2014年7月31日木曜日

31日 木曜日、大安

+ UPDATE: マイクロソフト セキュリティ アドバイザリ 2915720 Windows Authenticode 署名検証の変更
https://technet.microsoft.com/ja-jp/library/security/2915720

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

+ UPDATE: Multiple Vulnerabilities in Cisco IronPort Encryption Appliance
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100210-ironport

+ MySQL 5.6.20, 5.5.39 released
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-20.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html

+ Samba 4.0.20 Available for Download
http://samba.org/samba/history/samba-4.0.20.html

+ dhcpcd Overloaded Options Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030656

+ SVN local privilege escalation
http://cxsecurity.com/issue/WLB-2014070176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7393

+ Wireshark Read Access Violation NULL Pointer Deref
http://cxsecurity.com/issue/WLB-2014050088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5116

+ SA60264 Hitachi Command Suite Products Apache Struts ClassLoader Manipulation Vulnerability
http://secunia.com/advisories/60264/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114

+ SA60253 Hitachi Command Suite Products Apache Struts ClassLoader Manipulation Vulnerability
http://secunia.com/advisories/60253/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114

+ SA60351 Linux Kernel s390 PSW Mask Privilege Escalation Vulnerability
http://secunia.com/advisories/60351/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3534

+ SA59035 Fujitsu Systemwalker Multiple Products OpenSSL SSL/TLS Handshake Security Issue
http://secunia.com/advisories/59035/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ SA60042 Fujitsu Symfoware Server / Integrated System HA Database Ready OpenSSL Multiple Vulnerabilities
http://secunia.com/advisories/60042/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ SA60381 Apple QuickTime "mvhd" Atom Buffer Overflow Vulnerability
http://secunia.com/advisories/60381/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4979

+ SA58963 Linux Kernel shmem Denial of Service Vulnerability
http://secunia.com/advisories/58963/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171

+ Apple iOS 'Content-Disposition' Header Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/68969

JVNDB-2014-000086 Android 版 Outlook.com における SSL サーバ証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000086.html

【個人情報保護法改正、データ活用はもう怖くない】
[個人情報保護法改正4]高い保護が必要な位置情報、顔認証/遺伝子情報に思わぬ留意点
http://itpro.nikkeibp.co.jp/article/COLUMN/20140722/571227/?ST=security

【セキュリティレガシー~崩壊するデータ安全保障】
[標的型攻撃対策]CSIRT設置企業が急増
http://itpro.nikkeibp.co.jp/article/COLUMN/20140718/571208/?ST=security

Android版Outlook.comにSSL関連の脆弱性が発覚、盗聴など受ける危険性
http://itpro.nikkeibp.co.jp/atcl/news/14/073000282/?ST=security

OCN IDでなりすましによる不正利用が発覚、景品交換などに悪用される
http://itpro.nikkeibp.co.jp/atcl/news/14/073000279/?ST=security

BlackBerry、政府・法人向けセキュリティのSecusmartを買収へ
http://itpro.nikkeibp.co.jp/atcl/news/14/073000277/?ST=security

2014年7月30日水曜日

30日 水曜日、仏滅

+ RHSA-2014:0981 Important: kernel security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2014-0981.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2672
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2706
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2851
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3145

+ UPDATE: HPSBGN02936 rev.2 - HP and H3C VPN Firewall Module Products, Remote Denial of Service (DoS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03993467-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HPSBMU03078 rev.1 - HP CloudSystem Foundation and HP CloudSystem Enterprise Software running OpenSSL, Remote Unauthorized Access or Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04385138-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ Tomcat 7.0.55 Released
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

JVNDB-2014-000087 アイ・オー・データ機器製の複数の IP カメラにおける認証回避の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000087.html

JVNDB-2014-000089 acmailer におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000089.html

JVNDB-2014-000088 PerlMailer におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000088.html

UPDATE: JVN#94592501 アイ・オー・データ機器製の複数の IP カメラにおける認証回避の脆弱性
http://jvn.jp/jp/JVN94592501/

JVNVU#97348300 Silver Peak VX に複数の脆弱性
http://jvn.jp/vu/JVNVU97348300/

JVN#42511610 acmailer におけるクロスサイトリクエストフォージェリの脆弱性
http://jvn.jp/jp/JVN42511610/

【「ソーシャル新人類」の不夜城?10代は何を考えているのか】
大人による設定を軽々突破、裏ワザにたけたデジタルネイティブたち
http://itpro.nikkeibp.co.jp/atcl/column/14/537662/072300002/?ST=security

【個人情報保護法改正、データ活用はもう怖くない】
[個人情報保護法改正3]識別子ごとに異なるプライバシーへの影響度、履歴の扱いにも注意
http://itpro.nikkeibp.co.jp/article/COLUMN/20140722/571226/?ST=security

【セキュリティレガシー~崩壊するデータ安全保障】
[利用者認証]換金狙いの攻撃が続く
http://itpro.nikkeibp.co.jp/article/COLUMN/20140718/571206/?ST=security

フォーティネット、AWS向けに仮想WAFを“時間貸し”方式で提供開始
http://itpro.nikkeibp.co.jp/atcl/news/14/072900270/?ST=security

KDDIが法人向けIDaaSを発表、電話着信を利用した多段階認証に対応
http://itpro.nikkeibp.co.jp/atcl/news/14/072900266/?ST=security

不正送金を狙う「ネバークエスト」、国内の地方銀行も標的に
http://itpro.nikkeibp.co.jp/atcl/news/14/072900264/?ST=security

ベネッセ事件容疑者はなぜスマホでデータを持ち出せたか、IT部門は設定の再点検を
http://itpro.nikkeibp.co.jp/atcl/news/14/072800239/?ST=security

2014年7月29日火曜日

29日 火曜日、先負

+ Linux Kernel 3.15.7, 3.14.14, 3.10.50, 3.4.100 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.7
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.14
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.50
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.100

+ Samba 4.1.10 Available for Download
http://www.samba.org/samba/history/samba-4.1.10.html

+ Linux Kernel sctp inherit auth_capable on INIT collisions
http://cxsecurity.com/issue/WLB-2014070154

+ Bugzilla 3.x / 4.x Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2014070148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1546

+ SA59128 Linux Kernel "sctp_association_free()" Integer Underflow Denial of Service Vulnerability
http://secunia.com/advisories/59128/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667

【個人情報保護法改正、データ活用はもう怖くない】
[個人情報保護法改正2]データを匿名化し活用を促進、「個人特定性低減データ」を定義
http://itpro.nikkeibp.co.jp/article/COLUMN/20140722/571225/?ST=security

【セキュリティレガシー~崩壊するデータ安全保障】
[内部犯行対策]カード偽造事件の教訓
http://itpro.nikkeibp.co.jp/article/COLUMN/20140718/571205/?ST=security

JVNVU#92341690 Sabre AirCentre Crew ソリューションに SQL インジェクションの脆弱性
http://jvn.jp/vu/JVNVU92341690/

VU#867980 Silver Peak VX is vulnerable to cross-site request forgery and cross-site scripting
http://www.kb.cert.org/vuls/id/867980

REMOTE: Oxwall 1.7.0 - Remote Code Execution Exploit
http://www.exploit-db.com/exploits/34191

2014年7月28日月曜日

28日 月曜日、友引

+ CESA-2014:0926 Moderate CentOS 5 kernel Update
http://lwn.net/Alerts/606673/

+ CESA-2014:0924 Important CentOS 6 kernel Update
http://lwn.net/Alerts/606674/

+ CESA-2014:0923 Important CentOS 7 kernel Security Update
http://lwn.net/Alerts/606675/

+ CESA-2014:0927 Moderate CentOS 7 qemu-kvm Security Update
http://lwn.net/Alerts/606676/

+ UPDATE: HPSBGN02936 rev.2 - HP and H3C VPN Firewall Module Products, Remote Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03993467-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HPSBMU03071 rev.1 - HP Autonomy IDOL, Running OpenSSL, Remote Unauthorized Access, Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04370307-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ HPSBMU03073 rev.1 - HP Network Virtualization, Remote Execution of Code, Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04374202-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2626

+ HPSBMU03076 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows running OpenSSL, Multiple Vulnerabilities
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04379485-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ HPSBMU03074 rev.1 - HP Insight Control server migration on Linux and Windows running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04378799-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ HS14-019 Multiple Vulnerabilities in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-019/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4268

+ HS14-019 Cosminexusにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS14-019/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4268

+ PHP 5.4.31 Released
http://php.net/archive/2014.php#id2014-07-24-2
http://www.php.net/ChangeLog-5.php#5.4.31

+ HP VPN Firewall Module Unspecified Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4840

+ Bugzilla Input Validation Flaw in JSONP Endpoint Permits Cross-Site Request Forgery Attacks
http://www.securitytracker.com/id/1030648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1546

+ Apple QuickTime 'mvhd' Atom Memory Corruption Error Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1030638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4979

+ Apache mod_cache Null Pointer Dereference Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4352

+ Bugzilla 3.x / 4.x Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2014070148

JVNDB-2013-002240 TrendLink の ActiveX コントロールにおける任意のプログラムが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-002240.html

JVNVU#97798872 Omron NS シリーズ HMI に複数の脆弱性
http://jvn.jp/vu/JVNVU97798872/

JVNVU#90219433 BulletProof FTP Client 2010 にスタックバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU90219433/

JVNVU#99829464 TestRail にクロスサイトスクリプティングの脆弱性
http://jvn.jp/vu/JVNVU99829464/

NTTドコモ利用者狙う偽サイトが出現、見た目もドメイン名も偽装
http://itpro.nikkeibp.co.jp/atcl/news/14/072700226/?ST=security

チェックしておきたい脆弱性情報<2014.07.28>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/072300008/?ST=security

【セキュリティレガシー~崩壊するデータ安全保障】
[総論]負の遺産を一掃せよ
http://itpro.nikkeibp.co.jp/article/COLUMN/20140718/571204/?ST=security

【個人情報保護法改正、データ活用はもう怖くない】
[個人情報保護法改正1]プライバシー保護のための機関が誕生、日本の制度を国際水準に
http://itpro.nikkeibp.co.jp/article/COLUMN/20140722/571224/?ST=security

【セキュリティレガシー~崩壊するデータ安全保障】
http://itpro.nikkeibp.co.jp/article/COLUMN/20140718/571203/?ST=security

ロックインターナショナル、「スマホ経由の情報漏洩」に対応したソフト
http://itpro.nikkeibp.co.jp/atcl/news/14/072500224/?ST=security

DNSサーバーを狙ったDDoS攻撃、オープンリゾルバーを踏み台に
http://itpro.nikkeibp.co.jp/atcl/news/14/072500214/?ST=security

VU#394540 Sabre AirCentre Crew solutions contain a SQL injection vulnerability
http://www.kb.cert.org/vuls/id/394540

2014年7月25日金曜日

25日 金曜日、仏滅

+ RHSA-2014:0923 Important: kernel security update
https://access.redhat.com/errata/RHSA-2014:0923
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4699
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943

+ RHSA-2014:0927 Moderate: qemu-kvm security and bug fix update
https://access.redhat.com/errata/RHSA-2014:0927
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4149
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4151
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4527
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4529
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4535
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4536
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6399
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0222
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3461

+ RHSA-2014:0916 Critical: nss and nspr security update
https://access.redhat.com/errata/RHSA-2014:0916
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544

+ PHP 5.5.15 released
http://php.net/archive/2014.php#id2014-07-24-1
http://www.php.net/ChangeLog-5.php#5.5.15

+ PostgreSQL updates 9.3.5, 9.2.9, 9.1.14, 9.0.18, 8.4.22 released
http://www.postgresql.org/about/news/1534/
http://www.postgresql.org/docs/9.3/static/release-9-3-5.html
http://www.postgresql.org/docs/9.2/static/release-9-2-9.html
http://www.postgresql.org/docs/9.1/static/release-9-1-14.html
http://www.postgresql.org/docs/9.0/static/release-9-0-18.html

+ PostgreSQL 9.4 Beta 2 Released
http://www.postgresql.org/about/news/1533/

+ DoS/PoC: Make 3.81 - Heap Overflow PoC
http://www.exploit-db.com/exploits/34164

JVNVU#99424174 Resin Pro に Unicode 文字を適切に変換しない問題
http://jvn.jp/vu/JVNVU99424174/

世界のセキュリティ・ラボから日経コミュニケーション
Google Driveを通じて非公開データが流出するおそれ
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/072300004/?ST=security

記者の眼日経コンピュータ
ベネッセ事件を機に、個人情報保護ルール私案を考えてみた
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/072200008/?ST=security

「漏洩した個人情報を削除します」、ベネッセ事件便乗の怪しい電話に注意
http://itpro.nikkeibp.co.jp/atcl/news/14/072400201/?ST=security

VU#565580 BulletProof FTP Client 2010 is vulnerable to a stack-based buffer overflow
http://www.kb.cert.org/vuls/id/565580

VU#669804 TestRail cross-site scripting vulnerability
http://www.kb.cert.org/vuls/id/669804

REMOTE: Omeka 2.2.1 - Remote Code Execution Exploit
http://www.exploit-db.com/exploits/34160

DoS/PoC: BulletProof FTP Client 2010 - Buffer Overflow (SEH)
http://www.exploit-db.com/exploits/34162

2014年7月24日木曜日

24日 木曜日、先負

+ RHSA-2014:0920 Important: httpd security update
https://rhn.redhat.com/errata/RHSA-2014-0920.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231

+ RHSA-2014:0926 Moderate: kernel security and bug fix update
https://rhn.redhat.com/errata/RHSA-2014-0926.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4021

+ RHSA-2014:0924 Important: kernel security update
https://rhn.redhat.com/errata/RHSA-2014-0924.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4699
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943

+ RHSA-2014:0919 Critical: firefox security update
https://access.redhat.com/errata/RHSA-2014:0919
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1557

+ CESA-2014:0919 Critical CentOS 6 firefox Update
http://lwn.net/Alerts/606261/

+ CESA-2014:0919 Critical CentOS 5 firefox Update
http://lwn.net/Alerts/606260/

+ CESA-2014:0919 Critical CentOS 7 firefox and xulrunner Security Update
http://lwn.net/Alerts/606262/

+ CESA-2014:0914 Moderate CentOS 7 libvirt Security Update
http://lwn.net/Alerts/606263/

+ CESA-2014:0916 Critical CentOS 5 nss Update
http://lwn.net/Alerts/606265/

+ CESA-2014:0916 Critical CentOS 7 nss and nspr Security Update
http://lwn.net/Alerts/606266/

+ CESA-2014:0917 Critical CentOS 6 nspr Update
http://lwn.net/Alerts/606267/

+ CESA-2014:0917 Critical CentOS 6 nss-util Update
http://lwn.net/Alerts/606268/

+ CESA-2014:0917 Critical CentOS 6 nss Update
http://lwn.net/Alerts/606269/

+ CESA-2014:0916 Critical CentOS 5 nspr Update
http://lwn.net/Alerts/606264/

+ CESA-2014:0918 Important CentOS 5 thunderbird Update
http://lwn.net/Alerts/606270/

+ CESA-2014:0918 Important CentOS 6 thunderbird Update
http://lwn.net/Alerts/606271/

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

+ HPSBMU03073 rev.1 - HP Network Virtualization, Remote Execution of Code, Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04374202-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2626

+ HPSBMU03076 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows running OpenSSL, Multiple Vulnerabilities
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04379485-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ HPSBMU03074 rev.1 - HP Insight Control server migration on Linux and Windows running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04378799-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ Apache 2.4.x mod_proxy Denial Of Service
http://cxsecurity.com/issue/WLB-2014070127

+ Linux Kernel ptrace/sysret Local Privilege Escalation
http://cxsecurity.com/issue/WLB-2014070126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4699

+ Apache HTTP Server http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/68745
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118

チェックしておきたい脆弱性情報<2014.07.24>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/071800007/?ST=security

KCCS、サーバーセキュリティを含んだAWSの構築/運用サービス
http://itpro.nikkeibp.co.jp/atcl/news/14/072300186/?ST=security

企業のセキュリティ人材育成を支援、日本IBMがCSIRT研修サービスを提供開始
http://itpro.nikkeibp.co.jp/atcl/news/14/072300179/?ST=security

NTTコムのサービス、個人情報最大378人分がWeb閲覧可能だったことが判明
http://itpro.nikkeibp.co.jp/atcl/news/14/072300177/?ST=security

VU#162308 Resin Pro improperly performs Unicode transformations
http://www.kb.cert.org/vuls/id/162308

2014年7月23日水曜日

23日 水曜日、友引

+ RHSA-2014:0919 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2014-0919.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1557

+ RHSA-2014:0916 Critical: nss and nspr security update
https://rhn.redhat.com/errata/RHSA-2014-0916.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544

+ RHSA-2014:0917 Critical: nss and nspr security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2014-0917.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545

+ RHSA-2014:0907 Important: java-1.6.0-openjdk security and bug fix update
https://access.redhat.com/errata/RHSA-2014:0907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4266

+ Mozilla Firefox 31.0 released
https://www.mozilla.org/en-US/firefox/31.0/releasenotes/

+ Mozilla Thunderbird 31.0 released
https://www.mozilla.org/en-US/thunderbird/31.0/releasenotes/

+ MFSA 2014-66 IFRAME sandbox same-origin access through redirect
https://www.mozilla.org/security/announce/2014/mfsa2014-66.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1552

+ MFSA 2014-65 Certificate parsing broken by non-standard character encoding
https://www.mozilla.org/security/announce/2014/mfsa2014-65.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1560

+ MFSA 2014-64 Crash in Skia library when scaling high quality images
https://www.mozilla.org/security/announce/2014/mfsa2014-64.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1557

+ MFSA 2014-63 Use-after-free while when manipulating certificates in the trusted cache
https://www.mozilla.org/security/announce/2014/mfsa2014-63.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544

+ MFSA 2014-62 Exploitable WebGL crash with Cesium JavaScript library
https://www.mozilla.org/security/announce/2014/mfsa2014-62.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1556

+ MFSA 2014-61 Use-after-free with FireOnStateChange event
https://www.mozilla.org/security/announce/2014/mfsa2014-61.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1555

+ MFSA 2014-60 Toolbar dialog customization event spoofing
https://www.mozilla.org/security/announce/2014/mfsa2014-60.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1561

+ MFSA 2014-59 Use-after-free in DirectWrite font handling
https://www.mozilla.org/security/announce/2014/mfsa2014-59.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1551

+ MFSA 2014-58 Use-after-free in Web Audio due to incorrect control message ordering
https://www.mozilla.org/security/announce/2014/mfsa2014-58.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1550

+ MFSA 2014-57 Buffer overflow during Web Audio buffering for playback
https://www.mozilla.org/security/announce/2014/mfsa2014-57.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1549

+ MFSA 2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)
https://www.mozilla.org/security/announce/2014/mfsa2014-56.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1548

+ Opera 23 released
http://www.opera.com/docs/changelogs/unified/2300/

+ CESA-2014:0907 Important CentOS 5 java-1.6.0-openjdk Update
http://lwn.net/Alerts/606156/

+ CESA-2014:0907 Important CentOS 6 java-1.6.0-openjdk Update
http://lwn.net/Alerts/606157/

+ CESA-2014:0907 CentOS 7 java-1.6.0-openjdk Security Update
http://lwn.net/Alerts/606158/

+ HPSBMU03071 rev.1 - HP Autonomy IDOL, Running OpenSSL, Remote Unauthorized Access, Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04370307-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ Linux kernel 3.12.25 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.25

+ HS14-018 ClassLoader Manipulation Vulnerability in Hitachi Command Suite Products
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-018/index.html

+ HS14-018 Hitachi Command Suite製品におけるClassLoaderが操作可能な脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS14-018/index.html

+ OpenSSL 1.0.2 Beta 2 released
http://www.openssl.org/source/

+ LOCAL: Microsoft XP SP3 - BthPan.sys Arbitrary Write Privilege Escalation
http://www.exploit-db.com/exploits/34131

+ Apache Scoreboard / Status Race Condition
http://cxsecurity.com/issue/WLB-2014070114

+ Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation
http://cxsecurity.com/issue/WLB-2014070113

+ Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation
http://cxsecurity.com/issue/WLB-2014070112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4971

+ SA60191 phpMyAdmin Script Insertion and Security Bypass Vulnerabilities
http://secunia.com/advisories/60191/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4987

+ SA59569 Linux Kernel "lzo1x_decompress_safe()" Integer Overflow Vulnerability
http://secunia.com/advisories/59569/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4607

+ SA59567 Linux Kernel "lz4_uncompress()" Integer Overflow Vulnerability
http://secunia.com/advisories/59567/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4611

+ SA59434 Linux Kernel ALSA Multiple Vulnerabilities
http://secunia.com/advisories/59434/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4656

+ SA60274 Apache HTTP Server Two Denial of Service Vulnerabilities
http://secunia.com/advisories/60274/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231

JVNVU#93309335 MicroPact icomplaints にクロスサイトスクリプティングの脆弱性
http://jvn.jp/vu/JVNVU93309335/

JVNVU#93289423 Huawei E355 にクロスサイトスクリプティングの脆弱性
http://jvn.jp/vu/JVNVU93289423/

世界のセキュリティ・ラボから日経コミュニケーション
Google Glass、相次ぐプライバシーの懸念
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/071400003/?ST=security

チェックしておきたい脆弱性情報<2014.07.23>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/071800006/?ST=security

News & Trend日経コンピュータ
標的型攻撃対策の支援体制を強化、IPAが「サイバーレスキュー隊」
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/071700012/?ST=security

ベネッセで新たな漏洩が判明、生活事業サービスの個人情報が容疑者スマホに
http://itpro.nikkeibp.co.jp/atcl/news/14/072200148/?ST=security

JSSECがAndroidアプリ開発者向けガイド改訂、利用者情報の扱い方など追加
http://itpro.nikkeibp.co.jp/atcl/news/14/071800142/?ST=security

DoS/PoC: DjVuLibre <= 3.5.25.3 - Out of Bounds Access Violation
http://www.exploit-db.com/exploits/34135

2014年7月22日火曜日

22日 火曜日、先勝

+ RHSA-2014:0907 Important: java-1.6.0-openjdk security and bug fix update
https://rhn.redhat.com/errata/RHSA-2014-0907.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4266

+ RHSA-2014:0907 Important: java-1.6.0-openjdk security and bug fix update
https://access.redhat.com/errata/RHSA-2014:0907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4266

+ RHSA-2014:0861 Moderate: lzo security update
https://access.redhat.com/errata/RHSA-2014:0861
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4607

+ RHSA-2014:0741 Critical: firefox security update
https://access.redhat.com/errata/RHSA-2014:0741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1538

+ RHSA-2014:0889 Critical: java-1.7.0-openjdk security update
https://access.redhat.com/errata/RHSA-2014:0889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4266

+ RHSA-2014:0820 Important: docker security update
https://access.redhat.com/errata/RHSA-2014:0820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3499

+ RHSA-2014:0790 Moderate: dovecot security update
https://access.redhat.com/errata/RHSA-2014:0790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3430

+ RHSA-2014:0705 Critical: java-1.7.1-ibm security update
https://access.redhat.com/errata/RHSA-2014:0705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5898
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5878
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0449

+ RHSA-2014:0678 Important: kernel security update
https://access.redhat.com/errata/RHSA-2014:0678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196

+ RHSA-2014:0867 Moderate: samba security update
https://access.redhat.com/errata/RHSA-2014:0867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493

+ RHSA-2014:0702 Moderate: mariadb security update
https://access.redhat.com/errata/RHSA-2014:0702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2436
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2419

+ RHSA-2014:0786 Important: kernel security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2014:0786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2851
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3145

+ RHSA-2014:0827 Moderate: tomcat security update
https://access.redhat.com/errata/RHSA-2014:0827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099

+ RHSA-2014:0685 Important: java-1.6.0-openjdk security update
https://access.redhat.com/errata/RHSA-2014:0685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0461

+ RHSA-2014:0675 Critical: java-1.7.0-openjdk security update
https://access.redhat.com/errata/RHSA-2014:0675
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2413
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0461

+ RHSA-2014:0679 Important: openssl security update
https://access.redhat.com/errata/RHSA-2014:0679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ RHSA-2014:0704 Moderate: qemu-kvm security and bug fix update
https://access.redhat.com/errata/RHSA-2014:0704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2894

+ RHSA-2014:0703 Moderate: json-c security update
https://access.redhat.com/errata/RHSA-2014:0703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6371
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6370

+ RHSA-2014:0687 Moderate: libtasn1 security update
https://access.redhat.com/errata/RHSA-2014:0687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468

+ RHSA-2014:0686 Important: tomcat security update
https://access.redhat.com/errata/RHSA-2014:0686
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0186

+ RHSA-2014:0684 Important: gnutls security update
https://access.redhat.com/errata/RHSA-2014:0684
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3465

+ RHSA-2014:0680 Important: openssl098e security update
https://access.redhat.com/errata/RHSA-2014:0680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ phpMyAdmin 4.0.10.1, 4.1.14.2 and 4.2.6 are released
http://sourceforge.net/p/phpmyadmin/news/2014/07/phpmyadmin-40101-41142-and-426-are-released/

+ PMASA-2014-7 Access for an unprivileged user to MySQL user list.
http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4987

+ PMASA-2014-6 Multiple XSS in AJAX confirmation messages.
http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4986

+ PMASA-2014-5 Self-XSS due to unescaped HTML output in database triggers page.
http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4955

+ PMASA-2014-4 Self-XSS due to unescaped HTML output in database structure page.
http://www.phpmyadmin.net/home_page/security/PMASA-2014-4.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4954

+ UPDATE: Cisco Wireless Residential Gateway Remote Code Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscosa-20140716-cm

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

+ CVE-2014-2469 Denial of Service(DoS) vulnerability in Lighttpd
https://blogs.oracle.com/sunsecurity/entry/cve_2014_2469_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2469

+ Multiple vulnerabilities in Lighttpd
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_lighthttpd
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1427

+ CVE-2013-2236 Buffer Errors vulnerability in Quagga
https://blogs.oracle.com/sunsecurity/entry/cve_2013_2236_buffer_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2236

+ Oracle Critical Patch Update Advisory - July 2014
http://www.oracle.com/technetwork/jp/topics/ojkbcpujul2014-2244696-ja.html

+ Apache httpd 2.4.10 released
http://www.apache.org/dist/httpd/Announcement2.4.html
http://www.apache.org/dist/httpd/CHANGES_2.4.10
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3523
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226

+ Apache Multiple Flaws Let Remote Users Deny Service or Execute Arbitrary Code
http://www.securitytracker.com/id/1030615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3523

+ Linux Kernel Flaw in PPP over L2TP Sockets Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1030610
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943

+ LOCAL: Linux Kernel ptrace/sysret - Local Privilege Escalation
http://www.exploit-db.com/exploits/34134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4699

+ DoS/PoC: Apache 2.4.7 mod_status Scoreboard Handling Race Condition
http://www.exploit-db.com/exploits/34133/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226

+ SA60170 Apache HTTP Server Multiple Vulnerabilities
http://secunia.com/advisories/60170/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3523

+ SA60071 Linux Kernel PPP Over L2TP Implementation Privilege Escalation Vulnerabilities
http://secunia.com/advisories/60071/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943

+ Apache httpd mod_status Heap Buffer Overflow Remote Code Execution
http://cxsecurity.com/issue/WLB-2014070103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226

+ Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/68678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226

+ Multiple Microsoft Products Arbitrary Memory Write Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/68764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4971

+ Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/68742
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231

JVNDB-2014-000082 FuelPHP において任意のコードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000082.html

JVNDB-2014-000081 File Explorer におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000081.html

JVNDB-2014-000080 Meridian におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000080.html

ALSI、セキュリティUSBメモリー作成ソフトをWindows 8.1対応に
http://itpro.nikkeibp.co.jp/atcl/news/14/071800131/?ST=security

MSナデラCEOの言葉が示すベネッセ事件への教訓
http://itpro.nikkeibp.co.jp/atcl/column/14/560135/071800004/?ST=security

VU#875548 MicroPact iComplaints cross-site scripting vulnerability
http://www.kb.cert.org/vuls/id/875548

VU#688812 Huawei E355 contains a stored cross-site scripting vulnerability
http://www.kb.cert.org/vuls/id/688812

REMOTE: IBM GCM16/32 1.20.0.22575 - Multiple Vulnerabilities
http://www.exploit-db.com/exploits/34132

DoS/PoC: World Of Warcraft 3.3.5a (macros-cache.txt) - Stack Overflow
http://www.exploit-db.com/exploits/34129

2014年7月18日金曜日

18日 金曜日、先負










+ HPSBHF02913 rev.1 - HP Intelligent Management Center (iMC) and HP Branch Intelligent Management System (BIMS), Remote Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04369484-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2618
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2620
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2622

+ UPDATE: HPSBMU03072 SSRT101644 rev.2 - HP Data Protector, Remote Execution of Arbitrary Code
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04373818-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Linux kernel 3.15.6, 3.14.13, 3.10.49, 3.4.99 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.6
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.13
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.49
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.99

+ Microsoft Internet Explorer CSS import Memory Corruption
http://cxsecurity.com/issue/WLB-2014070093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1763

+ Microsoft Internet Explorer Request Object Confusion Sandbox Bypass
http://cxsecurity.com/issue/WLB-2014070092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1764

+ Microsoft Windows DirectShow Privilege Escalation
http://cxsecurity.com/issue/WLB-2014070091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2780

+ Microsoft Internet Explorer ShowSaveFileDialog() Sandbox Bypass
http://cxsecurity.com/issue/WLB-2014070090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2777

+ SA60078 Google Chrome for Android Spoofing and Security Bypass Vulnerabilities
http://secunia.com/advisories/60078/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3161

+ SA60077 Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/60077/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3162

チェックしておきたい脆弱性情報<2014.07.18>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/071400005/?ST=security

ベネッセ情報漏洩事件容疑者は「ベテランで中心的な役割」、謝罪会見一問一答
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/071700013/?ST=security

【実例で解き明かす、標的型サイバー攻撃の危険度】
「侵入されること」を前提に、攻撃への対応体制構築が急務
http://itpro.nikkeibp.co.jp/article/COLUMN/20140701/567916/?ST=security

ベネッセ、お詫び対応の200億円でも取り戻せないもの
http://itpro.nikkeibp.co.jp/atcl/column/14/509445/071700008/?ST=security

ベネッセが容疑者逮捕を受け緊急会見、お詫び対応に200億円
http://itpro.nikkeibp.co.jp/atcl/news/14/071700118/?ST=security

ベネッセ顧客情報漏洩、DB管理の技術者を逮捕
http://itpro.nikkeibp.co.jp/atcl/news/14/071700105/?ST=security

2014年7月17日木曜日

17日 木曜日、友引

+ RHSA-2014:0890 Important: java-1.7.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2014-0890.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4266

+ RHSA-2014:0889 Critical: java-1.7.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2014-0889.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4266

+ RHSA-2014:0678 Important: kernel security updat
https://access.redhat.com/errata/RHSA-2014:0678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196

+ RHSA-2014:0861 Moderate: lzo security update
https://access.redhat.com/errata/RHSA-2014:0861

+ RHSA-2014:0741 Critical: firefox security updat
https://access.redhat.com/errata/RHSA-2014:0741

+ RHSA-2014:0867 Moderate: samba security update
https://access.redhat.com/errata/RHSA-2014:0867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493

+ RHSA-2014:0702 Moderate: mariadb security update
https://access.redhat.com/errata/RHSA-2014:0702

+ RHSA-2014:0786 Important: kernel security, bug fix, and enhancement updat
https://access.redhat.com/errata/RHSA-2014:0786

+ RHSA-2014:0827 Moderate: tomcat security update
https://access.redhat.com/errata/RHSA-2014:0827

+ RHSA-2014:0685 Important: java-1.6.0-openjdk security update
https://access.redhat.com/errata/RHSA-2014:0685

+ RHSA-2014:0675 Critical: java-1.7.0-openjdk security update
https://access.redhat.com/errata/RHSA-2014:0675

+ RHSA-2014:0889 Critical: java-1.7.0-openjdk security update
https://access.redhat.com/errata/RHSA-2014:0889

+ RHSA-2014:0679 Important: openssl security update
https://access.redhat.com/errata/RHSA-2014:0679

+ RHSA-2014:0704 Moderate: qemu-kvm security and bug fix updat
https://access.redhat.com/errata/RHSA-2014:0704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2894

+ RHSA-2014:0703 Moderate: json-c security update
https://access.redhat.com/errata/RHSA-2014:0703

+ RHSA-2014:0820 Important: docker security update
https://access.redhat.com/errata/RHSA-2014:0820

+ RHSA-2014:0687 Moderate: libtasn1 security updat
https://access.redhat.com/errata/RHSA-2014:0687

+ RHSA-2014:0686 Important: tomcat security updat
https://access.redhat.com/errata/RHSA-2014:0686

+ RHSA-2014:0684 Important: gnutls security update
https://access.redhat.com/errata/RHSA-2014:0684

+ RHSA-2014:0790 Moderate: dovecot security updat
https://access.redhat.com/errata/RHSA-2014:0790

+ RHSA-2014:0680 Important: openssl098e security update
https://access.redhat.com/errata/RHSA-2014:0680

+ RHSA-2014:0705 Critical: java-1.7.1-ibm security update
https://access.redhat.com/errata/RHSA-2014:0705

+ Google Chrome 36.0.1985.125 released
http://googlechromereleases.blogspot.jp/2014/07/stable-channel-update.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3162

+ CESA-2014:0889 Critical CentOS 6 java-1.7.0-openjdk Update
http://lwn.net/Alerts/605611/

+ CESA-2014:0890 Important CentOS 5 java-1.7.0-openjdk Update
http://lwn.net/Alerts/605612/

+ CESA-2014:0889 Critical CentOS 7 java-1.7.0-openjdk Security Update
http://lwn.net/Alerts/605613/

+ Cisco Wireless Residential Gateway Remote Code Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscosa-20140716-cm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3306

+ HPSBMU03072 SSRT101644 rev.2 - HP Data Protector, Remote Execution of Arbitrary Code
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04373818-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2623

+ GCC 4.9.1 released
https://gcc.gnu.org/gcc-4.9/

+ Oracle VirtualBox Guest Additions Arbitrary Write Privilege Escalation
http://cxsecurity.com/issue/WLB-2014070084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2477

+ Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/68678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226

+ Google Chrome Prior to 36.0.1985.122 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/68677
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3162

JVNDB-2014-000079 多機能メールフォームフリーにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000079.html

チェックしておきたい脆弱性情報<2014.07.17>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/071400004/?ST=security

世界のセキュリティ・ラボから日経コミュニケーション
「Android L」はパスワード不要になる?
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/071400001/?ST=security

【実例で解き明かす、標的型サイバー攻撃の危険度】
攻撃者の内部活動を「可視化」、挙動を監視しその相関を見抜く
http://itpro.nikkeibp.co.jp/article/COLUMN/20140701/567915/?ST=security

「サイバーセキュリティは日本の城と同じ」、ガートナーの礒田氏
http://itpro.nikkeibp.co.jp/atcl/news/14/071600088/?ST=security

スナップショットの誤消去が42%、アイティフォーがデータ復旧の実態を報告
http://itpro.nikkeibp.co.jp/atcl/news/14/071600079/?ST=security

Google、ゼロデイ攻撃撲滅に取り組む「Project Zero」チームを発足へ
http://itpro.nikkeibp.co.jp/atcl/news/14/071600076/?ST=security

JVN#41028866 多機能メールフォームフリーにおけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN41028866/

REMOTE: Boat Browser 8.0 and 8.0.1 - Remote Code Execution Vulnerability
http://www.exploit-db.com/exploits/34088

DoS/PoC: Node Browserify 4.2.0 - Remote Code Execution Vulnerability
http://www.exploit-db.com/exploits/34090

2014年7月16日水曜日

16日 水曜日、先勝

+ Oracle Critical Patch Update Advisory - July 2014
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

+ HPSBNS03067 rev.1 - HP NonStop SSL running OpenSSL, Remote Code Execution, Unauthorized Access, Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04367164-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ HPSBNS03066 rev.1 - HP NonStop XYGATE User Authentication (XUA) running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04366622-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ HPSBST03039 rev.1 - HP StoreVirtual 4000 Storage and StoreVirtual VSA, Remote Disclosure of Information, Elevation of Privilege
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04281279-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2606

+ CVE-2014-0075 Numeric Errors vulnerability in Apache Tomcat
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0075_numeric_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075

+ CVE-2014-0096 Permissions, Privileges, and Access Control vulnerability in Apache Tomcat
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0096_permissions_privileges
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096

+ CVE-2014-0099 Numeric Errors vulnerability in Apache Tomcat
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0099_numeric_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099

+ CVE-2014-0119 Permissions, Privileges, and Access Control vulnerability in Apache Tomcat
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0119_permissions_privileges
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119

+ Multiple vulnerabilities in X.Org
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_x_org2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0211

+ CVE-2012-2125 HTTPS to HTTP redirection vulnerability in RubyGems
https://blogs.oracle.com/sunsecurity/entry/cve_2012_2125_https_to
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2125

+ CVE-2012-2126 Cryptographic Issues vulnerability in RubyGems
https://blogs.oracle.com/sunsecurity/entry/cve_2012_2126_cryptographic_issues
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2126

+ Multiple vulnerabilities in Lighttpd
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_lighttpd
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2324

+ Multiple vulnerabilities in GNU Libtasn1
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_gnu_libtasn1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469

+ Multiple vulnerabilities in GnuTLS
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_gnutls
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469

+ FreeBSD 9.3-RELEASE released
http://www.freebsd.org/releases/9.3R/relnotes.html

+ Java SE 8u11, 7u65 Released
http://www.oracle.com/technetwork/java/javase/8u11-relnotes-2232915.html
http://www.oracle.com/technetwork/java/javase/7u65-relnotes-2229169.html

+ MySQL Multiple Bugs Let Remote Authenticated Users Partially Access and Modify Data and Partially Deny Service
http://www.securitytracker.com/id/1030578
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4233
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4240
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4260

+ Oracle Java SE Multiple Flaws Let Remote Users Execute Arbitrary Code, Access and Modify Data, and Deny Service
http://www.securitytracker.com/id/1030577
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4220
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4247
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4268

+ Oracle Database Core RDBMS Bugs Let Remote Authenticated Users Partially Access and Modify Data and Cause Denial of Service Conditions
http://www.securitytracker.com/id/1030576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4236
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4245

+ SA59786 FreeBSD SCTP Information Disclosure Vulnerabilities
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3952
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3953

+ PHP 'get_icu_value_internal()' Function Memory Corruption Vulnerability
http://www.securityfocus.com/bid/68550

JVNDB-2014-000072 S2Struts において ClassLoader が操作可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000072.html

JVNDB-2014-000078 サイボウズ ガルーンのメッセージ機能におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000078.html

JVNDB-2014-000077 サイボウズ ガルーンにおいて他のユーザのポートレット設定へアクセス可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000077.html

JVNDB-2014-000076 サイボウズ ガルーンのお知らせポートレット機能におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000076.html

JVNDB-2014-000075 サイボウズ ガルーンの地図検索機能におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000075.html

JVNDB-2014-000074 サイボウズ ガルーン 3 連携API におけるアクセス制限回避の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000074.html

JVNDB-2014-000073 サイボウズ ガルーンにおいて任意のコマンドが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000073.html

【実例で解き明かす、標的型サイバー攻撃の危険度】
数字でわかる攻撃の傾向、設定変更で多くの危険は防げる
http://itpro.nikkeibp.co.jp/article/COLUMN/20140701/567914/?ST=security

LINEが乗っ取り対策を強化、スマホ版で「PINコード」による本人確認
http://itpro.nikkeibp.co.jp/atcl/news/14/071500067/?ST=security

2014年7月15日火曜日

15日 火曜日、赤口

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

+ HPSBHF02913 rev.1 - HP Intelligent Management Center (iMC) and HP Branch Intelligent Management System (BIMS), Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04369484-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2618
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2620
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2622

+ HPSBST03039 rev.1 - HP StoreVirtual 4000 Storage and StoreVirtual VSA, Remote Disclosure of Information, Elevation of Privilege
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04281279-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2606

+ HP StoreVirtual Bugs Let Remote Users Obtain Information and Remote Authenticated Users Gain Elevated Privileges
http://www.securitytracker.com/id/1030567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2606

+ REMOTE: HP Data protector manager 8.10 remote command execution
http://www.exploit-db.com/exploits/34066

【実例で解き明かす、標的型サイバー攻撃の危険度】
刻々と変わる攻撃の手口、存在を隠し目的達成まで執拗に継続
http://itpro.nikkeibp.co.jp/article/COLUMN/20140701/567913/?ST=security

「Windows 8.1 Update」の適用を忘れずに
http://itpro.nikkeibp.co.jp/article/COLUMN/20140711/571045/?ST=security

JVNVU#91389735 Datum Systems の衛星モデムに複数の脆弱性
http://jvn.jp/vu/JVNVU91389735/

VU#204988 Kaseya's agent driver contains NULL pointer dereference
http://www.kb.cert.org/vuls/id/204988

REMOTE: D-Link info.cgi POST Request Buffer Overflow
http://www.exploit-db.com/exploits/34063

REMOTE: D-Link HNAP Request Remote Buffer Overflow
http://www.exploit-db.com/exploits/34064

+ glibc locale issues PoC  FEIN
http://cxsecurity.com/issue/WLB-2014070073

2014年7月14日月曜日

14日 月曜日、大安









+ マイクロソフト セキュリティ アドバイザリ 2982792 不適切に発行されたデジタル証明書により、なりすましが行われる
https://technet.microsoft.com/ja-jp/library/security/2982792

+ HPSBNS03067 rev.1 - HP NonStop SSL running OpenSSL, Remote Code Execution, Unauthorized Access, Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04367164-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ HPSBNS03066 rev.1 - HP NonStop XYGATE User Authentication (XUA) running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04366622-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ Linux kernel 3.2.61 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.61

+ Juniper ScreenOS SSL/TLS Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030564
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2842

+ Juniper Junos SRX Input Validation Flaw in Web Authentication Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1030563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3821

+ Juniper Junos PIM Routing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030561
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3819

+ Juniper Junos SRX Series IPv6/IPv4 Translation flowd Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3822

+ Juniper Junos Unspecified Command Line Interface Flaw Lets Local Users Gain Root Privileges
http://www.securitytracker.com/id/1030559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3816

+ Juniper Junos SRX Series NAT flowd Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3817

+ Juniper Junos SRX Series SIP ALG flowd Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3815

+ SA56800 PHP Two Use-After-Free Vulnerabilities
http://secunia.com/advisories/56800/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4698

+ SA59633 Linux Kernel ptrace SYSRET Path Privilege Escalation Vulnerability
http://secunia.com/advisories/59633/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4699

+ PHP 'ext/spl/spl_dllist.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/68513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670

+ PHP 'ext/spl/spl_array.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/68511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4698

【実例で解き明かす、標的型サイバー攻撃の危険度】
実例で解き明かす、標的型サイバー攻撃の危険度
http://itpro.nikkeibp.co.jp/article/COLUMN/20140701/567904/?ST=security

【実例で解き明かす、標的型サイバー攻撃の危険度】
最大の弱点は「人間」、攻撃者が情報を盗むまでの6ステップ
http://itpro.nikkeibp.co.jp/article/COLUMN/20140701/567912/?ST=security

外付け機器でのデータ持ち出しを防止、ラネクシーがPC操作ログ管理ソフト新版
http://itpro.nikkeibp.co.jp/article/NEWS/20140710/570762/?ST=security

JVNVU#94415561 Raritan PX Power Distribution ソフトウェアに cipher zero 攻撃を受ける脆弱性
http://jvn.jp/vu/JVNVU94415561/

UPDATE: JVN#61247051 OpenSSL における Change Cipher Spec メッセージの処理に脆弱性
http://jvn.jp/jp/JVN61247051/index.html

VU#917348 Datum Systems satellite modem devices contain multiple vulnerabilities
http://www.kb.cert.org/vuls/id/917348

2014年7月11日金曜日

11日 金曜日、友引

+ CESA-2014:0861 Moderate CentOS 7 lzo Update
http://lwn.net/Alerts/604997/

+ CESA-2014:0867 Moderate CentOS 7 samba Update
http://lwn.net/Alerts/604998/

+ CESA-2014:0866 Moderate CentOS 6 samba Update
http://lwn.net/Alerts/604999/

+ CESA-2014:0866 Moderate CentOS 5 samba3x Update
http://lwn.net/Alerts/605000/

+ CESA-2014:0865 Moderate CentOS 6 tomcat6 Update
http://lwn.net/Alerts/605001/

+ HPSBGN03068 rev.1 - HP OneView running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04368264-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ HPSBMU03070 rev.1 - HP Cloud Service Automation, OpenSSL Vulnerability, Unauthorized Access, Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04368546-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ HPSBMU03069 rev.1 - HP Software Operation Orchestration, OpenSSL Vulnerability, SSL/TLS, Remote Code Execution, Denial of Service (DoS), Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04368523-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ Oracle Critical Patch Update Pre-Release Announcement - July 2014
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

+ Android NFC Denial Of Service
http://cxsecurity.com/issue/WLB-2014070055

+ SA59827 MySQL Workbench OpenSSL SSL/TLS Handshakes Security Issue
http://secunia.com/advisories/59827/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

HTTPS Inspection update for attending India CCA unauthorized digital certificates
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk101565&src=securityAlerts

【続報】対象者は4000万人超か、ベネッセ個人情報漏えいの調査経緯
http://itpro.nikkeibp.co.jp/article/NEWS/20140709/570325/?ST=security

従業員に「守ってもらう」ルール作りの秘訣
http://itpro.nikkeibp.co.jp/article/COLUMN/20140708/569893/?ST=security

記者の眼日経コンピュータ
15年超IT系記者のプライドがポッキリ折れた話
http://itpro.nikkeibp.co.jp/article/Watcher/20140709/570123/?ST=security

ジャストシステム、ベネッセからの面会要請に「協議には応じる」
http://itpro.nikkeibp.co.jp/article/NEWS/20140710/570743/?ST=security

経済産業省、情報漏洩でベネッセコーポレーションに書面報告を要請
http://itpro.nikkeibp.co.jp/article/NEWS/20140710/570707/?ST=security

JVNVU#98939460 Liferay Portal に複数のクロスサイトスクリプティングの脆弱性
http://jvn.jp/vu/JVNVU98939460/index.html

VU#712660 Raritian PX power distribution software is vulnerable to the cipher zero attack.
http://www.kb.cert.org/vuls/id/712660

2014年7月10日木曜日

10日 木曜日、先勝











+ RHSA-2014:0866 Moderate: samba and samba3x security update
https://rhn.redhat.com/errata/RHSA-2014-0866.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493

+ RHSA-2014:0865 Moderate: tomcat6 security and bug fix update
https://rhn.redhat.com/errata/RHSA-2014-0865.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099

+ RHSA-2014:0866 Moderate: samba and samba3x security update
https://rhn.redhat.com/errata/RHSA-2014-0866.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493

+ RHSA-2014:0861 Moderate: lzo security update
https://rhn.redhat.com/errata/RHSA-2014-0861.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4607

+ CESA-2014:0861 Moderate CentOS 6 lzo Update
http://lwn.net/Alerts/604824/

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

+ Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1870

+ HPSBGN03068 rev.1 - HP OneView running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04368264-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ HPSBMU03070 rev.1 - HP Cloud Service Automation, OpenSSL Vulnerability, Unauthorized Access, Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04368546-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ HPSBMU03069 rev.1 - HP Software Operation Orchestration, OpenSSL Vulnerability, SSL/TLS, Remote Code Execution, Denial of Service (DoS), Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04368523-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ Linux kernel 3.15.5, 3.14.12, 3.10.48, 3.4.98 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.5
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.12
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.48
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.98

+ FreeBSD Kernel Memory Initialization Flaws Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1030539
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3952
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3953

+ SA58964 Linux Kernel System Call Auditing Denial of Service Vulnerability
http://secunia.com/advisories/58964/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508

+ iTunes 11.2.2 for Windows: completely outdated and vulnerable 3rd party libraries
http://cxsecurity.com/issue/WLB-2014070047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569

+ Linux Kernel 3.15.1 ft1000 Null Pointer Dereference
http://cxsecurity.com/issue/WLB-2014070048

+ Linux Kernel 'shmem.c' CVE-2014-4171 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/68157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171

【進化するアマゾンのAWS その歴史とサービスの勘所】
第4回 ビッグデータを迅速に処理するAmazon Elastic MapReduce
http://itpro.nikkeibp.co.jp/article/COLUMN/20140617/564697/?ST=security

記者の眼日経コンピュータ
サイバー攻撃で自社サイトが長期閉鎖したら? ネットからの消滅を防ぐ方法
http://itpro.nikkeibp.co.jp/article/Watcher/20140701/567983/?ST=security

IEに危険な脆弱性が多数、マイクロソフトはパッチを公開
http://itpro.nikkeibp.co.jp/article/NEWS/20140709/570305/?ST=security

デルが“半額”武器にセキュリティ本格参入、スパム対策で年間2億円狙う
http://itpro.nikkeibp.co.jp/article/NEWS/20140709/570304/?ST=security

[速報]ベネッセで「進研ゼミ」などの個人情報約760万件漏洩、内部者関与の可能性
http://itpro.nikkeibp.co.jp/article/NEWS/20140709/570262/?ST=security

中国政府と関連のあるハッカー集団が米国の中東問題専門家を攻撃
http://itpro.nikkeibp.co.jp/article/NEWS/20140709/570042/?ST=security

JVNVU#95045914 CENTUM を含む複数の YOKOGAWA 製品にバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU95045914/

UPDATE: JVNVU#91918249 Netgear GS105PE Prosafe Plus Switch に認証情報がハードコードされている問題
http://jvn.jp/vu/JVNVU91918249/index.html

VU#100972 Liferay Portal PCE contains multiple cross-site scripting vulnerabilities
http://www.kb.cert.org/vuls/id/100972

2014年7月9日水曜日

9日 水曜日、赤口










+ 2014 年 7 月のマイクロソフト セキュリティ情報の概要
https://technet.microsoft.com/library/security/ms14-jul

+ MS14-037 Internet Explorer 用の累積的なセキュリティ更新プログラム (2975687)
https://technet.microsoft.com/library/security/ms14-037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1765
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2795
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2806
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2813

+ MS14-038 Windows Journal の脆弱性により、リモートでコードが実行される (2975689)
https://technet.microsoft.com/library/security/ms14-038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1824

+ MS14-039 スクリーン キーボードの脆弱性により、特権が昇格される (2975685)
https://technet.microsoft.com/library/security/ms14-039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2781

+ MS14-040 Ancillary Function ドライバー (AFD) の脆弱性により、特権が昇格される (2975684)
https://technet.microsoft.com/library/security/ms14-040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1767

+ MS14-041DirectShow の脆弱性により、特権が昇格される (2975681)
https://technet.microsoft.com/library/security/ms14-041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2780

+ MS14-042 Microsoft Service Bus の脆弱性により、サービス拒否が起こる (2972621)
https://technet.microsoft.com/library/security/ms14-042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2814

+ UPDATE: マイクロソフト セキュリティ アドバイザリ 2960358 .NET TLS で RC4 を無効化するための更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2960358

+ UPDATE: マイクロソフト セキュリティ アドバイザリ 2871997 資格情報の保護と管理を改善する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2871997

+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2755801

+ nginx 1.7.3 released
http://nginx.org/

+ APSB14-17 Security updates available for Adobe Flash Player
http://helpx.adobe.com/security/products/flash-player/apsb14-17.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0539
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4671

+ UPDATE: Multiple Vulnerabilities in Cisco Unified Communications Domain Manager
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm

+ HPSBGN03050 rev.1 - HP IceWall SSO Dfw and HP IceWall MCRP running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04343424-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ HPSBMU03065 rev.1 - HP Operations Analytics, OpenSSL Vulnerability, SSL/TLS, Remote Code Execution, Denial of Service (DoS), Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04363613-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ FreeBSD-SA-14:17.kmem Kernel memory disclosure in control messages and SCTP notifications
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:17.kmem.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3952
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3953

+ Linux Kernel 3.15.1 ft1000 Null Pointer Dereference
http://cxsecurity.com/issue/WLB-2014070048

+ iTunes 11.2.2 for Windows: completely outdated and vulnerable 3rd party libraries
http://cxsecurity.com/issue/WLB-2014070047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569

Apache Tomcat Native 1.1.31 Released
http://tomcat.apache.org/native-doc/miscellaneous/changelog.html

JVNDB-2014-000071 Becky! Internet Mail におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000071.html

JVNVU#95045914 CENTUM を含む複数の YOKOGAWA 製品にバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU95045914/index.html

JVNVU#97652615 AVG Safeguard および AVG Secure Search の ActiveX コントロールに任意のコードを実行される脆弱性
http://jvn.jp/vu/JVNVU97652615/index.html

【「ソーシャル新人類」の不夜城~10代は何を考えているのか】
宿題はコピペで違法にダウンロード、抵抗を感じない学生たちの理屈
http://itpro.nikkeibp.co.jp/article/COLUMN/20140707/569455/?ST=security

REMOTE: Yokogawa CS3000 BKFSim_vhfd.exe Buffer Overflow
http://www.exploit-db.com/exploits/34009