2017年4月6日木曜日

6日 木曜日、赤口

+ iOS 10.3.1 のセキュリティコンテンツについて
https://support.apple.com/ja-jp/HT207688
CVE-2017-6975

+ About the security content of Apple Music 2.0 for Android
https://support.apple.com/ja-jp/HT207605
CVE-2017-2387

+ Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame
CVE-2017-3834

+ Cisco Wireless LAN Controller Management GUI Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc3
CVE-2017-3832

+ Cisco Wireless LAN Controller IPv6 UDP Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc2
CVE-2016-9219

+ Cisco Wireless LAN Controller 802.11 WME Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc
CVE-2016-9194

+ Cisco Wireless LAN Controller RADIUS Change of Authorization Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc1
CVE-2016-9195

+ Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs1
CVE-2017-6600

+ Cisco UCS Director Virtual Machine Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm1
CVE-2017-3817

+ Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Debug Plug-in Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs
CVE-2017-6598

+ Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm1
CVE-2017-3888

+ Cisco Unified Communications Manager SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm
CVE-2017-3886

+ Cisco Registered Envelope Service Open Redirect Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-res
CVE-2017-3889

+ Cisco IOS XE Software Startup Script Local Command Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-iosxe
CVE-2017-6606

+ Cisco IOS XR Software Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ios
CVE-2017-6599

+ Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Web Interface Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cpi
CVE-2017-3884

+ Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers Shell Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cme
CVE-2016-9197

+ Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli2
CVE-2017-6602

+ Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli1
CVE-2017-6601

+ Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance local-mgmt CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli
CVE-2017-6597

+ Cisco Integrated Management Controller Redirection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cimc
CVE-2017-6604

+ Cisco Firepower Detection Engine SSL Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw1
CVE-2017-3887

+ Cisco Firepower Detection Engine SSL Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw
CVE-2017-3885

+ Cisco ASR 903 and ASR 920 Series Devices IPv6 Packet Processing Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-asr
CVE-2017-6603

+ Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms Shell Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-aironet
CVE-2016-9196

+ Linux kernel 3.16.43, 3.2.88 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.43
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.88

+ SA76222 Linux Kernel Encryption Policy Security Bypass Vulnerability
https://secuniaresearch.flexerasoftware.com/advisories/76222/
CVE-2016-10318

+ Mozilla Thunderbird 52.0 released
https://www.mozilla.org/en-US/thunderbird/52.0/releasenotes/

+ macOS/iOS Kernel 10.12.3 Double-Free Due to Bad Locking in fsevents Device
https://cxsecurity.com/issue/WLB-2017040021
CVE-2017-2490

+ Apple Webkit 'JSCallbackData' Universal Cross-Site Scripting
https://cxsecurity.com/issue/WLB-2017040020
CVE-2017-2442

+ Apple WebKit 10.0.2 'Frame::setDocument (1)' Universal Cross-Site Scripting
https://cxsecurity.com/issue/WLB-2017040019
CVE-2017-2364

+ Apple WebKit 10.0.2 'constructJSReadableStreamDefaultReader' Type Confusion
https://cxsecurity.com/issue/WLB-2017040018
CVE-2017-2457

+ Apple WebKit 10.0.2(12602.3.12.0.1) 'disconnectSubframes' Universal Cross-Site
https://cxsecurity.com/issue/WLB-2017040017
CVE-2017-2445

+ Apple Webkit Cross-Site Scripting (Named Property from an Unloaded Window)
https://cxsecurity.com/issue/WLB-2017040016
CVE-2017-2367

社長に「よし、分かった」と言わせるセキュリティ会話術
「ルールを守らせろ」と言われても、破られる前提で対策しておこう
http://itpro.nikkeibp.co.jp/atcl/column/17/021400032/032900007/?ST=security&itp_list_theme

ウフルとZenmuTechが提携、IoTの通信費低減やセキュリティ向上で
http://itpro.nikkeibp.co.jp/atcl/news/17/040501041/?ST=security&itp_list_theme

GMO-PG、Struts2脆弱性によるクレジットカード情報流出が確定
http://itpro.nikkeibp.co.jp/atcl/news/17/040501031/?ST=security&itp_list_theme

Web制作会社の迷惑メール送信は放置されたWordPressが原因
http://itpro.nikkeibp.co.jp/atcl/news/17/040501029/?ST=security&itp_list_theme

How Hackers Hijacked a Bank’s Entire Online Operation
http://www.linuxsecurity.com/content/view/171149/169/

After Congress revokes Internet privacy rules, downloads double of VPN-equipped Opera browser
http://www.linuxsecurity.com/content/view/171148/169/

Tim Berners-Lee, Inventor of the Web, Wins $1 Million Turing Award 2016
http://www.linuxsecurity.com/content/view/171147/169/

ラベル:

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)