.1 released
https://www.mozilla.org/en-US/thunderbird/45.7.1/releasenotes/

+ CVE-2017-3135: Combination of DNS64 and RPZ Can Lead to Crash
https://kb.isc.org/article/AA-01453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3135

+ UPDATE: Cisco ASA Clientless SSL VPN CIFS Heap Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170208-asa

+ Cisco AnyConnect Secure Mobility Client for Windows SBL Privileges Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170208-anyconnect
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3813

+ Linux kernel 3.18.48 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.48

+ SA75275 Linux Kernel "aio_mount()" Security Bypass Vulnerability
https://secuniaresearch.flexerasoftware.com/advisories/75275/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10044

+ ISC BIND 9.11.0-P3, 9.10.4-P6, 9.9.9-P6 released
http://ftp.isc.org/isc/bind9/9.11.0-P3/CHANGES
http://ftp.isc.org/isc/bind9/9.10.4-P6/CHANGES
http://ftp.isc.org/isc/bind9/9.9.9-P6/CHANGES

+ UPDATE: JVNVU#95841181 Microsoft Windows の SMB Tree Connect Response パケットの処理にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU95841181/

+ Linux Kernel IPv6 Out-of-bounds Memory Read Bug Lets Remote Users Obtain Potentially Sensitive Information on the Target System
http://www.securitytracker.com/id/1037794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5897

+ GNU/bash v4.4 autocompletion Code execution vulnerability
https://cxsecurity.com/issue/WLB-2017020061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5932

+ GNU Bash CVE-2017-5932 Multiple Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/96136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5932

+ Trend Micro Control Manager Multiple Directory Traversal Vulnerabilities
http://www.securityfocus.com/bid/96131

+ Trend Micro Control Manager Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/96123

VU#745607 Accellion FTP server contains information exposure and cross-site scripting vulnerabilities
https://www.kb.cert.org/vuls/id/745607

UPDATE: JVNVU#92879974 スマートフォンアプリ「ShoreTel Mobility Client」に SSL サーバ証明書の検証不備の脆弱性
http://jvn.jp/vu/JVNVU92879974/

IPAが産業サイバーセキュリティセンター、センター長に日立の中西会長
http://itpro.nikkeibp.co.jp/atcl/news/17/020800412/?ST=security&itp_list_theme

0 件のコメント:
ラベル:

2017年2月8日水曜日

8日 水曜日、赤口

+ SA75245 Google Nexus Multiple Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/75245/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0405
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0424

+ SA75278 Android Multiple Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/75278/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0405
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0424

+ OpenBSD http server (up to 6.0) Multiple DoS
https://cxsecurity.com/issue/WLB-2017020053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5850

0 件のコメント:
ラベル:

2017年2月7日火曜日

7日 火曜日、大安

+ RHSA-2017:0253 Moderate: spice-server security update
https://rhn.redhat.com/errata/RHSA-2017-0253.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9577
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9578

+ RHSA-2017:0252 Moderate: ntp security update
https://rhn.redhat.com/errata/RHSA-2017-0252.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9310
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9311

+ CESA-2017:0253 Moderate CentOS 6 spice-server Security Update
https://lwn.net/Alerts/713739/

+ CESA-2017:0252 Moderate CentOS 7 ntp Security Update
https://lwn.net/Alerts/713737/

+ CESA-2017:0252 Moderate CentOS 6 ntp Security Update
https://lwn.net/Alerts/713736/

+ CESA-2017:0254 Moderate CentOS 7 spice Security Update
https://lwn.net/Alerts/713738/

+ UPDATE: Cisco WebEx Browser Extension Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex

+ SA75243 tcpdump Multiple Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/75243/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7922
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7923
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7924
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7927
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7928
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7929
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7931
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7932
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7934
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7935
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8574
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8575
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5341
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5486

+ Apache Ant 1.9.9 and 1.10.1 Released
http://ant.apache.org/antnews.html

+ Linux ip6gre_err() invalid reads
https://cxsecurity.com/issue/WLB-2017020050

+ Linux kernel 'ip6_gre.c' Denial of Service Vulnerability
http://www.securityfocus.com/bid/96037

セコム安否確認サービス、メールだけでなくLINEで通知可能に
http://itpro.nikkeibp.co.jp/atcl/news/17/020600387/?ST=security&itp_list_theme

IBMがAgile 3 Solutions買収を完了、データ保護サービスを強化
http://itpro.nikkeibp.co.jp/atcl/news/17/020600380/?ST=security&itp_list_theme

0 件のコメント:
ラベル:

2017年2月6日月曜日

6日 月曜日、仏滅

+ psqlodbc 09.06.0100 released
https://www.postgresql.org/ftp/odbc/versions/msi/

+ CESA-2017:0238 Important CentOS 5 thunderbird Security Update
https://lwn.net/Alerts/713528/

+ CESA-2017:0238 Important CentOS 6 thunderbird Security Update
https://lwn.net/Alerts/713527/

+ CESA-2017:0238 Important CentOS 7 thunderbird Security Update
https://lwn.net/Alerts/713526/

+ Cisco WebEx Browser Extension Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3823

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170130-openssl

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl

+ Linux kernel 4.9.8, 4.4.47 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.8
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.47

+ SA75174 Hitachi Multiple Cosminexus / uCosminexus Products Multiple Denial of Service Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/75174/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6304
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8610

+ hitachi-sec-2017-103 Multiple Vulnerabilities in Cosminexus HTTP Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-103/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6304
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8610

+ hitachi-sec-2017-102 Multiple Vulnerabilities in Cosminexus HTTP Server and Hitachi Web Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-102/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0924
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6306

+ hitachi-sec-2017-103 Cosminexus HTTP Serverにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-103/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6304
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8610

+ hitachi-sec-2017-102 Cosminexus HTTP Server, Hitachi Web Serverにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-102/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0924
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6306

+ Apache Struts 2.5.10 released
http://struts.apache.org/docs/version-notes-2510.html

+ glibc 2.25 released
https://sourceware.org/ml/libc-alpha/2017-02/msg00079.html

+ JVNVU#95841181 Microsoft Windows の SMB Tree Connect Response パケットの処理にメモリ破損の脆弱性
http://jvn.jp/vu/JVNVU95841181/

+ McAfee ePolicy Orchestrator Lets Remote Users Inject SQL Commands
http://www.securitytracker.com/id/1037777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8027

JVN#21114208 Android アプリ「ビジネスLaLa Call」における SSL サーバ証明書の検証不備の脆弱性
http://jvn.jp/jp/JVN21114208/

JVN#01014759 Android アプリ「LaLa Call」における SSL サーバ証明書の検証不備の脆弱性
http://jvn.jp/jp/JVN01014759/

ニュース解説
資生堂子会社のECサイト、無いはずのカード情報が漏れた原因とは
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/020300804/?ST=security&itp_list_theme

カスペルスキー、法人向け仮想化環境用セキュリティ製品の最新版
http://itpro.nikkeibp.co.jp/atcl/news/17/020300375/?ST=security&itp_list_theme

ラック、日本の“セキュリティご意見番”である西本逸郎氏が社長昇格
http://itpro.nikkeibp.co.jp/atcl/news/17/020300373/?ST=security&itp_list_theme

ニュース解説
「忘れられる権利」を問わなかった最高裁決定の意味と、グーグルの安堵
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/020300805/?ST=security&itp_list_theme

IT予算560億円の成果は?リオ五輪のセキュリティ責任者らが語る
http://itpro.nikkeibp.co.jp/atcl/news/17/020300371/?ST=security&itp_list_theme

0 件のコメント:
ラベル:

2017年2月3日金曜日

3日 金曜日、先勝

+ MantisBT 2.1.0 Released
https://www.mantisbt.org/bugs/changelog_page.php?version_id=265

+ RHSA-2017:0238 Important: thunderbird security update
https://rhn.redhat.com/errata/RHSA-2017-0238.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396

+ VU#867968 Microsoft Windows SMB Tree Connect Response memory corruption vulnerability
https://www.kb.cert.org/vuls/id/867968

+ Microsoft Windows Server Message Block SMBv3 Response Processing Bug Lets Remote Users Cause the Target System to Crash
http://www.securitytracker.com/id/1037767

+ OpenBSD 6.0 httpd Content-Length remote DoS
https://cxsecurity.com/issue/WLB-2017020022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5850

ニュース解説
パスワードの管理方法、第1位は何?1万人調査で判明
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/012500790/?ST=security&itp_list_theme

インタビュー&トーク
ネットワーク機能を“箱”の呪縛から解放し、パケット通信と光通信の間の壁をなくす
http://itpro.nikkeibp.co.jp/atcl/interview/14/262522/020100311/?ST=security&itp_list_theme

0 件のコメント:
ラベル:

2017年2月2日木曜日

2日 木曜日、赤口

+ RHSA-2017:0225 Moderate: libtiff security update
https://rhn.redhat.com/errata/RHSA-2017-0225.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9535
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9536
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9540

+ CESA-2017:0225 Moderate CentOS 6 libtiff Security Update
https://lwn.net/Alerts/713251/

+ CESA-2017:0225 Moderate CentOS 7 libtiff Security Update
https://lwn.net/Alerts/713252/

+ Cisco Industrial Ethernet 2000 Series Switches CIP Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3812

+ Cisco Prime Service Catalog URL Redirect Attack Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3810

+ Cisco Prime Home Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3791

+ Cisco Firepower Device Manager Arbitrary Audit Log Entry Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fpw2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3822

+ Cisco Firepower URL Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fpw1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3814

+ Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Command Shell Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fpw
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3806

+ Cisco Firepower Management Center Incomplete Rule Set Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fmc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3809

+ Cisco Email Security Appliance Malformed MIME Header Filtering Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-esa1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3818

+ Cisco cBR Series Converged Broadband Routers List Headers Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-cbr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3824

+ Cisco ASR 1000 Series Aggregation Services Routers SNMP High CPU Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-asrsnmp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3820

+ Linux kernel 4.9.7, 4.4.46, 3.12.70 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.7
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.46
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.70

+ NTP 4.2.8p9 released
http://archive.ntp.org/ntp4/ChangeLog-stable

+ UPDATE: JVNVU#99304449 Apache HTTP Web Server 2.4 における複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99304449/

+ UPDATE: JVNVU#97133859 Apache HTTP Web Server の HTTP/2 プロトコルの処理にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU97133859/

+ UPDATE: JVNVU#92250735 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU92250735/

+ UPDATE: JVNVU#98667810 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU98667810/

+ UPDATE: JVNVU#93163809 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU93163809/index.html

+ UPDATE: JVNVU#97236594 glibc にバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU97236594/index.html

+ Google Chrome HTMLKeygenElement::shadowSelect() Type Confusion
https://cxsecurity.com/issue/WLB-2017020009

+ Apple WebKit HTMLFormElement::reset() Use-After-Free
https://cxsecurity.com/issue/WLB-2017020008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2362

+ Apple WebKit Renderbox Type Confusion
https://cxsecurity.com/issue/WLB-2017020007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2373

+ Apple WebKit HTMLKeygenElement Type Confusion
https://cxsecurity.com/issue/WLB-2017020006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2369

パートナーを探せ!イスラエルCyberTechで日本企業が現地企業に熱視線
http://itpro.nikkeibp.co.jp/atcl/news/17/020200342/?ST=security&itp_list_theme

オリゾンシステムズ、LAN上の振る舞いで脅威を検知・遮断する製品
http://itpro.nikkeibp.co.jp/atcl/news/17/020100339/?ST=security&itp_list_theme

イスラエルでCyberTech 2017開催、ネタニヤフ首相がサイバーテロ対抗で国際協力を宣言
http://itpro.nikkeibp.co.jp/atcl/news/17/020100314/?ST=security&itp_list_theme

UPDATE: JVN#89379547 Apache Commons FileUpload におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN89379547/

JVNVU#95305501 SHDesigns Resident Download Manager がファームウエアを検証しない問題
http://jvn.jp/vu/JVNVU95305501/index.html

0 件のコメント:
ラベル:

2017年2月1日水曜日

1日 水曜日、大安

+ UPDATE: Cisco WebEx Browser Extension Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex

+ UPDATE: Oracle Critical Patch Update Advisory - January 2017
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html

+ VMSA-2017-0001 AirWatch updates address bypass of root detection and local data encryption
http://www.vmware.com/security/advisories/VMSA-2017-0001.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4896

+ VMware AirWatch for Android Flaws Let Local Users Obtain Potentially Sensitive Information and Gain Elevated Privileges
http://www.securitytracker.com/id/1037738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4896

VU#167623 SHDesigns Resident Download Manager does not authenticate firmware downloads
https://www.kb.cert.org/vuls/id/167623

pgwatch2: PostgreSQL monitoring has never been easier before
https://www.postgresql.org/about/news/1731/

ネットワーク図鑑
企業ネットワークの安全を守る、その役割を担うのは?
インターネットと社内LANを結び安全に注力
http://itpro.nikkeibp.co.jp/atcl/column/16/120600291/011900006/?ST=security&itp_list_theme

ドコモが採用、月80万円でクラウド型WAFが”使い放題”になるCSCの新プラン
http://itpro.nikkeibp.co.jp/atcl/news/17/013100311/?ST=security&itp_list_theme

資生堂子会社の情報漏洩で報告書、「SSI脆弱性と複数の事実誤認が原因」
http://itpro.nikkeibp.co.jp/atcl/news/17/013100309/?ST=security&itp_list_theme

NECソリューションイノベータ、職場環境の改善策を提示するクラウドサービスを開始
http://itpro.nikkeibp.co.jp/atcl/news/17/013100305/?ST=security&itp_list_theme

Facebook、新たなパスワードリカバリー手段「Delegated Recovery」を発表
http://itpro.nikkeibp.co.jp/atcl/news/17/013100294/?ST=security&itp_list_theme

0 件のコメント:
ラベル:
登録: 投稿 (Atom)