資安新聞及事件週報 2017/7/24 ~ 2017/7/28
1.重大弱點漏洞
Cisco AsyncOS Software 漏洞(CVE-2017-6746)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa1
Cisco Email Security和Content Security Management Appliance 跨站腳本漏洞
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa
思科 IOS/ IOS XE 多個漏洞
http://securitytracker.com/id/1038999
http://securitytracker.com/id/1038997
http://securitytracker.com/id/1038998
VMware vCenter Server 遠端認證漏洞 CVE-2017-4919
https://kb.vmware.com/kb/2151027
http://securitytracker.com/id/1039004
https://www.vmware.com/security/advisories/VMSA-2017-0012.html
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2151027
Microsoft Exchange Server跨站腳本漏洞
https://nvd.nist.gov/vuln/detail/CVE-2017-8560
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA)
關於Sudo get_process_ttyname() (Linux
CVE-2017-1000367)與Proxy命令注入遠端程式碼執行等安全性弱點
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000367
IBM 釋出Cisco MDS系列交換器安全更新
http://0rz.tw/2rwyO
https://www.us-cert.gov/ncas/current-activity/2017/07/21/IBM-Cisco-Security-Update
2017年7月28日 星期五
2017年7月21日 星期五
資安新聞及事件週報 2017/7/17 ~ 2017/7/21
資安新聞及事件週報 2017/7/17 ~ 2017/7/21
1.重大弱點漏洞
SAP 發布安全漏洞報告:修復影響5000 億次安裝的SAP POS 漏洞
http://hackernews.cc/archives/12307
關於Samba Orpheus' Lyre KDC-REP服務名校驗漏洞通知
http://bbs.qcloud.com/thread-33652-1-1.html
Samba 軟體存在安全性弱點(CVE-2017-11103)
https://www.us-cert.gov/ncas/current-activity/2017/07/12/Samba-Releases-Security-Updates
https://www.samba.org/samba/
鎖定「SambaCry」漏洞的新威脅現身, Linux 使用者請盡速更新系統
https://blog.trendmicro.com.tw/?p=51159
未來四年之內,零時差漏洞出現的頻率很可能提高到每天一次
https://blog.trendmicro.com.tw/?p=50864
FreeRADIUS 安全漏洞
http://freeradius.org/security/fuzzer-2017.html
Trend Micro Control Manager (TMCM) 6.0安全性弱點
http://files.trendmicro.com/products/tmcm/06/patch/Readme_tmcm_60_win_en_sp3_patch3.txt
Siemens SIMATIC WinCC Sm@rtClient for Android中間人攻擊漏洞
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-589378.pdf
思科WebEx爆高危漏洞,允許遠程執行代碼
https://www.hackeye.net/securitytetchnology/netsec/6445.aspx
VMware虛擬機逃逸漏洞攻擊代碼
http://www.weibo.com/1645903643/Fdh9uaijT?type=comment#_rnd1500654171991
IBM HTTP Server 多個漏洞
http://www.ibm.com/support/docview.wss?uid=swg22005280
1.重大弱點漏洞
SAP 發布安全漏洞報告:修復影響5000 億次安裝的SAP POS 漏洞
http://hackernews.cc/archives/12307
關於Samba Orpheus' Lyre KDC-REP服務名校驗漏洞通知
http://bbs.qcloud.com/thread-33652-1-1.html
Samba 軟體存在安全性弱點(CVE-2017-11103)
https://www.us-cert.gov/ncas/current-activity/2017/07/12/Samba-Releases-Security-Updates
https://www.samba.org/samba/
鎖定「SambaCry」漏洞的新威脅現身, Linux 使用者請盡速更新系統
https://blog.trendmicro.com.tw/?p=51159
未來四年之內,零時差漏洞出現的頻率很可能提高到每天一次
https://blog.trendmicro.com.tw/?p=50864
FreeRADIUS 安全漏洞
http://freeradius.org/security/fuzzer-2017.html
Trend Micro Control Manager (TMCM) 6.0安全性弱點
http://files.trendmicro.com/products/tmcm/06/patch/Readme_tmcm_60_win_en_sp3_patch3.txt
Siemens SIMATIC WinCC Sm@rtClient for Android中間人攻擊漏洞
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-589378.pdf
思科WebEx爆高危漏洞,允許遠程執行代碼
https://www.hackeye.net/securitytetchnology/netsec/6445.aspx
VMware虛擬機逃逸漏洞攻擊代碼
http://www.weibo.com/1645903643/Fdh9uaijT?type=comment#_rnd1500654171991
IBM HTTP Server 多個漏洞
http://www.ibm.com/support/docview.wss?uid=swg22005280
2017年7月14日 星期五
資安新聞及事件週報 2017/7/10 ~ 2017/7/14
資安新聞及事件週報 2017/7/10 ~ 2017/7/14
1.重大弱點漏洞
Struts 2 再曝高危遠程代碼執行漏洞
https://zhuanlan.zhihu.com/p/27762032
https://cwiki.apache.org/confluence/display/WW/S2-048
微軟7月安全性更新 這項漏洞最好先修補
http://www.cna.com.tw/news/ait/201707130386-1.aspx
Samba 繞過保安限制漏洞
https://www.us-cert.gov/ncas/current-activity/2017/07/12/Samba-Releases-Security-Updates
https://www.samba.org/samba/security/CVE-2017-11103.html
微軟Windows作業系統的NTLM驗證通訊協定存在允許攻擊者透過重送攻擊進而取得整個網域控制權之漏洞(CVE-2017-8563)
https://www.nccst.nat.gov.tw/VulnerabilityDetail.aspx?lang=zh&seq=1065
Apache mod_http2 及 mod_auth_digest 多個漏洞
http://securitytracker.com/id/1038907
http://securitytracker.com/id/1038906
Apache Struts 遠端執行程式碼漏洞
http://www.cnvd.org.cn/flaw/show/CNVD-2017-13259
http://securitytracker.com/id/1038838
微軟發布7月補丁修復55個安全問題
http://blog.nsfocus.net/microsoft-released-july-patch-fix-55-security-issues/
Samba釋出重大安全更新 CVE-2017-11103
https://www.samba.org/samba/security/CVE-2017-11103.html
https://www.us-cert.gov/ncas/current-activity/2017/07/12/Samba-Releases-Security-Updates
RoundCube Webmail 多個權限提升漏洞(CVE-2017-8114)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8114
Adobe Flash Player 及Adobe Connect 存在多個安全性弱點
https://www.us-cert.gov/ncas/current-activity/2017/07/11/Adobe-Releases-Security-Updates
https://helpx.adobe.com/security/products/flash-player/apsb17-21.html
https://helpx.adobe.com/security/products/connect/apsb17-22.html
微軟修補19個重大安全漏洞
http://www.ithome.com.tw/news/115546
微軟釋出Windows重大更新 保護資料動作快
https://www.nownews.com/news/20170713/2588338
Juniper Junos 多個漏洞
https://www.auscert.org.au/bulletins/49870
https://www.auscert.org.au/bulletins/49846
1.重大弱點漏洞
Struts 2 再曝高危遠程代碼執行漏洞
https://zhuanlan.zhihu.com/p/27762032
https://cwiki.apache.org/confluence/display/WW/S2-048
微軟7月安全性更新 這項漏洞最好先修補
http://www.cna.com.tw/news/ait/201707130386-1.aspx
Samba 繞過保安限制漏洞
https://www.us-cert.gov/ncas/current-activity/2017/07/12/Samba-Releases-Security-Updates
https://www.samba.org/samba/security/CVE-2017-11103.html
微軟Windows作業系統的NTLM驗證通訊協定存在允許攻擊者透過重送攻擊進而取得整個網域控制權之漏洞(CVE-2017-8563)
https://www.nccst.nat.gov.tw/VulnerabilityDetail.aspx?lang=zh&seq=1065
Apache mod_http2 及 mod_auth_digest 多個漏洞
http://securitytracker.com/id/1038907
http://securitytracker.com/id/1038906
Apache Struts 遠端執行程式碼漏洞
http://www.cnvd.org.cn/flaw/show/CNVD-2017-13259
http://securitytracker.com/id/1038838
微軟發布7月補丁修復55個安全問題
http://blog.nsfocus.net/microsoft-released-july-patch-fix-55-security-issues/
Samba釋出重大安全更新 CVE-2017-11103
https://www.samba.org/samba/security/CVE-2017-11103.html
https://www.us-cert.gov/ncas/current-activity/2017/07/12/Samba-Releases-Security-Updates
RoundCube Webmail 多個權限提升漏洞(CVE-2017-8114)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8114
Adobe Flash Player 及Adobe Connect 存在多個安全性弱點
https://www.us-cert.gov/ncas/current-activity/2017/07/11/Adobe-Releases-Security-Updates
https://helpx.adobe.com/security/products/flash-player/apsb17-21.html
https://helpx.adobe.com/security/products/connect/apsb17-22.html
微軟修補19個重大安全漏洞
http://www.ithome.com.tw/news/115546
微軟釋出Windows重大更新 保護資料動作快
https://www.nownews.com/news/20170713/2588338
Juniper Junos 多個漏洞
https://www.auscert.org.au/bulletins/49870
https://www.auscert.org.au/bulletins/49846
2017年7月7日 星期五
資安新聞及事件週報 2017/7/3 ~ 2017/7/7
資安新聞及事件週報 2017/7/3 ~ 2017/7/7
1.重大弱點漏洞
[重要通知] 【安全預警】關於Systemd遠程代碼執行漏洞通知
http://bbs.qcloud.com/thread-32573-1-1.html
CentOS 7發佈內核安全更新:修復五處漏洞
http://www.cnbeta.com/articles/soft/627595.htm
10塊錢買你隱私 簡單四步就能破解家庭攝像頭
http://news.sina.com.tw/article/20170703/22894886.html
英特爾芯片嚴重漏洞 西門子38款工業產品中招
http://it.big5.enorth.com.cn/system/2017/07/06/033300755.shtml
Huawei AR1220 安全漏洞
http://www.huawei.com/en/psirt/security-advisories/hw-417840
IBM WebSphere 應用程式伺服器多個漏洞
https://www.auscert.org.au/bulletins/49530
Cisco Elastic Services Controller 安全漏洞
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2
ISC BIND安全限制繞過漏洞(CVE-2017-3142)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3142
特定版本Samba軟體存在允許攻擊者遠端執行任意程式碼之漏洞(CVE-2017-7494)
https://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1062
SWFTools 安全漏洞
https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8420
1.重大弱點漏洞
[重要通知] 【安全預警】關於Systemd遠程代碼執行漏洞通知
http://bbs.qcloud.com/thread-32573-1-1.html
CentOS 7發佈內核安全更新:修復五處漏洞
http://www.cnbeta.com/articles/soft/627595.htm
10塊錢買你隱私 簡單四步就能破解家庭攝像頭
http://news.sina.com.tw/article/20170703/22894886.html
英特爾芯片嚴重漏洞 西門子38款工業產品中招
http://it.big5.enorth.com.cn/system/2017/07/06/033300755.shtml
Huawei AR1220 安全漏洞
http://www.huawei.com/en/psirt/security-advisories/hw-417840
IBM WebSphere 應用程式伺服器多個漏洞
https://www.auscert.org.au/bulletins/49530
Cisco Elastic Services Controller 安全漏洞
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2
ISC BIND安全限制繞過漏洞(CVE-2017-3142)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3142
特定版本Samba軟體存在允許攻擊者遠端執行任意程式碼之漏洞(CVE-2017-7494)
https://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1062
SWFTools 安全漏洞
https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8420
訂閱:
文章 (Atom)