2017年2月9日木曜日

9日 木曜日、先勝

+ Mozilla Thunderbird 45.7.1 released
https://www.mozilla.org/en-US/thunderbird/45.7.1/releasenotes/

+ CVE-2017-3135: Combination of DNS64 and RPZ Can Lead to Crash
https://kb.isc.org/article/AA-01453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3135

+ UPDATE: Cisco ASA Clientless SSL VPN CIFS Heap Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170208-asa

+ Cisco AnyConnect Secure Mobility Client for Windows SBL Privileges Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170208-anyconnect
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3813

+ Linux kernel 3.18.48 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.48

+ SA75275 Linux Kernel "aio_mount()" Security Bypass Vulnerability
https://secuniaresearch.flexerasoftware.com/advisories/75275/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10044

+ ISC BIND 9.11.0-P3, 9.10.4-P6, 9.9.9-P6 released
http://ftp.isc.org/isc/bind9/9.11.0-P3/CHANGES
http://ftp.isc.org/isc/bind9/9.10.4-P6/CHANGES
http://ftp.isc.org/isc/bind9/9.9.9-P6/CHANGES

+ UPDATE: JVNVU#95841181 Microsoft Windows の SMB Tree Connect Response パケットの処理にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU95841181/

+ Linux Kernel IPv6 Out-of-bounds Memory Read Bug Lets Remote Users Obtain Potentially Sensitive Information on the Target System
http://www.securitytracker.com/id/1037794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5897

+ GNU/bash v4.4 autocompletion Code execution vulnerability
https://cxsecurity.com/issue/WLB-2017020061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5932

+ GNU Bash CVE-2017-5932 Multiple Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/96136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5932

+ Trend Micro Control Manager Multiple Directory Traversal Vulnerabilities
http://www.securityfocus.com/bid/96131

+ Trend Micro Control Manager Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/96123

VU#745607 Accellion FTP server contains information exposure and cross-site scripting vulnerabilities
https://www.kb.cert.org/vuls/id/745607

UPDATE: JVNVU#92879974 スマートフォンアプリ「ShoreTel Mobility Client」に SSL サーバ証明書の検証不備の脆弱性
http://jvn.jp/vu/JVNVU92879974/

IPAが産業サイバーセキュリティセンター、センター長に日立の中西会長
http://itpro.nikkeibp.co.jp/atcl/news/17/020800412/?ST=security&itp_list_theme

ラベル:

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)