31日 木曜日、大安

+ RHSA-2013:1480 Important: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2013-1480.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5602
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5604

+ CESA-2013:1476 Critical CentOS 5 firefox Update
http://lwn.net/Alerts/572253/

+ CESA-2013:1476 Critical CentOS 6 firefox Update
http://lwn.net/Alerts/572254/

+ CESA-2013:1475 Moderate CentOS 6 postgresql Update
http://lwn.net/Alerts/572256/

+ CESA-2013:1473 Important CentOS 6 spice-server Update
http://lwn.net/Alerts/572258/

+ CESA-2013:1475 Moderate CentOS 5 postgresql84 Update
http://lwn.net/Alerts/572255/

+ CESA-2013:1474 Important CentOS 5 qspice Update
http://lwn.net/Alerts/572257/

+ Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131030-asr1000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5545
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5547

+ UPDATE: HPSBMU02872 SSRT101185 rev.3 - HP Service Manager, Remote Disclosure of Information, Cross Site Scripting(XSS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03748875-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBMU02874 SSRT101184 rev.2 - HP Service Manager, Java Runtime Environment (JRE) Security Update
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03748879-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBMU02931 rev.2 - HP Service Manager, Injection of Arbitrary Code, Remote Privilege Elevation, Remote Disclosure of Privileged Information and Cross Site Scripting (XSS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03960916-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HPSBMU02932 rev.1 - HP Application LifeCycle Management, ALM client component, Remote Execution of Arbitrary Code
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03969433-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4834

+ HPSBMU02933 rev.1 - HP SiteScope, issueSiebelCmd SOAP Request, Remote Code Execution
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03969435-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4835

+ HPSBMU02934 rev.1 - HP Application LifeCycle Management, GossipService SOAP Request, Remote Code Execution
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03969436-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4836

+ HPSBMU02935 rev.1 - HP LoadRunner Virtual User Generator, Remote Code Execution
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03969437-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4839

JVNDB-2013-004446 複数製品で使用されている International Components for Unicode (ICU) に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-004446.html

JVNDB-2013-001665 複数製品で使用されている International Components for Unicode (ICU) にサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001665.html

「CAPTCHAを解読できる」最新式人工知能（WIRED.jp）
http://itpro.nikkeibp.co.jp/article/NEWS/20131031/515062/?ST=security

「Androidアプリの96％に脆弱性リスク」、SDNAが調査レポート公開
http://itpro.nikkeibp.co.jp/article/NEWS/20131029/514742/?ST=security

VU#326830 NAS4Free version 9.1.0.1 contains a remote command execution vulnerability
http://www.kb.cert.org/vuls/id/326830

VU#639620 Joomla! Media Manager allows arbitrary file upload and execution
http://www.kb.cert.org/vuls/id/639620

VU#533894 Openbravo ERP contains an information disclosure vulnerability
http://www.kb.cert.org/vuls/id/533894

30日 水曜日、仏滅

+ RHSA-2013:1473 Important: spice-server security update
http://rhn.redhat.com/errata/RHSA-2013-1473.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4282

+ RHSA-2013:1475 Moderate: postgresql and postgresql84 security update
http://rhn.redhat.com/errata/RHSA-2013-1475.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900

+ RHSA-2013:1476 Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2013-1476.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5602
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5604

+ RHSA-2013:1474 Important: qspice security update
http://rhn.redhat.com/errata/RHSA-2013-1474.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4282

+ Mozilla Firefox 25 released
http://www.mozilla.org/en-US/firefox/25.0/releasenotes/

+ Mozilla Thunderbird 24.1 released
http://www.mozilla.org/en-US/thunderbird/24.1.0/releasenotes/

+ MFSA 2013-102 Use-after-free in HTML document templates
http://www.mozilla.org/security/announce/2013/mfsa2013-102.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5603

+ MFSA 2013-101 Memory corruption in workers
http://www.mozilla.org/security/announce/2013/mfsa2013-101.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5602

+ MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
http://www.mozilla.org/security/announce/2013/mfsa2013-100.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5601

+ MFSA 2013-99 Security bypass of PDF.js checks using iframes
http://www.mozilla.org/security/announce/2013/mfsa2013-99.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5598

+ MFSA 2013-98 Use-after-free when updating offline cache
http://www.mozilla.org/security/announce/2013/mfsa2013-98.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5597

+ MFSA 2013-97 Writing to cycle collected object during image decoding
http://www.mozilla.org/security/announce/2013/mfsa2013-97.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5596

+ MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions
http://www.mozilla.org/security/announce/2013/mfsa2013-96.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5595

+ MFSA 2013-95 Access violation with XSLT and uninitialized data
http://www.mozilla.org/security/announce/2013/mfsa2013-95.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5604

+ MFSA 2013-94 Spoofing addressbar though SELECT element
http://www.mozilla.org/security/announce/2013/mfsa2013-94.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5593

+ MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)
http://www.mozilla.org/security/announce/2013/mfsa2013-93.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739

+ REMOTE: Apache / PHP 5.x Remote Code Execution Exploit
http://www.exploit-db.com/exploits/29290
http://cxsecurity.com/issue/WLB-2013100194

+ Apache Struts2 showcase multiple XSS
http://cxsecurity.com/issue/WLB-2013100185

+ SA55429 Apache mod_pagespeed Module Cross-Site Scripting Vulnerability
http://secunia.com/advisories/55429/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6111

Security Gateway Virtual Edition (VE) VMWare OVF template security update
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk96026&src=securityAlerts

JVNDB-2013-000096 RockDisk におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000096.html

カスペルスキーのセキュリティソフト新版、家族内なら無制限に利用可能
http://itpro.nikkeibp.co.jp/article/NEWS/20131030/514782/?ST=security

Suicaの乗降履歴事例を引き合いに、法制度改正求める声相次ぐ
「パーソナルデータに関する検討会」第3回会合
http://itpro.nikkeibp.co.jp/article/NEWS/20131029/514706/?ST=security

IPA情報処理試験がセキュリティ分野重視に、基本や応用の午後試験では必須化
http://itpro.nikkeibp.co.jp/article/NEWS/20131029/514502/?ST=security

JVNVU#96036147 Cisco Identity Services Engine に脆弱性
http://jvn.jp/cert/JVNVU96036147/

REMOTE: WatchGuard Firewall XTM 11.7.4u1 - Remote Buffer Overflow
http://www.exploit-db.com/exploits/29273

29日 火曜日、先負

+ SA55427 McAfee Firewall Enterprise Multiple Vulnerabilities
http://secunia.com/advisories/55427/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5710

[更新]ウイルス検索エンジン VSAPI 9.750 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2006

Advisory: Sophos Mobile Control - vulnerability found in JBoss
http://www.sophos.com/en-us/support/knowledgebase/119987.aspx

「出口対策」を強化せよ、新型攻撃と戦うユーザーに必要な意識改革
http://itpro.nikkeibp.co.jp/article/COLUMN/20131024/513369/?ST=security

米当局は駐独米大使館を拠点にベルリンを盗聴、独誌が報じる
http://itpro.nikkeibp.co.jp/article/NEWS/20131028/514063/?ST=security

JVNVU#90453851 Tyler Technologies TaxWeb に複数の脆弱性
http://jvn.jp/cert/JVNVU90453851/

JVNVU#97210126 TVT TD-2308SS-B にディレクトリトラバーサルの脆弱性
http://jvn.jp/cert/JVNVU97210126/

JVNVU#95174988 複数の Apple 製品の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU95174988/

VU#952422 Cisco Identity Services Engine contains an input validation vulnerability
http://www.kb.cert.org/vuls/id/952422

LOCAL: BlazeDVD 6.2 (.plf) - Buffer Overflow (SEH)
http://www.exploit-db.com/exploits/29263

LOCAL: VideoCharge Studio 2.12.3.685 - Buffer Overflow (SEH)
http://www.exploit-db.com/exploits/29234

Apache Struts2 showcase multiple XSS
http://cxsecurity.com/issue/WLB-2013100185

28日 月曜日、友引

+ CESA-2013:1458 Moderate CentOS 5 gnupg Update
http://lwn.net/Alerts/571724/

+ CESA-2013:1459 Moderate CentOS 5 gnupg2 Update
http://lwn.net/Alerts/571726/

+ CESA-2013:1457 Moderate CentOS 5 libgcrypt Update
http://lwn.net/Alerts/571727/

+ CESA-2013:1459 Moderate CentOS 6 gnupg2 Update
http://lwn.net/Alerts/571725/

+ CESA-2013:1457 Moderate CentOS 6 libgcrypt Update
http://lwn.net/Alerts/571728/

+ VMware Player 6.0.1 released
https://my.vmware.com/web/vmware/free#desktop_end_user_computing/vmware_player/6_0|

+ Apache Tomcat 7.0.47 Released
http://tomcat.apache.org/download-70.cgi

+ OpenLDAP 2.4.37 released
http://www.openldap.org/software/download/

+ Linux Kernel ip_output Memory Corruption Flaw Lets Local Users Deny Service or Gain Elevated Privileges
http://www.securitytracker.com/id/1029254
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4470

+ GnuPG Incorrect Processing of Key Flags Subpacket May Let Users Bypass Security Controls
http://www.securitytracker.com/id/1029243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4351

+ GnuPG Side-Channel Attack Lets Local Users Recover RSA Secret Keys
http://www.securitytracker.com/id/1029242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242

+ Glibc getaddrinfo() Overflow Lets Remote or Local Users Deny Service
http://www.securitytracker.com/id/1029238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4458

セキュリティ・ホットトピックス
Apple IDを狙うリストアタックが多発、サイトが攻撃を回避する手段とは
http://itpro.nikkeibp.co.jp/article/COLUMN/20131024/513462/?ST=security

JVN#62507275 複数のブロードバンドルータがオープンリゾルバとして機能してしまう問題
http://jvn.jp/jp/JVN62507275/index.html

VU#785838 TVT TD-2308SS-B DVR contains a directory traversal vulnerability
http://www.kb.cert.org/vuls/id/785838

VU#911678 Tyler Technologies TaxWeb 3.13.3.1 contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/911678

REMOTE: Open Flash Chart 2 Arbitrary File Upload
http://www.exploit-db.com/exploits/29210

LOCAL: Photodex ProShow Producer 5.0.3310 - Local Buffer Overflow (SEH)
http://www.exploit-db.com/exploits/29213

25日 金曜日、大安

+ RHSA-2013:1457 Moderate: libgcrypt security update
http://rhn.redhat.com/errata/RHSA-2013-1457.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242

+ RHSA-2013:1459 Moderate: gnupg2 security update
http://rhn.redhat.com/errata/RHSA-2013-1459.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4402

+ RHSA-2013:1458 Moderate: gnupg security update
http://rhn.redhat.com/errata/RHSA-2013-1458.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4402

+ SA55305 MantisBT Project Names Script Insertion Vulnerability
http://secunia.com/advisories/55305/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4460

+ Microsoft Word Protect Document Password Feature
http://cxsecurity.com/issue/WLB-2013100168

+ MantisBT 'account_sponsor_page.php' HTML Injection Vulnerability
http://www.securityfocus.com/bid/63273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4460

Advisory: Sophos Mobile Control - security issue found in JBoss
http://www.sophos.com/en-us/support/knowledgebase/119987.aspx

ゲームから仕事紹介サイトまで。オンラインで活性化する「マネーロンダリング」（WIRED.jp）
http://itpro.nikkeibp.co.jp/article/NEWS/20131025/513583/?ST=security

マカフィー、生体認証に対応した個人向けセキュリティソリューション
http://itpro.nikkeibp.co.jp/article/NEWS/20131025/513582/?ST=security

チェックしておきたい脆弱性情報＜2013.10.25＞
http://itpro.nikkeibp.co.jp/article/COLUMN/20131021/512284/?ST=security

高度なマルウエアは防げない、「アフターテクノロジー」が重要
オリバー・フリードリックス氏 米ソースファイア　クラウドテクノロジーグループ　上級副社長
http://itpro.nikkeibp.co.jp/article/Interview/20131022/512834/?ST=security

ネットバンキングの情報盗む「BANCOS」が急増、IPAの3Q報告書
http://itpro.nikkeibp.co.jp/article/NEWS/20131024/513302/?ST=security

24日 木曜日、仏滅

+ About the security content of iTunes 11.1.2
http://support.apple.com/kb/HT6001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2871

+ About the security content of Apple Remote Desktop 3.7
http://support.apple.com/kb/HT5998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5135

+ About the security content of Apple Remote Desktop 3.5.4
http://support.apple.com/kb/HT5997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5135

+ About the security content of OS X Server v3.0
http://support.apple.com/kb/HT5999
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1855
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1856
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5143

+ About the security content of Keynote 6.0
http://support.apple.com/kb/HT6002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5148

+ About the security content of OS X Mavericks v10.9
http://support.apple.com/kb/HT6011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3950
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1667
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0845
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0845
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5192

+ About the security content of Safari 6.1
http://support.apple.com/kb/HT6000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1036
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5131

+ About the security content of iOS 7.0.3
http://support.apple.com/kb/HT6010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5164

+ CESA-2013:1452 Moderate CentOS 5 vino Update
http://lwn.net/Alerts/571425/

+ CESA-2013:1452 Moderate CentOS 6 vino Update
http://lwn.net/Alerts/571426/

+ CESA-2013:1451 Critical CentOS 6 java-1.7.0-openjdk Update
http://lwn.net/Alerts/571423/

+ CESA-2013:1449 Moderate CentOS 5 kernel Update
http://lwn.net/Alerts/571424/

+ CESA-2013:1447 Important CentOS 5 java-1.7.0-openjdk Update
http://lwn.net/Alerts/571422/

+ Cisco IOS XR Software Route Processor Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-iosxr

+ Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2

+ Multiple Vulnerabilities in Cisco Identity Services Engine
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise

+ glibc AF_INET6 stack overflow
http://cxsecurity.com/issue/WLB-2013100160

+ Microsoft Silverlight Invalid Typecast / Memory Disclosure
http://cxsecurity.com/issue/WLB-2013100158

+ Windows Management Instrumentation (WMI) Remote Command Execution
http://cxsecurity.com/issue/WLB-2013100152

+ SA55309 GNU C Library "getaddrinfo()" Denial of Service Vulnerability
http://secunia.com/advisories/55309/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4458

ウイルス対策製品検出用検索エンジン 3.5.8760 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2029

Trend Micro Portable Security 1.5 Patch 2 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2028

curl in Mac OS X Mavericks 10.9
http://curl.haxx.se/mail/archive-2013-10/0036.html

開発体制を企業市場向けにも拡大、金融モバイル取引のセキュリティ対策が急務に
露カスペルスキー CTO ニコライ・グレベンニコ氏
http://itpro.nikkeibp.co.jp/article/Interview/20131022/512753/?ST=security

ウォッチガード、自社UTMのログを可視化・分析するソフトの無償提供を開始
http://itpro.nikkeibp.co.jp/article/NEWS/20131023/513212/?ST=security

セブンネットショッピングに不正アクセス、約15万件のカード情報に不正閲覧の可能性
http://itpro.nikkeibp.co.jp/article/NEWS/20131023/513203/?ST=security

ウイングアーク、PDF帳票の長期アーカイブでキーレス署名を可能に
http://itpro.nikkeibp.co.jp/article/NEWS/20131023/513062/?ST=security

一般個人を狙う標的型攻撃がやってくる
http://itpro.nikkeibp.co.jp/article/Interview/20131022/512763/?ST=security

あなたのそのセキュリティ認識、間違っています
http://itpro.nikkeibp.co.jp/article/COLUMN/20131017/511850/?ST=security

JVNVU#93851007 DrayTek Vigor2700 にコマンドインジェクションの脆弱性
http://jvn.jp/cert/JVNVU93851007/

LOCAL: Avira Internet Security avipbb.sys Filter Bypass and Privilege Escalation
http://www.exploit-db.com/exploits/29125

23日 水曜日、先負

+ RHSA-2013:1452 Moderate: vino security update
http://rhn.redhat.com/errata/RHSA-2013-1452.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5745

+ RHSA-2013:1451 Critical: java-1.7.0-openjdk security update
http://rhn.redhat.com/errata/RHSA-2013-1451.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5851

+ Selenium Server 2.37.0 released
http://code.google.com/p/selenium/wiki/Grid2

+ Selenium IE Driver Server 2.37.0 released
http://docs.seleniumhq.org/download/

+ Selenium Client & WebDriver 2.37.0 released
http://docs.seleniumhq.org/download/

+ CentOS 5.10 released
http://lists.centos.org/pipermail/centos-announce/2013-October/019978.html

+ RHSA-2013:1449 Moderate: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-1449.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4299
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4345
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368

+ RHSA-2013:1452 Moderate: vino security update
http://rhn.redhat.com/errata/RHSA-2013-1452.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5745

+ HS13-025 Multiple Vulnerabilities in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html
+ HS13-025 Cosminexusにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-025/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5843
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5850

+ Nmap 6.40 Released
http://seclists.org/nmap-announce/2013/1

+ Android Camera Driver Buffer Overflow / Memory Disclosure
http://cxsecurity.com/issue/WLB-2013100146

+ Apple iOS 7 for iPhone CVE-2013-5164 Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/63278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5164

+ Apple iOS 7 for iPhone CVE-2013-5162 Security Bypass Vulnerability
http://www.securityfocus.com/bid/63277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5162

+ Apple iOS 7 for iPhone CVE-2013-5144 Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/63276
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5144

Mac OS X 10.9 (Mavericks) に対する弊社エンドポイント製品の対応状況について
http://www.trendmicro.co.jp/support/news.asp?id=2030

ダメージクリーンナップエンジン 7.1 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2020

Advisory: Windows 8.1 and Windows Server 2012 R2 - support for Sophos products
http://www.sophos.com/en-us/support/knowledgebase/119957.aspx

Windowsストアで「トレンドマイクロ コネクト」公開、セキュリティ状況を一元管理
http://itpro.nikkeibp.co.jp/article/NEWS/20131023/512943/?ST=security

世界のセキュリティ・ラボから
IEの脆弱性を利用する標的型攻撃
http://itpro.nikkeibp.co.jp/article/COLUMN/20131021/512282/?ST=security

Google、DDoS攻撃や検閲からWebサイトを保護する取り組みなど発表
http://itpro.nikkeibp.co.jp/article/NEWS/20131022/512665/?ST=security

UPDATE: JVN#59503133 複数の NEC 製モバイルルータにおけるクロスサイトリクエストフォージェリの脆弱性
http://jvn.jp/jp/JVN59503133/index.html

UPDATE: JVNVU#405811 Apache HTTPD サーバにサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU405811/index.html

VU#101462 DrayTek Vigor 2700 ADSL router contains a command injection vulnerability
http://www.kb.cert.org/vuls/id/101462

REMOTE: D-Link DIR-605L Captcha Handling Buffer Overflow
http://www.exploit-db.com/exploits/29127

REMOTE: Interactive Graphical SCADA System Remote Command Injection
http://www.exploit-db.com/exploits/29129

REMOTE: HP Intelligent Management Center BIMS UploadServlet Directory Traversal
http://www.exploit-db.com/exploits/29130

REMOTE: WebTester 5.x Command Execution
http://www.exploit-db.com/exploits/29132

22日 火曜日、友引

+ CESA-2013:1441 Moderate CentOS 6 rubygems Update
http://lwn.net/Alerts/571110/

+ CESA-2013:1436 Moderate CentOS 6 kernel Update
http://lwn.net/Alerts/570788/

+ RHSA-2013:1447 Important: java-1.7.0-openjdk security update
http://rhn.redhat.com/errata/RHSA-2013-1447.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5851

+ Linux Kernel Device Mapper Snapshot Error Lets Local Users Read From Free Disk Space
http://www.securitytracker.com/id/1029217
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4299

+ Node.js HTTP Server Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029210
http://cxsecurity.com/issue/WLB-2013100136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4450

+ glibc 2.5 <= reloc types to crash bug
http://cxsecurity.com/issue/WLB-2013100132

チェックしておきたい脆弱性情報＜2013.10.22＞
http://itpro.nikkeibp.co.jp/article/COLUMN/20131021/512283/?ST=security

Apple、同社がiMessageを読めるとの調査報告を否定---米メディアの報道
http://itpro.nikkeibp.co.jp/article/NEWS/20131021/512346/?ST=security

JVNVU#95955023 JavaServer Faces に複数の脆弱性
http://jvn.jp/cert/JVNVU95955023/index.html

JVNVU#97653535 Watchguard Extensible Threat Management (XTM) にバッファオーバーフローの脆弱性
http://jvn.jp/cert/JVNVU97653535/index.html

REMOTE: FiberHome Modem Router HG-110 - Authentication Bypass To Remote Change DNS Servers
http://www.exploit-db.com/exploits/28450

21日 月曜日、先勝

+ UPDATE: Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa

+ Multiple vulnerabilities in Firefox
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_firefox1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4196

+ CVE-2012-6329 Code Injection vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2012_6329_code_injection
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6329

+ CVE-2012-5195 Buffer Errors vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5195_buffer_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5195

+ CVE-2010-2761 Code Injection Vulnerability in perl
https://blogs.oracle.com/sunsecurity/entry/cve_2010_2761_code_injection
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2761

+ CVE-2011-3597 Improper Input Validation vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2011_3597_improper_input
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3597

+ CVE-2012-5195 Heap Buffer Overrun vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5195_heap_buffer
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5195

+ CVE-2012-5526 Configuration vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5526_configuration_vulnerability
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5526

+ CVE-2010-2761, CVE-2010-4411 Vulnerabilities in CGI.pm Perl Module in Solaris 10
https://blogs.oracle.com/sunsecurity/entry/cve_2010_2761_cve_2010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4411

+ CVE-2011-2728 Denial of Service (DoS) vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2728

+ CVE-2011-2728 Denial of Service Vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2728

+ VMSA-2013-0012 VMware vSphere updates address multiple vulnerabilities
http://www.vmware.com/security/advisories/VMSA-2013-0012.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5971

+ Zimbra Collaboration Suite 8.0.5, 7.2.5 released
http://files.zimbra.com/website/docs/8.0/Zimbra_OS_Release_Notes_8.0.5.pdf
http://files.zimbra.com/website/docs/7.2/Zimbra_OS_Release_Notes_7.2.5.pdf

+ Cisco Unified Computing System Bugs Let Remote Users Conduct Man-in-the-Middle Attacks and Obtain Information and Let Local Users View Files
http://www.securitytracker.com/id/1029209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4117

+ Sybase Adaptive Server XML External Entity Processing Flaw Lets Remote Authenticate Users View Files
http://www.securitytracker.com/id/1029208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6025

+ VU#526012 Oracle JavaServer Faces contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/526012

+ Linux Kernel Patches For Linux Kernel Security
http://cxsecurity.com/issue/WLB-2013100131

+ SA55311 Bugzilla Multiple Cross-Site Scripting and Request Forgery Vulnerabilities
http://secunia.com/advisories/55311/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1742
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1743

Trend Micro Network VirusWall Enforcer 1500i/3500i/3600i バージョン 3.5 リパック版および Patch 1 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2017

DbWrench Database Design v3.0.1 Released
http://www.postgresql.org/about/news/1488/

JVNDB-2013-000095 HDL-A および HDL2-A シリーズにおけるセッション管理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000095.html

インターコムがクライアント管理新版「MaLion 4」、XP端末のWeb禁止やMac管理強化
http://itpro.nikkeibp.co.jp/article/NEWS/20131018/511988/?ST=security

JVNVU#98285660 Oracle Outside In にバッファオーバーフローの脆弱性
http://jvn.jp/cert/JVNVU98285660/index.html

JVNVU#90204379 複数の D-Link 製ルータに認証回避の脆弱性
http://jvn.jp/cert/JVNVU90204379/index.html

JVNVU#97158970 SAP Sybase Adaptive Server Enterprise に XML インジェクションの脆弱性
http://jvn.jp/cert/JVNVU97158970/index.html

JVN#52509236 HDL-A および HDL2-A シリーズにおけるセッション管理に関する脆弱性
http://jvn.jp/jp/JVN52509236/index.html

VU#233990 Watchguard Extensible Threat Management (XTM) appliance version 11.7.4 contains a buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/233990

REMOTE: SikaBoom - Remote Buffer Overflow
http://www.exploit-db.com/exploits/29035

18日 金曜日、仏滅

+ RHSA-2013:1441 Moderate: rubygems security update
http://rhn.redhat.com/errata/RHSA-2013-1441.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4287

+ CESA-2013:1426 Important CentOS 6 xorg-x11-server Update
http://lwn.net/Alerts/570658/

+ UPDATE: Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa

+ Apache Struts 2.3.15.3 released
http://struts.apache.org/release/2.3.x/docs/version-notes-23153.html

+ PHP 5.5.5, 5.4.21 released
http://php.net/archive/2013.php#id2013-10-16-1
http://php.net/archive/2013.php#id2013-10-17-1

+ Sudo 1.8.8 released
http://www.sudo.ws/sudo/changes.html

ウイルスバスター クラウド プログラムアップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2021

InterScan Messaging Security Virtual Appliance 8.5 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2026

JVN#27443259 Internet Explorer において任意のコードが実行される脆弱性
http://jvn.jp/jp/JVN27443259/

JVNVU#92570654 Oracle Outside In にバッファオーバーフローの脆弱性
http://jvn.jp/cert/JVNVU92570654/

UPDATE: JVNTA13-288A Microsoft 製品の複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA13-288A/index.html

JVNVU#96465452 Open Shortest Path First (OSPF) プロトコルの Link State Advertisement (LSA) に関する問題
http://jvn.jp/cert/JVNVU96465452/index.html

Bugzilla Flaws Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks
http://www.securitytracker.com/id/1029205

VU#959313 Oracle Outside In OS/2 Metafile parser stack buffer overflow
http://www.kb.cert.org/vuls/id/959313

VU#248083 D-Link routers authenticate administrative access using specific User-Agent string
http://www.kb.cert.org/vuls/id/248083

VU#303900 SAP Sybase Adaptive Server Enterprise vulnerable to XML injection
http://www.kb.cert.org/vuls/id/303900

17日 木曜日、先負

+ RHSA-2013:1436 Moderate: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-1436.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4299

+ GCC 4.8.2 released
http://gcc.gnu.org/gcc-4.8/

+ Apple iOS 7.0.2 SIM Lock Screen Display Bypass
http://cxsecurity.com/issue/WLB-2013100103

ダメージクリーンナップエンジン 7.1 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2020

InterScan for Lotus Domino 5.0AIX版および5.5 Critical Patch 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2024

InterScan for Lotus Domino 5.0 Windows Patch 3 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2023

日経コンピュータReport
疑念深まる、米政府による暗号解読
問題のアルゴリズム、日本政府は採用拒否
http://itpro.nikkeibp.co.jp/article/COLUMN/20131011/510544/?ST=security

ZLテクノロジーズ、e-Discoveryメールアーカイブの新版でSNSも分析可能に
http://itpro.nikkeibp.co.jp/article/NEWS/20131016/511470/?ST=security

UPDATE: JVN#27443259 Internet Explorer において任意のコードが実行される脆弱性
http://jvn.jp/jp/JVN27443259/index.html

JVNTA13-288A Microsoft 製品の複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA13-288A/index.html

JVNVU#93045890 HR Systems Strategies の info:HR に認証情報の管理に関する脆弱性
http://jvn.jp/cert/JVNVU93045890/index.html

VU#953241 Oracle Outside In Microsoft Access 1.x parser stack buffer overflow
http://www.kb.cert.org/vuls/id/953241

16日 水曜日、友引

+ RHSA-2013:1426 Important: xorg-x11-server security update
http://rhn.redhat.com/errata/RHSA-2013-1426.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4396

+ About the security content of Java for OS X 2013-005 and Mac OS X v10.6 Update 17
http://support.apple.com/kb/HT5982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5843
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5850

+ CESA-2013:1418 Moderate CentOS 6 libtar Update
http://lwn.net/Alerts/570301/

+ Google Chrome 30.0.1599.101 released
http://googlechromereleases.blogspot.jp/2013/10/stable-channel-update_15.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2927

+ UPDATE: HPSBGN02441 SSRT090082 rev.2 - HP ProCurve Identity Driven Manager (IDM) Running on Microsoft IAS or NPS, Local Unauthorized Access
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c01798159-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HPSBMU02931 rev.1 - HP Service Manager, Injection of Arbitrary Code, Remote Privilege Elevation, Remote Disclosure of Privileged Information and Cross Site Scripting (XSS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03960916-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4833

+ UPDATE: HPSBPV02918 rev.2 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM), SQL Injection, Remote Code Execution, Session Reuse
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03897409-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ CVE-2013-4238 Input Validation vulnerability in Python
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4238_input_validation
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238

+ CVE-2013-4124 Denial of service vulnerability in Samba
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4124_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124

+ CVE-2012-6139 Denial of Service (DoS) vulnerability in LibXSLT
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5581_denial_of1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6139

+ Multiple vulnerabilities in Firefox
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_firefox1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195

+ CVE-2012-5667 Heap Buffer Overflow vulnerability in GNU Grep
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5667_heap_buffer
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5667

+ CVE-2012-5195 Buffer Errors vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5195_buffer_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5195

+ CVE-2012-5526 Configuration vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5526_configuration_vulnerability1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5526

+ Multiple vulnerabilities in Perl 5.8
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_perl_5
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2939

+ CVE-2013-1896 Denial of Service (DoS) vulnerability in Apache HTTP Server
https://blogs.oracle.com/sunsecurity/entry/cve_2013_1896_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896

+ Multiple vulnerabilities in Apache HTTP Server
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_http4
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862

+ Oracle Critical Patch Update Advisory - October 2013
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

+ Java SE Development Kit 7, Update 45 (JDK 7u45) released
http://www.oracle.com/technetwork/java/javase/7u45-relnotes-2016950.html

+ MySQL Multiple Bugs Let Remote Authenticated Users Execute Arbitrary Code, Deny Service, and Partially Access and Modify Data
http://www.securitytracker.com/id/1029184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2750
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5807

+ Microsoft Internet Explorer CDisplayPointer Use-After-Free Exploit
http://cxsecurity.com/issue/WLB-2013100091

+ REMOTE: HP Data Protector Cell Request Service Buffer Overflow
http://www.exploit-db.com/exploits/28973

+ REMOTE: MS13-080 Microsoft Internet Explorer CDisplayPointer Use-After-Free
http://www.exploit-db.com/exploits/28974

+ REMOTE: VMware Hyperic HQ Groovy Script-Console Java Execution
http://www.exploit-db.com/exploits/28962

+ DoS/PoC: Android Zygote Socket Vulnerability Fork bomb Attack
http://www.exploit-db.com/exploits/28957

+ Apple iOS Sim Lock Screen Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/63039

日経コンピュータReport
米政府が暗号を解読、崩れるネットの安全性
http://itpro.nikkeibp.co.jp/article/COLUMN/20131011/510542/?ST=security

先鋭化した手法で日本を狙う、攻撃者はなぜ変容したのか
http://itpro.nikkeibp.co.jp/article/COLUMN/20131014/510862/?ST=security

VU#829574 HR Systems Strategies info:HR HRIS allows read access to weakly obfuscated shared database password
http://www.kb.cert.org/vuls/id/829574

REMOTE: Aladdin Knowledge Systems Ltd. PrivAgent ActiveX Control Overflow
http://www.exploit-db.com/exploits/28968

LOCAL: Beetel Connection Manager PCW_BTLINDV1.0.0B04 - SEH Buffer Overflow
http://www.exploit-db.com/exploits/28969

LOCAL: Internet Haut Debit Mobile PCW_MATMARV1.0.0B03 - Buffer Overflow SEH
http://www.exploit-db.com/exploits/28955

15日 火曜日、先勝

+ Mozilla Thunderbird 24.0.1 released
http://www.mozilla.org/en-US/thunderbird/24.0.1/releasenotes/

+ Oracle Critical Patch Update Pre-Release Announcement - October 2013
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

+ HS13-024 Multiple Issues in JP1/VERITAS Backup Exec
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-024/index.html

+ HS13-024 JP1/VERITAS Backup Execにおける複数の問題
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-024/index.html

+ FreeBSD-10.0 BETA1 released
http://www.freebsd.org/news/newsflash.html#event20131014:01

+ cURL 7.33.0 released
http://curl.haxx.se/changes.html#7_33_0

+ Samba 4.1.0 Available for Download
http://samba.org/samba/history/samba-4.1.0.html

+ Juniper Junos J-Web Flaw Permits Cross-Site Request Forgery Attacks
http://www.securitytracker.com/id/1029178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4689

+ Juniper Junos SRX Series Gateway TCP Proxy Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6015

+ Juniper Junos PIM Join Message Processing Flaw Lets Remote Authenticated Users Deny Service
http://www.securitytracker.com/id/1029176

+ HP Business Process Monitor Flaws Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1029167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2366
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4804

+ REMOTE: VMware Hyperic HQ Groovy Script-Console Java Execution
http://www.exploit-db.com/exploits/28962

+ DoS/PoC: Android Zygote Socket Vulnerability Fork bomb Attack
http://www.exploit-db.com/exploits/28957

+ Apache Software Foundation A Subsite Remote command execution
http://cxsecurity.com/issue/WLB-2013100080

+ SA54767 Linux Kernel IPV6 UFO Packets Handling Denial of Service Vulnerabilities
http://secunia.com/advisories/54767/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4387

+ SA55216 Juniper Junos PIM Join Flooding Denial of Service Vulnerability
http://secunia.com/advisories/55216/

+ SA55138 libtar "tar_extract_glob()" and "tar_extract_all()" Directory Traversal Vulnerabilities
http://secunia.com/advisories/55138/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4420

+ SA55212 Juniper Junos "glob()" Denial of Service Security Issue
http://secunia.com/advisories/55212/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2632

+ SA55218 Juniper Junos TCP Packet Handling Denial of Service Vulnerability
http://secunia.com/advisories/55218/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6015

+ SA55109 Juniper Junos Telnet Messages Handling Buffer Overflow Vulnerability
http://secunia.com/advisories/55109/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6013

+ Juniper Networks Junos Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/62973

+ Juniper Networks Junos Telnet Messages Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/62962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6013

サーバメンテナンスのお知らせ（2013年10月16日）
http://www.trendmicro.co.jp/support/news.asp?id=2027

ウイルスバスター for Mac プログラムアップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2025

E-Maj 1.1.0 released
http://www.postgresql.org/about/news/1486/

JVNVU#99397682 無線 LAN アクセスポイント ZoneFlex 2942 に認証回避の脆弱性
http://jvn.jp/cert/JVNVU99397682/

LOCAL: Internet Haut Debit Mobile PCW_MATMARV1.0.0B03 - Buffer Overflow SEH
http://www.exploit-db.com/exploits/28955

11日 金曜日、先負

+ RHSA-2013:1418 Moderate: libtar security update
http://rhn.redhat.com/errata/RHSA-2013-1418.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4397

+ UPDATE: Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa

+ PostgreSQL 9.3.1, 9.2.5, 9.1.10, 9.0.14, 8.4.18 released
http://www.postgresql.org/about/news/1487/
http://www.postgresql.org/docs/9.3/static/release-9-3-1.html
http://www.postgresql.org/docs/9.2/static/release-9-2-5.html
http://www.postgresql.org/docs/9.1/static/release-9-1-10.html
http://www.postgresql.org/docs/9.0/static/release-9-0-14.html
http://www.postgresql.org/docs/8.4/static/release-8-4-18.html

+ HP Intelligent Management Center Multiple Flaws Lets Remote Users Bypass Authentication, Gain Unauthorized Acess, Inject SQL Commands, and Obtain Information
http://www.securitytracker.com/id/1029165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4827

+ HP Intelligent Management Center Unspecified Flaws Let Remote Users Execute Arbitrary Code and Obtain Information
http://www.securitytracker.com/id/1029164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4823

+ GnuPG infinite recursion in the compressed packet parser
http://cxsecurity.com/issue/WLB-2013100063

+ SA55166 Juniper Junos J-Web Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/55166/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4689

+ SA55213 Symantec Management Platform Static Key Information Disclosure Weakness
http://secunia.com/advisories/55213/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5008

+ SA55197 Apache mod_fcgid "fcgid_header_bucket_read()" Buffer Overflow Vulnerability
http://secunia.com/advisories/55197/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4365

+ Cisco IOS and IOS XE OSPF Opaque LSA CVE-2013-5527 Denial of Service Vulnerability
http://www.securityfocus.com/bid/62904
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5527

+ Cisco Prime Central for HCS 'Credentials' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/62924
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3409

+ Cisco Unified IP Phones 9900 Series CVE-2013-5526 Denial of Service Vulnerability
http://www.securityfocus.com/bid/62905
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5526

+ Linux Kernel CVE-2013-4387 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/62696
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4387

+ Juniper Junos J-Web CVE-2013-4689 Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/62940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4689

スマートウォッチは便利そうだけど、生体情報が漏れたらイヤだ
http://itpro.nikkeibp.co.jp/article/Watcher/20131008/509922/?ST=security

［ITpro EXPO 2013］「感染を想定したウイルス対策を」――S＆Jの三輪氏
http://itpro.nikkeibp.co.jp/article/NEWS/20131010/510389/?ST=security

VU#742932 Ruckus Wireless Zoneflex 2942 Wireless Access Point vulnerable to authentication bypass
http://www.kb.cert.org/vuls/id/742932

REMOTE: Indusoft Thin Client 7.1 ActiveX - Buffer Overflow
http://www.exploit-db.com/exploits/28853

REMOTE: Linksys WRT110 Remote Command Execution
http://www.exploit-db.com/exploits/28856

DoS/PoC: ONO Hitron CDE-30364 Router - Denial Of Service
http://www.exploit-db.com/exploits/28852

DoS/PoC: ALLPlayer 5.6.2 (.m3u) - Local Buffer Overflow PoC
http://www.exploit-db.com/exploits/28855

10日 木曜日、友引

+ Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5515

+ Multiple Vulnerabilities in Cisco Firewall Services Module Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-fwsm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5508

+ make 4.0 released
http://ftp.gnu.org/pub/gnu/make/?C=M;O=D

+ UPDATE: HPSBUX02758 SSRT100774 rev.2 - HP-UX running DCE, Remote Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03261413-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Glibc Integer Overflows May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1029152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332

InterScan WebManager SCC 緊急メンテナンス実施のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2018

Advisory: Sophos Endpoint v10.2: Automatic upgrade to v10.3
http://www.sophos.com/en-us/support/knowledgebase/119681.aspx

［ITpro EXPO 2013］「未知の脆弱性情報を購入して、ゼロデイ攻撃対策を強化」、米HPの担当者
http://itpro.nikkeibp.co.jp/article/NEWS/20131009/510169/?ST=security

侵入拡大の有効な手段、ARPスプーフィング
http://itpro.nikkeibp.co.jp/article/COLUMN/20131006/509242/?ST=security

UPDATE: JVN#27443259 Internet Explorer において任意のコードが実行される脆弱性
http://jvn.jp/jp/JVN27443259/index.html

9日 水曜日、先勝

+ 2013 年 10 月のセキュリティ情報
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-oct

+ MS13-080 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (2879017)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3873
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3874
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3875
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3882
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3885
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3893
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3897

+ MS13-081 - 緊急 Windows カーネルモード ドライバーの脆弱性により、リモートでコードが実行される (2870008)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3200
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3879
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3880
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3881
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3894

+ MS13-082 - 緊急 .NET Framework の脆弱性により、リモートでコードが実行される (2878890)
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3860
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3861

+ MS13-083 - 緊急 Windows コモン コントロール ライブラリの脆弱性により、リモートでコードが実行される (2864058)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3195

+ MS13-084 - 重要 Microsoft SharePoint Server の脆弱性により、リモートでコードが実行される (2885089)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3895

+ MS13-085 - 重要 Microsoft Excel の脆弱性により、リモートでコードが実行される (2885080)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3890

+ MS13-086 - 重要 Microsoft Word の脆弱性により、リモートでコードが実行される (2885084)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3891
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3892

+ MS13-087 - 重要 Silverlight の脆弱性により、情報漏えいが起こる (2890788)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3896

+ APSB13-2 Security updates available for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb13-25.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5325

+ APSB13-24 Security update available for RoboHelp
http://www.adobe.com/support/security/bulletins/apsb13-24.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5327

+ CESA-2013:1409 Moderate CentOS 6 xinetd Update
http://lwn.net/Alerts/569759/

+ HPSBGN02929 rev.1 - HP Intelligent Management Center (iMC), HP IMC Branch Intelligent Management System Software Module (BIMS), and Comware Based Switches and Routers, Remote Code Execution, Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03943425-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4823

+ HPSBGN02930 rev.1 - HP Intelligent Management Center(iMC) and HP IMC Service Operation Management Software Module, Remote Authentication Bypass, Disclosure of Information, Unauthorized Access, SQL Injection
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03943547-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4827

+ UPDATE: Microsoft Security Advisory (2887505) Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://technet.microsoft.com/en-us/security/advisory/2887505

+ UPDATE: Microsoft Security Advisory (2862973) Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
http://technet.microsoft.com/en-us/security/advisory/2862973

+ RHSA-2013:1411 Moderate: glibc security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-1411.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332

+ SYM13-012 Security Advisories Relating to Symantec Products - Symantec Management Platform Agent Static Service Key
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20131008_00

+ GnuPG Packet Decompression Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4402

+ Xinetd Runs TCPMUX Services With Excess Privileges
http://www.securitytracker.com/id/1029134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4342

+ DoS/PoC: Apple Motion 5.0.7 Integer Overflow Vulnerability
http://www.exploit-db.com/exploits/28811

+ Apple Motion 5.0.7 Integer Overflow
http://cxsecurity.com/issue/WLB-2013100047

+ Adobe Acrobat and Reader CVE-2013-5325 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/62888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5325

+ Adobe RoboHelp CVE-2013-5327 Unspecified Memory Corruption Vulnerability
http://www.securityfocus.com/bid/62887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5327

+ Symantec Management Platform Static Key Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/62757
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5008

KDDI研と三菱電機、個人を特定できる電子透かし入り動画の高速生成技術を開発
http://itpro.nikkeibp.co.jp/article/NEWS/20131008/509842/?ST=security

NRIセキュア、実際にパソコンを攻撃して脆弱性を報告するSIサービスを開始
http://itpro.nikkeibp.co.jp/article/NEWS/20131008/509705/?ST=security

REMOTE: HP LoadRunner magentproc.exe Overflow
http://www.exploit-db.com/exploits/28809

REMOTE: GestioIP Remote Command Execution
http://www.exploit-db.com/exploits/28810

LOCAL: davfs2 1.4.6/1.4.7 - Local Privilege Escalation Exploit
http://www.exploit-db.com/exploits/28806

8日 火曜日、赤口

+ RHSA-2013:1409 Moderate: xinetd security update
http://rhn.redhat.com/errata/RHSA-2013-1409.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4342

+ SA55112 McAfee Web Reporter Premium EJBInvokerServlet / JMXInvokerServlet Marshalled Object Arbitrary Code Execution Vulnerability
http://secunia.com/advisories/55112/

+ SA55071 GnuPG Compressed Packet Parser Denial of Service Vulnerability
http://secunia.com/advisories/55071/

Mobageに不正ログイン、「他社サービスから流出したID、パスワードの可能性」
http://itpro.nikkeibp.co.jp/article/NEWS/20131007/509526/?ST=security

ウェブルートがセキュリティソフトの新版、マルウエアやフィッシングへの防御機能を強化
http://itpro.nikkeibp.co.jp/article/NEWS/20131007/509524/?ST=security

中国政府、ミニブログ監視に200万人超を雇用---海外メディアが報道
http://itpro.nikkeibp.co.jp/article/NEWS/20131007/509382/?ST=security

NSAは匿名通信システム「Tor」の情報収集も行っていた---英報道
http://itpro.nikkeibp.co.jp/article/NEWS/20131007/509343/?ST=security

JVNVU#99975381 (訂正) NETELLER Direct に HTTP リクエストの検証不備の脆弱性
http://jvn.jp/cert/JVNVU99975381/index.html

JVNVU#98766232 McAfee Agent にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU98766232/index.html

JVNVU#96826639 ASUS Wireless-N150 Router RT-N10E に認証回避の脆弱性
http://jvn.jp/cert/JVNVU96826639/index.html

7日 月曜日、大安

+ phpMyAdmin 4.0.8 is released
http://sourceforge.net/p/phpmyadmin/news/2013/10/phpmyadmin-408-is-released/

+ GnuPG 2.0.22, 1.4.15 released
http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000333.html
http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000334.html

+ McAfee Managed Agent Framework Service Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029133
http://secunia.com/advisories/55158/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3627

+ Apple OS X Directory Services Authentication Flaw Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1029126
http://secunia.com/advisories/55129/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5163

+ VU#984366 ASUS RT-N10E Wireless Router vulnerable to authentication bypass
http://www.kb.cert.org/vuls/id/984366
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3610

+ VU#613886 McAfee Managed Agent contains a denial-of-service (DoS) vulnerability
http://www.kb.cert.org/vuls/id/613886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3627

+ Apache Tomcat/JBoss Remote Code Execution
http://cxsecurity.com/issue/WLB-2013100037

+ REMOTE: Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
http://www.exploit-db.com/exploits/28713

+ REMOTE: SIEMENS Solid Edge ST4 SEListCtrlX ActiveX Remote Code Execution
http://www.exploit-db.com/exploits/28724

+ LOCAL: FreeBSD Intel SYSRET Kernel Privilege Escalation Exploit
http://www.exploit-db.com/exploits/28718

JVNDB-2013-000094 Accela BizSearch におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000094.html

チェックしておきたい脆弱性情報＜2013.10.07＞
http://itpro.nikkeibp.co.jp/article/COLUMN/20130930/507757/?ST=security

Adobe、290万人のユーザー情報と主要製品のソースコードに不正アクセス
http://itpro.nikkeibp.co.jp/article/NEWS/20131004/508865/?ST=security

総務省と民間企業が連携、URLフィルタなどを使ったマルウエア感染被害防止プロジェクト開始
http://itpro.nikkeibp.co.jp/article/NEWS/20131004/508862/?ST=security

4日 金曜日、先勝

+ マイクロソフト セキュリティ情報の事前通知 - 2013 年 10 月
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-oct

+ About the security content of the OS X Mountain Lion v10.8.5 Supplemental Update
http://support.apple.com/kb/HT5964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5163

+ Google Chrome 30.0.1599.69 released
http://googlechromereleases.blogspot.jp/2013/10/stable-channel-update_3.html

+ HPSBPI02892 rev.1 - Certain HP FutureSmart MFP, Weak PDF Encryption, Local Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03888014-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4829

+ IBM AIX Buffer Overflows in Printer Commands Let Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1029124

+ SA55164 IBM AIX "mkque" and "mkquedev" Privilege Escalation Vulnerabilities
http://secunia.com/advisories/55164/

+ Microsoft Internet Explorer SetMouseCapture Use-After-Free
http://cxsecurity.com/issue/WLB-2013100011

+ Firefox for Android Same-origin bypass through
http://cxsecurity.com/issue/WLB-2013100010

+ Apple iOS 7 iPad2 Face-Time 1.0.2 Privacy Vulnerability
http://cxsecurity.com/issue/WLB-2013100021

+ Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc
http://cxsecurity.com/issue/WLB-2013030046

+ Apple Mac OS X CVE-2013-5163 Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/62812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5163

+ Microsoft October 2013 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/62797

When using Threat Emulation to scan mail content, some files encoded in MIME may be incorrectly decoded causing a 'False-Negative' result of the emulated file
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk95245&src=securityAlerts

ウイルスバスター クラウド プログラムアップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2016

ウイルスバスター モバイル バージョン 3.5.0.1290公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2015

カウントダウン！個人情報保護法改正
新しいデータ時代のガバナンスを作ろう
OpenID Foundation理事長、崎村夏彦氏
http://itpro.nikkeibp.co.jp/article/COLUMN/20130927/507442/?ST=security

DIT、アカウント/パスワードのハードコーディングを回避するソフトに廉価版
http://itpro.nikkeibp.co.jp/article/NEWS/20131003/508747/?ST=security

FBIが違法薬物売買サイト「Silk Road」の首謀者を逮捕、米メディアが報道
http://itpro.nikkeibp.co.jp/article/NEWS/20131003/508584/?ST=security

DoS/PoC: Evince PDF Reader - 2.32.0.145 (Windows) and 3.4.0 (Linux) - Denial Of Service
http://www.exploit-db.com/exploits/28679

3日 木曜日、赤口

+ Apache OpenOffice 4.0.1 is released
https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+4.0.1+Release+Notes

+ APSB13-25 Prenotification Security Advisory for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb13-25.html

+ Cisco IOS XR Software Memory Exhaustion Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131002-iosxr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5503

+ Microsoft Internet Explorer SetMouseCapture Use-After-Free
http://cxsecurity.com/issue/WLB-2013100011

+ Firefox for Android Same-origin bypass through
http://cxsecurity.com/issue/WLB-2013100010

+ Linux Kernel Patches For Linux Kernel Security
http://cxsecurity.com/issue/WLB-2013100009

+ REMOTE: Micorosft Internet Explorer SetMouseCapture Use-After-Free
http://www.exploit-db.com/exploits/28682

+ Linux Kernel CVE-2013-4345 Off-By-One Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/62740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4345

Advisory: Sophos Endpoint v10.2: Automatic upgrade to v10.3
http://www.sophos.com/en-us/support/knowledgebase/119681.aspx

Announcing PostgreSQL Studio 1.0
http://www.postgresql.org/about/news/1485/

ネットで「虚偽の噂」を広めると3年間勾留：中国（WIRED.jp）
http://itpro.nikkeibp.co.jp/article/NEWS/20131003/508542/?ST=security

世界のセキュリティ・ラボから
IEの新たな脆弱性、一部標的型攻撃での使用を確認
http://itpro.nikkeibp.co.jp/article/COLUMN/20130930/507759/?ST=security

「Linuxセキュリティ標準教科書」、LPI-Japanが無償公開
http://itpro.nikkeibp.co.jp/article/NEWS/20131002/508527/?ST=security

アイベクスがPC操作を制御するセキュリティーソフト新版、Win8を管理可能に
http://itpro.nikkeibp.co.jp/article/NEWS/20131002/508416/?ST=security

ソフトバンクが端末分割代金を“未入金”として信用情報機関に誤登録、1.7万ユーザーに影響
http://itpro.nikkeibp.co.jp/article/NEWS/20131002/508163/?ST=security

チェックしておきたい脆弱性情報＜2013.10.02＞
http://itpro.nikkeibp.co.jp/article/COLUMN/20130930/507756/?ST=security

UPDATE: JVNTA13-071A Microsoft 製品の複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA13-071A/index.html

VU#392654 Multiple Vulnerabilities in Baramundi Management Suite
http://www.kb.cert.org/vuls/id/392654

VU#976534 L3 CPU shared cache architecture is susceptible to a Flush+Reload side-channel attack
http://www.kb.cert.org/vuls/id/976534

REMOTE: freeFTPd PASS Command Buffer Overflow
http://www.exploit-db.com/exploits/28681

LOCAL: PinApp Mail-SeCure 3.70 - Access Control Failure
http://www.exploit-db.com/exploits/28680

DoS/PoC: HylaFAX+ 5.2.4 - 5.5.3 - Buffer Overflow
http://www.exploit-db.com/exploits/28683

2日 水曜日、大安

+ Google Chrome 30.0.1599.66 released
http://googlechromereleases.blogspot.jp/2013/10/stable-channel-update.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2911
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2912
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2913
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2914
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2915
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2916
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2917
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2918
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2919
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2920
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2921
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2922
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2923
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2924

+ IBM DB2 Fast Communications Manager (FCM) Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029121
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4032

+ SA55139 IBM Initiate Master Data Service / InfoSphere Master Data Management OpenSSL Vulnerabilities
http://secunia.com/advisories/55139/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2686
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169

+ Google Chrome Prior to 30.0.1599.66 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/62752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2911
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2912
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2913
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2914
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2915
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2916
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2917
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2918
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2919
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2920
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2921
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2922
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2923
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2924

PostgresDAC with PostgreSQL 9.3 and RAD Studio XE5 support is out!
http://www.postgresql.org/about/news/1484/

英国防省、「数百人のハッカー」を募集（WIRED.jp）
http://itpro.nikkeibp.co.jp/article/NEWS/20131002/508182/?ST=security

IT指南役の提言
「縄張」「石垣」「天守閣」「武者走」、セキュリティ対策は築城のように取り組め
ガートナー ジャパン リサーチ部門 ITインフラストラクチャ＆セキュリティ セキュリティ担当主席アナリスト
礒田優一氏
http://itpro.nikkeibp.co.jp/article/COLUMN/20130924/506470/?ST=security

BBSec、サンドボックス使ったマルウエア解析を国内DCでクラウド提供
http://itpro.nikkeibp.co.jp/article/NEWS/20131001/508080/?ST=security

NEC、Androidタブレットで顔認証する入退管理システムを出荷
http://itpro.nikkeibp.co.jp/article/NEWS/20131001/507958/?ST=security

米IT企業と擁護団体の連合体、米政府の透明性向上を目指す法案の支持を表明
http://itpro.nikkeibp.co.jp/article/NEWS/20131001/507863/?ST=security

VU#392654 Multiple Vulnerabilities in Baramundi Management Suite
http://www.kb.cert.org/vuls/id/392654

VU#976534 L3 CPU shared cache architecture is susceptible to a Flush+Reload side-channel attack
http://www.kb.cert.org/vuls/id/976534

1日 火曜日、仏滅

+ RHSA-2013:1348 Moderate: Red Hat Enterprise Linux 5 kernel update
http://rhn.redhat.com/errata/RHSA-2013-1348.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4398

+ RHSA-2013:1310 Moderate: samba3x security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-1310.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124

+ RHSA-2013:1307 Moderate: php53 security, bug fix and enhancement update
http://rhn.redhat.com/errata/RHSA-2013-1307.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248

+ RHSA-2013:1323 Low: ccid security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-1323.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4530

+ RHSA-2013:1353 Low: sudo security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-1353.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2776

+ RHSA-2013:1319 Low: sssd security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-1319.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0219

+ RHSA-2013:1302 Low: xinetd security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-1302.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0862

+ HS13-023 Vulnerability in JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-023/index.html

+ HS13-022 Vulnerability in JP1/Base
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-022/index.html

+ HS13-021 Vulnerability about SSL Encryption in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/index.html

+ HS13-023 JP1/Automatic Job Management System 3, JP1/Automatic Job Management System 2における脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-023/index.html

+ HS13-022 JP1/Baseにおける脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-022/index.html

+ HS13-021 CosminexusにおけるSSLの暗号に関する脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-021/index.html

+ FreeBSD 9.2-RELEASE Announcement
http://www.freebsd.org/releases/9.2R/announce.html

+ Sudo 1.8.8 released
http://www.sudo.ws/sudo/stable.html#1.8.8

+ glibc and eglibc 2.5, 2.7, 2.13 Buffer Overflow Vulnerability
http://cxsecurity.com/issue/WLB-2013090196

+ LOCAL: glibc and eglibc 2.5, 2.7, 2.13 - Buffer Overflow Vulnerability
http://www.exploit-db.com/exploits/28657

Microsoft、2013年上半期の各国当局による情報開示要請は約3万7000件
http://itpro.nikkeibp.co.jp/article/NEWS/20130930/507552/?ST=security

始まった「攻撃者の組織化」、シンジケートがあなたを狙う
http://itpro.nikkeibp.co.jp/article/COLUMN/20130926/507011/?ST=security

NSAが米国住民の通信データからソーシャルなつながりをグラフ化、米メディアの報道
http://itpro.nikkeibp.co.jp/article/NEWS/20130930/507525/?ST=security

LOCAL: Nodejs js-yaml load() Code Exec
http://www.exploit-db.com/exploits/28655

DoS/PoC: KMPlayer 3.7.0.109 (.wav) - Crash PoC
http://www.exploit-db.com/exploits/28650