2018年3月29日木曜日

29日 木曜日、友引

+ CESA-2018:0592 Important CentOS 7 slf4j Security Update
https://lwn.net/Articles/750262/

+ Cisco IOS XE Software Static Credential Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-xesc
CVE-2018-0150

+ Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2
CVE-2018-0171

+ Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos
CVE-2018-0151

+ Cisco IOS XE Software Web UI Remote Access Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-xepriv
CVE-2018-0152

+ Cisco IOS XE Software Simple Network Management Protocol Double-Free Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp-dos
CVE-2018-0160

+ Cisco IOS Software Simple Network Management Protocol GET MIB Object ID Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp
CVE-2018-0161

+ Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi
CVE-2018-0156

+ Cisco IOS XE Software User EXEC Mode Root Shell Access Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-privesc1
CVE-2018-0169
CVE-2018-0176

+ Cisco IOS XE Software with Cisco Umbrella Integration Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-opendns-dos
CVE-2018-0170

+ Cisco IOS, IOS XE, and IOS XR Software Link Layer Discovery Protocol Buffer Overflow Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp
CVE-2018-0167
CVE-2018-0175

+ Cisco IOS XE Software for Cisco Catalyst Switches IPv4 Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ipv4
CVE-2018-0177

+ Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ike-dos
CVE-2018-0159

+ Cisco IOS and IOS XE Software Internet Key Exchange Memory Leak Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ike
CVE-2018-0158

+ Cisco IOS XE Software Internet Group Management Protocol Memory Leak Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-igmp
CVE-2018-0165

+ Cisco IOS XE Software Zone-Based Firewall IP Fragmentation Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-fwip
CVE-2018-0157

+ Cisco IOS Software Integrated Services Module for VPN Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dos
CVE-2018-0154

+ Cisco IOS and IOS XE Software DHCP Version 4 Relay Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr3
CVE-2018-0174

+ Cisco IOS and IOS XE Software DHCP Version 4 Relay Reply Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr2
CVE-2018-0173

+ Cisco IOS and IOS XE Software DHCP Version 4 Relay Heap Overflow Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr1
CVE-2018-0172

+ Cisco IOS and IOS XE Software Bidirectional Forwarding Detection Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-bfd
CVE-2018-0155

+ Cisco IOS XE Software Arbitrary File Write Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-wfw
CVE-2018-0196

+ Cisco IOS XE Software Web UI Cross-Site Scripting Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-webuixss
CVE-2018-0186
CVE-2018-0188
CVE-2018-0190

+ Cisco IOS Software Login Enhancements Login Block Denial of Service Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-slogin
CVE-2018-0179
CVE-2018-0180

+ Cisco IOS XE Software Switch Integrated Security Features IPv6 Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-sisf
CVE-2018-0164

+ Cisco IOS XE Software REST API Authorization Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-rest
CVE-2018-0195

+ Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers Privileged EXEC Mode Root Shell Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-privesc3
CVE-2018-0183

+ Cisco IOS XE Software Privileged EXEC Mode Root Shell Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-privesc2
CVE-2018-0184

+ Cisco IOS Software 802.1x Multiple-Authentication Port Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dot1x
CVE-2018-0163

+ Cisco IOS XE Software CLI Command Injection Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-cmdinj
CVE-2018-0182
CVE-2018-0185
CVE-2018-0193

+ Cisco IOS and IOS XE Software Forwarding Information Base Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-FIB-dos
CVE-2018-0189

+ Linux kernel 4.15.14, 4.14.31, 4.9.91, 4.4.125, 4.1.51 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.14
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.31
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.91
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.125
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.51

+ Apache Ant 1.9.11 and 1.10.3 Released
http://ant.apache.org/

+ UPDATE: JVNVU#95420726 Apache Tomcat にセキュリティ制限回避の脆弱性
http://jvn.jp/vu/JVNVU95420726/index.html

+ UPDATE: JVN#89379547 Apache Commons FileUpload におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN89379547/index.html

+ JVNVU#93502675 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU93502675/index.html
CVE-2017-3738
CVE-2018-0733
CVE-2018-0739

+ Linux Kernel < 4.15.4 show_floppy KASLR Address Leak
https://cxsecurity.com/issue/WLB-2018030236

[AWS Black Belt Online Seminar] データウェアハウスのAWSへの移行 資料及びQA公開
https://aws.amazon.com/jp/blogs/news/aws-black-belt-online-seminar-migrating-dwh2aws/

ニュース解説
仮想通貨を不正に採掘する話題のウイルスに感染してみた
http://tech.nikkeibp.co.jp/atcl/nxt/column/18/00001/00222/?ST=nxt_thmit_security

記者の眼
流出NEMは「全額交換」が濃厚に、なぜ阻止できなかったか
http://tech.nikkeibp.co.jp/atcl/nxt/column/18/00138/032700035/?ST=nxt_thmit_security

IoT/5G時代に合わせたセキュリティ機能を提供、トレンドマイクロが事業戦略発表会
http://tech.nikkeibp.co.jp/atcl/nxt/news/18/00633/?ST=nxt_thmit_security

UPDATE: JVNVU#99757346 Android Platform の URLConnection クラスに HTTP ヘッダインジェクションの脆弱性
http://jvn.jp/vu/JVNVU99757346/index.html

UPDATE: JVN#48135658 複数のルータ製品におけるクリックジャッキングの脆弱性
http://jvn.jp/jp/JVN48135658/index.html

ラベル:

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)