2015年2月6日金曜日

6日 金曜日、大安

+ RHSA-2015:0133 Critical: java-1.7.1-ibm security update
https://access.redhat.com/errata/RHSA-2015:0133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8891
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8892
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0412

+ Google Chrome 40.0.2214.111 released
http://googlechromereleases.blogspot.jp/2015/02/stable-channel-update.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1212

+ APSB15-04 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb15-04.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0313
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0314
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0315
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0316
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0320
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0330

+ phpMyAdmin 4.3.9 released
http://sourceforge.net/p/phpmyadmin/news/2015/02/phpmyadmin-439-release-notes/

+ HPSBMU03245 rev.1 - HP Insight Control server deployment Linux Preboot Execution Environment running Bash Shell, Multiple Vulnerabilities
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04556845&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187

+ PostgreSQL 9.4.1, 9.3.6, 9.2.10, 9.1.15 & 9.0.19 Released
http://www.postgresql.org/about/news/1569/
http://www.postgresql.org/docs/9.4/static/release-9-4-1.html
http://www.postgresql.org/docs/9.3/static/release-9-3-6.html
http://www.postgresql.org/docs/9.2/static/release-9-2-10.html
http://www.postgresql.org/docs/9.1/static/release-9-1-15.html
http://www.postgresql.org/docs/9.0/static/release-9-0-19.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8161

+ Adobe Flash Player Multiple Flaws Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1031706
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0314
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0315
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0316
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0320
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0330

+ PHP 5.6.3 unserialize() execute arbitrary code
http://cxsecurity.com/issue/WLB-2014120160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142

+ NTP "vallen" Information Disclosure and Denial of Service Vulnerabilities
http://secunia.com/advisories/62771/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9297

JVN#17480391 shiromuku(u1)GUESTBOOK におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN17480391/index.html

UPDATE: JVNVU#96605606 Network Time Protocol daemon (ntpd) に複数の脆弱性
http://jvn.jp/vu/JVNVU96605606/

JVN#17480391 shiromuku(u1)GUESTBOOK におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN17480391/

世界のセキュリティ・ラボから
Windows 10、セキュリティ意識の高い未来に向けて
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/020200030/?ST=security

Flash Playerの最新版が提供開始、危険なゼロデイ脆弱性を修正
http://itpro.nikkeibp.co.jp/atcl/news/15/020500426/?ST=security

中国、インターネットサービスの実名登録を義務づける新規制
http://itpro.nikkeibp.co.jp/atcl/news/15/020500424/?ST=security

VU#377644 Ektron Content Management System (CMS) contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/377644

VU#669156 Topline Systems Opportunity Form vulnerable to information disclosure
http://www.kb.cert.org/vuls/id/669156

REMOTE: Shuttle Tech ADSL Modem-Router 915 WM - Unauthenticated Remote DNS Change Exploit
http://www.exploit-db.com/exploits/35995

0 件のコメント:

コメントを投稿