資安新聞及事件週報 2017/7/24 ~ 2017/7/28

1.重大弱點漏洞
  Cisco AsyncOS Software 漏洞（CVE-2017-6746）
  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa1

  Cisco Email Security和Content Security Management Appliance 跨站腳本漏洞
  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa

  思科 IOS/ IOS XE 多個漏洞
  http://securitytracker.com/id/1038999
  http://securitytracker.com/id/1038997
  http://securitytracker.com/id/1038998

  VMware vCenter Server 遠端認證漏洞 CVE-2017-4919
  https://kb.vmware.com/kb/2151027
  http://securitytracker.com/id/1039004
  https://www.vmware.com/security/advisories/VMSA-2017-0012.html
  https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2151027

  Microsoft Exchange Server跨站腳本漏洞
  https://nvd.nist.gov/vuln/detail/CVE-2017-8560

  Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 關於Sudo get_process_ttyname() (Linux CVE-2017-1000367)與Proxy命令注入遠端程式碼執行等安全性弱點
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000367

  IBM 釋出Cisco MDS系列交換器安全更新
  http://0rz.tw/2rwyO
  https://www.us-cert.gov/ncas/current-activity/2017/07/21/IBM-Cisco-Security-Update

資安新聞及事件週報 2017/7/17 ~ 2017/7/21

1.重大弱點漏洞
  SAP 發布安全漏洞報告：修復影響5000 億次安裝的SAP POS 漏洞
  http://hackernews.cc/archives/12307

  關於Samba Orpheus' Lyre KDC-REP服務名校驗漏洞通知
  http://bbs.qcloud.com/thread-33652-1-1.html

  Samba 軟體存在安全性弱點(CVE-2017-11103)
  https://www.us-cert.gov/ncas/current-activity/2017/07/12/Samba-Releases-Security-Updates
  https://www.samba.org/samba/

  鎖定「SambaCry」漏洞的新威脅現身， Linux 使用者請盡速更新系統
  https://blog.trendmicro.com.tw/?p=51159

  未來四年之內，零時差漏洞出現的頻率很可能提高到每天一次
  https://blog.trendmicro.com.tw/?p=50864

  FreeRADIUS 安全漏洞
  http://freeradius.org/security/fuzzer-2017.html

  Trend Micro Control Manager (TMCM) 6.0安全性弱點
  http://files.trendmicro.com/products/tmcm/06/patch/Readme_tmcm_60_win_en_sp3_patch3.txt

  Siemens SIMATIC WinCC Sm@rtClient for Android中間人攻擊漏洞
  https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-589378.pdf

  思科WebEx爆高危漏洞，允許遠程執行代碼
  https://www.hackeye.net/securitytetchnology/netsec/6445.aspx

  VMware虛擬機逃逸漏洞攻擊代碼
  http://www.weibo.com/1645903643/Fdh9uaijT?type=comment#_rnd1500654171991

  IBM HTTP Server 多個漏洞
  http://www.ibm.com/support/docview.wss?uid=swg22005280

資安新聞及事件週報 2017/7/10 ~ 2017/7/14

1.重大弱點漏洞
  Struts 2 再曝高危遠程代碼執行漏洞
  https://zhuanlan.zhihu.com/p/27762032
  https://cwiki.apache.org/confluence/display/WW/S2-048

  微軟7月安全性更新 這項漏洞最好先修補
  http://www.cna.com.tw/news/ait/201707130386-1.aspx

  Samba 繞過保安限制漏洞
  https://www.us-cert.gov/ncas/current-activity/2017/07/12/Samba-Releases-Security-Updates
  https://www.samba.org/samba/security/CVE-2017-11103.html

  微軟Windows作業系統的NTLM驗證通訊協定存在允許攻擊者透過重送攻擊進而取得整個網域控制權之漏洞(CVE-2017-8563)
  https://www.nccst.nat.gov.tw/VulnerabilityDetail.aspx?lang=zh&seq=1065
 
  Apache mod_http2 及 mod_auth_digest 多個漏洞
  http://securitytracker.com/id/1038907
  http://securitytracker.com/id/1038906

  Apache Struts 遠端執行程式碼漏洞
  http://www.cnvd.org.cn/flaw/show/CNVD-2017-13259
  http://securitytracker.com/id/1038838

  微軟發布7月補丁修復55個安全問題
  http://blog.nsfocus.net/microsoft-released-july-patch-fix-55-security-issues/

  Samba釋出重大安全更新 CVE-2017-11103
  https://www.samba.org/samba/security/CVE-2017-11103.html
  https://www.us-cert.gov/ncas/current-activity/2017/07/12/Samba-Releases-Security-Updates

  RoundCube Webmail 多個權限提升漏洞（CVE-2017-8114）
  http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8114

  Adobe Flash Player 及Adobe Connect 存在多個安全性弱點
  https://www.us-cert.gov/ncas/current-activity/2017/07/11/Adobe-Releases-Security-Updates
  https://helpx.adobe.com/security/products/flash-player/apsb17-21.html
  https://helpx.adobe.com/security/products/connect/apsb17-22.html

  微軟修補19個重大安全漏洞
  http://www.ithome.com.tw/news/115546

  微軟釋出Windows重大更新　保護資料動作快
  https://www.nownews.com/news/20170713/2588338

  Juniper Junos 多個漏洞
  https://www.auscert.org.au/bulletins/49870
  https://www.auscert.org.au/bulletins/49846

資安新聞及事件週報 2017/7/3 ~ 2017/7/7

1.重大弱點漏洞
  [重要通知] 【安全預警】關於Systemd遠程代碼執行漏洞通知
  http://bbs.qcloud.com/thread-32573-1-1.html

  CentOS 7發佈內核安全更新：修復五處漏洞
  http://www.cnbeta.com/articles/soft/627595.htm

  10塊錢買你隱私 簡單四步就能破解家庭攝像頭
  http://news.sina.com.tw/article/20170703/22894886.html

  英特爾芯片嚴重漏洞 西門子38款工業產品中招
  http://it.big5.enorth.com.cn/system/2017/07/06/033300755.shtml

  Huawei AR1220 安全漏洞
  http://www.huawei.com/en/psirt/security-advisories/hw-417840

  IBM WebSphere 應用程式伺服器多個漏洞
  https://www.auscert.org.au/bulletins/49530

  Cisco Elastic Services Controller 安全漏洞
  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2

  ISC BIND安全限制繞過漏洞(CVE-2017-3142)
  http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3142

  特定版本Samba軟體存在允許攻擊者遠端執行任意程式碼之漏洞(CVE-2017-7494)
  https://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1062

  SWFTools 安全漏洞
  https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8420