資安新聞及事件週報 2017/8/21 ~ 2017/8/25
1.重大弱點漏洞
Foxit PDF Reader任意文件寫漏洞(CVE-2017-10952)
http://www.foxitsoft.com/wac/server_intro.php
Cisco APIC 及VNF 存在多個安全性弱點
http://0rz.tw/EeX7t
Cisco Policy Suite 權限提升漏洞(CVE-2017-6781)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cps
Cisco Prime Infrastructure HTML注入漏洞(CVE-2017-6782)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cpi
Apache Struts 2 阻斷服務漏洞
https://www.auscert.org.au/bulletins/51378
IBM Tivoli Endpoint Manager加密算法漏洞
http://www-01.ibm.com/support/docview.wss?uid=swg22005246
Drupal 存在多個安全性弱點
https://www.drupal.org/SA-CORE-2017-004
Fortinet FortiManager權限提升漏洞(CVE-2015-3617)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3617
SMA Solar太陽能設備存在多項漏洞
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=15992
2017年8月25日 星期五
2017年8月18日 星期五
資安新聞及事件週報 2017/8/14 ~ 2017/8/18
資安新聞及事件週報 2017/8/14 ~ 2017/8/18
1.重大弱點漏洞
【漏洞公告】Git、SVN、Mercurial版本控制系統被爆遠程命令執行漏洞
http://it.uu01.me/p/ovggpf.html
NetSarang的Xmanager和Xshell多種產品源碼被植入後門
http://www.freebuf.com/company-information/144271.html
http://it.uu01.me/p/ooopkd.html
Acunetix WVS 10 - Remote Command Execution (System)
https://www.exploit-db.com/exploits/39755/
https://www.youtube.com/watch?v=gWcRlam59Fs
Fortinet FortiManager 跨站腳本漏洞
https://fortiguard.com/psirt/FG-IR-15-011
Fortinet FortiManager SQL注入漏洞(CVE-2015-3616)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3616
比特幣硬件錢包TREZOR曝安全漏洞,開發商已發布更新
http://www.bitett.com/forum.php?mod=viewthread&tid=8816
Juniper Networks Junos OS存在安全弱點
https://www.twcert.org.tw/twcert/advdetail/3421
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10798&cat=SIRT_1&actp=LIST
Symantec Messaging Gateway 存在多個安全性弱點
https://www.twcert.org.tw/twcert/advdetail/3422
Rsyslog CVE-2017-12588
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12588
1.重大弱點漏洞
【漏洞公告】Git、SVN、Mercurial版本控制系統被爆遠程命令執行漏洞
http://it.uu01.me/p/ovggpf.html
NetSarang的Xmanager和Xshell多種產品源碼被植入後門
http://www.freebuf.com/company-information/144271.html
http://it.uu01.me/p/ooopkd.html
Acunetix WVS 10 - Remote Command Execution (System)
https://www.exploit-db.com/exploits/39755/
https://www.youtube.com/watch?v=gWcRlam59Fs
Fortinet FortiManager 跨站腳本漏洞
https://fortiguard.com/psirt/FG-IR-15-011
Fortinet FortiManager SQL注入漏洞(CVE-2015-3616)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3616
比特幣硬件錢包TREZOR曝安全漏洞,開發商已發布更新
http://www.bitett.com/forum.php?mod=viewthread&tid=8816
Juniper Networks Junos OS存在安全弱點
https://www.twcert.org.tw/twcert/advdetail/3421
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10798&cat=SIRT_1&actp=LIST
Symantec Messaging Gateway 存在多個安全性弱點
https://www.twcert.org.tw/twcert/advdetail/3422
Rsyslog CVE-2017-12588
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12588
2017年8月11日 星期五
資安新聞及事件週報 2017/8/7 ~ 2017/8/11
資安新聞及事件週報 2017/8/7 ~ 2017/8/11
1.重大弱點漏洞
Cisco Secure Access Control System 跨站脚本漏洞(CVE-2017-6769)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170726-acs
思科 Meeting Server 阻斷服務漏洞
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ms
【漏洞公告】CVE-2017-11610:Supervisord 遠程命令執行漏洞
https://www.leavesongs.com/PENETRATION/supervisord-RCE-CVE-2017-11610.html
Trend Micro Control Manager SQL注入漏洞 CVE-2017-11386
https://success.trendmicro.com/solution/1117722
【漏洞預警】關於Windows SMBLoris漏洞情況的通報
https://support.microsoft.com/zh-cn/help/2696547/how-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and-windows
Autodesk ® AutoCAD ® 2017 SP1 FBX ® 漏洞
https://knowledge.autodesk.com/zh-hans/search-result/caas/downloads/downloads/CHS/content/autodesk-C2-AE-autocad-C2-AE-2017-sp1-fbx-C2-AE-vulnerability-hotfix.html
IBM Security Guardium安全繞過漏洞
http://www.ibm.com/support/docview.wss?uid=swg22004424
Juniper Junos 阻斷服務漏洞
https://www.us-cert.gov/ncas/current-activity/2017/08/09/Juniper-Networks-Releases-Junos-OS-Security-Updates
1.重大弱點漏洞
Cisco Secure Access Control System 跨站脚本漏洞(CVE-2017-6769)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170726-acs
思科 Meeting Server 阻斷服務漏洞
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ms
【漏洞公告】CVE-2017-11610:Supervisord 遠程命令執行漏洞
https://www.leavesongs.com/PENETRATION/supervisord-RCE-CVE-2017-11610.html
Trend Micro Control Manager SQL注入漏洞 CVE-2017-11386
https://success.trendmicro.com/solution/1117722
【漏洞預警】關於Windows SMBLoris漏洞情況的通報
https://support.microsoft.com/zh-cn/help/2696547/how-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and-windows
Autodesk ® AutoCAD ® 2017 SP1 FBX ® 漏洞
https://knowledge.autodesk.com/zh-hans/search-result/caas/downloads/downloads/CHS/content/autodesk-C2-AE-autocad-C2-AE-2017-sp1-fbx-C2-AE-vulnerability-hotfix.html
IBM Security Guardium安全繞過漏洞
http://www.ibm.com/support/docview.wss?uid=swg22004424
Juniper Junos 阻斷服務漏洞
https://www.us-cert.gov/ncas/current-activity/2017/08/09/Juniper-Networks-Releases-Junos-OS-Security-Updates
2017年8月4日 星期五
資安新聞及事件週報 2017/7/31 ~ 2017/8/4
資安新聞及事件週報 2017/7/31 ~ 2017/8/4
1.重大弱點漏洞
Apple Mac_os_x CVE-2017-7050 CVE-2017-7051 CVE-2017-7054
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7054
Microsoft釋出Outlook安全更新(July 2017) CVE-2017-8572
https://www.us-cert.gov/ncas/current-activity/2017/07/28/Microsoft-Releases-Security-Updates
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8572
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8571
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8572
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8663
Fortinet FortiOS輸入驗證之漏洞將讓駭客使用遠端方式進行跨網站指令碼(Cross-Site Scripting)攻擊
http://securitytracker.com/id/1039020
http://fortiguard.com/psirt/FG-IR-17-104
Google釋出Chrom OS安全更新(60.0.3112.80) CVE-2017-9417
https://www.us-cert.gov/ncas/current-activity/2017/08/03/Google-Releases-Security-Updates-Chrome-OS
https://chromereleases.googleblog.com/2017/08/stable-channel-update-for-chrome-os.html
PHPMailer發布安全更新,該漏洞可能導致跨站指令碼(Cross-Site Scripting)攻擊
http://securitytracker.com/id/1039026
https://github.com/PHPMailer/PHPMailer
BMW、福特、Infiniti等部份車款使用的2G數據機遭爆含安全漏洞
http://www.ithome.com.tw/news/116029
Cisco IOS、IOSXE
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6738
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6739
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6740
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6741
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6742
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6743
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6744
FreeRADIUS CVE-2017-10985
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11164
1.重大弱點漏洞
Apple Mac_os_x CVE-2017-7050 CVE-2017-7051 CVE-2017-7054
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7054
Microsoft釋出Outlook安全更新(July 2017) CVE-2017-8572
https://www.us-cert.gov/ncas/current-activity/2017/07/28/Microsoft-Releases-Security-Updates
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8572
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8571
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8572
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8663
Fortinet FortiOS輸入驗證之漏洞將讓駭客使用遠端方式進行跨網站指令碼(Cross-Site Scripting)攻擊
http://securitytracker.com/id/1039020
http://fortiguard.com/psirt/FG-IR-17-104
Google釋出Chrom OS安全更新(60.0.3112.80) CVE-2017-9417
https://www.us-cert.gov/ncas/current-activity/2017/08/03/Google-Releases-Security-Updates-Chrome-OS
https://chromereleases.googleblog.com/2017/08/stable-channel-update-for-chrome-os.html
PHPMailer發布安全更新,該漏洞可能導致跨站指令碼(Cross-Site Scripting)攻擊
http://securitytracker.com/id/1039026
https://github.com/PHPMailer/PHPMailer
BMW、福特、Infiniti等部份車款使用的2G數據機遭爆含安全漏洞
http://www.ithome.com.tw/news/116029
Cisco IOS、IOSXE
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6738
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6739
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6740
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6741
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6742
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6743
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6744
FreeRADIUS CVE-2017-10985
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11164
訂閱:
文章 (Atom)