+ 2015 年 1 月のマイクロソフト セキュリティ情報の概要
https://technet.microsoft.com/ja-jp/library/security/ms15-jan
+ MS15-001 - 重要 Windows Application Compatibility Cache の脆弱性により、特権が昇格される (3023266)
https://technet.microsoft.com/library/security/MS15-001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0002
+ MS15-002 - 緊急 Windows Telnet サービスの脆弱性により、リモートでコードが実行される (3020393)
https://technet.microsoft.com/library/security/MS15-002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0014
+ MS15-003 - 重要 Windows User Profile Service の脆弱性により、特権が昇格される (3021674)
https://technet.microsoft.com/library/security/MS15-003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0004
+ MS15-004 - 重要 Windows コンポーネントの脆弱性により、特権が昇格される (3025421)
https://technet.microsoft.com/library/security/MS15-004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0016
+ MS15-005 - 重要 Network Location Awareness Service の脆弱性により、セキュリティ機能のバイパスが起こる (3022777)
https://technet.microsoft.com/library/security/MS15-005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0006
+ MS15-006 - 重要 Windows エラー報告の脆弱性により、セキュリティ機能のバイパスが起こる (3004365)
https://technet.microsoft.com/library/security/MS15-006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0001
+ MS15-007 - 重要 ネットワーク ポリシー サーバーの RADIUS 実装の脆弱性により、サービス拒否が起こる (3014029)
https://technet.microsoft.com/library/security/MS15-007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0015
+ MS15-008 - 重要 Windows カーネルモード ドライバーの脆弱性により、特権が昇格される (3019215)
https://technet.microsoft.com/library/security/MS15-008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0011
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2755801
+ RHSA-2015:0046 Critical: firefox security and bug fix update
https://rhn.redhat.com/errata/RHSA-2015-0046.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8641
+ RHSA-2015:0047 Important: thunderbird security update
https://rhn.redhat.com/errata/RHSA-2015-0047.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8639
+ RHSA-2015:0046 Critical: firefox security and bug fix update
https://access.redhat.com/errata/RHSA-2015:0046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8641
+ Google Chrome 39.0.2171.99 released
http://googlechromereleases.blogspot.jp/2015/01/stable-channel-update.html
+ Mozilla Firefox 35.0 released
https://www.mozilla.org/en-US/firefox/35.0/releasenotes/
+ MSFA-2015-09 XrayWrapper bypass through DOM objects
https://www.mozilla.org/ja/security/advisories/mfsa2015-09/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8636
+ MSFA-2015-08 Delegated OCSP responder certificates failure with id-pkix-ocsp-nocheck extension
https://www.mozilla.org/ja/security/advisories/mfsa2015-08/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8642
+ MSFA-2015-07 Gecko Media Plugin sandbox escape
https://www.mozilla.org/ja/security/advisories/mfsa2015-07/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8643
+ MSFA-2015-06 Read-after-free in WebRTC
https://www.mozilla.org/ja/security/advisories/mfsa2015-06/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8641
+ MSFA-2015-05 Read of uninitialized memory in Web Audio
https://www.mozilla.org/ja/security/advisories/mfsa2015-05/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8640
+ MSFA-2015-04 Cookie injection through Proxy Authenticate responses
https://www.mozilla.org/ja/security/advisories/mfsa2015-04/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8639
+ MSFA-2015-03 sendBeacon requests lack an Origin header
https://www.mozilla.org/ja/security/advisories/mfsa2015-03/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8638
+ MSFA-2015-02 Uninitialized memory use during bitmap rendering
https://www.mozilla.org/ja/security/advisories/mfsa2015-02/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8637
+ MSFA-2015-01 Miscellaneous memory safety hazards (rv:35.0 / rv:31.4)
https://www.mozilla.org/ja/security/advisories/mfsa2015-01/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8635
+ APSB15-01 Security updates available for Adobe Flash Player
http://helpx.adobe.com/security/products/flash-player/apsb15-01.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0304
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0305
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0306
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0309
+ Mozilla Thunderbird 31.4.0 released
https://www.mozilla.org/en-US/thunderbird/31.4.0/releasenotes/
+ UPDATE: Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa
+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd
+ HPSBOV03228 rev.1 - HP OpenVMS running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04533737&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
+ REMOTE: Oracle MySQL for Microsoft Windows FILE Privilege Abuse
http://www.exploit-db.com/exploits/35777
+ DoS/PoC: OS X 10.10 Bluetooth DispatchHCICreateConnection - Crash PoC
http://www.exploit-db.com/exploits/35771
+ DoS/PoC: OS X 10.10 Bluetooth BluetoothHCIChangeLocalName - Crash PoC
http://www.exploit-db.com/exploits/35772
+ DoS/PoC: OS X 10.10 Bluetooth TransferACLPacketToHW - Crash PoC
http://www.exploit-db.com/exploits/35773
+ DoS/Poc: OS X 10.10 Bluetooth DispatchHCIWriteStoredLinkKey - Crash PoC
http://www.exploit-db.com/exploits/35774
+ Gecko CMS 2.3 Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2015010058
+ Oracle MySQL for Microsoft Windows FILE Privilege Abuse
http://cxsecurity.com/issue/WLB-2015010057
CSIRTメモ
チェックしておきたい脆弱性情報<2015.01.14>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/011300038/?ST=security
ネットアシストがサーバー監視サービス、電話通知などは有償
http://itpro.nikkeibp.co.jp/atcl/news/15/011300140/?ST=security
ミクシィ運営のポイントサイトなどにリスト型攻撃、43万円分不正利用
http://itpro.nikkeibp.co.jp/atcl/news/15/011300139/?ST=security
1万8000以上のメールアカウントに不正アクセス、So-netにリスト型攻撃か
http://itpro.nikkeibp.co.jp/atcl/news/15/011300137/?ST=security
Webブラウザーを“乗っ取る”、スマホを狙う新手のワンクリ詐欺
http://itpro.nikkeibp.co.jp/atcl/news/15/011300133/?ST=security
「サイバーセキュリティ基本法」が全面施行、NISCは省庁横断の司令塔に
http://itpro.nikkeibp.co.jp/atcl/news/15/011300129/?ST=security
VU#117604 Panasonic Arbitrator Back-End Server (BES) uses unencrypted communication
http://www.kb.cert.org/vuls/id/117604
REMOTE: Lexmark MarkVision Enterprise Arbitrary File Upload
http://www.exploit-db.com/exploits/35776
REMOTE: WordPress WP Symposium 14.11 Shell Upload
http://www.exploit-db.com/exploits/35778
0 件のコメント:
コメントを投稿