2014年7月16日水曜日

16日 水曜日、先勝

+ Oracle Critical Patch Update Advisory - July 2014
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

+ HPSBNS03067 rev.1 - HP NonStop SSL running OpenSSL, Remote Code Execution, Unauthorized Access, Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04367164-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ HPSBNS03066 rev.1 - HP NonStop XYGATE User Authentication (XUA) running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04366622-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ HPSBST03039 rev.1 - HP StoreVirtual 4000 Storage and StoreVirtual VSA, Remote Disclosure of Information, Elevation of Privilege
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04281279-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2606

+ CVE-2014-0075 Numeric Errors vulnerability in Apache Tomcat
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0075_numeric_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075

+ CVE-2014-0096 Permissions, Privileges, and Access Control vulnerability in Apache Tomcat
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0096_permissions_privileges
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096

+ CVE-2014-0099 Numeric Errors vulnerability in Apache Tomcat
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0099_numeric_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099

+ CVE-2014-0119 Permissions, Privileges, and Access Control vulnerability in Apache Tomcat
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0119_permissions_privileges
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119

+ Multiple vulnerabilities in X.Org
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_x_org2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0211

+ CVE-2012-2125 HTTPS to HTTP redirection vulnerability in RubyGems
https://blogs.oracle.com/sunsecurity/entry/cve_2012_2125_https_to
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2125

+ CVE-2012-2126 Cryptographic Issues vulnerability in RubyGems
https://blogs.oracle.com/sunsecurity/entry/cve_2012_2126_cryptographic_issues
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2126

+ Multiple vulnerabilities in Lighttpd
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_lighttpd
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2324

+ Multiple vulnerabilities in GNU Libtasn1
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_gnu_libtasn1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469

+ Multiple vulnerabilities in GnuTLS
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_gnutls
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469

+ FreeBSD 9.3-RELEASE released
http://www.freebsd.org/releases/9.3R/relnotes.html

+ Java SE 8u11, 7u65 Released
http://www.oracle.com/technetwork/java/javase/8u11-relnotes-2232915.html
http://www.oracle.com/technetwork/java/javase/7u65-relnotes-2229169.html

+ MySQL Multiple Bugs Let Remote Authenticated Users Partially Access and Modify Data and Partially Deny Service
http://www.securitytracker.com/id/1030578
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4233
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4240
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4260

+ Oracle Java SE Multiple Flaws Let Remote Users Execute Arbitrary Code, Access and Modify Data, and Deny Service
http://www.securitytracker.com/id/1030577
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4220
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4247
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4268

+ Oracle Database Core RDBMS Bugs Let Remote Authenticated Users Partially Access and Modify Data and Cause Denial of Service Conditions
http://www.securitytracker.com/id/1030576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4236
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4245

+ SA59786 FreeBSD SCTP Information Disclosure Vulnerabilities
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3952
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3953

+ PHP 'get_icu_value_internal()' Function Memory Corruption Vulnerability
http://www.securityfocus.com/bid/68550

JVNDB-2014-000072 S2Struts において ClassLoader が操作可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000072.html

JVNDB-2014-000078 サイボウズ ガルーンのメッセージ機能におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000078.html

JVNDB-2014-000077 サイボウズ ガルーンにおいて他のユーザのポートレット設定へアクセス可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000077.html

JVNDB-2014-000076 サイボウズ ガルーンのお知らせポートレット機能におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000076.html

JVNDB-2014-000075 サイボウズ ガルーンの地図検索機能におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000075.html

JVNDB-2014-000074 サイボウズ ガルーン 3 連携API におけるアクセス制限回避の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000074.html

JVNDB-2014-000073 サイボウズ ガルーンにおいて任意のコマンドが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000073.html

【実例で解き明かす、標的型サイバー攻撃の危険度】
数字でわかる攻撃の傾向、設定変更で多くの危険は防げる
http://itpro.nikkeibp.co.jp/article/COLUMN/20140701/567914/?ST=security

LINEが乗っ取り対策を強化、スマホ版で「PINコード」による本人確認
http://itpro.nikkeibp.co.jp/atcl/news/14/071500067/?ST=security

ラベル:

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)