:: IT Security Neophyte Investigator's MEMO ::: 21日木曜日、先負

2017年9月21日木曜日

21日木曜日、先負

+ ADV170015 | 深さの更新で Microsoft Office 防衛
https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/ADV170015

+ About the security content of Xcode 9
https://support.apple.com/ja-jp/HT208103
CVE-2017-1000117
CVE-2017-7076
CVE-2017-7134
CVE-2017-7135
CVE-2017-7136
CVE-2017-7137
CVE-2017-9800

+ About the security content of tvOS 11
https://support.apple.com/ja-jp/HT208113
CVE-2017-7103
CVE-2017-7105
CVE-2017-7108
CVE-2017-7110
CVE-2017-7112
CVE-2017-7115
CVE-2017-7116

+ About the security content of watchOS 4
https://support.apple.com/ja-jp/HT208115
CVE-2017-7103
CVE-2017-7105
CVE-2017-7108
CVE-2017-7110
CVE-2017-7112
CVE-2017-7116

+ About the security content of Safari 11
https://support.apple.com/ja-jp/HT208116
CVE-2017-7085
CVE-2017-7089
CVE-2017-7106

+ About the security content of iOS 11
https://support.apple.com/ja-jp/HT208112
CVE-2017-7088
CVE-2017-7072
CVE-2017-7097
CVE-2017-7118
CVE-2017-7133
CVE-2017-7085
CVE-2017-7106
CVE-2017-7089

+ CESA-2017:2771 Important CentOS 7 emacs Security Update
https://lwn.net/Alerts/734254/

+ UPDATE: Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp

+ Cisco Small Business Managed Switches Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-sbms
CVE-2017-6720

+ Cisco Email Security Appliance Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-esa
CVE-2017-12215

+ Cisco Unified Customer Voice Portal Operations Console Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cvp
CVE-2017-12214

+ Cisco Wide Area Application Services HTTP Application Optimization Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-waas
CVE-2017-12250

+ Cisco UCS Central Software Command Line Interface Restricted Shell Break Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-ucs
CVE-2017-12255

+ Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-spa
CVE-2017-12219

+ Cisco FindIT DLL Preloading Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-findit
CVE-2017-12252

+ Cisco Unified Intelligence Center Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic2
CVE-2017-12254

+ Cisco Unified Intelligence Center User Interface Cross-Site Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic1
CVE-2017-12253

+ Cisco Unified Intelligence Center Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic
CVE-2017-12248

+ Linux kernel 4.13.3, 4.12.14, 4.9.51 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.3
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.14
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.51

+ Samba 4.6.8, 4.5.14 and 4.4.16 Security Releases Available
https://www.samba.org/samba/history/samba-4.6.8.html
https://www.samba.org/samba/history/samba-4.5.14.html
https://www.samba.org/samba/history/samba-4.4.16.html
CVE-2017-12150
CVE-2017-12151
CVE-2017-12163

+ JVNVU#99259676 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99259676/
CVE-2017-12615
CVE-2017-12616

+ JVNVU#99806334 複数の Apple 製品における脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99806334/

+ JVNVU#90447827 InterScan Web Security シリーズの複数製品におけるコードインジェクションの脆弱性
http://jvn.jp/vu/JVNVU90447827/
CVE-2017-11396

+ UPDATE: JVNVU#95513538 様々な Bluetooth 実装に複数の脆弱性
http://jvn.jp/vu/JVNVU95513538/index.html

+ Apache Tomcat VirtualDirContext Flaw Lets Remote Users View JSP Source Code for the Affected Resource
http://www.securitytracker.com/id/1039393
CVE-2017-12616

+ Apache Tomcat on Windows HTTP PUT Request Processing Flaw Lets Remote Users Execute Arbitrary Code on the Target System
http://www.securitytracker.com/id/1039392
CVE-2017-12615

+ Apache HTTPD Use-After-Free Memory Error in Processing HTTP OPTIONS Requests Lets Remote Users Obtain Potentially Sensitive Information on the Target System in Certain Cases
http://www.securitytracker.com/id/1039387
CVE-2017-9798

+ Microsoft Edge 38.14393.1066.0 COptionsCollectionCacheItem::GetAt Out-of-Bounds Read
https://cxsecurity.com/issue/WLB-2017090154

+ Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/100901
CVE-2017-12615

+ Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/100897
CVE-2017-12616

Realese PoWA v3.1.1
https://www.postgresql.org/about/news/1782/

セキュリティ診断のイロハ
攻撃者が狙うシステムの弱点は5つ
http://itpro.nikkeibp.co.jp/atcl/column/17/061600244/091100010/?ST=security&itp_list_theme

わずか400台のボットネットから75GbpsのDDoS攻撃、アカマイが注意呼びかけ
http://itpro.nikkeibp.co.jp/atcl/news/17/092002281/?ST=security&itp_list_theme

アクロニスのバックアップソフト「True Image 2018」、稼働中の複製が可能に
http://itpro.nikkeibp.co.jp/atcl/news/17/092002278/?ST=security&itp_list_theme

Equifax's disastrous Struts patching blunder: THOUSANDS of other orgs did it too
http://www.linuxsecurity.com/content/view/175903/169/

Cloud Security Error Exposes Half a Million Voters' Personal Information
http://www.linuxsecurity.com/content/view/175902/169/

First ever crypto-mining Chrome extension discovered
http://www.linuxsecurity.com/content/view/175901/169/

:: IT Security Neophyte Investigator's MEMO ::

2017年9月21日木曜日

21日木曜日、先負

0 件のコメント:

コメントを投稿

2017年9月21日木曜日

21日 木曜日、先負

0 件のコメント:

コメントを投稿

21日木曜日、先負