+ 2014 年 10 月のマイクロソフト セキュリティ情報事前通知
https://technet.microsoft.com/ja-jp/library/security/ms14-oct
+ Google Chrome 38.0.2125.101 released
http://googlechromereleases.blogspot.jp/2014/10/stable-channel-update.html
+ UPDATE: GNU Bash Environment Variable Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
+ UPDATE: OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
+ HPSBMU03113 rev.1 - HP Helion Public Cloud, Bash Shell, Remote Code Execution
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04473775-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
+ HPSBMU03127 rev.1 - HP Operations Manager for UNIX, Remote Code Execution
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04472866-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2649
+ HPSBMU03110 rev.1 - HP Sprinter, Remote Execution of Code
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04454636-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2638
+ Linux kernel 3.16.5, 3.14.21, 3.10.57 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.5
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.21
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.57
+ PostgreSQL 9.4 Beta 3 Released
http://www.postgresql.org/about/news/1547/
+ LOCAL: Linux Kernel remount FUSE Exploit
http://www.exploit-db.com/exploits/34923
+ Linux Kernel 3.16.1 FUSE Privilege Escalation
http://cxsecurity.com/issue/WLB-2014100059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5207
+ OpenSSH 6.6 SFTP Misconfiguration Proof Of Concept
http://cxsecurity.com/issue/WLB-2014100058
+ Microsoft October 2014 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/70367
JVNVU#90832155 IBM WebSphere Application Server に複数の脆弱性
http://jvn.jp/vu/JVNVU90832155/
JVNVU#93614707 OpenSSL クライアントにナルポインタ参照の脆弱性
http://jvn.jp/vu/JVNVU93614707/
JVNVU#96299483 BMC Track-It! に複数の脆弱性
http://jvn.jp/vu/JVNVU96299483/
JVNVU#99271186 Cryoserver における権限昇格の脆弱性
http://jvn.jp/vu/JVNVU99271186/
世界のセキュリティ・ラボから
Bashの重大なバグ「Shellshock」、攻撃のシナリオは?
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/100700015/?ST=security
チェックしておきたい脆弱性情報<2014.10.10>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/100700023/?ST=security
NECとエンカレッジ、セキュリティ分野で協業
http://itpro.nikkeibp.co.jp/atcl/news/14/100901302/?ST=security
米国で広がるモバイル詐欺、AT&Tが1億ドル超でFTCと和解
http://itpro.nikkeibp.co.jp/atcl/news/14/100901298/?ST=security
チェックしておきたい脆弱性情報<2014.10.9>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/100700022/?ST=security
REMOTE: Wordpress InfusionSoft Plugin Upload Vulnerability
http://www.exploit-db.com/exploits/34925
REMOTE: Rejetto HttpFileServer Remote Command Execution
http://www.exploit-db.com/exploits/34926
REMOTE: F5 iControl Remote Root Command Execution
http://www.exploit-db.com/exploits/34927
0 件のコメント:
コメントを投稿