:: IT Security Neophyte Investigator's MEMO ::: 16日木曜日、大安

2015年4月16日木曜日

16日木曜日、大安

+ 2015 年 4 月のマイクロソフトセキュリティ情報の概要
https://technet.microsoft.com/ja-jp/library/security/ms15-apr

+ MS15-032 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (3038314)
https://technet.microsoft.com/library/security/MS15-032
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1661
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1662
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1665
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1666
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1667
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1668

+ MS15-033 - 緊急 Microsoft Office の脆弱性により、リモートでコードが実行される (3048019)
https://technet.microsoft.com/library/security/MS15-033
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1639

+ MS15-034 - 緊急 HTTP.sys の脆弱性により、リモートでコードが実行される (3042553)
https://technet.microsoft.com/library/security/MS15-034
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1635

+ MS15-035 - 緊急 Microsoft Graphics コンポーネントの脆弱性により、リモートでコードが実行される (3046306)
https://technet.microsoft.com/library/security/MS15-035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1645

+ MS15-036 - 重要 Microsoft SharePoint Server の脆弱性により、特権が昇格される (3052044)
https://technet.microsoft.com/library/security/MS15-036
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1653

+ MS15-037 - 重要 Windows タスクスケジューラの脆弱性により、特権が昇格される (3046269)
https://technet.microsoft.com/library/security/MS15-037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0098

+ MS15-038 - 重要 Microsoft Windows の脆弱性により、特権が昇格される (3049576)
https://technet.microsoft.com/library/security/MS15-038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1644

+ MS15-039 - 重要 XML コアサービスの脆弱性により、セキュリティ機能のバイパスが起こる (3046482)
https://technet.microsoft.com/library/security/MS15-039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1646

+ MS15-040 - 重要 Active Directory フェデレーションサービスの脆弱性により、情報漏えいが起こる (3045711)
https://technet.microsoft.com/library/security/MS15-040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1638

+ MS15-041 - 重要 .NET Framework の脆弱性により、情報漏えいが起こる (3048010)
https://technet.microsoft.com/library/security/MS15-041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1648

+ MS15-042 - 重要 Windows Hyper-V の脆弱性により、サービス拒否が起こる (3047234)
https://technet.microsoft.com/library/security/MS15-042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1647

+ マイクロソフトセキュリティアドバイザリ 3045755 PKU2U 認証を改善するための更新プログラム
https://technet.microsoft.com/ja-jp/library/security/3045755

+ UPDATE: マイクロソフトセキュリティアドバイザリ 3009008 SSL 3.0 の脆弱性により、情報漏えいが起こる
https://technet.microsoft.com/ja-jp/library/security/3009008

+ RHSA-2015:0807 Important: java-1.7.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2015-0807.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488

+ RHSA-2015:0808 Important: java-1.6.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2015-0808.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488

+ RHSA-2015:0806 Critical: java-1.7.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2015-0806.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488

+ RHSA-2015:0809 Important: java-1.8.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2015-0809.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488

+ APSB15-06 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb15-06.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0346
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0347
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0348
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0349
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0350
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0354
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0355
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0356
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0357
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0358
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0359
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0360
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3044

+ APSB15-07 Security Update: Hotfixes available for ColdFusion
https://helpx.adobe.com/security/products/coldfusion/apsb15-07.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0345

+ APSB15-08 Security vulnerability in output of Adobe Flex ASdoc Tool
https://helpx.adobe.com/security/products/flex/apsb15-08.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1773

+ CESA-2015:0808 Important CentOS 7 java-1.6.0-openjdk Security Update
http://lwn.net/Alerts/640377/

+ CESA-2015:0808 Important CentOS 6 java-1.6.0-openjdk Security Update
http://lwn.net/Alerts/640378/

+ CESA-2015:0808 Important CentOS 5 java-1.6.0-openjdk Security Update
http://lwn.net/Alerts/640379/

+ CESA-2015:0806 Critical CentOS 7 java-1.7.0-openjdk Security Update
http://lwn.net/Alerts/640380/

+ CESA-2015:0806 Critical CentOS 6 java-1.7.0-openjdk Security Update
http://lwn.net/Alerts/640381/

+ CESA-2015:0807 Important CentOS 5 java-1.7.0-openjdk Security Update
http://lwn.net/Alerts/640382/

+ CESA-2015:0809 Important CentOS 7 java-1.8.0-openjdk Security Update
http://lwn.net/Alerts/640383/

+ CESA-2015:0809 Important CentOS 6 java-1.8.0-openjdk Security Update
http://lwn.net/Alerts/640384/

+ CESA-2015:0800 Moderate CentOS 5 openssl Security Update
http://lwn.net/Alerts/640273/

+ Cisco Secure Desktop Cache Cleaner Command Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0691

+ Cisco IOS XR Software BVI Routed Packet Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-iosxr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0695

+ UPDATE: Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd

+ HPSBOV03318 rev.1 - HP SSL for OpenVMS, Remote Denial of Service (DoS) and other Vulnerabilities
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04635715&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204

+ UPDATE: HPSBMU03263 rev.2 - HP Insight Control running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04574073&docLocale=ja_JP

+ Linux kernel 4.0 released
https://www.kernel.org/

+ Oracle Solaris Third Party Bulletin - April 2015
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3924
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9623
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9297

+ Oracle Critical Patch Update Advisory - April 2015
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4545
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0489
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0496
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2579
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2577
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2578
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2574
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2575
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0439
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0503
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0405
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0498
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0476

+ HS15-016 Vulnerability in Hitachi Web Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-016/index.html
+ HS15-016 Hitachi Web Serverにおける脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-016/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8964

+ HS15-015 Vulnerability in Cosminexus HTTP Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-015/index.html
+ HS15-015 Cosminexus HTTP Serverにおける脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-015/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4192

+ HS15-014 Vulnerability in Cosminexus HTTP Server and Hitachi Web Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-014/index.html
+ HS15-014 Cosminexus HTTP Server, Hitachi Web Serverにおける脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-014/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ HS15-013 DoS Vulnerability in Cosminexus HTTP Server and Hitachi Web Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-013/index.html
+ HS15-013 Cosminexus HTTP Server, Hitachi Web ServerにおけるDoS脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-013/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226

+ HS15-012 DoS Vulnerability in Hitachi Web Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-012/index.html
+ HS15-012 Hitachi Web ServerにおけるDoS脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-012/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ HS15-011 Vulnerabilities in Cosminexus HTTP Server, Hitachi Web Server header customization functionality
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-011/index.html
+ HS15-011 Cosminexus HTTP Server, Hitachi Web Serverのヘッダカスタマイズ機能における脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-011/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5704

+ HS15-010 Insecure certificate validation in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-010/index.html
+ HS15-010 Cosminexusにおける証明書検証の不備による脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-010/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3596

+ HS15-009 Privilege escalation vulnerability in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-009/index.html
+ HS15-009 Cosminexusにおける権限昇格の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-009/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3558

+ HS15-008 Multiple Vulnerabilities in Cosminexus XML Processor
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-008/index.html
+ HS15-008 Cosminexus XML Processorにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-008/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6517

+ Java SE 8u45, 7u79/80 Released
http://www.oracle.com/technetwork/java/javase/8u-relnotes-2225394.html
http://www.oracle.com/technetwork/java/javase/7u-relnotes-515228.html
http://www.oracle.com/technetwork/java/javase/7u79-relnotes-2494161.html
http://www.oracle.com/technetwork/java/javase/7u80-relnotes-2494162.html

+ DoS/PoC: Microsoft Window - HTTP.sys PoC (MS15-034)
http://www.exploit-db.com/exploits/36773/

+ SA63920 ProFTPD mod_copy SITE CPFR / CPTO Security Bypass Vulnerability
http://secunia.com/advisories/63920/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3306

+ SA63908 Ruby OpenSSL Hostname Certificate Validation Security Issue
http://secunia.com/advisories/63908/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1855

+ SA63911 Lhaplus Directory Traversal and Arbitrary Code Execution Vulnerabilities
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0907

+ SA63885 OpenStack Swift Object Versioning Security Bypass Vulnerability
http://secunia.com/advisories/63885/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1856

+ SA63731 PHP Multiple Vulnerabilities
http://secunia.com/advisories/63731/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783

+ SA63996 Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/63996/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1236
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1240
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1247
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1249

+ Microsoft Windows 8.1/7 others HTTP.sys Remote Code Execution
http://cxsecurity.com/issue/WLB-2015040087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1635

+ ProFTPd 1.3.5 Remote File Copy
http://cxsecurity.com/issue/WLB-2015040075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3306

+ Linux Kernel splice() System Call Local DoS
http://cxsecurity.com/issue/WLB-2015040069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7822

JVNDB-2015-001959 JBoss RichFaces において任意の Java コードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-001959.html

要件定義・基本設計で役立つ、安全なWebアプリ＆インフラ構築術
第6回　大きな被害が相次ぐ！文字列処理の落とし穴
http://itpro.nikkeibp.co.jp/atcl/column/15/021900028/041300008/?ST=security

大企業の87％は情報侵害の早期検知体制が不十分、RSA調査
http://itpro.nikkeibp.co.jp/atcl/news/15/041501315/?ST=security

記者の眼
1時間にLINEが700通！ネットのリテラシーを改めて考えた
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/041300242/?ST=security

News ＆ Trend
マイナンバー商戦がセキュリティ市場に波及、自治体向け専用機も
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/041300222/?ST=security

スマホをロックして身代金を要求　激増する新サイバー攻撃
http://itpro.nikkeibp.co.jp/atcl/news/15/041401305/?ST=security

JVNVU#97777423 Blue Coat Malware Analysis Appliance に複数の脆弱性
http://jvn.jp/vu/JVNVU97777423/

JVNVU#98215813 SearchBlox に複数の脆弱性
http://jvn.jp/vu/JVNVU98215813/

JVN#56297719 JBoss RichFaces において任意の Java コードが実行される脆弱性
http://jvn.jp/jp/JVN56297719/

UPDATE: JVN#12329472 Lhaplus において任意のコードを実行される脆弱性
http://jvn.jp/jp/JVN12329472/

JVNVU#99430390 Windows NTLM が file:// URL へのリダイレクト時に SMB 接続を行いユーザ認証情報を送信する問題
http://jvn.jp/vu/JVNVU99430390/

VU#274244 Blue Coat Malware Analysis appliance contains a cross-site scripting (XSS) vulnerability and information disclosure
http://www.kb.cert.org/vuls/id/274244

VU#697316 SearchBlox contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/697316

VU#672268 Microsoft Windows NTLM automatically authenticates via SMB when following a file:// URL
http://www.kb.cert.org/vuls/id/672268

REMOTE: Samsung iPOLiS ReadConfigValue Remote Code Execution
http://www.exploit-db.com/exploits/36756/

LOCAL: Fedora abrt Race Condition Exploit
http://www.exploit-db.com/exploits/36747/

LOCAL: Apport/Abrt Local Root Exploit
http://www.exploit-db.com/exploits/36746/

:: IT Security Neophyte Investigator's MEMO ::

2015年4月16日木曜日

16日木曜日、大安

0 件のコメント:

コメントを投稿

2015年4月16日木曜日

16日 木曜日、大安

0 件のコメント:

コメントを投稿

16日木曜日、大安