+ RHSA-2017:1095 Important: bind security update
https://rhn.redhat.com/errata/RHSA-2017-1095.html
CVE-2017-3136
CVE-2017-3137
+ Google Chrome 58.0.3029.81 released
https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html
CVE-2017-5057
CVE-2017-5058
CVE-2017-5059
CVE-2017-5060
CVE-2017-5061
CVE-2017-5062
CVE-2017-5063
CVE-2017-5064
CVE-2017-5065
CVE-2017-5066
CVE-2017-5067
CVE-2017-5069
+ Mozilla Firefox 53.0 released
https://www.mozilla.org/en-US/firefox/53.0/releasenotes/
+ Mozilla Foundation Security Advisory 2017-10 Security vulnerabilities fixed in Firefox 53
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/
CVE-2017-5433
CVE-2017-5435
CVE-2017-5436
CVE-2017-5461
CVE-2017-5459
CVE-2017-5466
CVE-2017-5434
CVE-2017-5432
CVE-2017-5460
CVE-2017-5438
CVE-2017-5439
CVE-2017-5440
CVE-2017-5441
CVE-2017-5442
CVE-2017-5464
CVE-2017-5443
CVE-2017-5444
CVE-2017-5446
CVE-2017-5447
CVE-2017-5465
CVE-2017-5448
CVE-2017-5437
CVE-2017-5454
CVE-2017-5455
CVE-2017-5456
CVE-2017-5469
CVE-2017-5445
CVE-2017-5449
CVE-2017-5450
CVE-2017-5451
CVE-2017-5462
CVE-2017-5463
CVE-2017-5467
CVE-2017-5452
CVE-2017-5453
CVE-2017-5458
CVE-2017-5468
CVE-2017-5430
CVE-2017-5429
+ CESA-2017:0979 Moderate CentOS 6 libreoffice Security Update
https://lwn.net/Alerts/720384/
+ Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability Affecting Cisco Products
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2
CVE-2017-5638
+ Cisco Unified Communications Manager Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm
CVE-2017-3808
+ Cisco Firepower Detection Engine Pragmatic General Multicast Protocol Decoding Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-fpsnort
CVE-2016-6368
+ Cisco IOS and IOS XE Software EnergyWise Denial of Service Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-energywise
CVE-2017-3860
CVE-2017-3861
CVE-2017-3862
+ Cisco ASA Software Internet Key Exchange Version 1 XAUTH Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-xauth
CVE-2017-6610
+ Cisco ASA Software SSL/TLS Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-tls
CVE-2017-6608
+ Cisco ASA Software IPsec Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-ipsec
CVE-2017-6609
+ Cisco ASA Software DNS Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-dns
CVE-2017-6607
+ Cisco Prime Network Registrar DNS Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-prime-dns
CVE-2017-6613
+ Cisco IOS XE Software Simple Network Management Protocol Subsystem Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ios-xe-snmp
CVE-2017-6615
+ Cisco FindIT Network Probe Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-findit
CVE-2017-6614
+ Cisco Prime Infrastructure Web Framework Code Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cpi
CVE-2017-6611
+ Cisco Integrated Management Controller Arbitrary Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3
CVE-2017-6616
+ Cisco Integrated Management Controller User Session Hijacking Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2
CVE-2017-6617
+ Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc1
CVE-2017-6618
+ Cisco Integrated Management Controller Command Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc
CVE-2017-6619
+ Cisco ASA Software and Cisco FTD Software TCP Normalizer Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-norm
CVE-2017-3793
+ cURL 7.54.0 released
https://curl.haxx.se/changes.html#7_54_0
+ Apache Tomcat 8.5.14 Released
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.14_(markt)
+ Apache Tomcat 9.0.0.M20 (alpha) Released
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.0.M20_(markt)
+ ISC BIND 9.11.1, 9.10.5, 9.9.10 released
http://ftp.isc.org/isc/bind9/9.11.1/CHANGES
http://ftp.isc.org/isc/bind9/9.10.5/CHANGES
http://ftp.isc.org/isc/bind9/9.9.10/CHANGES
+ Microsoft Office Word RTF RCE vulnerability to gain meterpreter shell *youtube
https://cxsecurity.com/issue/WLB-2017040123
CVE-2017-0199
+ Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution
https://cxsecurity.com/issue/WLB-2017040122
CVE-2016-7552
CVE-2016-7547
+ Microsoft Windows taskschd.msc Privilege Escalation
https://cxsecurity.com/issue/WLB-2017040115
+ Apache Struts Vulnerability (Ruby Exploit)
https://cxsecurity.com/issue/WLB-2017040114
CVE-2017-5638
New version of MySQL-to-PostgreSQL has been released
https://www.postgresql.org/about/news/1741/
JVNDB-2017-000071 SEIL シリーズルータにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000071.html
社長に「よし、分かった」と言わせるセキュリティ会話術
「その説明では分からん」と言われたら、効果を“見える化”しよう
http://itpro.nikkeibp.co.jp/atcl/column/17/021400032/041100009/?ST=security&itp_list_theme
百社百様、我が社のCSIRT
[ヤマハ発動機]リアル消防団員が率いるCSIRT、初期消火に徹する
http://itpro.nikkeibp.co.jp/atcl/column/16/080500167/041800012/?ST=security&itp_list_theme
タブレットを「ロックしない」利用者は4割超、シマンテックの調査結果
http://itpro.nikkeibp.co.jp/atcl/news/17/041901205/?ST=security&itp_list_theme
Sneaky Exploit Allows Phishing Attacks From Sites That Look Secure
http://www.linuxsecurity.com/content/view/171235/169/
Encryption: Usage grows again, but only at snail's pace
http://www.linuxsecurity.com/content/view/171234/169/
0 件のコメント:
コメントを投稿