2014年5月29日木曜日

29日 木曜日、大安

+ CESA-2014:0561 Moderate CentOS 6 curl Update
http://lwn.net/Alerts/600479/

+ CESA-2014:0560 Moderate CentOS 6 libvirt Update
http://lwn.net/Alerts/600480/

+ UPDATE: Multiple Vulnerabilities in Cisco NX-OS-Based Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos

+ UPDATE: Citrix Security Advisory for CVE-2014-0160, aka the Heartbleed vulnerability
http://support.citrix.com/article/CTX140605

+ Vulnerability in Citrix VDI-In-A-Box could result in authentication bypass
http://support.citrix.com/article/CTX140779
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3780

+ Citrix XenServer Windows Guest Tools Denial of Service Vulnerability
http://support.citrix.com/article/CTX140814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3798

+ UPDATE: Reporting Security Issues to Citrix
http://support.citrix.com/article/CTX081743

+ Java SE 7u60 Released
http://www.oracle.com/technetwork/java/javase/7u60-relnotes-2200106.html

+ Apache Tomcat Content Length Header Processing Flaw May Let Remote Users Send a Request to Bypass a Reverse Proxy
http://www.securitytracker.com/id/1030302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099

+ Apache Tomcat Security Manager Bug Lets Remote Authenticated Users Bypass Security Controls and View Files
http://www.securitytracker.com/id/1030301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096

+ Apache Tomcat AJP Request Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030300
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0095

+ Apache Tomcat Bug Lets Remote Users Bypass Chunked Request Size Limits
http://www.securitytracker.com/id/1030299
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075

+ Apache Tomcat Lets Remote Authenticated Users Bypass Security Controls and View Files
http://www.securitytracker.com/id/1030298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119

+ DoS/PoC: Wireshark CAPWAP Dissector - Denial of Service (msf)
http://www.exploit-db.com/exploits/33556

+ SA58495 Samba DNS Packet Header "reply" Flag Denial of Service Vulnerability
http://secunia.com/advisories/58495/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0239

+ SA58709 Apache Tomcat Information Disclosure Vulnerabilities
http://secunia.com/advisories/58709/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119

+ Adobe Acrobat / Reader Heap Overflow
http://cxsecurity.com/issue/WLB-2014050143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0511

+ Linux Kernel CVE-2014-1737 Function Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/67300
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1737

+ Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/67671
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075

Oracle DB向けのDRソフト、インサイトテクノロジーが販売開始
http://itpro.nikkeibp.co.jp/article/NEWS/20140528/560002/?ST=security

3Dプリンターによる銃器製造などを防止へ、不法データのブラックリストと照合
http://itpro.nikkeibp.co.jp/article/NEWS/20140528/559897/?ST=security

「Find My iPhone」を悪用した端末乗っ取り、オーストラリアで多発
http://itpro.nikkeibp.co.jp/article/NEWS/20140528/559802/?ST=security

VU#537684 Alfresco Enterprise contains multiple cross-site scripting vulnerabilities
http://www.kb.cert.org/vuls/id/537684

REMOTE: TORQUE Resource Manager 2.5.x-2.5.13 - Stack Based Buffer Overflow Stub
http://www.exploit-db.com/exploits/33554

2014年5月28日水曜日

28日 水曜日、先負

+ RHSA-2014:0560 Moderate: libvirt security and bug fix update
https://rhn.redhat.com/errata/RHSA-2014-0560.html
CVE-2014-0179

+ RHSA-2014:0561 Moderate: curl security and bug fix update
https://rhn.redhat.com/errata/RHSA-2014-0561.html
CVE-2014-0015
CVE-2014-0138

+ HPSBGN03041 rev.1 - HP IceWall Configuration Manager running Apache Struts, Remote Execution of Arbitrary Code
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04311273-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
CVE-2014-0114

+ Samba 4.0.18 Available for Download
http://samba.org/samba/history/samba-4.0.18.html

+ Webmin Input Validation Flaws in Popup Windows Permit Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1030297

+ Usermin Input Validation Flaws in Popup Windows Permit Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1030296

「アンチウイルスだけでは防げない」、米ファイア・アイのCTOが強調
http://itpro.nikkeibp.co.jp/article/NEWS/20140527/559705/?ST=security

REMOTE: Easy File Sharing FTP Server 3.5 - Stack Buffer Overflow
http://www.exploit-db.com/exploits/33538

2014年5月27日火曜日

27日 火曜日、友引










+ REMOTE: Symantec Workspace Streaming Arbitrary File Upload
http://www.exploit-db.com/exploits/33521

+ LOCAL: Linux kernel 3.14-rc1 <= 3.15-rc4 - Raw Mode PTY Local Echo Race Condition (x64) Local Privilege Escalation
http://www.exploit-db.com/exploits/33516

+ Linux Kernel <= v3.15-rc4: raw mode PTY local echo race condition
http://cxsecurity.com/issue/WLB-2014050135
CVE-2014-0196

+ Linux Kernel pty layer race condition memory corruption
http://cxsecurity.com/issue/WLB-2014050029
CVE-2014-0196

Important security and stability enhancements for Security Gateway
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100431&src=securityAlerts

Trend Micro Safe Lock 2.0(仮称)ベータテスト事前登録開始のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2112

PostgreSQL Maestro 14.5 released
http://www.postgresql.org/about/news/1526/

Microsoft、顧客情報提供要請に異議申立をしていた
http://itpro.nikkeibp.co.jp/article/NEWS/20140526/559204/?ST=security

JVNVU#98457223 Apple Safari における複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU98457223/

2014年5月26日月曜日

26日 月曜日、先勝

+ CESA-2014:0536 Moderate CentOS 5 mysql55-mysql Update
http://lwn.net/Alerts/600077/

+ CESA-2014:0537 Moderate: mysql55-mysql SCL Security Update
http://lwn.net/Alerts/600078/

+ UPDATE: OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

+ UPDATE: HPSBMU03009 rev.3 - HP CloudSystem Foundation and HP CloudSystem Enterprise Software running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04249113-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBUX02960 SSRT101419改訂版2 - NTP を実行する HP-UX、リモート サービス拒否 (DoS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04093819-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Tomcat 7.0.54, 6.0.41 Released
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
http://tomcat.apache.org/tomcat-6.0-doc/changelog.html

+ Windows 8 Touch Injection API doesn't handle memory pressure PoC
http://cxsecurity.com/issue/WLB-2014050132

+ Windows 8 Touch Injection API doesn't handle memory pressure
http://cxsecurity.com/issue/WLB-2014050131

+ SA58768 Microsoft Internet Explorer CMarkup Objects Use-After-Free Vulnerability
http://secunia.com/advisories/58768/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1770

DBD::Pg 3.2.1 released
http://www.postgresql.org/about/news/1525/

Windowsをスリープモードに移行するボタン型USBデバイス
http://itpro.nikkeibp.co.jp/article/NEWS/20140522/558672/?ST=security

JVNVU#96683802 Bizagi BPM Suite に複数の脆弱性
http://jvn.jp/vu/JVNVU96683802/

DoS/PoC: Core FTP Server Version 1.2, build 535, 32-bit - Crash P.O.C.
http://www.exploit-db.com/exploits/33495

2014年5月23日金曜日

23日 金曜日、仏滅

+ RHSA-2014:0536 Moderate: mysql55-mysql security update
https://rhn.redhat.com/errata/RHSA-2014-0536.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2436
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2440

+ CESA-2014:0522 Moderate: mariadb55-mariadb SCL Security Update
http://lwn.net/Alerts/599951/

+ CESA-2014:0355 Important: ruby193-libyaml SCL Security Update
http://lwn.net/Alerts/599952/

+ CESA-2014:0510 Moderate: ruby193-rubygem-actionpack SCL Security Update
http://lwn.net/Alerts/599953/

+ UPDATE: OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

+ UPDATE: Multiple Vulnerabilities in Cisco NX-OS-Based Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos

+ Multiple vulnerabilities in Wireshark
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark10
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2281
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2282
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2283

+ CVE-2012-4037 XSS vulnerability in Transmission
https://blogs.oracle.com/sunsecurity/entry/cve_2012_4037_xss_vulnerability
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4037

+ Multiple vulnerabilities in Apache Tomcat
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_tomcat4
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3544
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0033

+ Multiple Input Validation vulnerabilities in Apache HTTP Server
https://blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098

+ CVE-2013-0200 Link Following vulnerability in HPLIP
https://blogs.oracle.com/sunsecurity/entry/cve_2013_0200_link_following
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0200

+ CVE-2014-2270 Buffer Errors vulnerability in PHP
https://blogs.oracle.com/sunsecurity/entry/cve_2014_2270_buffer_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270

+ CVE-2014-1943 Resource Management Errors vulnerability in PHP
https://blogs.oracle.com/sunsecurity/entry/cve_2014_1943_resource_management
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943

+ Multiple Buffer Errors vulnerabilities in PHP
https://blogs.oracle.com/sunsecurity/entry/multiple_buffer_errors_vulnerabilities_in1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6712

+ CVE-2013-4248 Input Validation vulnerability in PHP
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4248_input_validation
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248

+ CVE-2014-0591 Buffer Errors vulnerability in Bind
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0591_buffer_errors1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591

+ CVE-2013-4496 Credentials Management vulnerability in Samba
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4496_credentials_management
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4496

+ CVE-2013-4238 Input Validation vulnerability in Python
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4238_input_validation
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238

+ CVE-2014-1912 Buffer Errors vulnerability in Python
https://blogs.oracle.com/sunsecurity/entry/cve_2014_1912_buffer_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1912

+ Tomcat 8.0.8 (beta) Released
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html

+ GCC 4.8.3 released
https://gcc.gnu.org/gcc-4.8/changes.html

+ Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks, And Spoof the User Interface
http://www.securitytracker.com/id/1030270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1744
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1745
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3152

+ Apple Safari Multiple Flaws Let Remote Users Execute Arbitrary Code and Bypass Same Origin Policy Restrictions
http://www.securitytracker.com/id/1030269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2875
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1341
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1344
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1346

+ SA58821 Fujitsu Multiple Products Apache Struts Security Bypass Vulnerability
http://secunia.com/advisories/58821/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0094

+ SA58822 McAfee ePolicy Orchestrator Java Multiple Vulnerabilities
http://secunia.com/advisories/58822/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0460

+ SA58890 Apple Safari Multiple Vulnerabilities
http://secunia.com/advisories/58890/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2875
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2927
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1341
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1344
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1346
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1731

InterScan for Microsoft Exchange 11.0 リパック版 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2124

InterScan For Lotus Domino Windows 5.5 Patch 1 (Build 3186) 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2130

ウイルスバスター コーポレートエディション 10.5 Patch 6 build 2440 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2127

Windowsをスリープモードに移行するボタン型USBデバイス
http://itpro.nikkeibp.co.jp/article/NEWS/20140522/558672/?ST=security

マカフィー、DLPソフトにゲートウエイ型を追加
http://itpro.nikkeibp.co.jp/article/NEWS/20140522/558643/?ST=security

eBayにサイバー攻撃、パスワードなど顧客情報流出
http://itpro.nikkeibp.co.jp/article/NEWS/20140522/558462/?ST=security

JVNVU#97953185 Internet Explorer 8 CMarkup における解放済みメモリ使用の脆弱性
http://jvn.jp/vu/JVNVU97953185/

VU#112412 Bizagi BPM Suite contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/112412

2014年5月22日木曜日

22日 木曜日、先負

+ About the security content of Safari 6.1.4 and Safari 7.0.4
http://support.apple.com/kb/HT6254
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2875
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2927
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1341
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1344
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1346

+ Cisco Wide Area Application Services Remote Code Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-waas
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2196

+ Multiple Vulnerabilities in Cisco NX-OS-Based Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2200
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2201

+ HPSBMU03044 rev.1 - HP Business Process Monitor, running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04307186-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ UPDATE: HPSBMU03025 rev.2 - HP Diagnostics running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04267775-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBST03000 rev.3 - HP StoreEver ESL G3 Tape Library and Enterprise Library LTO-6 Tape Drives running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ curl and libcurl 7.37.0 released
http://curl.haxx.se/changes.html#7_37_0

+ Microsoft Internet Explorer CMarkup Object Processing Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1030266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1770

+ VU#239151 Microsoft Internet Explorer 8 CMarkup use-after-free vulnerability
http://www.kb.cert.org/vuls/id/239151

+ SA58574 Apple OS X Server Ruby Floating Point Parsing Buffer Overflow Vulnerability
http://secunia.com/advisories/58574/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164

+ SA58811 Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/58811/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1744
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1745
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3152

+ Microsoft Internet Explorer CVE-2014-1770 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/67544
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1770

+ Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/67534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0242

+ Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/67532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0240

ユーザ管理サーバ 緊急メンテナンスのお知らせ(2014/05/24)
http://app.trendmicro.co.jp/support/news.asp?id=2126

PC遠隔操作事件、デジタル捜査に残された教訓
http://itpro.nikkeibp.co.jp/article/NEWS/20140521/558342/?ST=security

ZOHO、Active Directoryを一括更新/自動メンテする新ソフト
http://itpro.nikkeibp.co.jp/article/NEWS/20140521/558307/?ST=security

DITがPC操作ログの監査証跡ソフト新版、System Center連携を拡充
http://itpro.nikkeibp.co.jp/article/NEWS/20140521/558288/?ST=security

FBI、盗撮マルウエア「Blackshades」の共同開発者を起訴
http://itpro.nikkeibp.co.jp/article/NEWS/20140521/558205/?ST=security

JVNVU#95165083 Hanvon Face ID に認証欠如の問題
http://jvn.jp/vu/JVNVU95165083/index.html

REMOTE: Easy File Management Web Server 5.3 - Stack Buffer Overflow
http://www.exploit-db.com/exploits/33453

REMOTE: Easy Address Book Web Server 1.6 - Stack Buffer Overflow
http://www.exploit-db.com/exploits/33454

2014年5月21日水曜日

21日 水曜日、友引









+ Android-x86 4.4-RC released
http://www.android-x86.org/releases/releasenote-4-4-rc2

+ About the security content of OS X Server 3.1.2
http://support.apple.com/kb/HT6248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164

+ Google Chrome 35.0.1916.114 released
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1744
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1745
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1748

+ CESA-2014:0513 Moderate CentOS 6 libxml2 Update
http://lwn.net/Alerts/599616/

+ phpMyAdmin 4.2.2 released
http://sourceforge.net/p/phpmyadmin/news/2014/05/phpmyadmin-422-is-released/

+ Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2136

+ UPDATE: Cisco IOS Software IPv6 Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-ipv6

+ HPSBGN03007 rev.1 - HP IceWall MCRP and HP IceWall SSO, Remote Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04278900-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2604

+ Linux kernel 2.6.32.62 released
https://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/ChangeLog-2.6.32.62

+ Symantec Workspace Streaming Arbitrary File Upload
http://cxsecurity.com/issue/WLB-2014050109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1649

+ Oracle JavaMail SMTP Header Injection
http://cxsecurity.com/issue/WLB-2014050108

Cisco、当局の監視活動の規制を米大統領に要求、新興国で大幅な受注減
http://itpro.nikkeibp.co.jp/article/NEWS/20140520/557922/?ST=security

米政府、サイバースパイ容疑で中国当局者5人を訴追
http://itpro.nikkeibp.co.jp/article/NEWS/20140520/557862/?ST=security

VU#767044 Hanvon facial recognition (Face ID) devices do not authenticate commands
http://www.kb.cert.org/vuls/id/767044

2014年5月20日火曜日

20日 火曜日、先勝

+ RHSA-2014:0513 Moderate: libxml2 security update
https://rhn.redhat.com/errata/RHSA-2014-0513.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0191

+ UPDATE: HPSBMU03022 rev.3 - HP Systems Insight Manager (SIM) Bundled Software running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04263236-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBST03000 rev.2 - HP StoreEver ESL G3 Tape Library and Enterprise Library LTO-6 Tape Drives running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ SA58569 Linux Kernel BPF Two Denial of Service Vulnerabilities
http://secunia.com/advisories/58569/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3145

+ Linux Kernel Multiple Function Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/66279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2523

アシスト、標的型攻撃の検知でログ分析システムの構築サービス
http://itpro.nikkeibp.co.jp/article/NEWS/20140519/557765/?ST=security

JVNVU#96603356 Juniper ScreenOS におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU96603356/

REMOTE: AoA MP4 Converter 4.1.2 - ActiveX Exploit
http://www.exploit-db.com/exploits/33433

REMOTE: AoA Audio Extractor Basic 2.3.7 - ActiveX Exploit
http://www.exploit-db.com/exploits/33431

REMOTE: AoA DVD Creator 2.6.2 - ActiveX Exploit
http://www.exploit-db.com/exploits/33432

LOCAL: CyberLink Power2Go Essential 9.0.1002.0 - Registry SEH/Unicode Buffer Overflow
http://www.exploit-db.com/exploits/33426


2014年5月19日月曜日

19日 月曜日、赤口












+ About the security content of iTunes 11.2.1
http://support.apple.com/kb/HT6251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1347

+ Linux kernel 3.12.20, 3.4.91, 3.2.59 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.20
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.91
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.59

+ Postfix 2.11.1 released
http://www.postfix.org/announcements/postfix-2.11.1.html

+ VU#480428 Juniper ScreenOS is vulnerable to a denial of service from malformed SSL packets
http://www.kb.cert.org/vuls/id/480428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2842

+ Apple iTunes Directory Permissions Flaw Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1030255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1347

+ Juniper Junos Space Unspecified Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1030254
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3412

+ Juniper NSM XDB Service Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1030253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3411

+ DoS/PoC: Wireshark 1.10.7 - DoS PoC
http://www.exploit-db.com/exploits/33384

+ DoS/PoC: Mozilla Firefox 29.0 - Null Pointer Dereference Vulnerability
http://www.exploit-db.com/exploits/33386

+ Mozilla Firefox 29.0 Null Pointer Dereference Vulnerability
http://cxsecurity.com/issue/WLB-2014050089

+ Wireshark Read Access Violation NULL Pointer Deref
http://cxsecurity.com/issue/WLB-2014050088

定期サーバメンテナンスのお知らせ(2014/5/23)
http://app.trendmicro.co.jp/support/news.asp?id=2128

PostgreSQL 9.4 beta1 on Debian/Ubuntu
http://www.postgresql.org/about/news/1524/

メガバンクを含む国内5銀行が標的、ネットバンクを狙う「MITB攻撃」
http://itpro.nikkeibp.co.jp/article/NEWS/20140516/557323/?ST=security

LOCAL: check_dhcp - Nagios Plugins <= 2.0.1 - Arbitrary Option File Read
http://www.exploit-db.com/exploits/33387

2014年5月16日金曜日

16日 金曜日、先負




+ TortoiseSVN 1.8.7 released
http://tortoisesvn.net/downloads.html

+ About the security content of iTunes 11.2
http://support.apple.com/kb/HT6245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1296

+ About the security content of OS X Mavericks v10.9.3
http://support.apple.com/kb/HT6246

+ UPDATE: OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

+ ProFTPD 1.3.5, 1.3.4e released
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.5
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.4e

+ PostgreSQL 9.4 Beta 1 Released
http://www.postgresql.org/about/news/1522/

+ Cisco IOS ScanSafe HTTPS Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3263

+ Cisco IOS and IOS XE LISP Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3262

+ Linux Kernel forbid uaddr == uaddr2 in futex_wait_requeue_pi() null dereference
http://cxsecurity.com/issue/WLB-2014050079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6647

+ SA58555 FreeBSD pkg Bootstrap Tool Signature Verification Vulnerability
http://secunia.com/advisories/58555/

Check Point response to common false positives scanning results
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100647&src=securityAlerts

Postgres-XL Released: Scale-out PostgreSQL Cluster
http://www.postgresql.org/about/news/1523/

カスペルスキー、ファイルサーバー向けセキュリティ製品最新版を提供開始
http://itpro.nikkeibp.co.jp/article/NEWS/20140515/557022/?ST=security

BBsec、パブリッククラウドを対象としたセキュリティ運用サービス
http://itpro.nikkeibp.co.jp/article/NEWS/20140515/557023/?ST=security

バッファロー、USB3.0対応で超小型やセキュリティ機能付きUSBメモリーを発表
http://itpro.nikkeibp.co.jp/article/NEWS/20140515/556862/?ST=security

JVNVU#94401838 OpenSSL の heartbeat 拡張に情報漏えいの脆弱性
http://jvn.jp/vu/JVNVU94401838/

2014年5月15日木曜日

15日 木曜日、友引

+ HPSBMU03040 rev.1 - HP LoadRunner & HP Performance Center, running OpenSSL, Remote Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04286049-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ UPDATE: HPSBMU02995 rev.7 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04236102-7%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HS14-012 Multiple Vulnerabilities about SSL Client Authentication in Cosminexus HTTP Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-012/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0636

+ HS14-012 Cosminexus HTTP ServerのSSLクライアント認証における複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS14-012/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0636

+ Apache Ant 1.9.4 Released
http://ant.apache.org/bindownload.cgi

+ Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1030240
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1742

+ SA58439 FileZilla Server OpenSSL TLS/DTLS Heartbeat Two Information Disclosure Vulnerabilities
http://secunia.com/advisories/58439/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ SA58298 Linux Kernel "nfqnl_zcopy()" Information Disclosure Vulnerability
http://secunia.com/advisories/58298/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2568

+ Microsoft Debug Interface Access SDK 'msdia.dll' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/67398

+ Linux Kernel 'futex.c' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/67395
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6647

InterScan Web Security Virtual Appliance 5.6 Patch 3 (Build 1152) 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2125

JVN#90519014 サイボウズ ガルーンの電話メモ機能におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN90519014/

JVNVU#98181377 CENTUM を含む複数の YOKOGAWA 製品に複数のバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU98181377/

F5ネットワークス、社外へのWebアクセスを検査できるWebゲートウェイ製品
http://itpro.nikkeibp.co.jp/article/NEWS/20140515/556842/?ST=security

WindowsやIEの危険な脆弱性を修正するパッチ公開、XPは対象外
http://itpro.nikkeibp.co.jp/article/NEWS/20140514/556714/?ST=security

マカフィー、「Intel Security」ブランドを国内でも展開
http://itpro.nikkeibp.co.jp/article/NEWS/20140514/556623/?ST=security

REMOTE: Easy File Sharing Web Server 6.8 - Stack Buffer Overflow
http://www.exploit-db.com/exploits/33352

DoS/PoC: TFTPD32 4.5 / TFTPD64 4.5 - DoS PoC
http://www.exploit-db.com/exploits/33348

2014年5月14日水曜日

14日 水曜日、先勝

+ 2014 年 5 月のマイクロソフト セキュリティ情報の概要
https://technet.microsoft.com/ja-jp/library/security/ms14-may

+ MS14-021 - Critical Security Update for Internet Explorer (2965111)
https://technet.microsoft.com/library/security/ms14-021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1776

+ MS14-022 - Critical Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2952166)
https://technet.microsoft.com/library/security/ms14-022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1813

+ MS14-023 - Important Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2961037)
https://technet.microsoft.com/library/security/ms14-023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1808

+ MS14-024 - Important Vulnerability in a Microsoft Common Control Could Allow Security Feature Bypass (2961033)
https://technet.microsoft.com/library/security/ms14-024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1809

+ MS14-025 - Important Vulnerability in Group Policy Preferences Could Allow Elevation of Privilege (2962486)
https://technet.microsoft.com/library/security/ms14-025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1812

+ MS14-026 - Important Vulnerability in .NET Framework Could Allow Elevation of Privilege (2958732)
https://technet.microsoft.com/library/security/ms14-026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1806

+ MS14-027 - Important Vulnerability in Windows Shell Handler Could Allow Elevation of Privilege (2962488)
https://technet.microsoft.com/library/security/ms14-027
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1807

+ MS14-028 - Important Vulnerabilities in iSCSI Could Allow Denial of Service (2962485)
https://technet.microsoft.com/library/security/ms14-028
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0256

+ MS14-029 - Critical Security Update for Internet Explorer (2962482)
https://technet.microsoft.com/library/security/ms14-029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0310
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1815

+ Google Chrome 34.0.1847.137 released
http://googlechromereleases.blogspot.jp/2014/05/stable-channel-update.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1742

+ APSB14-14 Security updates available for Adobe Flash Player
http://helpx.adobe.com/security/products/flash-player/apsb14-14.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0520

+ APSB14-11 Security hotfix available for Adobe Illustrator (CS6)
http://helpx.adobe.com/security/products/illustrator/apsb14-11.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0513

+ phpMyAdmin 4.2.1 released
http://sourceforge.net/p/phpmyadmin/news/2014/05/phpmyadmin-421-is-released/

+ UPDATE: HPSBMU03022 rev.2 - HP Systems Insight Manager (SIM) Bundled Software running OpenSSL, Remote Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04263236-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBMU02998 rev.4 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04239372-4%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBMU02964 rev.2 - HP Service Manager, Cross-Site Scripting (XSS), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access, Disclosure of Information and Authentication Issues
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04117626-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Linux kernel 3.14.4, 3.10.40, 3.4.90 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.4
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.40
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.90

+ FreeBSD-SA-14:10.openssl OpenSSL NULL pointer deference vulnerability
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:10.openssl.asc

+ SA58481 IBM Tivoli Netcool/Reporter OpenSSL Weakness and Two Vulnerabilities
http://secunia.com/advisories/58481/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ SA58312 Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/58312/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1742

+ SA58456 GNU Emacs Multiple Insecure Temporary File Security Issues
http://secunia.com/advisories/58456/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3424

+ SA58291 Symantec Workspace Streaming Unauthenticated XMLRPC Access Security Issue
http://secunia.com/advisories/58291/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1649

+ Yokogawa CENTUM CS3000 'BKCLogSvr.exe' Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/66130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0781

+ Dovecot Denial of Service Vulnerability
http://www.securityfocus.com/bid/67306
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3430

+ Google Chrome CVE-2014-1741 Integer Overflow Vulnerability
http://www.securityfocus.com/bid/67376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1741

+ Google Chrome CVE-2014-1742 Use After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/67375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1742

+ Google Chrome CVE-2014-1741 Use After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/67374
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1740

pg_catcheck released
http://www.postgresql.org/about/news/1521/

エレコム、家族の居場所を確認できる見守りアプリ
http://itpro.nikkeibp.co.jp/article/NEWS/20140513/556466/?ST=security

三井住友銀行の不正送金は「MITB攻撃」、ワンタイムパスワード利用者も被害に
http://itpro.nikkeibp.co.jp/article/NEWS/20140513/556399/?ST=security

低価格ロードバランサーに中位モデル、WAFを標準提供
http://itpro.nikkeibp.co.jp/article/NEWS/20140513/556382/?ST=security

セガのWebサイトに不正アクセス、Webページ改ざんや情報流出は確認されず
http://itpro.nikkeibp.co.jp/article/NEWS/20140513/556294/?ST=security

2014年5月13日火曜日

13日 火曜日、赤口

+ Moziila Firefox 29.0.1 released
http://www.mozilla.org/en-US/firefox/29.0.1/releasenotes/

+ CESA-2014:0475 Important CentOS 6 kernel Update
http://lwn.net/Alerts/598003/

+ BIND 9.10.0-P1 released
https://kb.isc.org/article/AA-01162/81/BIND-9.10.0-P1-Release-Notes.html

+ CVE-2014-3214: A Defect in Prefetch Can Cause Recursive Servers to Crash
https://kb.isc.org/article/AA-01161/0
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3214

+ UPDATE: OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

+ HPSBHF02946 rev.1 - HP Servers with NVIDIA GPU Computing Driver, Elevation of Privilege
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04036775-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5987

+ UPDATE: HPSBMU02931 rev.2 - HP Service Manager、任意コードの注入、遠隔権限昇格、権限情報の遠隔開示、およびクロスサイトスクリプティング (XSS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03995275-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBPI03031 rev.2 - HP Officejet Pro X Printers, Certain Officejet Pro Printers, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04272043-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBST03016 rev.3 - HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04263038-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HPSBST03038 rev.1 - HP H-series Fibre Channel Switches, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04277407-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2603

+ UPDATE: HPSBST03015 rev.3 - HP 3PAR OS running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04261644-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Linux kernel 3.12.19 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.19

+ CVE-2013-4242 Information Disclosure vulnerability in libgcrypt
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4242_information_disclosure
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242

+ CVE-2006-4810 Buffer overflow vulnerability in Texinfo
https://blogs.oracle.com/sunsecurity/entry/cve_2006_4810_buffer_overflow
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4810

+ SYM14-009 Security Advisories Relating to Symantec Products - Symantec Workspace Streaming XMLRPC Unauthenticated Access
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140512_00

+ Dovecot 2.2.13 released
http://www.dovecot.org/list/dovecot-news/2014-May/000273.html

+ Symantec Workspace Streaming XMLRPC Processing Flaw Lets Remote Users Access and Upload Files on the Target System
http://www.securitytracker.com/id/1030222
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1649

+ REMOTE: Adobe Flash Player Shader Buffer Overflow
http://www.exploit-db.com/exploits/33333

+ SA58599 Trend Micro OfficeScan OpenSSL TLS/DTLS Heartbeat Two Information Disclosure Vulnerabilities
http://secunia.com/advisories/58599/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ Linux Kernel 3.14.3 /dev/fd gain privileges
http://cxsecurity.com/issue/WLB-2014050059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1738

+ Linux Kernel 3.14.3 filter prevent nla extensions
http://cxsecurity.com/issue/WLB-2014050058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3145

+ Linux Kernel 'raw_cmd_copyin()' Function Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/67300
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1737

+ Linux Kernel 'raw_cmd_copyout()' Function Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/67302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1738

+ Linux Kernel 'filter.c' CVE-2014-3144 Multiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/67309
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3144

+ Symantec Workspace Streaming XMLRPC Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/67189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1649

+ Linux Kernel 'filter.c' CVE-2014-3145 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/67321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3145

+ ISC BIND Recursive Nameservers Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/67311
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3214

Trend Micro Smart Protection Server 3.0 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2121

「暗証番号を入力するだけで不正送金完了」、三井住友銀行が注意喚起
http://itpro.nikkeibp.co.jp/article/NEWS/20140512/556182/?ST=security

ソリトンがWindowsストアアプリも監視できるPC操作ログソフト
http://itpro.nikkeibp.co.jp/article/NEWS/20140512/556164/?ST=security

キヤノンITがメールフィルタリング製品に仮想アプライアンス版
http://itpro.nikkeibp.co.jp/article/NEWS/20140512/556152/?ST=security

Twitter、SMSを使ったパスワードリセット手段を追加
http://itpro.nikkeibp.co.jp/article/NEWS/20140512/556030/?ST=security

Snapchat、ユーザーを欺いたとする問題でFTCと和解
http://itpro.nikkeibp.co.jp/article/NEWS/20140509/555562/?ST=security

JVN#19294237 Apache Struts において ClassLoader が操作可能な脆弱性
http://jvn.jp/jp/JVN19294237/

JVNVU#94401838 OpenSSL の heartbeat 拡張に情報漏えいの脆弱性
http://jvn.jp/vu/JVNVU94401838/

JVNVU#98181377 CENTUM を含む複数の YOKOGAWA 製品に複数のバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU98181377/

REMOTE: Easy Chat Server 3.1 - Stack Buffer Overflow
http://www.exploit-db.com/exploits/33326

REMOTE: Yokogawa CS3000 BKESimmgr.exe Buffer Overflow
http://www.exploit-db.com/exploits/33331

DoS/PoC: Skybox Security 6.3.x - 6.4.x - Multiple Denial Of Service Issue
http://www.exploit-db.com/exploits/33328

2014年5月9日金曜日

9日 金曜日、友引

+ APSB14-15 Prenotification Security Advisory for Adobe Reader and Acrobat
http://helpx.adobe.com/security/products/reader/apsb14-15.html

+ phpMyAdmin 4.2.0 is released
http://sourceforge.net/p/phpmyadmin/news/2014/05/phpmyadmin-420-is-released/

+ UPDATE: HPSBGN03008 rev.2 - HP Software Service Manager, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04248997-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HPSBMU03035 rev.1 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross-Site Scripting (XSS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04273695-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6220

+ UPDATE: HPSBMU02935 rev.1 - HP LoadRunner Virtual User Generatorで、コードがリモート実行される
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04023666-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ PHP 5.5.11 FastCGI privilege escalation due to insecure configuration
http://cxsecurity.com/issue/WLB-2014050042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185

+ Apple iOS 'MobileMail.app' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/67263

+ Microsoft May 2014 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/67298

+ Microsoft Security Bulletin Advance Notification for May 2014
https://technet.microsoft.com/library/security/ms14-may

JVNDB-2014-000044 intra-mart におけるオープンリダイレクトの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000044.html

OpenSSLの「心臓出血」脆弱性から保護できるアプライアンス
http://itpro.nikkeibp.co.jp/article/NEWS/20140509/555502/?ST=security

日本IBMがセキュリティ対策ソフト「QRadar」の新版を発売、フルパケットキャプチャーに対応
http://itpro.nikkeibp.co.jp/article/NEWS/20140508/555472/?ST=security

政府関係者が狙いか?国内でIEのゼロデイ脆弱性を突く「水飲み場型攻撃」
http://itpro.nikkeibp.co.jp/article/NEWS/20140508/555443/?ST=security

JVNVU#99180587 Fortinet Fortiweb におけるクロスサイトリクエストフォージェリの脆弱性
http://jvn.jp/vu/JVNVU99180587/

JVNVU#91373286 Caldera に複数の脆弱性
http://jvn.jp/vu/JVNVU91373286/

2014年5月8日木曜日

8日 木曜日、先勝

+ RHSA-2014:0474 Important: struts security update
https://rhn.redhat.com/errata/RHSA-2014-0474.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114

+ RHSA-2014:0475 Important: kernel security and bug fix update
https://rhn.redhat.com/errata/RHSA-2014-0475.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2523

+ CESA-2014:0474 Important CentOS 5 struts Update
http://lwn.net/Alerts/597658/

+ Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2136

+ UPDATE: HPSBMU03018 rev.3 - HP Software Asset Manager running OpenSSL, Remote Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260505-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Check Point response to TCP reassembly vulnerability (CVE-2014-3000; FreeBSD-SA-14:08.tcp)
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100537&src=securityAlerts
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3000

+ Sudo 1.8.10p3 released
http://www.sudo.ws/sudo/stable.html#1.8.10p3

+ Apache Struts CookieInterceptor Bug Lets Remote Users Modify System Information
http://www.securitytracker.com/id/1030204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0116

+ SA58082 Linux Kernel "n_tty_write()" Race Condition Vulnerability
http://secunia.com/advisories/58082/

+ Apple iOS CVE-2014-0164 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/67263

定期サーバメンテナンスのお知らせ(2014/5/15)
http://app.trendmicro.co.jp/support/news.asp?id=2123

ServerProtect for Linux 3.0 Critical Patch 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2119

Windows版 Deep Security Relay Critical Patch 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2118

JVNVU#92280347 Internet Explorer に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvn.jp/vu/JVNVU92280347/

JVNVU#94401838 OpenSSL の heartbeat 拡張に情報漏えいの脆弱性
http://jvn.jp/vu/JVNVU94401838/

VU#902790 Fortinet Fortiweb 5.1 contains a cross-site request forgery vulnerability
http://www.kb.cert.org/vuls/id/902790

VU#693092 Caldera 9.20 contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/693092

2014年5月7日水曜日

7日 水曜日、赤口

+ Opera 21 released
http://www.opera.com/docs/changelogs/unified/2100/

+ squid 3.4.5 released
http://www.squid-cache.org/Versions/v3/3.4/RELEASENOTES.html

+ UPDATE: OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

+ UPDATE: HPSBGN03010 rev.4 - HP Software Server Automation running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04250814-4%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HPSBGN03034 rev.1 - HP OneView, Remote Elevation of Privileges
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04273152-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2602

+ HPSBMU03037 rev.1 - HP Multimedia Service Environment (MSE), (HP Network Interactive Voice Response (NIVR)), Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04275280-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ UPDATE: HPSBMU03033 rev.2 - HP Insight Control Software Components running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04272892-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBMU03024 rev.2 - HP Insight Control Server Deployment on Linux and Windows running OpenSSL with System Management Homepage and Systems Insight Manager, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04267749-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBMU03018 rev.2 - HP Software Asset Manager running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260505-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBMU02987 rev.2 - HP Universal Configuration Management Database Integration Service, Remote Code Execution
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04219959-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBMU02967 rev.3 - HP Unified Functional Testing Running on Windows, Remote Execution of Arbitrary Code
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04122007-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBNS03003 rev.4 - HP NonStop Volume Level Encryption (VLE) running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04242672-4%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HPSBST03027 rev.1 - HP StoreVirtual 4000 Storage and HP P4000 G2 Storage using HP System Management Homepage (SMH) running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04273303-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ UPDATE: HPSBST03004 rev.2 - HP IBRIX X9320 Storage running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04264595-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Linux kernel 3.14.3, 3.10.39, 3.4.89 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.3
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.39
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.89

+ Apache Ant 1.9.4 Released
http://ant.apache.org/bindownload.cgi

+ Apache Struts 2.3.16.3 GA
http://struts.apache.org/announce.html

+ PHP 5.4.28 Released
http://www.php.net/ChangeLog-5.php#5.4.28

+ Linux Kernel PTY Write Buffer Race Condition Lets Local Users Deny Service and Potentially Gain Elevated Privileges
http://www.securitytracker.com/id/1030192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196

+ OpenSSL Null Pointer Dereference in do_ssl3_write() Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198

+ PHP FastCGI Process Manager Socket Permission Flaw Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1030187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185

+ REMOTE: Adobe Flash Player Integer Underflow Remote Code Execution
http://www.exploit-db.com/exploits/33212

+ LOCAL: Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)
http://www.exploit-db.com/exploits/33213

+ SA58416 Opera Multiple Vulnerabilities
http://secunia.com/advisories/58416/

+ SA58412 Apache Struts CookieInterceptor ClassLoader Manipulation Vulnerability
http://secunia.com/advisories/58412/

+ SA58490 Kaspersky PURE RPC Server "call_table_ref" Use-After-Free Vulnerability
http://secunia.com/advisories/58490/

+ SA58489 Kaspersky Internet Security OpenSSL TLS/DTLS Heartbeat Two Information Disclosure Vulnerabilities
http://secunia.com/advisories/58489/

+ SA58297 OpenSSL "do_ssl3_write()" NULL Pointer Dereference Vulnerability
http://secunia.com/advisories/58297/

+ SA58091 Linux Kernel "try_to_unmap_cluster()" Denial of Service Vulnerability
http://secunia.com/advisories/58091/

+ Linux Kernel pty layer race condition memory corruption
http://cxsecurity.com/issue/WLB-2014050029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196

+ Struts 2.3.16.3 Manipulation Fix
http://cxsecurity.com/issue/WLB-2014050026

+ Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)
http://cxsecurity.com/issue/WLB-2014050024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1300

+ Adobe Flash Player Integer Underflow Remote Code Execution
http://cxsecurity.com/issue/WLB-2014050023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0497

+ OpenSSL NULL pointer dereference in do_ssl3_write
http://cxsecurity.com/issue/WLB-2014050016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198

+ Apache Struts ClassLoader Manipulation Remote Code Execution
http://cxsecurity.com/issue/WLB-2014050014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112

+ Linux Kernel mm/try_to_unmap_cluster() should lock_page() before mlocking
http://cxsecurity.com/issue/WLB-2014050009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3122

+ Google Chrom 34.0.1847.131 m 32-bit DLL Order Hijacking
http://cxsecurity.com/issue/WLB-2014050004

+ Apache Struts 'CookieInterceptor' Security Bypass Vulnerability
http://www.securityfocus.com/bid/67218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0116

+ PHP 'php-fpm' and 'php-cgi' Denial of Service Vulnerability
http://www.securityfocus.com/bid/67217

+ OpenSSL 'so_ssl3_write()' Function NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/67193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198

緊急サーバメンテナンスのお知らせ(2014/5/5)
http://app.trendmicro.co.jp/support/news.asp?id=2122

pgBadger 5.1 is out
http://www.postgresql.org/about/news/1520/

TeamPostgreSQL 1.07 - free PostgreSQL web interface
http://www.postgresql.org/about/news/1518/

PostgresDAC 2.12.0 meets RAD Studio XE6!
http://www.postgresql.org/about/news/1519/

オープンソースOS「FreeBSD」のTCP処理に脆弱性、サービス停止の危険あり
http://itpro.nikkeibp.co.jp/article/NEWS/20140502/554423/?ST=security

「IEのゼロデイ脆弱性」を修正するパッチが緊急公開、Windows XPも対象
http://itpro.nikkeibp.co.jp/article/NEWS/20140502/554422/?ST=security

JVNVU#92280347 Internet Explorer に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvn.jp/vu/JVNVU92280347/

JVNVU#94205147 Google 検索アプライアンス ダイナミック ナビゲーションにクロスサイトスクリプティングの脆弱性
http://jvn.jp/vu/JVNVU94205147/

2014年5月2日金曜日

2日 金曜日、先勝













+ MS14-021 - 緊急 Internet Explorer 用のセキュリティ更新プログラム (2965111)
https://technet.microsoft.com/ja-jp/library/security/MS14-021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1776

+ UPDATE: HPSBMU03009 rev.2 - HP CloudSystem Foundation and Enterprise Software v8.0 running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04249113-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBMU02998 rev.3 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04239372-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HPSBST03004 rev.1 - HP IBRIX X9320 Storage running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04264595-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ PHP 5.5.12 released
http://www.php.net/archive/2014.php#id2014-04-30-1
http://www.php.net/ChangeLog-5.php#5.5.12

+ VU#673313 Google Search Appliance dynamic navigation cross-site scripting vulnerability
http://www.kb.cert.org/vuls/id/673313
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0362

+ Google Chrom 34.0.1847.131 m 32-bit DLL Order Hijacking
http://cxsecurity.com/issue/WLB-2014050004

+ iTunes for Windows runs rogue program when opening associated files
http://cxsecurity.com/issue/WLB-2014050002

ワコール、不正アクセスで閉鎖していた通販サイトを約1カ月ぶりに再開
http://itpro.nikkeibp.co.jp/article/NEWS/20140501/554265/?ST=security

「パスワードは定期的に変更を」、三井住友カードをかたるフィッシング
http://itpro.nikkeibp.co.jp/article/NEWS/20140501/554202/?ST=security

Flash Playerに危険な脆弱性、悪用した攻撃が出現
http://itpro.nikkeibp.co.jp/article/NEWS/20140501/554182/?ST=security

IEの深刻なゼロデイ脆弱性、MSが「回避策まとめ」を公開
http://itpro.nikkeibp.co.jp/article/NEWS/20140501/554162/?ST=security

JVNVU#95235811 Emerson Avocent MergePoint Unity にディレクトリトラバーサルの脆弱性
http://jvn.jp/vu/JVNVU95235811/

JVNVU#94401838 OpenSSL の heartbeat 拡張に情報漏えいの脆弱性
http://jvn.jp/vu/JVNVU94401838/

2014年5月1日木曜日

1日 木曜日、赤口

+ CESA-2014:0448 Critical CentOS 6 firefox Update
http://lwn.net/Alerts/596780/

+ CESA-2014:0448 Critical CentOS 5 firefox Update
http://lwn.net/Alerts/596781/

+ CESA-2014:0449 Important CentOS 6 thunderbird Update
http://lwn.net/Alerts/596782/

+ CESA-2014:0449 Important CentOS 5 thunderbird Update
http://lwn.net/Alerts/596783/

+ UPDATE: OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

+ Multiple Vulnerabilities in Cisco TelePresence System MXP Series
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2161

+ Multiple Vulnerabilities in Cisco TelePresence TC and TE Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2175

+ UPDATE: HPSBGN03010 rev.3 - HP Software Server Automation running OpenSSL, Remote Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04250814-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HPSBMU03033 rev.1 - HP Insight Control Software Components running OpenSSL, Remote Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04272892-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ HPSBMU03030 rev.1 - HP Service Pack for ProLiant (SPP) Bundled Software running OpenSSL, Remote Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04271396-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ HPSBMU03028 rev.1 - HP Matrix Operating Environment and CloudSystem Matrix Software Components running OpenSSL, Remote Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04268239-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ HPSBMU03024 rev.1 - HP Insight Control Server Deployment on Linux and Windows running OpenSSL with System Management Homepage and Systems Insight Manager, Remote Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04267749-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ UPDATE: HPSBST03016 rev.2 - HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage running OpenSSL, Remote Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04263038-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBUX02963 SSRT101297 rev.2 - HP-UX m4(1), Local Unauthorized Access
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04103553-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Linux kernel 3.2.58 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.58

+ Cross-Site Scripting Vulnerability in Citrix NetScaler Gateway, formerly Citrix Access Gateway Enterprise Edition
http://support.citrix.com/article/CTX140291

+ FreeBSD-SA-14:09.openssl OpenSSL use-after-free vulnerability
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:09.openssl.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298

+ FreeBSD-SA-14:08.tcp TCP reassembly vulnerability
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:08.tcp.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3000

+ FreeBSD-SA-14:07.devfs devfs rules not applied by default for jails
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:07.devfs.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3001

+ Struts 1 ClassLoader Manipulation
http://cxsecurity.com/issue/WLB-2014040197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0094

+ RHSA-2014:0448 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2014-0448.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1523
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1524
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1529
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1530
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1532

Microsoft Internet Explorer の脆弱性(CVE-2014-1776)に関して
http://app.trendmicro.co.jp/support/news.asp?id=2120

「ITパスポート試験」が緊急中止、システムで「Struts 1」を利用
http://itpro.nikkeibp.co.jp/article/NEWS/20140430/553866/?ST=security

Adobe Flash Player の脆弱性 (APSB14-13) に関する注意喚起
http://www.jpcert.or.jp/at/2014/at140019.html

JVNVU#93342829 Ignite Realtime Smack API に複数の脆弱性
http://jvn.jp/vu/JVNVU93342829/

JVN#31230946 サイボウズ ガルーンの API におけるアクセス制限回避の脆弱性
http://jvn.jp/jp/JVN31230946/

JVN#90519014 サイボウズ ガルーンの電話メモ機能におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN90519014/

JVN#19294237 Apache Struts において ClassLoader が操作可能な脆弱性
http://jvn.jp/jp/JVN19294237/

JVNVU#92280347 Internet Explorer に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvn.jp/vu/JVNVU92280347/index.html