2017年6月8日木曜日

8日 木曜日、赤口

+ RHSA-2017:1399 Important: chromium-browser security update
https://access.redhat.com/errata/RHSA-2017:1399

+ Cisco Prime Data Center Network Manager Server Static Credential Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm2
CVE-2017-6640

+ Cisco Prime Data Center Network Manager Debug Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm1
CVE-2017-6639

+ Cisco TelePresence Endpoint Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-tele
CVE-2017-6648

+ Cisco AnyConnect Local Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-anyconnect
CVE-2017-6638

+ Cisco Ultra Services Platform Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usp2
CVE-2017-6695

+ Cisco Ultra Services Platform Plaintext Credential Logging Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf6
CVE-2017-6694

+ Cisco Ultra Services Framework Element Manager Insecure Default Account Information Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf5
CVE-2017-6692

+ Cisco Ultra Services Framework Element Manager Insecure Default Password Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf3
CVE-2017-6687

+ Cisco Ultra Services Framework Element Manager Insecure Default Credentials Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf4
CVE-2017-6686

+ Cisco Ultra Services Framework Staging Server Insecure Default Credentials Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf3
CVE-2017-6685

+ Cisco Ultra Services Framework AutoVNF VNFStagingView Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf2
CVE-2017-6681

+ Cisco Ultra Services Framework AutoVNF Arbitrary Direction Creation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf1
CVE-2017-6680

+ Cisco StarOS Arbitrary File Modification Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-staros
CVE-2017-6690

+ Cisco IP Phone 8800 Series SIP Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-sip
CVE-2017-6656

+ Cisco Prime Collaboration Assurance Cross-Site Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-pca
CVE-2017-6659

+ Cisco NX-OS Software Fibre Channel over Ethernet Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-nxos
CVE-2017-6655

+ Cisco Network Convergence System 5500 Series Routers Local Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ncs
CVE-2017-6666

+ Cisco Industrial Network Director Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ind
CVE-2017-6675

+ Cisco Firepower Management Center Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-fmc
CVE-2017-6673

+ Cisco Elastic Services Controller Web Interface System Credentials Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc9
CVE-2017-6697

+ Cisco Elastic Services Controller User Credentials Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc8
CVE-2017-6696

+ Cisco Elastic Services Controller Unauthorized Directory Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc7
CVE-2017-6693

+ Cisco Elastic Services Controller Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc6
CVE-2017-6691

+ Cisco Elastic Services Controller Insecure Default Administrator Credentials Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc5
CVE-2017-6689

+ Cisco Elastic Services Controller Insecure Default Password Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc4
CVE-2017-6688

+ Cisco Elastic Services Controller Insecure Default Credentials Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc3
CVE-2017-6684

+ Cisco Elastic Services Controller Authentication Request Processing Arbitrary Command Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc2
CVE-2017-6683

+ Cisco Elastic Services Controller Arbitrary Command Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc1
CVE-2017-6682

+ Cisco Email Security Appliance Attachment Filter Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa1
CVE-2017-6671

+ Cisco Email Security and Content Security Management Appliance Message Tracking Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa
CVE-2017-6661

+ Cisco Unified Communications Domain Manager SQL Injection Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-cucm2
CVE-2017-6668

+ Cisco Unified Communications Domain Manager Open Redirect Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-cucm1
CVE-2017-6670

+ Cisco Context Service SDK Arbitrary Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ccs
CVE-2017-6667

+ Linux kernel 4.11.4, 4.9.31, 4.4.71, 3.18.56 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.4
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.31
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.71
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.56

+ VMSA-2017-0010 vSphere Data Protection (VDP) updates address multiple security issues.
http://www.vmware.com/security/advisories/VMSA-2017-0010.html
CVE-2017-4914
CVE-2017-4917

+ JVNVU#95420726 Apache Tomcat にセキュリティ制限回避の脆弱性
http://jvn.jp/vu/JVNVU95420726/index.html
CVE-2017-5664

+ VMware vSphere Data Protection Java Deserialization Error Lets Remote Users Execute Arbitrary Code and Password Encryption Method Lets Local Users Obtain Plaintext Password
http://www.securitytracker.com/id/1038617
CVE-2017-4914
CVE-2017-4917

VU#350135 Various WiMAX routers contain a authentication bypass vulnerability in custom libmtk httpd plugin
https://www.kb.cert.org/vuls/id/350135

PGConf.EU 2017 Call for Papers and Sponsors
https://www.postgresql.org/about/news/1754/

check_pgactivity 2.2 released
https://www.postgresql.org/about/news/1753/

JVNDB-2017-000125 AppCheck における実行ファイル呼び出しに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000125.html

常識破りのIoTセキュリティ
IoTビジネスとセキュリティを3段階と4要素で理解する
http://itpro.nikkeibp.co.jp/atcl/column/17/052900219/053000005/?ST=security&itp_list_theme

今日も誰かが狙われる
“正義のウイルス”出現!?脆弱なIoT機器を使用不能に
http://itpro.nikkeibp.co.jp/atcl/column/17/050800181/060500003/?ST=security&itp_list_theme

IoT時代の最新SELinux入門
邪魔者扱いはもう卒業、SELinuxで守るIoTセキュリティ
http://itpro.nikkeibp.co.jp/atcl/column/17/041900153/052500001/?ST=security&itp_list_theme

5 Tips For Choosing The Right Open Source Code
http://www.linuxsecurity.com/content/view/171696/169/

Encryption leaves authorities 'not in a good place': Former US intelligence chief
http://www.linuxsecurity.com/content/view/171695/169/

The Dark Web is the place to go to find bugs before public disclosure
http://www.linuxsecurity.com/content/view/171694/169/

ラベル:

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)