Aug 16, 2016

CVEメモ

Vulnerability Summary for CVE-2016-4373 (7/31)
 ←HPEOM(Operations Manager)の脆弱性

HPSBGN03630 rev.2 - HP Operations Manager for Unix, Solaris, and Linux
using Apache Commons Collections (ACC), Remote Code Execution (7/25-8/11)
  ←パッチを適用すれば、緩和できる

Vulnerability Summary for CVE-2016-5254 (8/4-5)
  Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3の脆弱性

 日本語版↓
 JVNDB-2016-004147
 Mozilla Firefox  nsXULPopupManager::KeyDown 関数における
  任意のコードを実行される脆弱性 (8/8)

Vulnerability Summary for CVE-2016-6258 (8/2)
  Xen 4.7.x以前の脆弱性
   Updateすれば良い

  Xen PV Pagetable Update Flaw Lets Local Users on an X86 PV Guest System
  Gain Elevated Privileges on the Host System (7/26)

APM access log vulnerability CVE-2016-1497 (8/10)

TMM vulnerability CVE-2016-5023 (8/11)

Vulnerability Summary for CVE-2016-6258 (8/3)

Vulnerability Summary for CVE-2016-1712 (8/3)

Vulnerability Summary for CVE-2016-1466 (8/7)

Vulnerability Summary for CVE-2014-9863 (8/10)
Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28768146 and Qualcomm internal bug CR549470.

Vulnerability Summary for CVE-2014-9864 (8/10)
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747998 and Qualcomm internal bug CR561841.

Vulnerability Summary for CVE-2016-3288
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3290.

Vulnerability Summary for CVE-2016-3313 (8/12)
Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Office Memory Corruption Vulnerability."

Vulnerability Summary for CVE-2016-3319
The PDF library in Microsoft Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Microsoft Edge allows remote attackers to execute arbitrary code via a crafted PDF file, aka "Microsoft PDF Remote Code Execution Vulnerability."
  MS Windows該当versionPDFライブラリの脆弱性

 Microsoft Security Bulletin MS16-096 - Critical
 Cumulative Security Update for Microsoft Edge (3177358) (8/9)
 ←パッチを当てれば良い。
  特権ID未満なら影響も小さいとのこと

No comments: