20日 水曜日、先勝

+ RHSA-2014:1075 Moderate: qemu-kvm security and bug fix update
https://rhn.redhat.com/errata/RHSA-2014-1075.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0222
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0223

+ CESA-2014:1073 Low CentOS 7 nss-util Security Update
http://lwn.net/Alerts/608902/

+ CESA-2014:1073 Low CentOS 7 nss-softokn Security Update
http://lwn.net/Alerts/608903/

+ CESA-2014:1073 Low CentOS 7 nss Security Update
http://lwn.net/Alerts/608904/

+ CVE-2013-0900 Race Conditions vulnerability in ICU
https://blogs.oracle.com/sunsecurity/entry/cve_2013_0900_race_conditions
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0900

+ Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Horizon
https://blogs.oracle.com/sunsecurity/entry/multiple_cross_site_scripting_xss1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3475

+ CVE-2014-4020 Numeric Errors vulnerability in Wireshark
https://blogs.oracle.com/sunsecurity/entry/cve_2014_4020_numeric_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4020

+ CVE-2014-3520 Privilege Escalation vulnerability in OpenStack Keystone
https://blogs.oracle.com/sunsecurity/entry/cve_2014_3520_privilege_escalation
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3520

+ CVE-2014-0191 Denial of Service(DOS) vulnerability in Libxml2
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0191_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0191

+ Multiple vulnerabilities in Samba
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493

+ REMOTE: Firefox toString console.time Privileged Javascript Injection
http://www.exploit-db.com/exploits/34363

+ REMOTE: Gitlab-shell Code Execution
http://www.exploit-db.com/exploits/34362

+ Firefox toString console.time Privileged Javascript Injection
http://cxsecurity.com/issue/WLB-2014080078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1670

+ Outlook.com For Android Failed Validation
http://cxsecurity.com/issue/WLB-2014080075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5239

JVNDB-2014-000099 Advance-Flow における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000099.html

UPDATE: JVNVU#93614707 OpenSSL クライアントにナルポインタ参照の脆弱性
http://jvn.jp/vu/JVNVU93614707/

NRM、クラウド型のクライアント管理サービスを中小企業向けに提供
http://itpro.nikkeibp.co.jp/atcl/news/14/081900482/?ST=security

米国の病院に中国からサイバー攻撃、患者450万人のデータが流出
http://itpro.nikkeibp.co.jp/atcl/news/14/081900473/?ST=security

多様化する「DDoS攻撃」、国内のホームルーターも踏み台に
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/072800020/?ST=security