28日 金曜日、赤口

+ Multiple Vulnerabilities in Cisco Email Security Appliance
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3385

+ PHP 5.4.x php_quot_print_encode heap-based buffer overflow
http://cxsecurity.com/issue/WLB-2013060233

+ Java Applet ProviderSkeleton Insecure Invoke Method
http://cxsecurity.com/issue/WLB-2013060232

PostgreSQL 9.3 Beta 2 Now Available
http://www.postgresql.org/about/news/1471/

Adobe Reader 9のサポート終了、最新版へのアップグレードを
Acrobat 9も終了、今後はアップデートが提供されない
http://itpro.nikkeibp.co.jp/article/NEWS/20130628/488381/?ST=security

機密情報を狙う「獅子身中の虫」　内部不正対策は万全か
第5回：全社を挙げて内部不正を防ぐ、組織トップが対策の陣頭指揮を
http://itpro.nikkeibp.co.jp/article/COLUMN/20130619/486171/?ST=security

セキュリティ・ホットトピックス
仮想サーバーの初期設定に脆弱性、同一ホストキーで“丸見え”に
ログの「ビッグデータ解析」により発見
http://itpro.nikkeibp.co.jp/article/COLUMN/20130626/487841/?ST=security

トレンドマイクロ、標的型攻撃情報を解析／集約するアプライアンスを8月から受注
http://itpro.nikkeibp.co.jp/article/NEWS/20130627/488226/?ST=security

ドコモが「ビジネスmoperaあんしんマネージャー」を強化、スマホ用アプリ管理など追加
http://itpro.nikkeibp.co.jp/article/NEWS/20130627/488261/?ST=security

フォティーンフォティ技術研究所が社名変更、「FFRI」に
http://itpro.nikkeibp.co.jp/article/NEWS/20130627/488162/?ST=security

auがブランコのスマホデータ消去ソフトを採用、本日開始の下取りプログラムで
http://itpro.nikkeibp.co.jp/article/NEWS/20130627/488098/?ST=security

欧州のプライバシー擁護団体、PRISM問題を巡りFacebookなどを提訴
http://itpro.nikkeibp.co.jp/article/NEWS/20130627/488099/?ST=security

JVNVU#99235742 DASDEC および R189 One-Net に脆弱性
http://jvn.jp/cert/JVNVU99235742/

JVN#04161229 EC-CUBE におけるディレクトリトラバーサルの脆弱性
http://jvn.jp/jp/JVN04161229/

JVN#98665228 EC-CUBE におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN98665228/

JVN#07192063 EC-CUBE におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN07192063/

JVN#34900750 EC-CUBE におけるコードインジェクションの脆弱性
http://jvn.jp/jp/JVN34900750/

JVN#43886811 EC-CUBE におけるディレクトリトラバーサルの脆弱性
http://jvn.jp/jp/JVN43886811/

VU#704828 Lookout! Mobile Security contains a denial-of-service vulnerability
http://www.kb.cert.org/vuls/id/704828

REMOTE: PCMan's FTP Server 2.0.7 - Buffer Overflow Exploit
http://www.exploit-db.com/exploits/26471

27日 木曜日、大安

+ CESA-2013:0981 Critical CentOS 6 firefox Update
http://lwn.net/Alerts/556371/

+ CESA-2013:0981 Critical CentOS 5 firefox Update
http://lwn.net/Alerts/556372/

+ CESA-2013:0982 Important CentOS 6 thunderbird Update
http://lwn.net/Alerts/556373/

+ CESA-2013:0982 Important CentOS 5 thunderbird Update
http://lwn.net/Alerts/556374/

+ CESA-2013:0981 Critical CentOS 6 xulrunner Update
http://lwn.net/Alerts/556375/

+ CESA-2013:0981 Critical CentOS 5 xulrunner Update
http://lwn.net/Alerts/556376/

+ CESA-2013:0983 Moderate CentOS 6 curl Update
http://lwn.net/Alerts/556377/

+ CESA-2013:0983 Moderate CentOS 5 curl Update
http://lwn.net/Alerts/556378/

+ Multiple Vulnerabilities in Cisco Web Security Appliance
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3384

+ Multiple Vulnerabilities in Cisco Content Security Management Appliance
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3384

+ Multiple Vulnerabilities in Cisco Email Security Appliance
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3384

+ Cisco ASA Next-Generation Firewall Fragmented Traffic Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-ngfw
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3382

+ HPSBST02890 rev.1 - HP StoreOnce D2D Backup System, Unauthorized Remote Access and Modification
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03813919-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2342

+ Dovecot 2.1.17 released
http://www.dovecot.org/list/dovecot-news/2013-June/000259.html

+ LOCAL: FreeBSD 9 Address Space Manipulation Privilege Escalation
http://www.exploit-db.com/exploits/26454

+ SA53858 Oracle VirtualBox Paravirtualised Network Adapter Denial of Service Vulnerability
http://secunia.com/advisories/53858/

+ Kingsoft Spreadsheets CVE-2013-0723 Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/60801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0723

PureMessage for Unix Vulnerability
http://www.sophos.com/en-us/support/knowledgebase/119510.aspx

無人機のネットワークで洪水を予測（WIRED.jp）
http://itpro.nikkeibp.co.jp/article/NEWS/20130627/488002/?ST=security

ネット選挙、ここが危ない！
第1回　試される「民度」と常識
http://itpro.nikkeibp.co.jp/article/COLUMN/20130621/486804/?ST=security

機密情報を狙う「獅子身中の虫」　内部不正対策は万全か
第4回：職場環境の不備が内部不正の温床に、ルール違反防ぐ体制作り
http://itpro.nikkeibp.co.jp/article/COLUMN/20130619/486170/?ST=security

トヨタやリコーなど相次ぐWebサイト改ざん、IPAが対策を呼びかけ
http://itpro.nikkeibp.co.jp/article/NEWS/20130626/487922/?ST=security

OCNに不正アクセス、756件の接続パスワードが不正変更
http://itpro.nikkeibp.co.jp/article/NEWS/20130626/487902/?ST=security

Google、「Transparency Report」にマルウエア／フィッシング関連セクションを追加
http://itpro.nikkeibp.co.jp/article/NEWS/20130626/487761/?ST=security

Googleは検索結果の個人情報を削除する義務はない、欧州裁判所法務官の見解
http://itpro.nikkeibp.co.jp/article/NEWS/20130626/487742/?ST=security

ネットを介した企業への個人データ提供、米国人は寛容、ドイツ人は厳格
http://itpro.nikkeibp.co.jp/article/NEWS/20130626/487723/?ST=security

VU#662676 Digital Alert Systems DASDEC and Monroe Electronics R189 One-Net firmware exposes private root SSH key
http://www.kb.cert.org/vuls/id/662676

LOCAL: AudioCoder 0.8.22 (.lst) - Direct Retn Buffer Overflow
http://www.exploit-db.com/exploits/26448

LOCAL: ZPanel zsudo Local Privilege Escalation Exploit
http://www.exploit-db.com/exploits/26451

LOCAL: Novell Client 2 SP3 nicm.sys Local Privilege Escalation
http://www.exploit-db.com/exploits/26452

DoS/PoC: Baby FTP Server 1.24 - Denial Of Service
http://www.exploit-db.com/exploits/26450

26日 水曜日、仏滅

+ RHSA-2013:0982 Important: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2013-0982.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1682
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1684
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1686
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1693
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1694
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1697

+ RHSA-2013:0981 Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2013-0981.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1682
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1684
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1686
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1693
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1694
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1697

+ RHSA-2013:0983 Moderate: curl security update
http://rhn.redhat.com/errata/RHSA-2013-0983.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2174

+ Mozilla Firefox 22 released
http://www.mozilla.jp/firefox/

+ Mozilla Thunderbird 17.0.7 released
http://www.mozilla.jp/thunderbird/

+ MFSA 2013-62 Inaccessible updater can lead to local privilege escalation
http://www.mozilla.org/security/announce/2013/mfsa2013-62.html

+ MFSA 2013-61 Homograph domain spoofing in .com, .net and .name
http://www.mozilla.org/security/announce/2013/mfsa2013-61.html

+ MFSA 2013-60 getUserMedia permission dialog incorrectly displays location
http://www.mozilla.org/security/announce/2013/mfsa2013-60.html

+ MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged context
http://www.mozilla.org/security/announce/2013/mfsa2013-59.html

+ MFSA 2013-58 X-Frame-Options ignored when using server push with multi-part responses
http://www.mozilla.org/security/announce/2013/mfsa2013-58.html

+ MFSA 2013-57 Sandbox restrictions not applied to nested frame elements
http://www.mozilla.org/security/announce/2013/mfsa2013-57.html

+ MFSA 2013-56 PreserveWrapper has inconsistent behavior
http://www.mozilla.org/security/announce/2013/mfsa2013-56.html

+ MFSA 2013-55 SVG filters can lead to information disclosure
http://www.mozilla.org/security/announce/2013/mfsa2013-55.html

+ MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
http://www.mozilla.org/security/announce/2013/mfsa2013-54.html

+ MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
http://www.mozilla.org/security/announce/2013/mfsa2013-53.html

+ MFSA 2013-52 Arbitrary code execution within Profiler
http://www.mozilla.org/security/announce/2013/mfsa2013-52.html

+ MFSA 2013-51 Privileged content access and execution via XBL
http://www.mozilla.org/security/announce/2013/mfsa2013-51.html

+ MFSA 2013-50 Memory corruption found using Address Sanitizer
http://www.mozilla.org/security/announce/2013/mfsa2013-50.html

+ MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)
http://www.mozilla.org/security/announce/2013/mfsa2013-49.html

+ HPSBUX02886 rev.1 - HP-UX Running HP Secure Shell, Remote Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03804371-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5107

+ Dovecot 2.2.4 released
http://www.dovecot.org/list/dovecot-news/2013-June/000258.html

+ libcurl Heap Overflow in curl_easy_unescape() Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028698
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2174

Microsoft Windows XPのOSサポート終了に対する移行支援について
http://www.trendmicro.co.jp/support/news.asp?id=1980

PureMessage for Unix Vulnerability
http://www.sophos.com/en-us/support/knowledgebase/119510.aspx

Advisory: Sophos Anti-Virus for UNIX - Process memory limit recommendations on AIX systems
http://www.sophos.com/en-us/support/knowledgebase/118805.aspx

「匿名化ツールや暗号化メールを使うと傍受対象に」米国（WIRED.jp）
http://itpro.nikkeibp.co.jp/article/NEWS/20130626/487662/?ST=security

危険な「初期パスワード」、ネット機器やサーバーを乗っ取られる恐れ
US-CERTが警告、「できるだけ早く変更を」
http://itpro.nikkeibp.co.jp/article/NEWS/20130626/487661/?ST=security

機密情報を狙う「獅子身中の虫」　内部不正対策は万全か
第3回：「退職」時に高まるリスク、機密情報の漏洩を防ぐ仕組みとは
http://itpro.nikkeibp.co.jp/article/COLUMN/20130619/486169/?ST=security

「英情報機関、NSAと協力して光ケーブル網の通信傍受」（WIRED.jp）
http://itpro.nikkeibp.co.jp/article/NEWS/20130625/487363/?ST=security

UPDATE: JVNTA13-168A Microsoft 製品の複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA13-168A/index.html

25日 火曜日、先負

+ UPDATE: HPSBHF02885 rev.3 - HP Integrated Lights-Out iLO3 and iLO4 using Single-Sign-On (SSO), Remote Unauthorized Access
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03787836-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HPSBHF02878 rev.1 - HP Smart Zero Client, Unauthorized Access
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03757330-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2339

+ HPSBNS02880 rev.1 - HP NonStop Servers running SQL/MX using SQL/MP Objects, Remote Unauthorized Disclosure of Information and Data Modification
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03762155-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2323

+ Apache Struts 2.3.15 released
http://struts.apache.org/release/2.3.x/docs/version-notes-2315.html

+ curl and libcurl 7.31.0 released
http://curl.haxx.se/changes.html#7_31_0

+ Postfix 2.10.1 released
http://www.postfix.org/announcements/postfix-2.10.1.html

+ SA53919 libcURL "curl_easy_unescape()" Buffer Overflow Vulnerability
http://secunia.com/advisories/53919/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2174

+ FreeBSD 9.1 mmap/ptrace exploit
http://cxsecurity.com/issue/WLB-2013060170

+ FreeBSD 9.0+ Privilege Escalation Exploit
http://cxsecurity.com/issue/WLB-2013060199

+ Mozilla Firefox 21.0 Denial Of Service
http://cxsecurity.com/issue/WLB-2013060190

+ cURL/libcURL 'curl_easy_unescape()' Heap Memory Corruption Vulnerability
http://www.securityfocus.com/bid/60737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2174

パスワードマネージャーのプログラムアップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1979

スマホ少女の憂鬱、スマホ少年の暴走～今、10代が危ない
第4回　知らぬ間に「加害者」に、未成熟なネット規範～スマホ・チルドレンの実情（下）
http://itpro.nikkeibp.co.jp/article/COLUMN/20130607/483361/?ST=security

機密情報を狙う「獅子身中の虫」　内部不正対策は万全か
第2回：「悪意のない」行為が招く危機、社員の情報持ち出しが事件に
http://itpro.nikkeibp.co.jp/article/COLUMN/20130619/486168/?ST=security

ネットジャパン、NECクラスターのデータバックアップに重複排除を追加
http://itpro.nikkeibp.co.jp/article/NEWS/20130624/487331/?ST=security

警視庁とセコムトラストシステムズ、サイバー犯罪への共同対処協定を締結
http://itpro.nikkeibp.co.jp/article/NEWS/20130624/487302/?ST=security

サイバートラスト、簡素な手続きでSSL証明書の会社名を日本語化
http://itpro.nikkeibp.co.jp/article/NEWS/20130624/487295/?ST=security

日立、ログイン時のICカード/生体認証をWin8で利用可能に
http://itpro.nikkeibp.co.jp/article/NEWS/20130624/487261/?ST=security

英当局がGoogleにStreet View収集データの削除命令、「刑事訴訟も辞さない」
http://itpro.nikkeibp.co.jp/article/NEWS/20130624/487181/?ST=security

Facebook、約600万人分の連絡先情報が漏洩、他ユーザーと誤って共有
http://itpro.nikkeibp.co.jp/article/NEWS/20130624/487101/?ST=security

JVNTA13-169A Oracle Java の複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA13-169A/index.html

REMOTE: Seowonintech Devices - Remote root Exploit
http://www.exploit-db.com/exploits/26412

REMOTE: ZPanel 10.0.0.2 htpasswd Module Username Command Execution
http://www.exploit-db.com/exploits/26419

REMOTE: HP System Management Homepage JustGetSNMPQueue Command Injection
http://www.exploit-db.com/exploits/26420

REMOTE: LibrettoCMS File Manager Arbitary File Upload Vulnerability
http://www.exploit-db.com/exploits/26421

REMOTE: MoinMoin twikidraw Action Traversal File Upload
http://www.exploit-db.com/exploits/26422

LOCAL: Mediacoder (.lst) - SEH Buffer Overflow
http://www.exploit-db.com/exploits/26402

LOCAL: Mediacoder (.m3u) - SEH Buffer Overflow
http://www.exploit-db.com/exploits/26403

LOCAL: MediaCoder PMP Edition 0.8.17 (.m3u) - Buffer Overflow Exploit
http://www.exploit-db.com/exploits/26404

LOCAL: aSc Timetables 2013 - Stack Buffer Overflow Vulnerability
http://www.exploit-db.com/exploits/26409

LOCAL: AudioCoder 0.8.22 - Direct Retn Buffer Overflow
http://www.exploit-db.com/exploits/26411

LOCAL: Novell Client 4.91 SP4 nwfs.sys Local Privilege Escalation
http://www.exploit-db.com/exploits/26418

DoS/PoC: PEiD 0.95 - Memory Corruption POC
http://www.exploit-db.com/exploits/26413

SA53963 Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability
http://secunia.com/advisories/53963/

24日 月曜日、友引

+ CESA-2013:0620-01 Important Xen4CentOS kernel Upate
http://lwn.net/Alerts/555846/

+ CESA-2013:0964 Moderate CentOS 6 tomcat6 Update
http://lwn.net/Alerts/555845/

+ BIND 9.9.3-P1, 9.8.5-P1, 9.6-ESV-R9-P1 released
https://www.isc.org/downloads/software-support-policy/bind-software-status/

+ HS13-015 Multiple Vulnerabilities in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-015/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3743

+ HS13-015 Cosminexusにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-015/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3743

+ Postfix 2.9.7, 2.8.15, 2.7.1 released
http://mirror.postfix.jp/postfix-release/official/postfix-2.9.7.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.8.15.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.7.14.HISTORY

+ Cisco WebEx Social Flaw Permits Cross-Site Request Forgery Attacks
http://www.securitytracker.com/id/1028695
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3392

+ Google Chrome Flash Plug-in Lets Remote Users Conduct Clickjacking Attacks
http://www.securitytracker.com/id/1028694
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2866

+ LOCAL: FreeBSD 9.0-9.1 mmap/ptrace Privilege Esclation Exploit
FreeBSD 9.0-9.1 mmap/ptrace Privilege Esclation Exploit

+ Linux Kernel 'tcp_collapse()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/60214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2128

「Webブロックリスト」のフォーマットの変更について
http://www.trendmicro.co.jp/support/news.asp?id=1977

FBI、「無人機で米国内を監視」認める（WIRED.jp）
http://itpro.nikkeibp.co.jp/article/NEWS/20130624/487041/?ST=security

機密情報を狙う「獅子身中の虫」　内部不正対策は万全か
第1回：「うちの会社は大丈夫」、思い込みで後手に回る内部不正対策
http://itpro.nikkeibp.co.jp/article/COLUMN/20130619/486167/?ST=security

Webカメラを使った盗撮に注意、「使わないならテープでふさぐ」
ソフトウエアの脆弱性を悪用される、セキュリティ企業が警告
http://itpro.nikkeibp.co.jp/article/NEWS/20130621/486962/?ST=security

5種類のセンサーとスマホで独居高齢者を見守るサービス「いまイルモ」開始
http://itpro.nikkeibp.co.jp/article/NEWS/20130621/486841/?ST=security

仏当局、Googleにプライバシー保護手段の改善を正式要請
http://itpro.nikkeibp.co.jp/article/NEWS/20130621/486766/?ST=security

リークが口火、論議呼ぶ米政府の個人情報収集プログラム
http://itpro.nikkeibp.co.jp/article/COLUMN/20130620/486569/?ST=security

LOCAL: Adrenalin Player 2.2.5.3 (.asx) - SEH Buffer Overflow
http://www.exploit-db.com/exploits/26367

21日 金曜日、大安

+ Moderate: tomcat6 security update
http://rhn.redhat.com/errata/RHSA-2013-0964.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2067

+ CESA-2013:0958 Important CentOS 5 java-1.7.0-openjdk Update
http://lwn.net/Alerts/555685/

+ CESA-2013:0957 Critical CentOS 6 java-1.7.0-openjdk Update
http://lwn.net/Alerts/555686/

+ PHP 5.5.0 released
http://php.net/archive/2013.php#id2013-06-20-1
http://php.net/ChangeLog-5.php#5.5.0

+ JVNTA13-169A Oracle Java の複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA13-169A/

+ FreeBSD 9.{0,1} mmap/ptrace exploit
http://cxsecurity.com/issue/WLB-2013060170

+ Facebook Permanent Photo URIs
http://cxsecurity.com/issue/WLB-2013060156

+ FreeBSD CVE-2013-2171 Local Privilege Escalation Vulnerabiity
http://www.securityfocus.com/bid/60615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2171

サーバメンテナンスのお知らせ（2013年6月22日）
http://www.trendmicro.co.jp/support/news.asp?id=1972

Spotifyは違法ダウンロードを駆逐する切り札か!?(WIRED.jp)
http://itpro.nikkeibp.co.jp/article/NEWS/20130621/486682/?ST=security

ドイツも通信傍受を強化：諜報機関予算を大幅増額(WIRED.jp)
http://itpro.nikkeibp.co.jp/article/NEWS/20130621/486681/?ST=security

「日米で技術者の力に差はない」～鵜飼裕司氏・フォティーンフォティ技術研究所社長
http://itpro.nikkeibp.co.jp/article/COLUMN/20130617/485505/?ST=security

個人情報が抜き取られる！急増する迷惑スマホアプリ
［5］不起訴処分になった開発者、本当に摘発はムリなのか
http://itpro.nikkeibp.co.jp/article/COLUMN/20130607/483328/?ST=security

Windows更新プログラムを修正する異例の措置、キングソフトとの“干渉”解消のため
http://itpro.nikkeibp.co.jp/article/NEWS/20130620/486649/?ST=security

沖縄日立ネットワークシステムズ、沖縄へのリアルタイムデータバックアップサービスを開始
http://itpro.nikkeibp.co.jp/article/NEWS/20130620/486615/?ST=security

「日本は標的型攻撃の嵐だとデータが示している」、米FireEyeのCEO
http://itpro.nikkeibp.co.jp/article/NEWS/20130620/486530/?ST=security

ITインフラに革新が起こると、そこに脆弱性が表れる
トレンドマイクロ　代表取締役社長兼CEO エバ・チェン氏
http://itpro.nikkeibp.co.jp/article/Interview/20130620/486433/?ST=security

20日 木曜日、仏滅

+ RHSA-2013:0957 Critical: java-1.7.0-openjdk security update
http://rhn.redhat.com/errata/RHSA-2013-0957.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2473

+ About the security content of Java for OS X 2013-004 and Mac OS X v10.6 Update 16
http://support.apple.com/kb/HT5797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE_2013-2445

+ Google Chrome 27.0.1453.116 released
http://googlechromereleases.blogspot.jp/2013/06/stable-channel-update_18.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2866

+ Multiple Vulnerabilities in Cisco TelePresence TC and TE Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130619-tpc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3379

+ CVE-2012-1573 Denial of Service vulnerability in gnutls
https://blogs.oracle.com/sunsecurity/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1573

+ RHSA-2013:0958 Important: java-1.7.0-openjdk security update
http://rhn.redhat.com/errata/RHSA-2013-0958.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2473

+ SYM13-005 セキュリティ アドバイザリー - Symantec Endpoint Protection Manager 12.1.x におけるバッファオーバーフロー
http://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130618_00
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1612

+ Java SE 7 Update 25 Released
https://blogs.oracle.com/java/entry/java_se_7_update_25
http://www.oracle.com/technetwork/java/javase/7u-relnotes-515228.html
http://www.oracle.com/technetwork/java/javase/7u-relnotes-515228.html

+ Samba 3.6.16 Available for Download
http://samba.org/samba/history/samba-3.6.16.html

+ SA53897 Linux Kernel Multiple Vulnerabilities
http://secunia.com/advisories/53897/

Trend Micro Network VirusWall Enforcerで、パターンファイル番号の桁上り後に適切なパターンを認識できない事象について
http://www.trendmicro.co.jp/support/news.asp?id=1978

パターンファイル番号の桁上がりにより発生するパターンアップデートが出来ない問題について (桁上がりパターン公開のご連絡)
http://www.trendmicro.co.jp/support/news.asp?id=1973

サイバー攻撃による情報漏洩が続発
情報管理の甘さと公表遅れで事態悪化
http://itpro.nikkeibp.co.jp/article/COLUMN/20130607/483108/?ST=security

組み込み機器のセキュリティー確保術
【最終回】運用/廃棄/企画フェーズで対策する
http://itpro.nikkeibp.co.jp/article/COLUMN/20130607/483174/?ST=security

個人情報が抜き取られる！急増する迷惑スマホアプリ
［4］自衛策その2---セキュリティアプリで迷惑アプリを検知・警告
http://itpro.nikkeibp.co.jp/article/COLUMN/20130607/483327/?ST=security

記者の眼
マイナンバーで個人情報は漏洩するのか？
http://itpro.nikkeibp.co.jp/article/Watcher/20130618/485842/?ST=security

自民党がネット選挙の専任チームを発足、口コミ動向は候補者に毎日レポート
http://itpro.nikkeibp.co.jp/article/NEWS/20130619/486383/?ST=security

エンカレッジ・テクノロジ、Windows共有IDの本人確認ソフトに新版
http://itpro.nikkeibp.co.jp/article/NEWS/20130619/486366/?ST=security

アイネット、ネットワークカメラ監視を支援するクラウドサービスを開始
http://itpro.nikkeibp.co.jp/article/NEWS/20130619/486321/?ST=security

ソーシャルメディアの投稿監視サービス、ガイアックスが自民党に納入
http://itpro.nikkeibp.co.jp/article/NEWS/20130619/486303/?ST=security

JVNVU#94189582 Oracle Javadoc ツールに脆弱性
http://jvn.jp/cert/JVNVU94189582/index.html

JVNTA13-168A Microsoft 製品の複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA13-168A/index.html

REMOTE: TP-Link Print Server TL PS110U - Sensitive Information Enumeration
http://www.exploit-db.com/exploits/26318

DoS/PoC: MusicBee 2.0.4663 (.M3U) - Denial of Service Exploit
http://www.exploit-db.com/exploits/26322

19日 水曜日、先負

+ Multiple vulnerabilities in Squid
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_squid
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0189

+ Multiple vulnerabilities in X.org
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_x_org1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2062

+ Multiple vulnerabilities in X.org
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_x_org
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1999
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2066

+ Multiple Input Validation vulnerabilities in kerberos
https://blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1528
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1529

+ SYM13-005 Security Advisories Relating to Symantec Products - Symantec Endpoint Protection Manager 12.1.x Buffer Overflow
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130618_00

+ FreeBSD-SA-13:06.mmap Privilege escalation via mmap
http://www.freebsd.org/security/advisories/FreeBSD-SA-13:06.mmap.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2171

+ MySQL Cluster 7.3 released
http://www.mysql.com/products/cluster/

+ Oracle Java Multiple Flaws Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2400
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3744

+ Ichitaro Unspecified Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3644

+ FreeBSD mmap Permission Check Flaw Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1028676
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2171

+ SA53833 Cybozu Live for Android Arbitrary Java Method Execution Vulnerability
http://secunia.com/advisories/53833/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3646

+ Symantec Endpoint Protection Manager CVE-2013-1612 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/60542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1612

脆弱性対策オプション 1.5 Service Pack 1 Patch 1 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1970

JVNDB-2013-000060 サイボウズLive for Android における WebView クラスに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000060.html

JVNDB-2013-000059 サイボウズLive for Android において任意の Java のメソッドが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000059.html

JVNDB-2013-000058 一太郎シリーズにおいて任意のコードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000058.html

世界のセキュリティ・ラボから
「iPhone」をハッキングする偽装充電器
http://itpro.nikkeibp.co.jp/article/COLUMN/20130616/485401/?ST=security

個人情報が抜き取られる！急増する迷惑スマホアプリ
［3］自衛策その1---安全なアプリマーケットからダウンロード
http://itpro.nikkeibp.co.jp/article/COLUMN/20130607/483326/?ST=security

組み込み機器のセキュリティー確保術
【第3回】開発フェーズで考慮すべき事項とは
http://itpro.nikkeibp.co.jp/article/COLUMN/20130607/483173/?ST=security

「フィッシング対策」を改定、ネットサービス初回利用時はURL直接入力を
http://itpro.nikkeibp.co.jp/article/NEWS/20130618/486041/?ST=security

マイクロソフトが無償の脆弱性緩和ツール「EMET」の新版を公開
http://itpro.nikkeibp.co.jp/article/NEWS/20130618/485925/?ST=security

一太郎に危険な脆弱性、PCを完全に制御される恐れ
http://itpro.nikkeibp.co.jp/article/NEWS/20130618/485864/?ST=security

みずほ情報総研、「ソースコード脆弱性診断サービス」を提供開始
http://itpro.nikkeibp.co.jp/article/NEWS/20130618/485861/?ST=security

パロアルト、サンドボックス使うマルウエア判定をオンプレミスでも提供
http://itpro.nikkeibp.co.jp/article/NEWS/20130618/485806/?ST=security

VU#225657 Oracle Javadoc HTML frame injection vulnerability
http://www.kb.cert.org/vuls/id/225657

18日 火曜日、友引

+ phpMyAdmin 4.0.4 is released
http://sourceforge.net/p/phpmyadmin/news/2013/06/phpmyadmin-404-is-released/

+ UPDATE: HPSBHF02885 rev.2 - HP Integrated Lights-Out iLO3 and iLO4 using Single-Sign-On (SSO), Remote Unauthorized Access
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03787836-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HS13-014 Cross-site Scripting Vulnerability in Hitachi Command Suite Products
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-014/index.html

+ HS13-013 Vulnerability in Encrypted Removable Medium via JP1/HIBUN Advanced Edition Information Cypher
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-013/index.html

+ HS13-014 Hitachi Command Suite製品におけるクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-014/index.html

+ HS13-013 JP1/秘文 Advanced Edition Information Cypherを使用して秘文フォーマットされたリムーバブルメディアにおける脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-013/index.html

+ Zimbra Collaboration Suite Open Source Edition 7.2.4 released
http://files.zimbra.com/website/docs/7.2/Zimbra_OS_Release_Notes_7.2.4.pdf

+ Cisco ASA CX TCP Parsing Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1028673
CVE-2013-1203

+ FortiGate Guest User Permission Flaw Lets Remote Users Access Other User Records
http://www.securitytracker.com/id/1028671
CVE-2013-4604

+ Microsoft Sharepoint (Cloud) Persistent Script Insertion
http://cxsecurity.com/issue/WLB-2013060124

+ Mozilla Firefox Memory Exhaustion DoS Exploit
http://cxsecurity.com/issue/WLB-2013060130

Barman 1.2.1 released
http://www.postgresql.org/about/news/1469/

宮本和明のシリコンバレー最新技術報告
進化するエンタープライズ・モバイル(1) パノラマ映像でテレビ会議、iPhoneで操作
http://itpro.nikkeibp.co.jp/article/COLUMN/20130607/483341/?ST=security

スマホ少女の憂鬱、スマホ少年の暴走～今、10代が危ない
第3回　「スマホがあるから部活をしない」、問われる親の意識～スマホチルドレンの実情（中）
http://itpro.nikkeibp.co.jp/article/COLUMN/20130525/479581/?ST=security

組み込み機器のセキュリティー確保術
【第2回】システムのライフサイクル全体での対策が必要
http://itpro.nikkeibp.co.jp/article/COLUMN/20130607/483172/?ST=security

個人情報が抜き取られる！急増する迷惑スマホアプリ
［2］情報流出を自らで“承認”、ユーザーのミスを誘発する根本原因
http://itpro.nikkeibp.co.jp/article/COLUMN/20130607/483325/?ST=security

“富士山Wi-Fi”が浮き彫りにする二つの難問
http://itpro.nikkeibp.co.jp/article/Watcher/20130617/485461/?ST=security

偽の“Adobeの証明書”付きのマルウエア出回る、シマンテックが注意喚起
http://itpro.nikkeibp.co.jp/article/NEWS/20130617/485610/?ST=security

NTTが米国のセキュリティ関連会社を約200億円で買収、グローバル展開を強化
http://itpro.nikkeibp.co.jp/article/NEWS/20130617/485641/?ST=security

SIGとイグアス、メール添付文書の画像変換で標的型攻撃を防ぐ装置を販売
http://itpro.nikkeibp.co.jp/article/NEWS/20130617/485586/?ST=security

LOCAL: Adrenalin Player 2.2.5.3 (.wax) - SEH Buffer Overflow
http://www.exploit-db.com/exploits/26242

LOCAL: Winamp 5.12 (.m3u) - Stack Based Buffer Overflow
http://www.exploit-db.com/exploits/26245

17日 月曜日、先勝

+ Dovecot 2.2.3 released
http://www.dovecot.org/list/dovecot-news/2013-June/000256.html

+ ProFTPD 1.3.4d, 1.3.5rc3 released
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.4d

SIP/MGCP packets that should be encrypted are sent in clear text when SecureXL is enabled on R75.40VS
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk92814&src=securityAlerts

サーバメンテナンスのお知らせ(2013年6月16日）
http://www.trendmicro.co.jp/support/news-bn.asp

「国に言及するサイト」にライセンス料義務づけ：シンガポール（WIRED.jp）
http://itpro.nikkeibp.co.jp/article/NEWS/20130617/485423/?ST=security

チェックしておきたい脆弱性情報＜2013.06.17＞
http://itpro.nikkeibp.co.jp/article/COLUMN/20130613/484849/?ST=security

【第1回】組み込みシステムにおけるセキュリティーの現状と課題
http://itpro.nikkeibp.co.jp/article/COLUMN/20130607/483171/?ST=security

［1］人気ソフトをかたった偽アプリ、100万人規模の個人情報が流出か
http://itpro.nikkeibp.co.jp/article/COLUMN/20130607/483324/?ST=security

水面下で広がるサイト改ざん攻撃、自分が「加担者」にならない対策とは
http://itpro.nikkeibp.co.jp/article/COLUMN/20130615/485341/?ST=security

［Interop 2013］ヤマハが同社ブースでネットワークエンジニア会の開設をアナウンス
http://itpro.nikkeibp.co.jp/article/NEWS/20130614/485261/?ST=security

パソコンもスマホもタブレットも管理、セキュリティサービスのMcAfee LiveSafeを発表
http://itpro.nikkeibp.co.jp/article/NEWS/20130614/485248/?ST=security

シマンテック、App Storeで出会い系「サクラ」への誘導アプリを発見、注意を喚起
http://itpro.nikkeibp.co.jp/article/NEWS/20130614/485102/?ST=security

DoS/PoC: Easy LAN Folder Share Version 3.2.0.100 - Buffer Overflow Vulnerability
http://www.exploit-db.com/exploits/26214

14日 金曜日、仏滅

+ CESA-2013:0942 Moderate CentOS 5 krb5 Update
http://lwn.net/Alerts/554215/

+ CESA-2013:0942 Moderate CentOS 6 krb5 Update
http://lwn.net/Alerts/554217/

+ HPSBHF02885 rev.1 - HP Integrated Lights-Out iLO3 and iLO4 using Single-Sign-On (SSO), Remote Unauthorized Access
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03787836-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Sudo 1.8.7 released
http://www.sudo.ws/sudo/stable.html#1.8.7

+ REMOTE: MS13-009 Microsoft Internet Explorer COALineDashStyleArray Integer Overflow
http://www.exploit-db.com/exploits/26175

+ Microsoft Internet Explorer COALineDashStyleArray Integer Overflow
http://cxsecurity.com/issue/WLB-2013060110

+ Sony CH / DH Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2013060104

+ UPDATE: Java Applet Driver Manager Privileged toString() Remote Code Execution
http://cxsecurity.com/issue/WLB-2013060082

+ UPDATE: Java Web Start Double Quote Inject Remote Code Execution
http://cxsecurity.com/issue/WLB-2013060081

+ Linux Kernel 'dispatch_discard_io()' Function Security Bypass Vulnerability
http://www.securityfocus.com/bid/60414
CVE-2013-2140

+ Linux Kernel CVE-2013-2851 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/60409
CVE-2013-2851

+ Google Chrome CVE-2013-2865 Multiple Unspecified Security Vulnerabilities
http://www.securityfocus.com/bid/60403
CVE-2013-2865

phpMyAdmin 4.0.4-rc1 is released
http://sourceforge.net/p/phpmyadmin/news/2013/06/phpmyadmin-404-rc1-is-released/

JVNDB-2013-000057 Orchard におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000057.html

「中国など世界各国を米NSAがハッキング」スノーデン氏、香港紙に語る（WIRED.jp）
http://itpro.nikkeibp.co.jp/article/NEWS/20130614/485003/?ST=security

80を超えるウェブ各社や団体、「米国政府による監視」の停止を求める連合を結成（WIRED.jp）
http://itpro.nikkeibp.co.jp/article/NEWS/20130614/485002/?ST=security

40カ国の政府機関や研究施設等が標的、マルウェア「NetTraveler」（WIRED.jp）
http://itpro.nikkeibp.co.jp/article/NEWS/20130614/485001/?ST=security

キングソフトのセキュリティソフトに重大な不具合、PCが起動しない状態に
http://itpro.nikkeibp.co.jp/article/NEWS/20130613/484862/?ST=security

ウォッチガードの仮想アプライアンス、Hyper-Vに対応
http://itpro.nikkeibp.co.jp/article/NEWS/20130613/484771/?ST=security

NTTネオメイト、仮想デスクトップの保護に「Deep Security」を採用
http://itpro.nikkeibp.co.jp/article/NEWS/20130613/484741/?ST=security

VPS管理ツール「Plesk」にサイト改ざんの危険性、トレンドマイクロがブログで注意喚起
http://itpro.nikkeibp.co.jp/article/NEWS/20130613/484701/?ST=security

JVN#53622030 Orchard におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN53622030/

+ DoS/PoC: AXIS Media Control 6.2.10.11 - Unsafe ActiveX Method
http://www.exploit-db.com/exploits/26173

13日 木曜日、先負

+ RHSA-2013:0942 Moderate: krb5 security update
http://rhn.redhat.com/errata/RHSA-2013-0942.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2443

+ CESA-2013:0911 Important CentOS 6 kernel Update
http://lwn.net/Alerts/554057/

+ VMSA-2013-0008 VMware vCenter Chargeback Manager Remote Code Execution
http://www.vmware.com/security/advisories/VMSA-2013-0008.html

+ JDK 8 Project
https://jdk8.java.net/

+ DoS/PoC: Syslog Server 1.2.3 - Crash PoC
http://www.exploit-db.com/exploits/26137

+ SA53817 Oracle Sun QFS / Storage Archive Manager OpenSSL Two Vulnerabilities
http://secunia.com/advisories/53817/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169

+ glibc 2.17+ XDM crypto() NULL pointer deref
http://cxsecurity.com/issue/WLB-2013060101

+ Linux Kernel 'kvm_set_memory_region()' Function Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/60466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1943

+ Apple Mac OS X Directory Service CVE-2013-0984 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/60328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0984

Trend Micro Deep Security 9.0 Service Pack 1 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1968

ウイルスバスタービジネスセキュリティサービス バージョンアップ用メンテナンスのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1969

あなたの通話や通信を傍受されないための方法（WIRED.jp）
http://itpro.nikkeibp.co.jp/article/NEWS/20130613/484642/?ST=security

OfficeやIEに危険な脆弱性、悪用した標的型攻撃も出現
ファイルやWebページを開くだけで被害の恐れ、パッチ適用が急務
http://itpro.nikkeibp.co.jp/article/NEWS/20130613/484641/?ST=security

「炎上」対策だけでは不十分～企業を脅かすソーシャルリスク
【第4回】適切な「設定」と「管理」がリスクを減らす
http://itpro.nikkeibp.co.jp/article/COLUMN/20130604/481987/?ST=security

日銀、国債の流動性供給入札のシステム不具合について原因を明らかに
http://itpro.nikkeibp.co.jp/article/NEWS/20130612/484581/?ST=security

CSAJがパッケージソフト品質認証制度を開始、IPA/SECのガイドラインを基に制度設計
http://itpro.nikkeibp.co.jp/article/NEWS/20130612/484561/?ST=security

マクニカ、ユーザー数に依存しないメールアーカイブ装置を販売開始
http://itpro.nikkeibp.co.jp/article/NEWS/20130612/484509/?ST=security

みずほ情報総研、標的型攻撃メールへの耐性を調べる訓練サービスを開始
http://itpro.nikkeibp.co.jp/article/NEWS/20130612/484453/?ST=security

JVNVU#95659777 HP System Management Homepage に OS コマンドインジェクションの脆弱性
http://jvn.jp/cert/JVNVU95659777/index.html

12日 水曜日、友引

+ マイクロソフト 2013 年 6 月のセキュリティ情報
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-jun

+ MS13-047 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (2838727)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3126

+ MS13-048 - 重要 Windows カーネルの脆弱性により、情報漏えいが起こる (2839229)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3136

+ MS13-049 - 重要 カーネルモード ドライバーの脆弱性により、サービス拒否が起こる (2845690)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3138

+ MS13-050 - 重要 Windows 印刷スプーラー コンポーネントの脆弱性により、特権が昇格される (2839894)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1339

+ MS13-051 - 重要 Microsoft Office の脆弱性により、リモートでコードが実行される (2839571)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1331

+ APSB13-16 Security updates available for Adobe Flash Player
http://www.adobe.com/support/security/bulletins/apsb13-16.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3343

+ HPSBMU02884 rev.1 - HP Service Manager and HP ServiceCenter, Cross Site Scripting (XSS) and Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03784101-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2336

+ Lucky Thirteen vulnerability in Sun QFS and Sun Storage Archive Manager OpenSSL
https://blogs.oracle.com/sunsecurity/entry/lucky_thirteen_vulnerability_in_sun
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169

+ Multiple Permissions, Privileges, and Access Control vulnerabilities in Sudo
https://blogs.oracle.com/sunsecurity/entry/multiple_permissions_privileges_and_access
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1776

+ Microsoft Security Advisory (2854544) Update to Improve Cryptography and Digital Certificate Handling in Windows
http://technet.microsoft.com/en-us/security/advisory/2854544

+ UPDATE: Microsoft Security Advisory (2755801) Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
http://technet.microsoft.com/en-us/security/advisory/2755801

+ マイクロソフト セキュリティ アドバイザリ (2854544) Windows の暗号化とデジタル証明書の処理を改善するための更新プログラム
http://technet.microsoft.com/ja-jp/security/advisory/2854544

+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer 10 上の Adobe Flash Player の脆弱性用の更新プログラム
http://technet.microsoft.com/ja-jp/security/advisory/2755801

+ Apache Tomcat 7.0.41 Released
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

+ Wireshark Multiple Bugs Let Remote Users Deny Service
http://www.securitytracker.com/id/1028648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4083

+ REMOTE: Java Web Start Double Quote Injection Remote Code Execution
http://www.exploit-db.com/exploits/26123

+ REMOTE: Java Applet Driver Manager Privileged toString() Remote Code Execution
http://www.exploit-db.com/exploits/26135

+ LOCAL: Linux kernel perf_swevent_init - Local root Exploit
http://www.exploit-db.com/exploits/26131

+ SA53792 McAfee Email and Web Security Appliance / Email Gateway ISC BIND Vulnerability
http://secunia.com/advisories/53792/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3919

+ Linux kernel perf_swevent_init Local root Exploit
http://cxsecurity.com/issue/WLB-2013060094

+ Apache HTTP Server 2.2.24 writes data to a log file without sanitizing
http://cxsecurity.com/issue/WLB-2013060090

+ Java Applet Driver Manager Privileged toString() Remote Code Execution
http://cxsecurity.com/issue/WLB-2013060082

+ Red Hat Enterprise Virtualization Manager CVE-2013-2152 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/60475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2152

+ Red Hat Enterprise Virtualization Manager CVE-2013-2151 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/60473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2151

JVNDB-2013-000056 Galapagos Browser における WebView クラスに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000056.html

JVNDB-2013-000055 Angel Browser における WebView クラスに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000055.html

米国家情報長官：個人情報収集「PRISM」報道は誤解（WIRED.jp）
http://itpro.nikkeibp.co.jp/article/NEWS/20130612/484301/?ST=security

世界のセキュリティ・ラボから
タトゥーや錠剤をパスワードに代わる認証手段に
http://itpro.nikkeibp.co.jp/article/COLUMN/20130609/483441/?ST=security

「炎上」対策だけでは不十分～企業を脅かすソーシャルリスク
【第3回】ユーザー権限を悪用するアプリが急増、偽アカウントも出現
http://itpro.nikkeibp.co.jp/article/COLUMN/20130604/481986/?ST=security

なりすまし防止のネット選挙用メール基盤、自民・民主・公明が参議院選で採用
http://itpro.nikkeibp.co.jp/article/NEWS/20130611/484062/?ST=security

JVN#99813183 Galapagos Browser における WebView クラスに関する脆弱性
http://jvn.jp/jp/JVN99813183/

JVN#79301570 Angel Browser における WebView クラスに関する脆弱性
http://jvn.jp/jp/JVN79301570/

JVNVU#91437015 IBM QRadar Security Information and Event Manager (SIEM) に OS コマンドインジェクションの脆弱性
http://jvn.jp/cert/JVNVU91437015/index.html

JVNVU#99480690 QNAP 製 VioStor NVR シリーズおよび NAS 製品に複数の脆弱性
http://jvn.jp/cert/JVNVU99480690/index.html

JVNVU#92198165 HP Insight Diagnostics に複数の脆弱性
http://jvn.jp/cert/JVNVU92198165/index.html

JVNVU#95176702 c-treeACE の難読化アルゴリズムに脆弱性
http://jvn.jp/cert/JVNVU95176702/index.html

VU#735364 HP System Management Homepage contains a command injection vulnerability
http://www.kb.cert.org/vuls/id/735364

REMOTE: Synactis PDF In-The-Box ConnectToSynactic Stack Buffer Overflow
http://www.exploit-db.com/exploits/26134

DoS/PoC: WinRadius 2.11 - Denial of Service
http://www.exploit-db.com/exploits/26130

11日 火曜日、先勝

+ RHSA-2013:0911 Important: kernel security, bug fix, and enhancement update
http://rhn.redhat.com/errata/RHSA-2013-0911.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1935
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2017

+ Java Applet Driver Manager Privileged toString() Remote Code Execution
http://cxsecurity.com/issue/WLB-2013060082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1488

+ Sun Java Web Start Double Quote Injection
http://cxsecurity.com/issue/WLB-2013060081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1533

+ mysql-5.5/5.5.31+dfsg-0+wheezy1 Insecure creation of debian.cnf
http://cxsecurity.com/issue/WLB-2013060066

+ SA53762 Wireshark Multiple Vulnerabilities
http://secunia.com/advisories/53762/
+ Wireshark Multiple Buffer Overflow and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/60448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4083

+ Linux Kernel Multiple Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/60280

スマホ少女の憂鬱、スマホ少年の暴走～今、10代が危ない
第2回　イライラ募り勉強に自信なし、小学生にも「動画」蔓延～スマホチルドレンの実情（上）
http://itpro.nikkeibp.co.jp/article/COLUMN/20130525/479561/?ST=security

「炎上」対策だけでは不十分～企業を脅かすソーシャルリスク
【第2回】設定ミスで丸見えに、“うっかり担当者”が招く危機
http://itpro.nikkeibp.co.jp/article/COLUMN/20130604/481985/?ST=security

世界水準のセキュリティ人材育成狙う、日本CISO協会が本格始動
http://itpro.nikkeibp.co.jp/article/NEWS/20130610/483822/?ST=security

米政府がユーザーデータ収集との報道受け、GoogleとFacebookが関与を否定
http://itpro.nikkeibp.co.jp/article/NEWS/20130610/483481/?ST=security

JVNVU#90102556 Parallels Plesk Panel に任意のコードが実行される脆弱性
http://jvn.jp/cert/JVNVU90102556/index.html

VU#324668 HP Insight Diagnostics 9.4.0.4710 multiple vulnerabilities
http://www.kb.cert.org/vuls/id/324668

VU#900031 Faircom c-treeACE database weak obfuscation algorithm vulnerability
http://www.kb.cert.org/vuls/id/900031

REMOTE: MobileIron Virtual Smartphone Platform Privilege Escalation Exploit
http://www.exploit-db.com/exploits/26075

DoS/PoC: Cisco ASA < 8.4.4.6|8.2.5.32 Ethernet Information Leak
http://www.exploit-db.com/exploits/26076

10日 月曜日、赤口

+ Sysstat 10.1.6 released (development version)
http://sebastien.godard.pagesperso-orange.fr/

+ PHP Heap Overflow in quoted_printable_encode() Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2110

SA53666 Linux Kernel "dispatch_discard_io()" RO Disk Manipulation Security Issue
http://secunia.com/advisories/53666/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2140

+ SA53736 PHP "php_quot_print_encode()" Buffer Overflow Vulnerability
http://secunia.com/advisories/53736/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2110

+ mysql-5.5/5.5.31+dfsg-0+wheezy1 Insecure creation of debian.cnf
http://cxsecurity.com/issue/WLB-2013060066

+ Linux kernel before 3.3 batman-adv ICMP Remote DoS
http://cxsecurity.com/issue/WLB-2013060060

+ Linux Kernel block layer & b43 wireless driver format string
http://cxsecurity.com/issue/WLB-2013060054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2851

+ Linux Kernel Leak information in cdrom driver
http://cxsecurity.com/issue/WLB-2013060056

+ Microsoft Internet Explorer textNode Use-After-Free
http://cxsecurity.com/issue/WLB-2013060050

+ REMOTE: Microsoft Internet Explorer textNode Use-After-Free
http://www.exploit-db.com/exploits/25999

+ Microsoft Internet Explorer XML Files Handling Information Disclosure Vulnerability
http://www.securityfocus.com/bid/60421

+ Linux Kernel 'b43' Wireless Driver Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/60410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2852

+ FreeBSD 8.4-RELEASE released
http://www.freebsd.org/releases/8.4R/relnotes.html

定期サーバメンテナンスのお知らせ（2013年6月14日）
http://www.trendmicro.co.jp/support/news.asp?id=1967

チェックしておきたい脆弱性情報＜2013.06.10＞
http://itpro.nikkeibp.co.jp/article/COLUMN/20130604/482163/?ST=security

「炎上」対策だけでは不十分～企業を脅かすソーシャルリスク
【第1回】ソーシャルが変えた企業の業務、リスク対策は待ったなし
http://itpro.nikkeibp.co.jp/article/COLUMN/20130604/481984/?ST=security

「Webサイト改ざん報告が昨年の10倍、4月から2カ月で1000件」、JPCERT/CCが注意喚起
http://itpro.nikkeibp.co.jp/article/NEWS/20130607/483291/?ST=security

米国政府機関が大手ネットサービスのユーザーデータを収集か、米・英紙が相次ぎ報道
http://itpro.nikkeibp.co.jp/article/NEWS/20130607/483282/?ST=security

Microsoft、金融業界やFBIと協力しCitadelボットネットを摘発
http://itpro.nikkeibp.co.jp/article/NEWS/20130607/483061/?ST=security

JVN#39218538 Android 版 ピザハット公式アプリ　宅配ピザのPizzaHut における SSL サーバ証明書の検証不備の脆弱性
http://jvn.jp/jp/JVN39218538/

JVN#63901692 Internet Explorer における情報漏えいの脆弱性
http://jvn.jp/jp/JVN63901692/

VU#673343 Parallels Plesk Panel phppath/php vulnerability
http://www.kb.cert.org/vuls/id/673343

REMOTE: Novell Zenworks Mobile Device Managment Local File Inclusion Vulnerability
http://www.exploit-db.com/exploits/26012

DoS/PoC: Quick TFTP Server 2.2 - Denial of Service
http://www.exploit-db.com/exploits/26010

7日 金曜日、友引

+ UPDATE: Multiple Vulnerabilities in Cisco Unified Computing System
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti

+ マイクロソフト セキュリティ情報の事前通知 - 2013 年 6 月
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-jun

+ PHP 5.4.16, 5.3.26 released!
http://php.net/ChangeLog-5.php

+ Microsoft Internet Explorer textNode Use-After-Free
http://cxsecurity.com/issue/WLB-2013060050

+ Linux Kernel 'mmc_ioctl_cdrom_read_data()' Function Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/60375

サーバメンテナンスのお知らせ（2013年6月8日）
http://www.trendmicro.co.jp/support/news.asp?id=1966

世界のセキュリティ・ラボから
電力グリッドは丸腰状態、サイバー攻撃のリスクは深刻
http://itpro.nikkeibp.co.jp/article/COLUMN/20130604/482201/?ST=security

重要インフラのサイバー・テロに向けた官・民の取り組み
【最終回】“サイバー戦争”をも見据えた米国の取り組みと日本の対応（後編）
http://itpro.nikkeibp.co.jp/article/COLUMN/20130517/477528/?ST=security

小悪魔女子大生ブログサイト、シマンテックの「ECC対応版SSLサーバ証明書」導入第1号に
http://itpro.nikkeibp.co.jp/article/NEWS/20130606/483003/?ST=security

チェックしておきたい脆弱性情報＜2013.06.06＞
http://itpro.nikkeibp.co.jp/article/COLUMN/20130604/482161/?ST=security

JVNVU#91437015 IBM QRadar Security Information and Event Manager (SIEM) に OS コマンドインジェクションの脆弱性
http://jvn.jp/cert/JVNVU91437015/

JVNVU#99480690 QNAP 製 VioStor NVR シリーズおよび NAS 製品に複数の脆弱性
http://jvn.jp/cert/JVNVU99480690/

Microsoft June 2013 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/60394

6日 木曜日、先勝

+ About the security content of Safari 6.0.5
http://support.apple.com/kb/HT5785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0879
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0999
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1012
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1013

+ About the security content of OS X Mountain Lion v10.8.4 and Security Update 2013-002
http://support.apple.com/kb/HT5784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1945
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4577
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0276
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1855
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1856
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0990

+ phpMyAdmin 4.0.3 released
http://sourceforge.net/p/phpmyadmin/news/2013/06/phpmyadmin-403-is-released/

+ PMASA-2013-6 XSS due to unescaped HTML output in Create View page
http://www.phpmyadmin.net/home_page/security/PMASA-2013-6.php

+ Wireshark 1.10.0 released
http://www.wireshark.org/docs/relnotes/wireshark-1.10.0.html

+ Apache Struts 2.3.14.3 released
http://struts.apache.org/release/2.3.x/docs/version-notes-23143.html

+ ISC BIND RUNTIME_CHECK Error Lets Remote Users Deny Service Against Recursive Resolvers
http://www.securitytracker.com/id/1028632

+ Apple Safari Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1028627

+ Apple OS X Bugs Let Remote Users Execute Arbitrary Code and Local Users Bypass Security Restrictions
http://www.securitytracker.com/id/1028625

+ REMOTE: Apache Struts includeParams Remote Code Execution
http://www.exploit-db.com/exploits/25980

+ DoS/PoC: Mac OSX Server DirectoryService Buffer Overflow
http://www.exploit-db.com/exploits/25974

+ Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
http://www.securityfocus.com/bid/60346

+ Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
http://www.securityfocus.com/bid/60345

+ Linux Kernel 'copy_event_to_user()' Function Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/60341

+ Apple Safari Prior to 6.0.5 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/60330

Trend Micro Smart Protection Server 2.6 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1965

重要インフラのサイバー・テロに向けた官・民の取り組み
【第4回】“サイバー戦争”をも見据えた米国の取り組みと日本の対応（前編）
http://itpro.nikkeibp.co.jp/article/COLUMN/20130517/477527/?ST=security

JVNVU#91792294 Apple Safari における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU91792294/

JVNVU#92046435 Apple OS X における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU92046435/

VU#722868 IBM QRadar SIEM command injection vulnerability
http://www.kb.cert.org/vuls/id/722868

VU#927644 QNAP VioStor NVR firmware version 4.0.3 and QNAP NAS multiple
http://www.kb.cert.org/vuls/id/927644

REMOTE: Exim sender_address Parameter - RCE Exploit
http://www.exploit-db.com/exploits/25970

REMOTe: MiniUPnPd 1.0 Stack Buffer Overflow Remote Code Execution
http://www.exploit-db.com/exploits/25975

REMOTE: Oracle WebCenter Content CheckOutAndOpen.dll ActiveX Remote Code Execution
http://www.exploit-db.com/exploits/25979

REMOTE: Plesk Apache Zeroday Remote Exploit
http://www.exploit-db.com/exploits/25986

REMOTE: Xpient Cash Drawer Operation Vulnerability
http://www.exploit-db.com/exploits/25987

DoS/PoC: PEStudio 3.69 - Denial of Service
http://www.exploit-db.com/exploits/25972

SA53693 Apache Struts OGNL Expression Injection Vulnerabilities
http://secunia.com/advisories/53693/

SA53681 Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/53681/

SA53684 Apple Mac OS X Multiple Vulnerabilities
http://secunia.com/advisories/53684/

SA53711 Apple Safari Multiple Vulnerabilities
http://secunia.com/advisories/53711/

SA53709 ISC BIND Recursive Query Handling Denial of Service Vulnerability
http://secunia.com/advisories/53709/

Mac OSX Server DirectoryService Buffer Overflow
http://cxsecurity.com/issue/WLB-2013060040

5日 水曜日、赤口

+ CESA-2013:0896 Moderate CentOS 6 qemu-kvm Update
http://lwn.net/Alerts/552867/

+ CESA-2013:0897 Important CentOS 6 mesa Update
http://lwn.net/Alerts/552868/

+ CESA-2013:0898 Moderate CentOS 5 mesa Update
http://lwn.net/Alerts/552869/

+ Google Chrome 27.0.1453.110 released
http://googlechromereleases.blogspot.jp/2013/06/stable-channel-update.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2854
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2855
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2856
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2857
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2858
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2859
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2860
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2861
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2862
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2864

+ CVE-2012-5134 Buffer Overflow vulnerability in libxml2
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5134_buffer_overflow
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134

+ Lucky Thirteen vulnerability in Solaris OpenSSL
https://blogs.oracle.com/sunsecurity/entry/lucky_thirteen_vulnerability_in_solaris
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169

+ Multiple vulnerabilities in Apache HTTP server
https://blogs.oracle.com/sunsecurity/entry/multiple_cross_site_scripting_vulnerabilities
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558

+ CVE-2013-0338 Denial of Service (DoS) vulnerability in libxml2
https://blogs.oracle.com/sunsecurity/entry/cve_2013_0338_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0338

+ CVE-2012-5667 Heap Buffer Overflow vulnerability in GNU Grep
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5667_heap_buffer
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5667

+ Zimbra Collaboration Suite Open Source Edition 8.0.4, 7.2.4 released
http://files.zimbra.com/website/docs/8.0/Zimbra_OS_Release_Notes_8.0.4.pdf
http://files.zimbra.com/website/docs/7.2/Zimbra_OS_Release_Notes_7.2.4.pdf

+ Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1028622
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2115

+ Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
http://www.securitytracker.com/id/1028621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1968
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2112

+ Linux Kernel 'perf' Multiple Denial of Service and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/60324

重要インフラのサイバー・テロに向けた官・民の取り組み
【第3回】重要インフラ・システム防護への取り組みの変遷（後編）
http://itpro.nikkeibp.co.jp/article/COLUMN/20130517/477526/?ST=security

日本ユニシス、米国訴訟向けのメールアーカイブ製品「ZLUA」を販売開始
http://itpro.nikkeibp.co.jp/article/NEWS/20130604/482105/?ST=security

科学技術振興機構のWebサイト改ざん、閲覧者にウイルス感染のおそれ
http://itpro.nikkeibp.co.jp/article/NEWS/20130604/481902/?ST=security

4日 火曜日、大安

+ RHSA-2013:0897 Important: mesa security update
http://rhn.redhat.com/errata/RHSA-2013-0897.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1993

+ RHSA-2013:0896 Moderate: qemu-kvm security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-0896.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2007

+ RHSA-2013:0898 Moderate: mesa security update
http://rhn.redhat.com/errata/RHSA-2013-0898.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1993

+ HPSBMU02883 SSRT101227 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03781657-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2332
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2335

+ MySQL 5.6.12, 5.5.32, 5.1.70 released
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-12.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-32.html
http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-70.html

+ LOCAL: Windows NT - Windows 8 EPATHOBJ Local Ring 0 Exploit
http://www.exploit-db.com/exploits/25912/
http://cxsecurity.com/issue/WLB-2013060019

+ SA53727 Apache Subversion Hook Scripts Arbitrary Command Injection Vulnerability
http://secunia.com/advisories/53727/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2088

+ SA53692 Apache Subversion svnserve and FSFS Repositories Denial of Service Vulnerabilities
http://secunia.com/advisories/53692/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1968
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2112

+ Microsoft VC++ 2005 RTM runtime libraries installed with MSE
http://cxsecurity.com/issue/WLB-2013060020

+ Apache Struts includeParams Remote Code Execution
http://cxsecurity.com/issue/WLB-2013060018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1966

+ Wireshark ASN.1 BER Dissector CVE-2013-3557 Denial of Service Vulnerability
http://www.securityfocus.com/bid/60021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3557

+ Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/60267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1968

+ Apache Subversion CVE-2013-2088 Command Injection Vulnerability
http://www.securityfocus.com/bid/60265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2088

+ Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/60264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2112

+ Linux Kernel Multiple Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/60254

JVNDB-2013-000052 HP ProCurve 1700 シリーズのスイッチにおけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000052.html

最新サイバー攻撃に備える
社内への大規模攻撃に対応する
http://itpro.nikkeibp.co.jp/article/COLUMN/20130529/480542/?ST=security

宮本和明のシリコンバレー最新技術報告
開いて10秒で消える“究極のセキュアメッセージ”
http://itpro.nikkeibp.co.jp/article/COLUMN/20130602/481401/?ST=security

重要インフラのサイバー・テロに向けた官・民の取り組み
【第2回】重要インフラ・システム防護への取り組みの変遷（前編）
http://itpro.nikkeibp.co.jp/article/COLUMN/20130517/477525/?ST=security

カウントダウン！個人情報保護法改正
「監督のいないサッカーチーム」脱し、“ビッグデータ”のインフラに
http://itpro.nikkeibp.co.jp/article/COLUMN/20130529/480623/?ST=security

ハピネット・オンラインで不正ログインにより最大3909件のカード情報漏洩
http://itpro.nikkeibp.co.jp/article/NEWS/20130603/481802/?ST=security

Motorola、タトゥーと錠剤を用いる新たな認証手段を研究---英メディアの報道
http://itpro.nikkeibp.co.jp/article/NEWS/20130603/481545/?ST=security

日立がビッグデータ活用のプライバシー指針、保護責任者を設置し顧客案件をチェック
http://itpro.nikkeibp.co.jp/article/NEWS/20130603/481441/?ST=security

JVN#48108258 HP ProCurve 1700 シリーズのスイッチにおけるクロスサイトリクエストフォージェリの脆弱性
http://jvn.jp/jp/JVN48108258/

Linux Kernel iSCSI Heap Overflow Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028615

3日 月曜日、仏滅

+ CESA-2013:0883 Important CentOS 5 gnutls Update
http://lwn.net/Alerts/552436/

+ CESA-2013:0884 Moderate CentOS 6 libtirpc Update
http://lwn.net/Alerts/552437/

+ UPDATE: HPSBGN02589 SSRT100296 rev.2 - HP ProCurve Access Points, Access Controllers, and Mobility Controllers, Privilege Escalation
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c02544568-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ VMSA-2013-0007 VMware ESX third party update for Service Console package sudo
http://www.vmware.com/security/advisories/VMSA-2013-0007.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3440

+ UPDATE: VMSA-2013-0004.3 VMware ESXi and ESX security update for third party library
http://www.vmware.com/security/advisories/VMSA-2013-0004.html

+ GCC 4.8.1 released
http://gcc.gnu.org/gcc-4.8/changes.html

+ SA53670 Linux Kernel "iscsi_add_notunderstood_response()" Buffer Overflow Vulnerability
http://secunia.com/advisories/53670/

+ Linux kernel iSCSI target heap overflow
http://cxsecurity.com/issue/WLB-2013060008

+ Linux kernel net oops from tcp_collapse() using splice(2)
http://cxsecurity.com/issue/WLB-2013050210

+ Linux Kernel CVE-2013-2850 Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/60243

第1回　スマホから離れられない子供たち、「スマホチルドレン」は今
http://itpro.nikkeibp.co.jp/article/COLUMN/20130519/477803/?ST=security

重要インフラのサイバー・テロに向けた官・民の取り組み
【第1回】映画の世界が現実に
http://itpro.nikkeibp.co.jp/article/COLUMN/20130517/477524/?ST=security

早読み「企業IT動向調査2013」
［1］1割がサイバー攻撃を経験、頭痛の種はWindows XP
http://itpro.nikkeibp.co.jp/article/COLUMN/20130527/479745/?ST=security

JVN#24560784 Adobe Reader X における Sandbox 機能が回避される脆弱性
http://jvn.jp/jp/JVN24560784/

REMOTE: Lianja SQL 1.0.0RC5.1 db_netserver Stack Buffer Overflow
http://www.exploit-db.com/exploits/25851

LOCAL: BOINC Manager (Seti@home) 7.0.64 Field SEH based BOF
http://www.exploit-db.com/exploits/25883

DoS/PoC: ModSecurity Remote Null Pointer Dereference
http://www.exploit-db.com/exploits/25852