2015年3月2日月曜日

2日 月曜日、赤口

+ Selenium Server 2.45.0 released
http://code.google.com/p/selenium/wiki/Grid2

+ Selenium IE Driver Server 2.45.0 released
http://selenium.googlecode.com/git/cpp/iedriverserver/CHANGELOG

+ Selenium Client & WebDriver 2.45.0 released
http://selenium.googlecode.com/git/java/CHANGELOG

+ About the security content of OS X Yosemite v10.10.2 and Security Update 2015-001
https://support.apple.com/en-us/HT204244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4498
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8816
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4488
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4489
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4371
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8834

+ About the security content of Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3
https://support.apple.com/en-us/HT204243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4479

+ About the security content of iOS 8.1.3
https://support.apple.com/en-us/HT204245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4488
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4489
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4496
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4479

+ About the security content of Apple TV 7.0.3
https://support.apple.com/en-us/HT204246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4488
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4489
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4496
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352

+ UPDATE: GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost

+ UPDATE: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle

+ HPSBST03257 rev.1 - HP Storage Provisioning Manager for HP Matrix Operating Environment running OpenSSL, Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04568546&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ HPSBUX03244 SSRT101885 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Other Vulnerabilites
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04556853&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204

+ HPSBUX03273 SSRT101951 rev.1 - HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04580241&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0395
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0400
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0412

+ Linux kernel 3.18.8, 3.14.34, 3.10.70 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.8
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.34
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.70

+ VU#632140 Multiple Toshiba products are vulnerable to trusted service path privilege escalation
http://www.kb.cert.org/vuls/id/632140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0884

+ Glibc Buffer Overflow in vfscanf May Let Remote or Local Users Execute Arbitrary Code
http://www.securitytracker.com/id/1031818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1473

+ Glibc ResolveIPAddr() May Write DNS Request to Random File Descriptors Under High Load
http://www.securitytracker.com/id/1031801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7423

+ SA63010 Linux Kernel "sctp_assoc_update()" Memory Corruption Vulnerability
http://secunia.com/advisories/63010/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1421

+ SA63035 Kaspersky PURE Unspecified SSL/TLS Vulnerability
http://secunia.com/advisories/63035/

+ SA63149 GNU C Library "FCT()" Denial of Service Vulnerability
http://secunia.com/advisories/63149/

JVNDB-2015-000031 SEIL シリーズルータにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000031.html

JVNDB-2015-000033 jBCrypt におけるストレッチング処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000033.html

JVNDB-2015-000024 Joyful Note におけるファイル操作に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000024.html

JVNDB-2015-000028 KENT-WEB 製 Clip Board における任意のファイルを削除される脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000028.html

JVNDB-2015-000032 checkpw におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000032.html

インターポールの役割は「銭形警部」ではなく「ISP」――中谷総局長
http://itpro.nikkeibp.co.jp/atcl/news/15/022700723/?ST=security

REMOTE: Persistent Systems Client Automation Command Injection RCE
http://www.exploit-db.com/exploits/36206

0 件のコメント:

コメントを投稿