+ Android-x86 6.0.1_r3 released
http://www.android-x86.org/
+ phpMyAdmin 4.5.3.1, 4.4.15.2, 4.0.10.12 released
https://www.phpmyadmin.net/files/4.5.3/
https://www.phpmyadmin.net/files/4.4.15.2/
https://www.phpmyadmin.net/files/4.0.10.12/
+ PMASA-2015-6 Full path disclosure vulnerability
https://www.phpmyadmin.net/security/PMASA-2015-6/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8669
+ HS15-034 Cross-site Scripting Vulnerability in uCosminexus Portal Framework and Groupmax Collaboration
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-034/index.html
+ HS15-033 Information Disclosure Vulnerability in JP1/Integrated Management - Universal CMDB
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-033/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5440
+ HS15-034 uCosminexus Portal FrameworkおよびGroupmax Collaborationにおけるクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-034/index.html
+ HS15-033 JP1/Integrated Management - Universal CMDBにおける情報漏えいの問題
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-033/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5440
+ Microsoft Office 2007 msxml5.dll Crash Proof Of Concept
https://cxsecurity.com/issue/WLB-2015090004
+ PHP 5.6.13 Uninitialized pointer in phar_make_dirstream
https://cxsecurity.com/issue/WLB-2015100035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7804
+ PHP 7.0.0 - Format String Vulnerability
https://cxsecurity.com/issue/WLB-2015120271
JVNDB-2015-000203 CG-WLNCM4G がオープンリゾルバとして機能してしまう問題
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000203.html
JVNDB-2015-000202 CG-WLBARAGM がオープンプロキシとして機能してしまう問題
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000202.html
JVNDB-2015-000201 CG-WLBARGS における認証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000201.html
損保ジャパン日本興亜、サイバー保険をISMS取得で4割引き
http://itpro.nikkeibp.co.jp/atcl/news/15/122504200/?ST=security
2015年アクセスランキング発表!
[セキュリティ]社会を揺るがした「マイナンバー」と「年金情報流出事案」にアクセス集中
http://itpro.nikkeibp.co.jp/atcl/column/15/121100284/121100004/?ST=security
Yahoo!、国家が関与するアカウント攻撃をユーザーに警告へ
http://itpro.nikkeibp.co.jp/atcl/news/15/122504190/?ST=security
JVNVU#98704210 ISC Kea DHCP サーバにサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU98704210/
2015年12月28日月曜日
2015年12月25日金曜日
25日 金曜日、先勝
+ MFSA 2015-150 MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature
https://www.mozilla.org/en-US/security/advisories/mfsa2015-150/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575
+ Mozilla Thunderbird 38.5.0 released
https://www.mozilla.org/en-US/thunderbird/38.5.0/releasenotes/
+ Cisco Jabber for Windows STARTTLS Downgrade Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151224-jab
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6409
+ UPDATE: Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp
+ UPDATE: JVNVU#97216921 ISC BIND 9 に複数のサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU97216921/index.html
+ PHP 7.0.0 - Format String Vulnerability
https://cxsecurity.com/issue/WLB-2015120271
運転中止の山手線E235系、1両18トンの重りで停止ソフトを再検証
http://itpro.nikkeibp.co.jp/atcl/news/15/122404185/?ST=security
UPDATE: JVNVU#98704210 ISC Kea DHCP サーバにサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU98704210/index.html
2015年12月24日木曜日
24日 木曜日、赤口
+ RHSA-2015:2694 Important: qemu-kvm security update
https://rhn.redhat.com/errata/RHSA-2015-2694.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7512
+ Mozilla Firefox 43.0.2 released
https://www.mozilla.org/en-US/firefox/43.0.2/releasenotes/
+ CESA-2015:2694 Important CentOS 6 qemu-kvm Security Update
http://lwn.net/Alerts/669028/
+ phpMyAdmin 4.5.3 released
https://www.phpmyadmin.net/files/4.5.3/
+ UPDATE: Vulnerability in Java Deserialization Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization
+ UPDATE: JVN#88408929 Apache Struts におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN88408929/index.html
+ UPDATE: JVNVU#95877131 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU95877131/index.html
+ UPDATE: JVNVU#99125992 SSL/TLS の実装が輸出グレードの RSA 鍵を受け入れる問題 (FREAK 攻撃)
http://jvn.jp/vu/JVNVU99125992/index.html
+ JVNVU#94797797 Juniper ScreenOS に複数の脆弱性
http://jvn.jp/vu/JVNVU94797797/index.html
JDBC 1207 released as a Maven project
http://www.postgresql.org/about/news/1633/
News & Trend
2016年もサイバー攻撃は増加の予測、情報窃盗から破壊工作へ悪質さ増す
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/122100406/?ST=security
[続報]サンリオの香港出資先、最大330万人の個人情報をネットで公開
現時点で漏洩・悪用の事実なし
http://itpro.nikkeibp.co.jp/atcl/news/15/122304177/?ST=security
サンリオ、330万件の情報漏洩との報道に「調査中」と回答
http://itpro.nikkeibp.co.jp/atcl/news/15/122204175/?ST=security
大和ソフトウェアリサーチ、クラウド型WAFサービスとWeb脆弱診断を開始
http://itpro.nikkeibp.co.jp/atcl/news/15/122204170/?ST=security
2015年12月22日火曜日
22日 火曜日、仏滅
+ RHSA-2015:2671 Important: jakarta-commons-collections security update
https://rhn.redhat.com/errata/RHSA-2015-2671.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501
+ Mozilla Firefox 43.0.1 released
https://www.mozilla.org/en-US/firefox/43.0.1/releasenotes/
+ CESA-2015:2671 Important CentOS 5 jakarta-commons-collections Security Update
http://lwn.net/Alerts/668737/
+ Cisco IOS XE Software Packet Processing Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2015-1221-iosxe
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6431
+ libpng 1.6.20, 1.2.56 released
http://www.libpng.org/pub/png/src/libpng-1.6.20-README.txt
http://www.libpng.org/pub/png/src/libpng-1.2.56-README.txt
+ Juniper ScreenOS CVE-2015-7754 Denial of Service Vulnerability
http://www.securityfocus.com/bid/79627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7754
+ Juniper ScreenOS CVE-2015-7755 Unauthorized Access and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/79626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7755
2UDA RC1, released
http://www.postgresql.org/about/news/1632/
チェックしておきたい脆弱性情報<2015.12.22>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/121500092/?ST=security
RSA、盗んだ情報を現金に変えるサイバー犯罪者の手法を解説
http://itpro.nikkeibp.co.jp/atcl/news/15/122104156/?ST=security
JVNVU#94174467 Dovestones Software AD Self Password Reset に脆弱性
http://jvn.jp/vu/JVNVU94174467/
2015年12月21日月曜日
21日 月曜日、先負
+ UPDATE: Cisco Web Security Appliance Malformed HTTP Response Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150909-CVE-2015-6290
+ UPDATE: Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
+ UPDATE: Vulnerability in Java Deserialization Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization
+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp
+ Cisco IOS and IOS XE Software IKEv1 State Machine Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151218-ios
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6429
+ CTX203879 Citrix XenServer Multiple Security Updates
http://support.citrix.com/article/CTX203879
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8555
+ CTX203787 Multiple SQL Injection Vulnerabilities in Citrix Command Center Web User Interface Java Servlets
http://support.citrix.com/article/CTX203787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7999
+ VMSA-2015-0009 VMware product updates address a critical deserialization vulnerability
http://www.vmware.com/security/advisories/VMSA-2015-0009.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6934
+ iptables 1.6.0 released
http://www.hu.netfilter.org/projects/iptables/files/changes-iptables-1.6.0.txt
+ Samba Multiple Flaws Let Remote Users Access Data and Files, Obtain Potentially Sensitive Information, and Deny Service
http://www.securitytracker.com/id/1034493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5299
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8467
+ Samba LDAP Memory Consumption Flaw Lets Remote Users Cause the Target System to Crash
http://www.securitytracker.com/id/1034492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7540
+ Google Chrome Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1034491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6792
PostgreSQL 9.5 RC1 Released
http://www.postgresql.org/about/news/1631/
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150909-CVE-2015-6290
+ UPDATE: Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
+ UPDATE: Vulnerability in Java Deserialization Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization
+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp
+ Cisco IOS and IOS XE Software IKEv1 State Machine Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151218-ios
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6429
+ CTX203879 Citrix XenServer Multiple Security Updates
http://support.citrix.com/article/CTX203879
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8555
+ CTX203787 Multiple SQL Injection Vulnerabilities in Citrix Command Center Web User Interface Java Servlets
http://support.citrix.com/article/CTX203787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7999
+ VMSA-2015-0009 VMware product updates address a critical deserialization vulnerability
http://www.vmware.com/security/advisories/VMSA-2015-0009.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6934
+ iptables 1.6.0 released
http://www.hu.netfilter.org/projects/iptables/files/changes-iptables-1.6.0.txt
+ Samba Multiple Flaws Let Remote Users Access Data and Files, Obtain Potentially Sensitive Information, and Deny Service
http://www.securitytracker.com/id/1034493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5299
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8467
+ Samba LDAP Memory Consumption Flaw Lets Remote Users Cause the Target System to Crash
http://www.securitytracker.com/id/1034492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7540
+ Google Chrome Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1034491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6792
PostgreSQL 9.5 RC1 Released
http://www.postgresql.org/about/news/1631/
2015年12月18日金曜日
18日 金曜日、赤口
+ CESA-2015:2657 Critical CentOS 5 firefox Security Update
http://lwn.net/Alerts/668269/
+ CESA-2015:2657 Critical CentOS 6 firefox Security Update
http://lwn.net/Alerts/668270/
+ CESA-2015:2655 Important CentOS 7 bind Security Update
http://lwn.net/Alerts/668266/
+ CESA-2015:2658 Important CentOS 5 bind97 Security Update
http://lwn.net/Alerts/668268/
+ CESA-2015:2655 Important CentOS 6 bind Security Update
http://lwn.net/Alerts/668265/
+ CESA-2015:2657 Critical CentOS 7 firefox Security Update
http://lwn.net/Alerts/668271/
+ CESA-2015:2656 Important CentOS 5 bind Security Update
http://lwn.net/Alerts/668267/
+ Cisco Model DPQ3925 Wireless Residential Gateway Information Disclosure Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-gateway
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6428
+ Cisco Prime Network Services Controller Arbitrary Command Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-pnsc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6426
+ UPDATE: Vulnerability in Java Deserialization Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization
+ Cisco FireSIGHT Management Center SSL HTTP Attack Detection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-fsm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6427
+ PHP 7.0.1 Released
http://www.php.net/ChangeLog-7.php#7.0.1
+ UPDATE: JVNVU#97216921 ISC BIND 9 に複数のサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU97216921/
+ Apache Subversion Heap Overflow in mod_dav_svn Lets Remote Authenticated Users Execute Arbitrary Code
http://www.securitytracker.com/id/1034470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5343
JVNDB-2015-000200 WordPress 用プラグイン Welcart における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000200.html
JVNDB-2015-000199 WinRAR における実行ファイル読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000199.html
JVNDB-2015-005234 Adobe Flash Player における iframe 内のコンテンツを上書きしてしまう問題
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-005234.html
気になるキーワード
最新事情を踏まえて知りたいセキュリティキーワード「FISC安全対策基準」
http://itpro.nikkeibp.co.jp/atcl/column/15/121400285/121400005/?ST=security
気になるキーワード
最新事情を踏まえて知りたいセキュリティキーワード「情報セキュリティマネジメント試験」
Information Security Specialist Examination
http://itpro.nikkeibp.co.jp/atcl/column/15/121400285/121400004/?ST=security
チェックしておきたい脆弱性情報<2015.12.18>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/121500091/?ST=security
FinTechの旗手たち
「日本は金持ち老人、技術で金融を民主化」、お金のデザインの谷家取締役会長に聞く
http://itpro.nikkeibp.co.jp/atcl/column/15/121000283/121000006/?ST=security
NEC、自治体/金融機関に向けてセキュリティに注力したメール中継サーバーを販売
http://itpro.nikkeibp.co.jp/atcl/news/15/121704117/?ST=security
JVNVU#94212028 Ipswitch WhatsUp Gold に SQL インジェクションおよび複数のクロスサイトスクリプティングの脆弱性
http://jvn.jp/vu/JVNVU94212028/index.html
http://lwn.net/Alerts/668269/
+ CESA-2015:2657 Critical CentOS 6 firefox Security Update
http://lwn.net/Alerts/668270/
+ CESA-2015:2655 Important CentOS 7 bind Security Update
http://lwn.net/Alerts/668266/
+ CESA-2015:2658 Important CentOS 5 bind97 Security Update
http://lwn.net/Alerts/668268/
+ CESA-2015:2655 Important CentOS 6 bind Security Update
http://lwn.net/Alerts/668265/
+ CESA-2015:2657 Critical CentOS 7 firefox Security Update
http://lwn.net/Alerts/668271/
+ CESA-2015:2656 Important CentOS 5 bind Security Update
http://lwn.net/Alerts/668267/
+ Cisco Model DPQ3925 Wireless Residential Gateway Information Disclosure Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-gateway
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6428
+ Cisco Prime Network Services Controller Arbitrary Command Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-pnsc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6426
+ UPDATE: Vulnerability in Java Deserialization Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization
+ Cisco FireSIGHT Management Center SSL HTTP Attack Detection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-fsm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6427
+ PHP 7.0.1 Released
http://www.php.net/ChangeLog-7.php#7.0.1
+ UPDATE: JVNVU#97216921 ISC BIND 9 に複数のサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU97216921/
+ Apache Subversion Heap Overflow in mod_dav_svn Lets Remote Authenticated Users Execute Arbitrary Code
http://www.securitytracker.com/id/1034470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5343
JVNDB-2015-000200 WordPress 用プラグイン Welcart における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000200.html
JVNDB-2015-000199 WinRAR における実行ファイル読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000199.html
JVNDB-2015-005234 Adobe Flash Player における iframe 内のコンテンツを上書きしてしまう問題
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-005234.html
気になるキーワード
最新事情を踏まえて知りたいセキュリティキーワード「FISC安全対策基準」
http://itpro.nikkeibp.co.jp/atcl/column/15/121400285/121400005/?ST=security
気になるキーワード
最新事情を踏まえて知りたいセキュリティキーワード「情報セキュリティマネジメント試験」
Information Security Specialist Examination
http://itpro.nikkeibp.co.jp/atcl/column/15/121400285/121400004/?ST=security
チェックしておきたい脆弱性情報<2015.12.18>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/121500091/?ST=security
FinTechの旗手たち
「日本は金持ち老人、技術で金融を民主化」、お金のデザインの谷家取締役会長に聞く
http://itpro.nikkeibp.co.jp/atcl/column/15/121000283/121000006/?ST=security
NEC、自治体/金融機関に向けてセキュリティに注力したメール中継サーバーを販売
http://itpro.nikkeibp.co.jp/atcl/news/15/121704117/?ST=security
JVNVU#94212028 Ipswitch WhatsUp Gold に SQL インジェクションおよび複数のクロスサイトスクリプティングの脆弱性
http://jvn.jp/vu/JVNVU94212028/index.html
2015年12月17日木曜日
17日 木曜日、大安
+ RHSA-2015:2658 Important: bind97 security update
https://rhn.redhat.com/errata/RHSA-2015-2658.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000
+ RHSA-2015:2657 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2015-2657.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7222
+ RHSA-2015:2656 Important: bind security update
https://rhn.redhat.com/errata/RHSA-2015-2656.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000
+ RHSA-2015:2655 Important: bind security update
https://rhn.redhat.com/errata/RHSA-2015-2655.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000
+ CESA-2015:2653 Moderate CentOS 7 grub2 Security Update
http://lwn.net/Alerts/668099/
+ Cisco Application Policy Infrastructure Controller Insecure Credentials Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151216-apic
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6424
+ UPDATE: Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
+ Linux kernel 3.18.25 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.25
+ UPDATE: Oracle Solaris Third Party Bulletin - October 2015
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
+ Samba 4.3.3, 4.2.7, 4.1.22 released
https://www.samba.org/samba/history/samba-4.3.3.html
https://www.samba.org/samba/history/samba-4.2.7.html
https://www.samba.org/samba/history/samba-4.1.22.html
+ CTX203787 Multiple SQL Injection Vulnerabilities in Citrix Command Center Web User Interface Java Servlets
http://support.citrix.com/article/CTX203787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7999
+ FreeBSD-SA-15:27.bind BIND remote denial of service vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:27.bind.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000
+ FreeBSD-SA-15:26.openssl Multiple OpenSSL vulnerabilities
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:26.openssl.asc
+ JVNVU#97216921 ISC BIND 9 に複数のサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU97216921/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8461
+ Kaspersky Anti-Virus Virtual Keyboard Input Validation Flaw Lets Remote Users Traverse the Directory to View Files on the Target System SecurityTracker
http://www.securitytracker.com/id/1034433
PostgreSQL PHP Generator 15.12 released
http://www.postgresql.org/about/news/1630/
気になるキーワード
最新事情を踏まえて知りたいセキュリティキーワード「匿名加工情報」
http://itpro.nikkeibp.co.jp/atcl/column/15/121400285/121400003/?ST=security
FinTechの旗手たち
「フラットな基盤で格差なくす」、メタップスの佐藤代表取締役に聞く
http://itpro.nikkeibp.co.jp/atcl/column/15/121000283/121000005/?ST=security
チェックしておきたい脆弱性情報<2015.12.17>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/121500090/?ST=security
記者の眼
運転打ち切りの山手線新型電車「E235系」、ソフトのバグで電車が止まる時代に
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/121500443/?ST=security
オプティムがMDMソフト「Optimal Biz」に新版、Windows版のセキュリティ機能を向上
http://itpro.nikkeibp.co.jp/atcl/news/15/121604103/?ST=security
IoT機器をボット化するサイバー攻撃が増加、警察庁
http://itpro.nikkeibp.co.jp/atcl/news/15/121604102/?ST=security
英当局、香港玩具メーカーへの不正アクセスに関わった男を逮捕
http://itpro.nikkeibp.co.jp/atcl/news/15/121604092/?ST=security
さくらインターネットとテックビューロ、ブロックチェーン実験環境を無償提供へ
http://itpro.nikkeibp.co.jp/atcl/news/15/121504084/?ST=security
エレコム、IEEE 8021X認証対応の5GHz帯専用無線LAN子機
http://itpro.nikkeibp.co.jp/atcl/news/15/121504085/?ST=security
2015年12月16日水曜日
16日 水曜日、仏滅
+ RHSA-2015:2636 Important: kernel security and bug fix update
https://rhn.redhat.com/errata/RHSA-2015-2636.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104
+ RHSA-2015:2623 Moderate: grub2 security and bug fix update
https://rhn.redhat.com/errata/RHSA-2015-2623.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8370
+ TortoiseSVN 1.9.3 released
https://tortoisesvn.net/tsvn_1.9_releasenotes.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5343
+ Google Chrome 47.0.2526.106 released
http://googlechromereleases.blogspot.jp/2015/12/stable-channel-update_15.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6792
+ Mozilla Firefox 43.0 released
https://www.mozilla.org/en-US/firefox/43.0/releasenotes/
+ MFSA 2015-149 Cross-site reading attack through data and view-source URIs
https://www.mozilla.org/en-US/security/advisories/mfsa2015-149/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7214
+ MFSA 2015-148 Privilege escalation vulnerabilities in WebExtension APIs
https://www.mozilla.org/en-US/security/advisories/mfsa2015-148/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7223
+ MFSA 2015-147 Integer underflow and buffer overflow processing MP4 metadata in libstagefright
https://www.mozilla.org/en-US/security/advisories/mfsa2015-147/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7222
+ MFSA 2015-146 Integer overflow in MP4 playback in 64-bit versions
https://www.mozilla.org/en-US/security/advisories/mfsa2015-146/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7213
+ MFSA 2015-145 Underflow through code inspection
https://www.mozilla.org/en-US/security/advisories/mfsa2015-145/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7205
+ MFSA 2015-144 Buffer overflows found through code inspection
https://www.mozilla.org/en-US/security/advisories/mfsa2015-144/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7220
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7221
+ MFSA 2015-143 Linux file chooser crashes on malformed images due to flaws in Jasper library
https://www.mozilla.org/en-US/security/advisories/mfsa2015-143/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7217
+ MFSA 2015-142 DOS due to malformed frames in HTTP/2
https://www.mozilla.org/en-US/security/advisories/mfsa2015-142/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7219
+ MFSA 2015-141 Hash in data URI is incorrectly parsed
https://www.mozilla.org/en-US/security/advisories/mfsa2015-141/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7211
+ MFSA 2015-140 Cross-origin information leak through web workers error events
https://www.mozilla.org/en-US/security/advisories/mfsa2015-140/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7215
+ MFSA 2015-139 Integer overflow allocating extremely large textures
https://www.mozilla.org/en-US/security/advisories/mfsa2015-139/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7212
+ MFSA 2015-138 Use-after-free in WebRTC when datachannel is used after being destroyed
https://www.mozilla.org/en-US/security/advisories/mfsa2015-138/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7210
+ MFSA 2015-137 Firefox allows for control characters to be set in cookies
https://www.mozilla.org/en-US/security/advisories/mfsa2015-137/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7208
+ MFSA 2015-136 Same-origin policy violation using perfomance.getEntries and history navigation
https://www.mozilla.org/en-US/security/advisories/mfsa2015-136/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7207
+ MFSA 2015-135 Crash with JavaScript variable assignment with unboxed objects
https://www.mozilla.org/en-US/security/advisories/mfsa2015-135/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7204
+ MFSA 2015-134 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)
https://www.mozilla.org/en-US/security/advisories/mfsa2015-134/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7202
+ CESA-2015:2616 Moderate CentOS 5 openssl Security Update
http://lwn.net/Alerts/667898/
+ CESA-2015:2617 Moderate CentOS 7 openssl Security Update
http://lwn.net/Alerts/667901/
+ CESA-2015:2619 Moderate CentOS 7 libreoffice Security Update
http://lwn.net/Alerts/667897/
+ CESA-2015:2617 Moderate CentOS 6 openssl Security Update
http://lwn.net/Alerts/667899/
+ CESA-2015:2619 Moderate CentOS 6 libreoffice Security Update
http://lwn.net/Alerts/667896/
+ BIND 9.10.3-P2, 9.9.8-P2 released
ftp://ftp.isc.org/isc/bind9/9.10.3-P2/RELEASE-NOTES-9.10.3-P2.html
ftp://ftp.isc.org/isc/bind9/9.9.8-P2/RELEASE-NOTES-9.9.8-P2.html
+ CVE-2015-8461: A race condition when handling socket errors can lead to an assertion failure in resolver.c
https://kb.isc.org/article/AA-01319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8461
+ CVE-2015-8000: Responses with a malformed class attribute can trigger an assertion failure in db.c
https://kb.isc.org/article/AA-01317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000
+ Cisco Unified Communications Manager Web Applications Identity Management Subsystem Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151215-ucmim
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6425
+ UPDATE: Cisco IOS XE Software IPv6 Neighbor Discovery Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151214-ios
+ UPDATE: Vulnerability in Java Deserialization Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization
+ Linux kernel 4.3.3, 4.2.8, 4.1.15 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.8
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.15
+ CentOS 7 (1511) released
https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7
+ UPDATE: JVNVU#97526033 複数の Apple 製品の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU97526033/index.html
+ BIND Socket Error Processing Bug Lets Remote Users Cause the Target Service to Crash
http://www.securitytracker.com/id/1034419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8461
+ BIND Class Attribute Parsing Error Lets Remote Users Cause the Target named Service to Crash
http://www.securitytracker.com/id/1034418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000
気になるキーワード
最新事情を踏まえて知りたいセキュリティキーワード「標的型攻撃」
http://itpro.nikkeibp.co.jp/atcl/column/15/121400285/121400002/?ST=security
FinTechの旗手たち
「新興企業がまずドアをたたく銀行へ」、みずほフィナンシャルグループの阿部氏に聞く
http://itpro.nikkeibp.co.jp/atcl/column/15/121000283/121000004/?ST=security
記者の眼
自治体はサイバー攻撃からマイナンバーを守れるのか
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/121400442/?ST=security
「1月12日までにIEを最新版に」、IPAが注意喚起
http://itpro.nikkeibp.co.jp/atcl/news/15/121504079/?ST=security
Twitter、国家が関与するサイバー攻撃を受けた可能性を警告
http://itpro.nikkeibp.co.jp/atcl/news/15/121504074/?ST=security
https://rhn.redhat.com/errata/RHSA-2015-2636.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104
+ RHSA-2015:2623 Moderate: grub2 security and bug fix update
https://rhn.redhat.com/errata/RHSA-2015-2623.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8370
+ TortoiseSVN 1.9.3 released
https://tortoisesvn.net/tsvn_1.9_releasenotes.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5343
+ Google Chrome 47.0.2526.106 released
http://googlechromereleases.blogspot.jp/2015/12/stable-channel-update_15.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6792
+ Mozilla Firefox 43.0 released
https://www.mozilla.org/en-US/firefox/43.0/releasenotes/
+ MFSA 2015-149 Cross-site reading attack through data and view-source URIs
https://www.mozilla.org/en-US/security/advisories/mfsa2015-149/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7214
+ MFSA 2015-148 Privilege escalation vulnerabilities in WebExtension APIs
https://www.mozilla.org/en-US/security/advisories/mfsa2015-148/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7223
+ MFSA 2015-147 Integer underflow and buffer overflow processing MP4 metadata in libstagefright
https://www.mozilla.org/en-US/security/advisories/mfsa2015-147/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7222
+ MFSA 2015-146 Integer overflow in MP4 playback in 64-bit versions
https://www.mozilla.org/en-US/security/advisories/mfsa2015-146/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7213
+ MFSA 2015-145 Underflow through code inspection
https://www.mozilla.org/en-US/security/advisories/mfsa2015-145/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7205
+ MFSA 2015-144 Buffer overflows found through code inspection
https://www.mozilla.org/en-US/security/advisories/mfsa2015-144/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7220
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7221
+ MFSA 2015-143 Linux file chooser crashes on malformed images due to flaws in Jasper library
https://www.mozilla.org/en-US/security/advisories/mfsa2015-143/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7217
+ MFSA 2015-142 DOS due to malformed frames in HTTP/2
https://www.mozilla.org/en-US/security/advisories/mfsa2015-142/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7219
+ MFSA 2015-141 Hash in data URI is incorrectly parsed
https://www.mozilla.org/en-US/security/advisories/mfsa2015-141/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7211
+ MFSA 2015-140 Cross-origin information leak through web workers error events
https://www.mozilla.org/en-US/security/advisories/mfsa2015-140/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7215
+ MFSA 2015-139 Integer overflow allocating extremely large textures
https://www.mozilla.org/en-US/security/advisories/mfsa2015-139/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7212
+ MFSA 2015-138 Use-after-free in WebRTC when datachannel is used after being destroyed
https://www.mozilla.org/en-US/security/advisories/mfsa2015-138/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7210
+ MFSA 2015-137 Firefox allows for control characters to be set in cookies
https://www.mozilla.org/en-US/security/advisories/mfsa2015-137/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7208
+ MFSA 2015-136 Same-origin policy violation using perfomance.getEntries and history navigation
https://www.mozilla.org/en-US/security/advisories/mfsa2015-136/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7207
+ MFSA 2015-135 Crash with JavaScript variable assignment with unboxed objects
https://www.mozilla.org/en-US/security/advisories/mfsa2015-135/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7204
+ MFSA 2015-134 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)
https://www.mozilla.org/en-US/security/advisories/mfsa2015-134/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7202
+ CESA-2015:2616 Moderate CentOS 5 openssl Security Update
http://lwn.net/Alerts/667898/
+ CESA-2015:2617 Moderate CentOS 7 openssl Security Update
http://lwn.net/Alerts/667901/
+ CESA-2015:2619 Moderate CentOS 7 libreoffice Security Update
http://lwn.net/Alerts/667897/
+ CESA-2015:2617 Moderate CentOS 6 openssl Security Update
http://lwn.net/Alerts/667899/
+ CESA-2015:2619 Moderate CentOS 6 libreoffice Security Update
http://lwn.net/Alerts/667896/
+ BIND 9.10.3-P2, 9.9.8-P2 released
ftp://ftp.isc.org/isc/bind9/9.10.3-P2/RELEASE-NOTES-9.10.3-P2.html
ftp://ftp.isc.org/isc/bind9/9.9.8-P2/RELEASE-NOTES-9.9.8-P2.html
+ CVE-2015-8461: A race condition when handling socket errors can lead to an assertion failure in resolver.c
https://kb.isc.org/article/AA-01319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8461
+ CVE-2015-8000: Responses with a malformed class attribute can trigger an assertion failure in db.c
https://kb.isc.org/article/AA-01317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000
+ Cisco Unified Communications Manager Web Applications Identity Management Subsystem Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151215-ucmim
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6425
+ UPDATE: Cisco IOS XE Software IPv6 Neighbor Discovery Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151214-ios
+ UPDATE: Vulnerability in Java Deserialization Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization
+ Linux kernel 4.3.3, 4.2.8, 4.1.15 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.8
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.15
+ CentOS 7 (1511) released
https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7
+ UPDATE: JVNVU#97526033 複数の Apple 製品の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU97526033/index.html
+ BIND Socket Error Processing Bug Lets Remote Users Cause the Target Service to Crash
http://www.securitytracker.com/id/1034419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8461
+ BIND Class Attribute Parsing Error Lets Remote Users Cause the Target named Service to Crash
http://www.securitytracker.com/id/1034418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000
気になるキーワード
最新事情を踏まえて知りたいセキュリティキーワード「標的型攻撃」
http://itpro.nikkeibp.co.jp/atcl/column/15/121400285/121400002/?ST=security
FinTechの旗手たち
「新興企業がまずドアをたたく銀行へ」、みずほフィナンシャルグループの阿部氏に聞く
http://itpro.nikkeibp.co.jp/atcl/column/15/121000283/121000004/?ST=security
記者の眼
自治体はサイバー攻撃からマイナンバーを守れるのか
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/121400442/?ST=security
「1月12日までにIEを最新版に」、IPAが注意喚起
http://itpro.nikkeibp.co.jp/atcl/news/15/121504079/?ST=security
Twitter、国家が関与するサイバー攻撃を受けた可能性を警告
http://itpro.nikkeibp.co.jp/atcl/news/15/121504074/?ST=security
2015年12月15日火曜日
15日 火曜日、先負
+ RHSA-2015:2616 Moderate: openssl security update
https://rhn.redhat.com/errata/RHSA-2015-2616.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195
+ RHSA-2015:2617 Moderate: openssl security update
https://rhn.redhat.com/errata/RHSA-2015-2617.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196
+ RHSA-2015:2619 Moderate: libreoffice security update
https://rhn.redhat.com/errata/RHSA-2015-2619.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5214
+ Cisco IOS XE Software IPv6 Neighbor Discovery Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151214-ios
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6359
+ UPDATE: Cisco IOS XE 3S Platforms Series root Shell License Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-iosxe3s
+ Cisco Unified Communications Manager Web Management Interface Cross-Site Scripting Filter Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151214-ucm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4206
+ SYM15-012 Security Advisories Relating to Symantec Products - Symantec Endpoint Encryption Client Memory Dump Information Disclosure
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20151214_00
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6556
+ Apache HTTP Server 2.4.18 Released
http://www.apache.org/dist/httpd/Announcement2.4.html
http://www.apache.org/dist/httpd/CHANGES_2.4.18
+ UPDATE: JVNVU#94276522 Apache Commons Collections ライブラリのデシリアライズ処理に脆弱性
http://jvn.jp/vu/JVNVU94276522/
+ HP Network Switch Unspecified Flaws Let Local Users Bypass Security Restrictions and Gain Elevated Privileges
http://www.securitytracker.com/id/1034410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6859
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6860
+ Windows Authentication UI DLL side loading vulnerability
https://cxsecurity.com/issue/WLB-2015120139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6133
気になるキーワード
最新事情を踏まえて知りたいセキュリティキーワード「脆弱性」
http://itpro.nikkeibp.co.jp/atcl/column/15/121400285/121400001/?ST=security
仕事で勝てる!ビジネス文章治療室
第4回 事の軽重が分かってない~上位職宛説明力欠乏症~
http://itpro.nikkeibp.co.jp/atcl/column/15/102600247/120900004/?ST=security
FinTechの旗手たち
「顧客ニーズとのギャップを埋める」、三井住友フィナンシャルグループの中山氏に聞く
http://itpro.nikkeibp.co.jp/atcl/column/15/121000283/121000003/?ST=security
堺市が全有権者約68万人分の外部流出を確認、持ち出した職員を懲戒免職処分
http://itpro.nikkeibp.co.jp/atcl/news/15/121404073/?ST=security
2015年12月14日月曜日
14日 月曜日、友引
+ About the security content of Security Update 2015-006 Yosemite
https://support.apple.com/ja-jp/HT205653
+ About the security content of iTunes 12.3.2
https://support.apple.com/ja-jp/HT205636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7050
+ Cisco Integrated Management Controller Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-imc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6399
+ UPDATE: Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
+ Cisco Unified Communications Domain Manager Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-ucdm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6422
+ Cisco FireSIGHT Management Center GET Request Information Disclosure Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-fmc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6419
+ Apache Tomcat 7.0.67 Released
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
+ Dovecot 2.2.21 released
http://www.dovecot.org/list/dovecot-news/2015-December/000306.html
+ JVNVU#97526033 複数の Apple 製品の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU97526033/index.html
+ Microsoft IE 11 MSHTML!CObjectElement Use-After-Free
https://cxsecurity.com/issue/WLB-2015120122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6152
+ Google Chrome DLL Hijack
https://cxsecurity.com/issue/WLB-2015120120
JVNDB-2015-000197 Zend Framework における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000197.html
FinTechの旗手たち
「FinTech革命で銀行は死なず」、三菱UFJフィナンシャル・グループの柏木氏に聞く
http://itpro.nikkeibp.co.jp/atcl/column/15/121000283/121000002/?ST=security
JVNVU#90501820 ZyXEL NBG-418N に複数の脆弱性
http://jvn.jp/vu/JVNVU90501820/
JVNVU#99863047 Amped Wireless R10000 に複数の脆弱性
http://jvn.jp/vu/JVNVU99863047/
JVNVU#93831077 Buffalo WZR-600DHP2 に不十分なランダム値を使用している問題
http://jvn.jp/vu/JVNVU93831077/
JVNVU#95026985 Netgear WNR1000v3 に不十分なランダム値を使用している問題
http://jvn.jp/vu/JVNVU95026985/
JVNVU#91495836 ReadyNet WRT300N-DD に複数の脆弱性
http://jvn.jp/vu/JVNVU91495836/
https://support.apple.com/ja-jp/HT205653
+ About the security content of iTunes 12.3.2
https://support.apple.com/ja-jp/HT205636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7050
+ Cisco Integrated Management Controller Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-imc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6399
+ UPDATE: Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
+ Cisco Unified Communications Domain Manager Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-ucdm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6422
+ Cisco FireSIGHT Management Center GET Request Information Disclosure Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-fmc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6419
+ Apache Tomcat 7.0.67 Released
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
+ Dovecot 2.2.21 released
http://www.dovecot.org/list/dovecot-news/2015-December/000306.html
+ JVNVU#97526033 複数の Apple 製品の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU97526033/index.html
+ Microsoft IE 11 MSHTML!CObjectElement Use-After-Free
https://cxsecurity.com/issue/WLB-2015120122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6152
+ Google Chrome DLL Hijack
https://cxsecurity.com/issue/WLB-2015120120
JVNDB-2015-000197 Zend Framework における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000197.html
FinTechの旗手たち
「FinTech革命で銀行は死なず」、三菱UFJフィナンシャル・グループの柏木氏に聞く
http://itpro.nikkeibp.co.jp/atcl/column/15/121000283/121000002/?ST=security
JVNVU#90501820 ZyXEL NBG-418N に複数の脆弱性
http://jvn.jp/vu/JVNVU90501820/
JVNVU#99863047 Amped Wireless R10000 に複数の脆弱性
http://jvn.jp/vu/JVNVU99863047/
JVNVU#93831077 Buffalo WZR-600DHP2 に不十分なランダム値を使用している問題
http://jvn.jp/vu/JVNVU93831077/
JVNVU#95026985 Netgear WNR1000v3 に不十分なランダム値を使用している問題
http://jvn.jp/vu/JVNVU95026985/
JVNVU#91495836 ReadyNet WRT300N-DD に複数の脆弱性
http://jvn.jp/vu/JVNVU91495836/
2015年12月11日金曜日
11日 金曜日、大安
+ Cisco Small Business RV Series and SA500 Series Dual WAN VPN Router Generated Key Pair Information Disclosure Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-dwvr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6418
+ Cisco Hosted Collaboration Mediation Fulfillment SOAP API Sensitive Information Disclosure Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-hcm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6404
+ Cisco Emergency Responder Web Framework Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-cer
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6400
+ UPDATE: Vulnerability in Java Deserialization Affecting Cisco Product
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization
+ UPDATE: Cisco Emergency Responder Service Web Framework Cross-Site Request Forgery Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-cers
+ Cisco Emergency Responder Tools Menu Directory Traversal Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ert
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6406
+ Cisco Unified Computing System 6200 Series Fabric Interconnect Series Switch DoS Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-ucs
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6415
+ Cisco Videoscape Distribution Suite Service Manager Unauthorized Access Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-vdssm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6417
+ Cisco Unified Email Interaction Manager and Cisco Unified Web Interaction Manager XSS Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-uim
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6416
+ Cisco TelePresence Video Communication Server Information Disclosure Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-tvcs
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6414
+ Linux kernel 4.3.2 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.2
+ Apache Log4j 2.5 released
http://logging.apache.org/log4j/2.x/changes-report.html#a2.5
+ VU#403568 Netgear G54/N150 Wireless Router WNR1000v3 uses insufficiently random values for DNS queries
http://www.kb.cert.org/vuls/id/403568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8263
+ VU#646008 Buffalo AirStation Extreme N600 Router WZR-600DHP2 uses insufficiently random values for DNS queries
http://www.kb.cert.org/vuls/id/646008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8262
+ VU#330000 ZyXEL NBG-418N router uses default credentials and is vulnerable to cross-site request forgery
http://www.kb.cert.org/vuls/id/330000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7283
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7284
+ VU#167992 ReadyNet WRT300N-DD Wireless Router contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/167992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7280
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7281
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7282
+ VU#763576 Amped Wireless R10000 router contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/763576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7279
+ Microsoft Office / COM Object els.dll DLL Planting (MS15-134)
https://cxsecurity.com/issue/WLB-2015120098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6128
+ Microsoft Windows Media Center Library Parsing RCE aka "self-executing" MCL File
https://cxsecurity.com/issue/WLB-2015120097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6131
+ IE 11 COmWindowProxy::SwitchMarkup NULL PTR
https://cxsecurity.com/issue/WLB-2015120095
+ Microsoft Windows Media Center Incorrectly Resolved Reference
https://cxsecurity.com/issue/WLB-2015120091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6127
Alpha 1 of OpenSSL 1.1.0 is now available: please download and test it
https://www.openssl.org/
IoTが直面するセキュリティという挑戦
[第5回]産業用制御システム(ICS)に対する脅威とその対策
http://itpro.nikkeibp.co.jp/atcl/column/15/112700271/112700005/?ST=security
「AIの研究者を倍増する」とNEC、AIを活用したサイバー攻撃検知技術も披露
http://itpro.nikkeibp.co.jp/atcl/news/15/121004039/?ST=security
記者の眼
ネットワーク機器だって守ってあげたい
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/120700439/?ST=security
IoTが直面するセキュリティという挑戦
[第4回]ATM端末に対する脅威とその対策
http://itpro.nikkeibp.co.jp/atcl/column/15/112700271/112700004/?ST=security
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-dwvr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6418
+ Cisco Hosted Collaboration Mediation Fulfillment SOAP API Sensitive Information Disclosure Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-hcm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6404
+ Cisco Emergency Responder Web Framework Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-cer
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6400
+ UPDATE: Vulnerability in Java Deserialization Affecting Cisco Product
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization
+ UPDATE: Cisco Emergency Responder Service Web Framework Cross-Site Request Forgery Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-cers
+ Cisco Emergency Responder Tools Menu Directory Traversal Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ert
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6406
+ Cisco Unified Computing System 6200 Series Fabric Interconnect Series Switch DoS Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-ucs
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6415
+ Cisco Videoscape Distribution Suite Service Manager Unauthorized Access Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-vdssm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6417
+ Cisco Unified Email Interaction Manager and Cisco Unified Web Interaction Manager XSS Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-uim
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6416
+ Cisco TelePresence Video Communication Server Information Disclosure Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-tvcs
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6414
+ Linux kernel 4.3.2 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.2
+ Apache Log4j 2.5 released
http://logging.apache.org/log4j/2.x/changes-report.html#a2.5
+ VU#403568 Netgear G54/N150 Wireless Router WNR1000v3 uses insufficiently random values for DNS queries
http://www.kb.cert.org/vuls/id/403568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8263
+ VU#646008 Buffalo AirStation Extreme N600 Router WZR-600DHP2 uses insufficiently random values for DNS queries
http://www.kb.cert.org/vuls/id/646008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8262
+ VU#330000 ZyXEL NBG-418N router uses default credentials and is vulnerable to cross-site request forgery
http://www.kb.cert.org/vuls/id/330000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7283
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7284
+ VU#167992 ReadyNet WRT300N-DD Wireless Router contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/167992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7280
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7281
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7282
+ VU#763576 Amped Wireless R10000 router contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/763576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7279
+ Microsoft Office / COM Object els.dll DLL Planting (MS15-134)
https://cxsecurity.com/issue/WLB-2015120098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6128
+ Microsoft Windows Media Center Library Parsing RCE aka "self-executing" MCL File
https://cxsecurity.com/issue/WLB-2015120097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6131
+ IE 11 COmWindowProxy::SwitchMarkup NULL PTR
https://cxsecurity.com/issue/WLB-2015120095
+ Microsoft Windows Media Center Incorrectly Resolved Reference
https://cxsecurity.com/issue/WLB-2015120091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6127
Alpha 1 of OpenSSL 1.1.0 is now available: please download and test it
https://www.openssl.org/
IoTが直面するセキュリティという挑戦
[第5回]産業用制御システム(ICS)に対する脅威とその対策
http://itpro.nikkeibp.co.jp/atcl/column/15/112700271/112700005/?ST=security
「AIの研究者を倍増する」とNEC、AIを活用したサイバー攻撃検知技術も披露
http://itpro.nikkeibp.co.jp/atcl/news/15/121004039/?ST=security
記者の眼
ネットワーク機器だって守ってあげたい
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/120700439/?ST=security
IoTが直面するセキュリティという挑戦
[第4回]ATM端末に対する脅威とその対策
http://itpro.nikkeibp.co.jp/atcl/column/15/112700271/112700004/?ST=security
2015年12月10日木曜日
10日 木曜日、友引
+ RHSA-2015:2594 Moderate: libpng security update
https://rhn.redhat.com/errata/RHSA-2015-2594.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8472
+ RHSA-2015:2595 Moderate: libpng12 security update
https://rhn.redhat.com/errata/RHSA-2015-2595.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8472
+ RHSA-2015:2596 Moderate: libpng security update
https://rhn.redhat.com/errata/RHSA-2015-2596.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8472
+ nginx 1.9.9 released
http://nginx.org/
+ UPDATE: APSB15-32 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb15-32.html
+ CESA-2015:2594 Moderate CentOS 6 libpng Security Update
http://lwn.net/Alerts/667298/
+ VMware Workstation Player 12.1.0released
http://pubs.vmware.com/Release_Notes/en/workstation/12player/player-121-release-notes.html
+ UPDATE: Cisco UCS Central Software Server-Side Request Forgery Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151201-ucs1
+ UPDATE: Cisco Unified Computing System Central Software Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151201-ucs
+ Cisco Unity Connection Cross-Site Request Forgery Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-uc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6408
+ Cisco Prime Collaboration Assurance Default Account Credential Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-pca
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6389
+ Vulnerability in Java Deserialization Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4852
+ UPDATE: Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
+ Cisco TelePresence Video Communication Server Expressway Web Framework Code Unauthorized Access Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-tvc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6413
+ Cisco FirePOWER Management Center Software Version Information Disclosure Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-fmc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6411
+ Multiple Cisco IP Phones Firmware Image Upload Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ipp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6403
+ Cisco Unified Communications Manager Mobile and Remote Access Services Identity Attack Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ucm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6410
+ Linux kernel 4.3.1, 4.2.7, 4.1.14, 3.14.58, 3.10.94 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.1
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.7
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.14
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.58
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.94
+ Adobe Flash Player の脆弱性 (APSB15-32) に関する注意喚起
http://www.jpcert.or.jp/at/2015/at150042.html
+ 2015年12月 Microsoft セキュリティ情報 (緊急 8件含) に関する注意喚起
http://www.jpcert.or.jp/at/2015/at150041.html
+ Multiple Apple Products libc File System Buffer Overflow Patch
https://cxsecurity.com/issue/WLB-2015120089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7039
+ Wireshark PCAPNG File CVE-2015-7830 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/78723
JVNDB-2015-000195 WL-330NUL におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000195.html
JVNDB-2015-000194 WL-330NUL におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000194.html
JVNDB-2015-000193 WL-330NUL において任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000193.html
JVNDB-2015-000192 WL-330NUL における情報管理不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000192.html
記者の眼
ネットワーク機器だって守ってあげたい
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/120700439/?ST=security
統計&調査
[データは語る]2015年度の法人向けネットワークセキュリティサービス/製品の国内市場は4232億円―富士キメラ総研
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/120900430/?ST=security
日本年金機構、年金情報流出事案を受けた「業務改善計画」を公表
http://itpro.nikkeibp.co.jp/atcl/news/15/120904028/?ST=security
復元できなかったら返品できるファイル復元ソフト、ソースネクストが発売
http://itpro.nikkeibp.co.jp/atcl/news/15/120904022/?ST=security
金融機関が知っておくべきマイナンバーの注意点とは、政府担当者が講演
http://itpro.nikkeibp.co.jp/atcl/news/15/120904018/?ST=security
JVNVU#99135508 Uptime Infrastructure Monitor (旧称 up.time) の Windows 向けエージェントに複数の脆弱性
http://jvn.jp/vu/JVNVU99135508/index.html
JVNVU#91109359 TaxiHail に複数の脆弱性
http://jvn.jp/vu/JVNVU91109359/index.html
https://rhn.redhat.com/errata/RHSA-2015-2594.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8472
+ RHSA-2015:2595 Moderate: libpng12 security update
https://rhn.redhat.com/errata/RHSA-2015-2595.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8472
+ RHSA-2015:2596 Moderate: libpng security update
https://rhn.redhat.com/errata/RHSA-2015-2596.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8472
+ nginx 1.9.9 released
http://nginx.org/
+ UPDATE: APSB15-32 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb15-32.html
+ CESA-2015:2594 Moderate CentOS 6 libpng Security Update
http://lwn.net/Alerts/667298/
+ VMware Workstation Player 12.1.0released
http://pubs.vmware.com/Release_Notes/en/workstation/12player/player-121-release-notes.html
+ UPDATE: Cisco UCS Central Software Server-Side Request Forgery Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151201-ucs1
+ UPDATE: Cisco Unified Computing System Central Software Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151201-ucs
+ Cisco Unity Connection Cross-Site Request Forgery Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-uc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6408
+ Cisco Prime Collaboration Assurance Default Account Credential Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-pca
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6389
+ Vulnerability in Java Deserialization Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4852
+ UPDATE: Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
+ Cisco TelePresence Video Communication Server Expressway Web Framework Code Unauthorized Access Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-tvc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6413
+ Cisco FirePOWER Management Center Software Version Information Disclosure Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-fmc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6411
+ Multiple Cisco IP Phones Firmware Image Upload Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ipp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6403
+ Cisco Unified Communications Manager Mobile and Remote Access Services Identity Attack Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ucm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6410
+ Linux kernel 4.3.1, 4.2.7, 4.1.14, 3.14.58, 3.10.94 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.1
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.7
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.14
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.58
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.94
+ Adobe Flash Player の脆弱性 (APSB15-32) に関する注意喚起
http://www.jpcert.or.jp/at/2015/at150042.html
+ 2015年12月 Microsoft セキュリティ情報 (緊急 8件含) に関する注意喚起
http://www.jpcert.or.jp/at/2015/at150041.html
+ Multiple Apple Products libc File System Buffer Overflow Patch
https://cxsecurity.com/issue/WLB-2015120089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7039
+ Wireshark PCAPNG File CVE-2015-7830 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/78723
JVNDB-2015-000195 WL-330NUL におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000195.html
JVNDB-2015-000194 WL-330NUL におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000194.html
JVNDB-2015-000193 WL-330NUL において任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000193.html
JVNDB-2015-000192 WL-330NUL における情報管理不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000192.html
記者の眼
ネットワーク機器だって守ってあげたい
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/120700439/?ST=security
統計&調査
[データは語る]2015年度の法人向けネットワークセキュリティサービス/製品の国内市場は4232億円―富士キメラ総研
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/120900430/?ST=security
日本年金機構、年金情報流出事案を受けた「業務改善計画」を公表
http://itpro.nikkeibp.co.jp/atcl/news/15/120904028/?ST=security
復元できなかったら返品できるファイル復元ソフト、ソースネクストが発売
http://itpro.nikkeibp.co.jp/atcl/news/15/120904022/?ST=security
金融機関が知っておくべきマイナンバーの注意点とは、政府担当者が講演
http://itpro.nikkeibp.co.jp/atcl/news/15/120904018/?ST=security
JVNVU#99135508 Uptime Infrastructure Monitor (旧称 up.time) の Windows 向けエージェントに複数の脆弱性
http://jvn.jp/vu/JVNVU99135508/index.html
JVNVU#91109359 TaxiHail に複数の脆弱性
http://jvn.jp/vu/JVNVU91109359/index.html
2015年12月9日水曜日
9日 水曜日、先勝
+ 2015 年 12 月のマイクロソフト セキュリティ情報の概要
https://technet.microsoft.com/ja-jp/library/security/ms15-dec
+ MS15-124 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (3116180)
https://technet.microsoft.com/library/security/MS15-124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6149
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6151
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6164
+ MS15-125 - 緊急 Microsoft Edge 用の累積的なセキュリティ更新プログラム (3116184)
https://technet.microsoft.com/library/security/MS15-125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6151
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6176
+ MS15-126 - 緊急 リモートでのコード実行に対処する JScript および VBScript 用の累積的なセキュリティ更新プログラム (3116178)
https://technet.microsoft.com/library/security/MS15-126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6136
+ MS15-127 - 緊急 リモートでのコード実行に対処する Microsoft Windows DNS 用のセキュリティ更新プログラム (3100465)
https://technet.microsoft.com/library/security/MS15-127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6125
+ MS15-128 - 緊急 リモートでのコード実行に対処する Microsoft Graphics コンポーネント用のセキュリティ更新プログラム (3104503)
https://technet.microsoft.com/library/security/MS15-128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6108
+ MS15-129 - 緊急 リモートでのコード実行に対処する Silverlight 用のセキュリティ更新プログラム (3106614)
https://technet.microsoft.com/library/security/MS15-129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6165
+ MS15-130 - 緊急 リモートでのコード実行に対処する Microsoft Uniscribe 用のセキュリティ更新プログラム (3108670)
https://technet.microsoft.com/library/security/MS15-130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6130
+ MS15-131 - 緊急 リモートでのコード実行に対処する Microsoft Office 用のセキュリティ更新プログラム (3116111)
https://technet.microsoft.com/library/security/MS15-131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6172
+ MS15-132 - 重要 リモートでのコード実行に対処する Microsoft Windows 用のセキュリティ更新プログラム (3116162)
https://technet.microsoft.com/library/security/MS15-132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6133
+ MS15-133 - 重要 特権の昇格に対処する Windows PGM 用のセキュリティ更新プログラム (3116130)
https://technet.microsoft.com/library/security/MS15-133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6126
+ MS15-134 - 重要 リモートでのコード実行に対処する Windows Media Center 用のセキュリティ更新プログラム (3108669)
https://technet.microsoft.com/library/security/MS15-134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6127
+ MS15-135 - 重要 特権の昇格に対処する Windows カーネル モード ドライバー用のセキュリティ更新プログラム (3119075)
https://technet.microsoft.com/library/security/MS15-135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6175
+ UPDATE: マイクロソフト セキュリティ アドバイザリ 3057154 DES 暗号化の使用を強化する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/3057154
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer および Microsoft Edge 上の Adobe Flash Player の脆弱性に対応する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2755801
+ マイクロソフト セキュリティ アドバイザリ 3123040 不注意で公開されたデジタル証明書により、なりすましが行われる
https://technet.microsoft.com/ja-jp/library/security/3123040
+ RHSA-2015:2552 Important: kernel security and bug fix update
https://rhn.redhat.com/errata/RHSA-2015-2552.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104
+ RHSA-2015:2561 Moderate: git security update
https://rhn.redhat.com/errata/RHSA-2015-2561.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7545
+ About the security content of Xcode 7.2
https://support.apple.com/ja-jp/HT205642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7057
+ About the security content of Safari 9.0.2
https://support.apple.com/ja-jp/HT205639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7050
+ About the security content of watchOS 2.1
https://support.apple.com/ja-jp/HT205641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6997
+ About the security content of OS X El Capitan 10.11.2 and Security Update 2015-008
https://support.apple.com/ja-jp/HT205637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE
-2015-7111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7044
+ About the security content of tvOS 9.1
https://support.apple.com/ja-jp/HT205640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7066
+ About the security content of iOS 9.2
https://support.apple.com/ja-jp/HT205635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7050
+ Google Chrome 47.0.2526.80 released
http://googlechromereleases.blogspot.jp/2015/12/stable-channel-update_8.html
+ Opera 34 released
http://www.opera.com/docs/changelogs/unified/3400/
+ nginx 1.9.8 released
http://nginx.org/
+ APSB15-32 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb15-32.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8405
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8413
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8436
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8439
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8453
+ CESA-2015:2549 Moderate CentOS 6 libxml2 Security Update
http://lwn.net/Alerts/667133/
+ Cisco DPC3939 (XB3) Router Administrative Web Interface Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151208-xb3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6361
+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp
+ Cisco Residential Gateway Devices Cross-Site Request Forgery Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151208-gateway
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6378
+ Cisco Wireless Residential Unauthorized Command Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151208-cwr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6401
+ Cisco Wireless Residential Gateway Stored Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151208-wrg
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6402
+ Samba 4.2.6 Available for Donwload
http://samba.org/samba/history/samba-4.2.6.html
+ Multiple Apple Products libc File System Buffer Overflow Patch
https://cxsecurity.com/issue/WLB-2015120089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7039
PoWA 3.0.0 released
http://www.postgresql.org/about/news/1629/
UPDATE: JVNDB-2015-000196 「アクセス解析」におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000196.html
News & Trend
広範なJava関連ソフトに潜む新手の脆弱性、その影響度は?
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/120700395/?ST=security
マイナンバー対応、企業の実情
マイナンバー「対応せずとも罰則なし」?対応しない企業は番号法違反
http://itpro.nikkeibp.co.jp/atcl/column/15/120300275/120300003/?ST=security
キヤノンITソリューションズが「ESET Smart Security V9.0」発表、キー入力を暗号化
http://itpro.nikkeibp.co.jp/atcl/news/15/120804011/?ST=security
キヤノンITS、インターネットバンキング保護など追加した総合セキュリティソフト最新版
http://itpro.nikkeibp.co.jp/atcl/news/15/120804010/?ST=security
VU#377260 Up.time agent for Windows contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/377260
VU#439016 TaxiHail Android mobile app contains multiple vulnerabilties
http://www.kb.cert.org/vuls/id/439016
https://technet.microsoft.com/ja-jp/library/security/ms15-dec
+ MS15-124 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (3116180)
https://technet.microsoft.com/library/security/MS15-124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6149
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6151
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6164
+ MS15-125 - 緊急 Microsoft Edge 用の累積的なセキュリティ更新プログラム (3116184)
https://technet.microsoft.com/library/security/MS15-125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6151
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6176
+ MS15-126 - 緊急 リモートでのコード実行に対処する JScript および VBScript 用の累積的なセキュリティ更新プログラム (3116178)
https://technet.microsoft.com/library/security/MS15-126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6136
+ MS15-127 - 緊急 リモートでのコード実行に対処する Microsoft Windows DNS 用のセキュリティ更新プログラム (3100465)
https://technet.microsoft.com/library/security/MS15-127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6125
+ MS15-128 - 緊急 リモートでのコード実行に対処する Microsoft Graphics コンポーネント用のセキュリティ更新プログラム (3104503)
https://technet.microsoft.com/library/security/MS15-128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6108
+ MS15-129 - 緊急 リモートでのコード実行に対処する Silverlight 用のセキュリティ更新プログラム (3106614)
https://technet.microsoft.com/library/security/MS15-129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6165
+ MS15-130 - 緊急 リモートでのコード実行に対処する Microsoft Uniscribe 用のセキュリティ更新プログラム (3108670)
https://technet.microsoft.com/library/security/MS15-130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6130
+ MS15-131 - 緊急 リモートでのコード実行に対処する Microsoft Office 用のセキュリティ更新プログラム (3116111)
https://technet.microsoft.com/library/security/MS15-131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6172
+ MS15-132 - 重要 リモートでのコード実行に対処する Microsoft Windows 用のセキュリティ更新プログラム (3116162)
https://technet.microsoft.com/library/security/MS15-132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6133
+ MS15-133 - 重要 特権の昇格に対処する Windows PGM 用のセキュリティ更新プログラム (3116130)
https://technet.microsoft.com/library/security/MS15-133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6126
+ MS15-134 - 重要 リモートでのコード実行に対処する Windows Media Center 用のセキュリティ更新プログラム (3108669)
https://technet.microsoft.com/library/security/MS15-134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6127
+ MS15-135 - 重要 特権の昇格に対処する Windows カーネル モード ドライバー用のセキュリティ更新プログラム (3119075)
https://technet.microsoft.com/library/security/MS15-135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6175
+ UPDATE: マイクロソフト セキュリティ アドバイザリ 3057154 DES 暗号化の使用を強化する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/3057154
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer および Microsoft Edge 上の Adobe Flash Player の脆弱性に対応する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2755801
+ マイクロソフト セキュリティ アドバイザリ 3123040 不注意で公開されたデジタル証明書により、なりすましが行われる
https://technet.microsoft.com/ja-jp/library/security/3123040
+ RHSA-2015:2552 Important: kernel security and bug fix update
https://rhn.redhat.com/errata/RHSA-2015-2552.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104
+ RHSA-2015:2561 Moderate: git security update
https://rhn.redhat.com/errata/RHSA-2015-2561.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7545
+ About the security content of Xcode 7.2
https://support.apple.com/ja-jp/HT205642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7057
+ About the security content of Safari 9.0.2
https://support.apple.com/ja-jp/HT205639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7050
+ About the security content of watchOS 2.1
https://support.apple.com/ja-jp/HT205641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6997
+ About the security content of OS X El Capitan 10.11.2 and Security Update 2015-008
https://support.apple.com/ja-jp/HT205637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE
-2015-7111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7044
+ About the security content of tvOS 9.1
https://support.apple.com/ja-jp/HT205640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7066
+ About the security content of iOS 9.2
https://support.apple.com/ja-jp/HT205635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7050
+ Google Chrome 47.0.2526.80 released
http://googlechromereleases.blogspot.jp/2015/12/stable-channel-update_8.html
+ Opera 34 released
http://www.opera.com/docs/changelogs/unified/3400/
+ nginx 1.9.8 released
http://nginx.org/
+ APSB15-32 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb15-32.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8405
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8413
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8436
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8439
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8453
+ CESA-2015:2549 Moderate CentOS 6 libxml2 Security Update
http://lwn.net/Alerts/667133/
+ Cisco DPC3939 (XB3) Router Administrative Web Interface Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151208-xb3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6361
+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp
+ Cisco Residential Gateway Devices Cross-Site Request Forgery Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151208-gateway
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6378
+ Cisco Wireless Residential Unauthorized Command Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151208-cwr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6401
+ Cisco Wireless Residential Gateway Stored Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151208-wrg
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6402
+ Samba 4.2.6 Available for Donwload
http://samba.org/samba/history/samba-4.2.6.html
+ Multiple Apple Products libc File System Buffer Overflow Patch
https://cxsecurity.com/issue/WLB-2015120089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7039
PoWA 3.0.0 released
http://www.postgresql.org/about/news/1629/
UPDATE: JVNDB-2015-000196 「アクセス解析」におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000196.html
News & Trend
広範なJava関連ソフトに潜む新手の脆弱性、その影響度は?
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/120700395/?ST=security
マイナンバー対応、企業の実情
マイナンバー「対応せずとも罰則なし」?対応しない企業は番号法違反
http://itpro.nikkeibp.co.jp/atcl/column/15/120300275/120300003/?ST=security
キヤノンITソリューションズが「ESET Smart Security V9.0」発表、キー入力を暗号化
http://itpro.nikkeibp.co.jp/atcl/news/15/120804011/?ST=security
キヤノンITS、インターネットバンキング保護など追加した総合セキュリティソフト最新版
http://itpro.nikkeibp.co.jp/atcl/news/15/120804010/?ST=security
VU#377260 Up.time agent for Windows contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/377260
VU#439016 TaxiHail Android mobile app contains multiple vulnerabilties
http://www.kb.cert.org/vuls/id/439016
2015年12月8日火曜日
8日 火曜日、赤口
+ RHSA-2015:2549 Moderate: libxml2 security update
https://rhn.redhat.com/errata/RHSA-2015-2549.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317
+ RHSA-2015:2550 Moderate: libxml2 security update
https://rhn.redhat.com/errata/RHSA-2015-2550.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317
+ UPDATE: Cisco Web Security Appliance Native FTP Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-wsa
+ Cisco Prime Service Catalog Web Interface Unauthorized Access Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151207-psc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6395
+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp
+ UPDATE: Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd
+ HS15-032 Vulnerability in JP1/Automatic Job Management System 3
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-032/index.html
+ HS15-031 Multiple Vulnerabilities in Hitachi Command Suite
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-031/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
+ HS15-030 Multiple Cross-site Scripting Vulnerabilities in EUR
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-030/index.html
+ HS15-032 JP1/Automatic Job Management System 3における脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-032/index.html
+ HS15-031 Hitachi Command Suite製品における複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-031/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
+ HS15-030 EURにおける複数のクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-030/index.html
+ Apache Tomcat 8.0.30 Released
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.30_(markt)
+ Dovecot 2.2.20 released
http://www.dovecot.org/list/dovecot-news/2015-December/000303.html
+ MySQL 5.7.10, 5.5.47 released
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-10.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html
+ JVNVU#95113540 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU95113540/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1794
+ JVNVU#99160787 OpenSSL に証明書チェーンの検証不備の脆弱性
http://jvn.jp/vu/JVNVU99160787/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1793
+ JVNVU#95877131 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU95877131/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0290
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286
+ Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code, Bypass Security Restrictions, and Spoof Content
http://www.securitytracker.com/id/1034298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6765
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6779
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6787
JVNDB-2015-000191 iOS アプリ「GANMA!」における SSL サーバ証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000191.html
マイナンバー対応、企業の実情
マイナンバー対応、ベンダーの“セキュリティ危機煽り”に悩むユーザー企業
http://itpro.nikkeibp.co.jp/atcl/column/15/120300275/120300002/?ST=security
マイナンバー対応、企業の実情
三井化学のマイナンバー対応、委託や改修後倒しでコスト最少化
http://itpro.nikkeibp.co.jp/atcl/column/15/120300275/120300001/?ST=security
セールスフォース向けセキュアファイル共有ツール「S-Cube for Chatter」、Coreが発売
http://itpro.nikkeibp.co.jp/atcl/news/15/120703995/?ST=security
A10、同社初のファイアウォール機「Thunder CFW」を2016年1Qに出荷
http://itpro.nikkeibp.co.jp/atcl/news/15/120703993/?ST=security
JVN#70083512 「アクセス解析」におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN70083512/
https://rhn.redhat.com/errata/RHSA-2015-2549.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317
+ RHSA-2015:2550 Moderate: libxml2 security update
https://rhn.redhat.com/errata/RHSA-2015-2550.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317
+ UPDATE: Cisco Web Security Appliance Native FTP Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-wsa
+ Cisco Prime Service Catalog Web Interface Unauthorized Access Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151207-psc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6395
+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp
+ UPDATE: Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd
+ HS15-032 Vulnerability in JP1/Automatic Job Management System 3
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-032/index.html
+ HS15-031 Multiple Vulnerabilities in Hitachi Command Suite
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-031/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
+ HS15-030 Multiple Cross-site Scripting Vulnerabilities in EUR
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-030/index.html
+ HS15-032 JP1/Automatic Job Management System 3における脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-032/index.html
+ HS15-031 Hitachi Command Suite製品における複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-031/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
+ HS15-030 EURにおける複数のクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-030/index.html
+ Apache Tomcat 8.0.30 Released
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.30_(markt)
+ Dovecot 2.2.20 released
http://www.dovecot.org/list/dovecot-news/2015-December/000303.html
+ MySQL 5.7.10, 5.5.47 released
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-10.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html
+ JVNVU#95113540 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU95113540/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1794
+ JVNVU#99160787 OpenSSL に証明書チェーンの検証不備の脆弱性
http://jvn.jp/vu/JVNVU99160787/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1793
+ JVNVU#95877131 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU95877131/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0290
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286
+ Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code, Bypass Security Restrictions, and Spoof Content
http://www.securitytracker.com/id/1034298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6765
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6779
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6787
JVNDB-2015-000191 iOS アプリ「GANMA!」における SSL サーバ証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000191.html
マイナンバー対応、企業の実情
マイナンバー対応、ベンダーの“セキュリティ危機煽り”に悩むユーザー企業
http://itpro.nikkeibp.co.jp/atcl/column/15/120300275/120300002/?ST=security
マイナンバー対応、企業の実情
三井化学のマイナンバー対応、委託や改修後倒しでコスト最少化
http://itpro.nikkeibp.co.jp/atcl/column/15/120300275/120300001/?ST=security
セールスフォース向けセキュアファイル共有ツール「S-Cube for Chatter」、Coreが発売
http://itpro.nikkeibp.co.jp/atcl/news/15/120703995/?ST=security
A10、同社初のファイアウォール機「Thunder CFW」を2016年1Qに出荷
http://itpro.nikkeibp.co.jp/atcl/news/15/120703993/?ST=security
JVN#70083512 「アクセス解析」におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN70083512/
2015年12月7日月曜日
7日 月曜日、大安
+ Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195
+ Cisco Nexus 5000 Series USB Driver Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-nexus
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6394
+ Linux kernel 2.6.32.69 released
https://cdn.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/ChangeLog-2.6.32.69
+ FreeBSD-SA-15:26.openssl Multiple OpenSSL vulnerabilities
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:26.openssl.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196
+ GCC 5.3 released
https://gcc.gnu.org/gcc-5/
+ OpenSSL Multiple Bugs Let Remote Users Deny Service and Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1034294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196
チェックしておきたい脆弱性情報<2015.12.7>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/112900089/?ST=security
フォーティネットが日本にセキュリティ研究ラボを開設、日本企業に有益な情報を提供
http://itpro.nikkeibp.co.jp/atcl/news/15/120403976/?ST=security
インフォテリアとブロックチェーン技術の新興企業が提携、国内でも開発競争が盛んに
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/120300393/?ST=security
閲覧しただけで感染する不正ネット広告が急増、トレンドマイクロが注意喚起
http://itpro.nikkeibp.co.jp/atcl/news/15/120303960/?ST=security
Googleの教育機関向け製品について米プライバシー団体が苦情申請
http://itpro.nikkeibp.co.jp/atcl/news/15/120303947/?ST=security
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195
+ Cisco Nexus 5000 Series USB Driver Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-nexus
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6394
+ Linux kernel 2.6.32.69 released
https://cdn.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/ChangeLog-2.6.32.69
+ FreeBSD-SA-15:26.openssl Multiple OpenSSL vulnerabilities
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:26.openssl.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196
+ GCC 5.3 released
https://gcc.gnu.org/gcc-5/
+ OpenSSL Multiple Bugs Let Remote Users Deny Service and Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1034294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196
チェックしておきたい脆弱性情報<2015.12.7>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/112900089/?ST=security
フォーティネットが日本にセキュリティ研究ラボを開設、日本企業に有益な情報を提供
http://itpro.nikkeibp.co.jp/atcl/news/15/120403976/?ST=security
インフォテリアとブロックチェーン技術の新興企業が提携、国内でも開発競争が盛んに
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/120300393/?ST=security
閲覧しただけで感染する不正ネット広告が急増、トレンドマイクロが注意喚起
http://itpro.nikkeibp.co.jp/atcl/news/15/120303960/?ST=security
Googleの教育機関向け製品について米プライバシー団体が苦情申請
http://itpro.nikkeibp.co.jp/atcl/news/15/120303947/?ST=security
2015年12月4日金曜日
4日 金曜日、友引
+ CESA-2015:2521 Important CentOS 6 jakarta-commons-collections Security Update
http://lwn.net/Alerts/666720/
+ CESA-2015:2504 Moderate CentOS 6 libreport Security Update
http://lwn.net/Alerts/666721/
+ UPDATE: Cisco IOS XE 3S Platforms Series root Shell License Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-iosxe3s
+ UPDATE: Cisco Networking Services Sensitive Information Disclosure Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151120-ns
+ cURL 7.46.0 released
http://curl.haxx.se/changes.html#7_46_0
+ PHP 7.0.0 Released
http://php.net/archive/2015.php#id2015-12-03-1
+ MySQL 5.6.28 released
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html
+ OpenSSL Security Advisory [3 Dec 2015]
http://www.openssl.org/news/secadv/20151203.txt
+ OpenSSL 1.0.2e, 1.0.1q, 1.0.0t, 0.9.8zh released
http://www.openssl.org/news/openssl-1.0.2-notes.html
http://www.openssl.org/news/openssl-1.0.1-notes.html
http://www.openssl.org/news/openssl-1.0.0-notes.html
http://www.openssl.org/news/openssl-0.9.8-notes.html
+ EMC NetWorker RPC Authentication Message Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1034287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6849
+ Microsoft Windows Includes Compromised Dell Certificates
http://www.securitytracker.com/id/1034283
JVNDB-2015-000190 EC-CUBE 用プラグイン「管理画面表示制御プラグイン」における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000190.html
http://lwn.net/Alerts/666720/
+ CESA-2015:2504 Moderate CentOS 6 libreport Security Update
http://lwn.net/Alerts/666721/
+ UPDATE: Cisco IOS XE 3S Platforms Series root Shell License Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-iosxe3s
+ UPDATE: Cisco Networking Services Sensitive Information Disclosure Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151120-ns
+ cURL 7.46.0 released
http://curl.haxx.se/changes.html#7_46_0
+ PHP 7.0.0 Released
http://php.net/archive/2015.php#id2015-12-03-1
+ MySQL 5.6.28 released
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html
+ OpenSSL Security Advisory [3 Dec 2015]
http://www.openssl.org/news/secadv/20151203.txt
+ OpenSSL 1.0.2e, 1.0.1q, 1.0.0t, 0.9.8zh released
http://www.openssl.org/news/openssl-1.0.2-notes.html
http://www.openssl.org/news/openssl-1.0.1-notes.html
http://www.openssl.org/news/openssl-1.0.0-notes.html
http://www.openssl.org/news/openssl-0.9.8-notes.html
+ EMC NetWorker RPC Authentication Message Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1034287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6849
+ Microsoft Windows Includes Compromised Dell Certificates
http://www.securitytracker.com/id/1034283
JVNDB-2015-000190 EC-CUBE 用プラグイン「管理画面表示制御プラグイン」における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000190.html
2015年12月3日木曜日
3日 木曜日、先勝
+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp
+ Cisco Unity Connection Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151202-pca
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6390
+ Cisco SIP Phone 3905 Resource Limitation Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151202-sip
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6391
チェックしておきたい脆弱性情報<2015.12.3>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/112900088/?ST=security
JVNVU#98418421 Epiphany Cardio Server に SQL インジェクションおよび LDAP インジェクションの脆弱性
http://jvn.jp/vu/JVNVU98418421/
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp
+ Cisco Unity Connection Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151202-pca
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6390
+ Cisco SIP Phone 3905 Resource Limitation Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151202-sip
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6391
チェックしておきたい脆弱性情報<2015.12.3>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/112900088/?ST=security
JVNVU#98418421 Epiphany Cardio Server に SQL インジェクションおよび LDAP インジェクションの脆弱性
http://jvn.jp/vu/JVNVU98418421/
2015年12月2日水曜日
2日 水曜日、赤口
+ Google Chrome 47.0.2526.73 released
http://googlechromereleases.blogspot.jp/2015/12/stable-channel-update.html
+ Cisco WebEx Meetings for Android Custom Permissions Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151201-wmc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6384
+ Cisco Unified Computing System Central Software Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151201-ucs
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6387
+ Cisco UCS Central Software Server-Side Request Forgery Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151201-ucs1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6388
+ Samba 4.3.2 Available for Download
https://www.samba.org/samba/history/samba-4.3.2.html
+ Xen Heap Overflow in PC-Net II Emulator Lets Local Users on a Guest System Gain Elevated Privileges on the Host System
http://www.securitytracker.com/id/1034268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7504
JVNVU#97647301 RSI Video Technologies の Videofied Frontel がセキュアでない独自プロトコルを使用する問題
http://jvn.jp/vu/JVNVU97647301/index.html
VU#630239 Epiphany Cardio Server version 3.3 is vulnerable to SQL and LDAP injection
http://www.kb.cert.org/vuls/id/630239
http://googlechromereleases.blogspot.jp/2015/12/stable-channel-update.html
+ Cisco WebEx Meetings for Android Custom Permissions Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151201-wmc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6384
+ Cisco Unified Computing System Central Software Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151201-ucs
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6387
+ Cisco UCS Central Software Server-Side Request Forgery Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151201-ucs1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6388
+ Samba 4.3.2 Available for Download
https://www.samba.org/samba/history/samba-4.3.2.html
+ Xen Heap Overflow in PC-Net II Emulator Lets Local Users on a Guest System Gain Elevated Privileges on the Host System
http://www.securitytracker.com/id/1034268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7504
JVNVU#97647301 RSI Video Technologies の Videofied Frontel がセキュアでない独自プロトコルを使用する問題
http://jvn.jp/vu/JVNVU97647301/index.html
VU#630239 Epiphany Cardio Server version 3.3 is vulnerable to SQL and LDAP injection
http://www.kb.cert.org/vuls/id/630239
2015年12月1日火曜日
1日 火曜日、大安
+ RHSA-2015:2521 Important: jakarta-commons-collections security update
https://rhn.redhat.com/errata/RHSA-2015-2521.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501
+ RHSA-2015:2522 Important: apache-commons-collections security update
https://rhn.redhat.com/errata/RHSA-2015-2522.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501
+ Cisco Cloud Services Router 1000V Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-csr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6385
+ Cisco Web Security Appliance Native FTP Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-wsa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6386
+ UPDATE: Cisco FireSIGHT Management Center Certificate Validation Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fmc
+ UPDATE: Cisco Identity Services Engine Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150128-CVE-2014-8022
+ Cisco ASR 1000 Series Root Shell License Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-asa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6383
+ HS15-029 Vulnerability in Cosminexus HTTP Server and Hitachi Web Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-029/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183
+ HS15-028 XML External Entity (XXE) Vulnerability in Hitachi Command Suite
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-028/index.html
+ HS15-029 Cosminexus HTTP Server, Hitachi Web Serverにおける脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-029/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183
+ HS15-028 Hitachi Command Suite製品における任意のファイルが参照できる脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-028/index.html
+ OpenLDAP 2.4.43 released
http://www.openldap.org/software/release/
Announcing PGConf US 2016: Apr 18 - 20, NYC - Call for Presentations Open
http://www.postgresql.org/about/news/1628/
JVNDB-2015-000189 p++BBS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000189.html
JVNDB-2015-000188 フレーム高速チャットにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000188.html
三菱東京UFJ銀行から出会い系サイト利用者の電話番号1万4000件漏洩、システムに不備
http://itpro.nikkeibp.co.jp/atcl/news/15/113003910/?ST=security
VU#792004 RSI Video Technologies Videofied security system Frontel software uses an insecure custom protocol
http://www.kb.cert.org/vuls/id/792004
https://rhn.redhat.com/errata/RHSA-2015-2521.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501
+ RHSA-2015:2522 Important: apache-commons-collections security update
https://rhn.redhat.com/errata/RHSA-2015-2522.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501
+ Cisco Cloud Services Router 1000V Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-csr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6385
+ Cisco Web Security Appliance Native FTP Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-wsa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6386
+ UPDATE: Cisco FireSIGHT Management Center Certificate Validation Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fmc
+ UPDATE: Cisco Identity Services Engine Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150128-CVE-2014-8022
+ Cisco ASR 1000 Series Root Shell License Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-asa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6383
+ HS15-029 Vulnerability in Cosminexus HTTP Server and Hitachi Web Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-029/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183
+ HS15-028 XML External Entity (XXE) Vulnerability in Hitachi Command Suite
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-028/index.html
+ HS15-029 Cosminexus HTTP Server, Hitachi Web Serverにおける脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-029/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183
+ HS15-028 Hitachi Command Suite製品における任意のファイルが参照できる脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-028/index.html
+ OpenLDAP 2.4.43 released
http://www.openldap.org/software/release/
Announcing PGConf US 2016: Apr 18 - 20, NYC - Call for Presentations Open
http://www.postgresql.org/about/news/1628/
JVNDB-2015-000189 p++BBS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000189.html
JVNDB-2015-000188 フレーム高速チャットにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000188.html
三菱東京UFJ銀行から出会い系サイト利用者の電話番号1万4000件漏洩、システムに不備
http://itpro.nikkeibp.co.jp/atcl/news/15/113003910/?ST=security
VU#792004 RSI Video Technologies Videofied security system Frontel software uses an insecure custom protocol
http://www.kb.cert.org/vuls/id/792004
2015年11月30日月曜日
30日 月曜日、仏滅
+ CESA-2015:2519 Important CentOS 5 thunderbird Security Update
http://lwn.net/Alerts/665964/
+ CESA-2015:2519 Important CentOS 6 thunderbird Security Update
http://lwn.net/Alerts/665965/
+ Linux kernel 3.12.51, 3.2.74 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.51
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.74
+ ProFTPd 1.3.5a Heap Overflow
https://cxsecurity.com/issue/WLB-2015110233
+ Google Translate Cross Site Scripting
https://cxsecurity.com/issue/WLB-2015110221
JVNDB-2015-000187 Apache Cordova におけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000187.html
JVNDB-2015-000186 ManageEngine Firewall Analyzer におけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000186.html
JVNDB-2015-000185 ManageEngine Firewall Analyzer におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000185.html
チェックしておきたい脆弱性情報<2015.11.30>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/112600087/?ST=security
http://lwn.net/Alerts/665964/
+ CESA-2015:2519 Important CentOS 6 thunderbird Security Update
http://lwn.net/Alerts/665965/
+ Linux kernel 3.12.51, 3.2.74 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.51
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.74
+ ProFTPd 1.3.5a Heap Overflow
https://cxsecurity.com/issue/WLB-2015110233
+ Google Translate Cross Site Scripting
https://cxsecurity.com/issue/WLB-2015110221
JVNDB-2015-000187 Apache Cordova におけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000187.html
JVNDB-2015-000186 ManageEngine Firewall Analyzer におけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000186.html
JVNDB-2015-000185 ManageEngine Firewall Analyzer におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000185.html
チェックしておきたい脆弱性情報<2015.11.30>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/112600087/?ST=security
2015年11月27日金曜日
27日 金曜日、先勝
+ RHSA-2015:2519 Important: thunderbird security update
https://rhn.redhat.com/errata/RHSA-2015-2519.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7200
+ Mozilla Thunderbird 38.4.0 released
https://www.mozilla.org/en-US/thunderbird/38.4.0/releasenotes/
+ UPDATE: Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci
+ PHP 5.6.16 is available
http://www.php.net/ChangeLog-5.php#5.6.16
JVNVU#99824449 Dell System Detect (DSD) がルート証明書と秘密鍵 (DSDTestProvider) をインストールする問題
http://jvn.jp/vu/JVNVU99824449/
JVNVU#91791008 Dell Foundation Services (DFS) がルート証明書と秘密鍵 (eDellRoot) をインストールする問題
http://jvn.jp/vu/JVNVU91791008/
UPDATE: JVNVU#95877131 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU95877131/index.html
UPDATE: JVNVU#99125992 SSL/TLS の実装が輸出グレードの RSA 鍵を受け入れる問題 (FREAK 攻撃)
http://jvn.jp/vu/JVNVU99125992/index.html
UPDATE: JVNVU#96605606 Network Time Protocol daemon (ntpd) に複数の脆弱性
http://jvn.jp/vu/JVNVU96605606/index.html
UPDATE: JVNVU#98283300 SSLv3 プロトコルに暗号化データを解読される脆弱性(POODLE 攻撃)
http://jvn.jp/vu/JVNVU98283300/index.html
UPDATE: JVN#48135658 複数のルータ製品におけるクリックジャッキングの脆弱性
http://jvn.jp/jp/JVN48135658/index.html
JVNVU#96100360 組込み機器に固有でない X.509 証明書および SSH ホスト鍵を使用している問題
http://jvn.jp/vu/JVNVU96100360/index.html
Google、「忘れられる権利」対策で累計44万リンクを削除
http://itpro.nikkeibp.co.jp/atcl/news/15/112603862/?ST=security
https://rhn.redhat.com/errata/RHSA-2015-2519.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7200
+ Mozilla Thunderbird 38.4.0 released
https://www.mozilla.org/en-US/thunderbird/38.4.0/releasenotes/
+ UPDATE: Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci
+ PHP 5.6.16 is available
http://www.php.net/ChangeLog-5.php#5.6.16
JVNVU#99824449 Dell System Detect (DSD) がルート証明書と秘密鍵 (DSDTestProvider) をインストールする問題
http://jvn.jp/vu/JVNVU99824449/
JVNVU#91791008 Dell Foundation Services (DFS) がルート証明書と秘密鍵 (eDellRoot) をインストールする問題
http://jvn.jp/vu/JVNVU91791008/
UPDATE: JVNVU#95877131 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU95877131/index.html
UPDATE: JVNVU#99125992 SSL/TLS の実装が輸出グレードの RSA 鍵を受け入れる問題 (FREAK 攻撃)
http://jvn.jp/vu/JVNVU99125992/index.html
UPDATE: JVNVU#96605606 Network Time Protocol daemon (ntpd) に複数の脆弱性
http://jvn.jp/vu/JVNVU96605606/index.html
UPDATE: JVNVU#98283300 SSLv3 プロトコルに暗号化データを解読される脆弱性(POODLE 攻撃)
http://jvn.jp/vu/JVNVU98283300/index.html
UPDATE: JVN#48135658 複数のルータ製品におけるクリックジャッキングの脆弱性
http://jvn.jp/jp/JVN48135658/index.html
JVNVU#96100360 組込み機器に固有でない X.509 証明書および SSH ホスト鍵を使用している問題
http://jvn.jp/vu/JVNVU96100360/index.html
Google、「忘れられる権利」対策で累計44万リンクを削除
http://itpro.nikkeibp.co.jp/atcl/news/15/112603862/?ST=security
登録:
投稿 (Atom)