+ nginx 1.9.1 released
http://nginx.org/
+ UPDATE: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl
+ UPADTE: Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd
+ HPSBGN03332 rev.1 - HP Operations Analytics running SSLv3, Remote Denial of Service (DoS), Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04676133&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+ HPSBHF03340 rev.1 - HP ThinPro Linux and HP Smart Zero Core running HP Easy Setup Wizard, Local Unauthorized Access, Elevation of Privilege
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04692275&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2124
+ ProFTPD 1.3.6rc1, 1.3.5a released
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.6rc1
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.5a
+ Samba 4.2.2 released
http://wiki.samba.gr.jp/mediawiki/index.php?title=%E3%83%A1%E3%82%A4%E3%83%B3%E3%83%9A%E3%83%BC%E3%82%B8
+ Linux Kernel __driver_rfc4106_decrypt() Buffer Overflow May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1032416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3331
+ Apple iOS Notification Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1032408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1157
+ Linux Kernel TCP Fast Open Logic Error Lets Local Users Deny Service
http://www.securitytracker.com/id/1032406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3332
+ phpMyAdmin Cross-Site Request Forgery Flaw Lets Remote Users Modify the Generated Configuration File
http://www.securitytracker.com/id/1032404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3902
+ phpMyAdmin Github API Call Certificate Validation Bypass Lets Remote Users Obtain and Modify Potentially Sensitive Data
http://www.securitytracker.com/id/1032403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903
+ PostgreSQL Bugs Let Remote Users Deny Service and Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1032396
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3167
Advisory on May 22 Update Release
http://www.postgresql.org/about/news/1588/
JVNDB-2015-000071 ZenPhoto20 におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000071.html
JVNDB-2015-000070 Zenphoto におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000070.html
JVNDB-2015-000069 Apache Sling の Sling API コンポーネントおよび Servlets Post コンポーネントにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000069.html
セキュリティ・ホットトピックス
PCに“鉄壁の守り”を[4] スマートフォン、紛失時の発見機能は標準搭載に
http://itpro.nikkeibp.co.jp/atcl/column/14/377135/052200007/?ST=security
「艦隊これくしょん」ツールに脆弱性、サイバー攻撃の踏み台にされる恐れ
http://itpro.nikkeibp.co.jp/atcl/news/15/052801783/?ST=security
HDE、PC/Mac版セキュアブラウザーの提供を開始
http://itpro.nikkeibp.co.jp/atcl/news/15/052801782/?ST=security
セキュリティ・ホットトピックス
PCに“鉄壁の守り”を[3] 無線LANは暗号化が基本、出先ではVPNも有効
http://itpro.nikkeibp.co.jp/atcl/column/14/377135/052200006/?ST=security
安全なWi-Fiサービスの作り方
[Part4 利用者追跡を可能に]Wi-Fiの使い勝手との折り合いのつけ方、サービスの横連携が鍵
http://itpro.nikkeibp.co.jp/atcl/column/15/051100116/051100004/?ST=security
不正送金ウイルスの猛威やまず、1~3月の検出台数は1.5倍
http://itpro.nikkeibp.co.jp/atcl/news/15/052701774/?ST=security
Webブラウザーの拡張機能に注意、企業のシステム情報が漏洩する恐れ
http://itpro.nikkeibp.co.jp/atcl/news/15/052701768/?ST=security
政府が2015年度内に疑似サイバー攻撃テスト実施、省庁ごとに最低1システムが対象
http://itpro.nikkeibp.co.jp/atcl/news/15/052701762/?ST=security
作った人が明かすマイナンバー プライバシー保護の勘所
第4回 実はカンタン、「プライバシー影響評価」
http://itpro.nikkeibp.co.jp/atcl/column/15/052100128/052100005/?ST=security
セキュリティ・ホットトピックス
PCに“鉄壁の守り”を[2] 外付けストレージ、ソフトウエア暗号化なら無料でできる
http://itpro.nikkeibp.co.jp/atcl/column/14/377135/052200005/?ST=security
UPDATE: JVN#81094176 Android OS がオープンリゾルバとして機能してしまう問題
http://jvn.jp/jp/JVN81094176/
JVN#51176150 ZenPhoto20 におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN51176150/
JVN#68452022 Zenphoto におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN68452022/
JVNVU#98783868 Synology の OS X 向け Cloud Station Client ユーティリティに一般ユーザによるシステムファイルの所有者変更が可能になる問題
http://jvn.jp/vu/JVNVU98783868/
JVN#61328139 Apache Sling の Sling API コンポーネントおよび Servlets Post コンポーネントにおけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN61328139/
JVNVU#98282440 「提督業も忙しい!」(KanColleViewer) がオープンプロキシとして動作する問題
http://jvn.jp/vu/JVNVU98282440/index.html
UPDATe: JVNVU#90185396 KCodes NetUSB カーネルドライバにバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU90185396/index.html
VU#551972 Synology Cloud Station sync client for OS X allows regular users to claim ownership of system files
http://www.kb.cert.org/vuls/id/551972
2015年5月29日金曜日
2015年5月26日火曜日
26日 火曜日、赤口
+ Google Chrome 43.0.2357.81 released
http://googlechromereleases.blogspot.jp/2015/05/stable-channel-update_25.html
+ HPSBGN03325 rev.1 - HP SiteScope, Remote Elevation of Privilege
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04688784&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2120
+ SA64714 PostgreSQL Multiple Vulnerabilities
http://secunia.com/advisories/64714/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3166
PCに“鉄壁の守り”を[1] ウイルス対策だけで情報流出は防げない
http://itpro.nikkeibp.co.jp/atcl/column/14/377135/052200004/?ST=security
政府が新たな「サイバーセキュリティ戦略」案を公表、6月下旬決定へ
http://itpro.nikkeibp.co.jp/atcl/news/15/052501725/?ST=security
マカフィー、時間課金に対応したクラウド向けセキュリティ製品の国内提供を開始
http://itpro.nikkeibp.co.jp/atcl/news/15/052501722/?ST=security
米国家安全保障局、アプリストアへのアクセスを乗っ取るスパイプロジェクト
http://itpro.nikkeibp.co.jp/atcl/news/15/052501710/?ST=security
2015年5月25日月曜日
25日 月曜日、大安
+ UPDATE: Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150320-openssl
+ UPDATE: GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
+ HPSBMU03336 rev.1- HP Helion OpenStack affected by VENOM, Denial of Service (DoS), Execution of Arbitrary Code
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04685037&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456
+ Linux kernel 2.6.32.66 released
https://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/ChangeLog-2.6.32.66
+ Citrix Security Advisory for DHE_EXPORT TLS Vulnerability CVE-2015-4000
http://support.citrix.com/article/CTX201114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
+ PostgreSQL 9.4.2, 9.3.7, 9.2.11, 9.1.16, 9.0.20 released!
http://www.postgresql.org/about/news/1587/
http://www.postgresql.org/docs/9.4/static/release-9-4-2.html
http://www.postgresql.org/docs/9.3/static/release-9-3-7.html
http://www.postgresql.org/docs/9.2/static/release-9-2-11.html
http://www.postgresql.org/docs/9.1/static/release-9-1-16.html
http://www.postgresql.org/docs/9.0/static/release-9-0-20.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3167
+ SA64626 McAfee Advanced Threat Defense (ATD) QEMU "fdctrl_write_data()" Buffer Overflow Vulnerability
http://secunia.com/advisories/64626/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456
JVNDB-2015-000068 SXF 共通ライブラリにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000068.html
UPDATE: JVN#78689801 BGA32.DLL および QBga32.DLL における複数の脆弱性
http://jvn.jp/jp/JVN78689801/
UPDATE: JVN#53579095 FileMaker Pro におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN53579095/
Webセッション分析で攻撃を検知、RSAが米国銀行の事例紹介
http://itpro.nikkeibp.co.jp/atcl/news/15/052201702/?ST=security
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150320-openssl
+ UPDATE: GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
+ HPSBMU03336 rev.1- HP Helion OpenStack affected by VENOM, Denial of Service (DoS), Execution of Arbitrary Code
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04685037&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456
+ Linux kernel 2.6.32.66 released
https://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/ChangeLog-2.6.32.66
+ Citrix Security Advisory for DHE_EXPORT TLS Vulnerability CVE-2015-4000
http://support.citrix.com/article/CTX201114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
+ PostgreSQL 9.4.2, 9.3.7, 9.2.11, 9.1.16, 9.0.20 released!
http://www.postgresql.org/about/news/1587/
http://www.postgresql.org/docs/9.4/static/release-9-4-2.html
http://www.postgresql.org/docs/9.3/static/release-9-3-7.html
http://www.postgresql.org/docs/9.2/static/release-9-2-11.html
http://www.postgresql.org/docs/9.1/static/release-9-1-16.html
http://www.postgresql.org/docs/9.0/static/release-9-0-20.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3167
+ SA64626 McAfee Advanced Threat Defense (ATD) QEMU "fdctrl_write_data()" Buffer Overflow Vulnerability
http://secunia.com/advisories/64626/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456
JVNDB-2015-000068 SXF 共通ライブラリにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000068.html
UPDATE: JVN#78689801 BGA32.DLL および QBga32.DLL における複数の脆弱性
http://jvn.jp/jp/JVN78689801/
UPDATE: JVN#53579095 FileMaker Pro におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN53579095/
Webセッション分析で攻撃を検知、RSAが米国銀行の事例紹介
http://itpro.nikkeibp.co.jp/atcl/news/15/052201702/?ST=security
2015年5月22日金曜日
22日 金曜日、友引
+ HPSBNS03335 rev.1 - HP NonStop Safeguard Security Software, Remote or Local Escalation of Privilege
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04683599&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2123
+ HPSBUX03334 SSRT102000 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Other Vulnerabilities
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04679334&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288
+ Linux kernel 3.18.14, 3.12.43 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.14
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.43
+ Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code, Bypass Same-Origin Restrictions, and Spoof URLs
http://www.securitytracker.com/id/1032375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1254
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1256
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1265
シマンテックの2015年事業戦略、収集データを新サービス創出の基盤に
http://itpro.nikkeibp.co.jp/atcl/news/15/052101690/?ST=security
仙台うみの杜水族館の年パス購入でトラブル、顔写真含む最大135人の個人情報が漏洩
http://itpro.nikkeibp.co.jp/atcl/news/15/052101691/?ST=security
ニフティの@homepageで不正アクセス、18万人分のFTPパスワード漏洩か
http://itpro.nikkeibp.co.jp/atcl/news/15/052101687/?ST=security
米司法省、天津大学教授など中国人6人を産業スパイで起訴
http://itpro.nikkeibp.co.jp/atcl/news/15/052101678/?ST=security
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04683599&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2123
+ HPSBUX03334 SSRT102000 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Other Vulnerabilities
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04679334&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288
+ Linux kernel 3.18.14, 3.12.43 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.14
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.43
+ Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code, Bypass Same-Origin Restrictions, and Spoof URLs
http://www.securitytracker.com/id/1032375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1254
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1256
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1265
シマンテックの2015年事業戦略、収集データを新サービス創出の基盤に
http://itpro.nikkeibp.co.jp/atcl/news/15/052101690/?ST=security
仙台うみの杜水族館の年パス購入でトラブル、顔写真含む最大135人の個人情報が漏洩
http://itpro.nikkeibp.co.jp/atcl/news/15/052101691/?ST=security
ニフティの@homepageで不正アクセス、18万人分のFTPパスワード漏洩か
http://itpro.nikkeibp.co.jp/atcl/news/15/052101687/?ST=security
米司法省、天津大学教授など中国人6人を産業スパイで起訴
http://itpro.nikkeibp.co.jp/atcl/news/15/052101678/?ST=security
2015年5月21日木曜日
21日 木曜日、先勝
+ gawk 4.1.3 released
http://ftp.gnu.org/gnu/gawk/?C=M;O=D
+ HPSBGN03286 rev.1 - HP LoadRunner, Buffer Overflow
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04594015&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2110
+ HPSBPI03322 rev.1 - HP Access Control Software, Local Unauthorized Access
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04649315&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2118
+ HPSBUX03333 SSRT102029 rev.1 - HP-UX Running NTP, Remote Denial of Service (DoS), or Other Vulnerabilities
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04679309&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799
+ Windows 8.0 - 8.1 x64 TrackPopupMenu Privilege Escalation (MS14-058)
http://cxsecurity.com/issue/WLB-2015050131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4113
+ Internet Explorer 11 Crash PoC
http://cxsecurity.com/issue/WLB-2015050130
+ SA64633 Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/64633/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1254
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1256
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1265
JVNDB-2015-000067 mt-phpincgi において任意の PHP コードが実行可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000067.html
JVNVU#90185396 KCodes NetUSB カーネルドライバにバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU90185396/
JVNVU#93832567 Apple Watch OS に複数の脆弱性
http://jvn.jp/vu/JVNVU93832567/
侵入したマルウエアの挙動を日次でレポート、アシストが販売
http://itpro.nikkeibp.co.jp/atcl/news/15/052001672/?ST=security
サンリオが株主向けサイトからの情報漏洩認める、6249人に1000円分の金券配布
http://itpro.nikkeibp.co.jp/atcl/news/15/052001666/?ST=security
http://ftp.gnu.org/gnu/gawk/?C=M;O=D
+ HPSBGN03286 rev.1 - HP LoadRunner, Buffer Overflow
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04594015&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2110
+ HPSBPI03322 rev.1 - HP Access Control Software, Local Unauthorized Access
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04649315&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2118
+ HPSBUX03333 SSRT102029 rev.1 - HP-UX Running NTP, Remote Denial of Service (DoS), or Other Vulnerabilities
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04679309&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799
+ Windows 8.0 - 8.1 x64 TrackPopupMenu Privilege Escalation (MS14-058)
http://cxsecurity.com/issue/WLB-2015050131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4113
+ Internet Explorer 11 Crash PoC
http://cxsecurity.com/issue/WLB-2015050130
+ SA64633 Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/64633/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1254
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1256
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1265
JVNDB-2015-000067 mt-phpincgi において任意の PHP コードが実行可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000067.html
JVNVU#90185396 KCodes NetUSB カーネルドライバにバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU90185396/
JVNVU#93832567 Apple Watch OS に複数の脆弱性
http://jvn.jp/vu/JVNVU93832567/
侵入したマルウエアの挙動を日次でレポート、アシストが販売
http://itpro.nikkeibp.co.jp/atcl/news/15/052001672/?ST=security
サンリオが株主向けサイトからの情報漏洩認める、6249人に1000円分の金券配布
http://itpro.nikkeibp.co.jp/atcl/news/15/052001666/?ST=security
2015年5月20日水曜日
About the security content of Watch OS 1.0.1
About the security content of Watch OS 1.0.1
https://support.apple.com/ja-jp/HT204870
上記 URL の Watch OS のセキュリティアップデートの翻訳
1) Certificate Trust Policy
証明書信用ポリシーを更新。
2) FontParser
フォントファイルを処理する際にメモリ破壊の欠陥が存在することが原因で、悪意のあるフォントファイルを処理することで任意のコードが実行される脆弱性。(CVE-2015-1093)
3) Foundation
NSXMLParser の XML の取り扱いに XML External Entity の欠陥が存在することが原因で、NSXMLParser を利用するアプリケーションが情報開示に悪用される脆弱性。(CVE-2015-1092)
4) IOAcceleratorFamily
カーネルのメモリ情報を開示する IOAcceleratorFamily に欠陥が存在することが原因で、悪意のあるアプリケーションがカーネルメモリのレイアウトを決定できる脆弱性。(CVE-2015-1094)
5) Kernel
カーネルの setreuid システムコールに競合状態が存在することが原因で、悪意のあるアプリケーションがシステムのサービス拒否を起こせる脆弱性。(CVE-2015-1099)
6) Kernel
ICMP リダイレクトが初期値で有効であることが原因で、ネットワークの特権を持つ攻撃者が任意のホストのトラフィックをリダイレクトできる脆弱性。(CVE-2015-1103)
7) Kernel
バンドデータの TCP out の取り扱いの際に状態矛盾の欠陥が存在することが原因で、リモートの攻撃者がサービス拒否を起こせる脆弱性。(CVE-2015-1105)
8) Kernel
setreuid 及び setregid システムコールが恒久的に特権を失うことに失敗することが原因で、悪意のあるアプリケーションが破壊された特権で実行する目的で不正アクセスされたサービスを使って特権昇格する脆弱性。(CVE-2015-1117)
9) Kernel
システムが遠隔ネットワークインターフェースからの IPv6 パケットをローカルパケットとして信用することが原因で、リモートの攻撃者がネットワークフィルタを回避する脆弱性。(CVE-2015-1104)
10) Kernel
TCP ヘッダーの処理の際に状態矛盾の欠陥が存在することが原因で、ネットワークの特権を持つ攻撃者がサービス拒否を起こせる脆弱性。(CVE-2015-1102)
11) Kernel
カーネルにメモリ領域外アクセスの欠陥が存在することが原因で、悪意のあるアプリケーションがシステムを原因不明の異常終了させたり、カーネルメモリを読み込んだりする脆弱性。(CVE-2015-1100)
12) Kernel
カーネルにメモリ破壊の欠陥が存在することが原因で、悪意のあるアプリケーションがシステム特権で任意のコードを実行する脆弱性。(CVE-2015-1101)
13) Secure Transport
FREAK として知られている欠陥が存在することが原因で、ネットワークの特権を持つ攻撃者が SSL/TLS 接続を傍受できる脆弱性。(CVE-2015-1067)
https://support.apple.com/ja-jp/HT204870
上記 URL の Watch OS のセキュリティアップデートの翻訳
1) Certificate Trust Policy
証明書信用ポリシーを更新。
2) FontParser
フォントファイルを処理する際にメモリ破壊の欠陥が存在することが原因で、悪意のあるフォントファイルを処理することで任意のコードが実行される脆弱性。(CVE-2015-1093)
3) Foundation
NSXMLParser の XML の取り扱いに XML External Entity の欠陥が存在することが原因で、NSXMLParser を利用するアプリケーションが情報開示に悪用される脆弱性。(CVE-2015-1092)
4) IOAcceleratorFamily
カーネルのメモリ情報を開示する IOAcceleratorFamily に欠陥が存在することが原因で、悪意のあるアプリケーションがカーネルメモリのレイアウトを決定できる脆弱性。(CVE-2015-1094)
5) Kernel
カーネルの setreuid システムコールに競合状態が存在することが原因で、悪意のあるアプリケーションがシステムのサービス拒否を起こせる脆弱性。(CVE-2015-1099)
6) Kernel
ICMP リダイレクトが初期値で有効であることが原因で、ネットワークの特権を持つ攻撃者が任意のホストのトラフィックをリダイレクトできる脆弱性。(CVE-2015-1103)
7) Kernel
バンドデータの TCP out の取り扱いの際に状態矛盾の欠陥が存在することが原因で、リモートの攻撃者がサービス拒否を起こせる脆弱性。(CVE-2015-1105)
8) Kernel
setreuid 及び setregid システムコールが恒久的に特権を失うことに失敗することが原因で、悪意のあるアプリケーションが破壊された特権で実行する目的で不正アクセスされたサービスを使って特権昇格する脆弱性。(CVE-2015-1117)
9) Kernel
システムが遠隔ネットワークインターフェースからの IPv6 パケットをローカルパケットとして信用することが原因で、リモートの攻撃者がネットワークフィルタを回避する脆弱性。(CVE-2015-1104)
10) Kernel
TCP ヘッダーの処理の際に状態矛盾の欠陥が存在することが原因で、ネットワークの特権を持つ攻撃者がサービス拒否を起こせる脆弱性。(CVE-2015-1102)
11) Kernel
カーネルにメモリ領域外アクセスの欠陥が存在することが原因で、悪意のあるアプリケーションがシステムを原因不明の異常終了させたり、カーネルメモリを読み込んだりする脆弱性。(CVE-2015-1100)
12) Kernel
カーネルにメモリ破壊の欠陥が存在することが原因で、悪意のあるアプリケーションがシステム特権で任意のコードを実行する脆弱性。(CVE-2015-1101)
13) Secure Transport
FREAK として知られている欠陥が存在することが原因で、ネットワークの特権を持つ攻撃者が SSL/TLS 接続を傍受できる脆弱性。(CVE-2015-1067)
20日 水曜日、赤口
+ About the security content of Watch OS 1.0.1
https://support.apple.com/ja-jp/HT204870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1067
+ Google Chrome 43.0.2357.65 released
http://googlechromereleases.blogspot.jp/2015/05/stable-channel-update_19.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1254
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1256
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1265
+ CESA-2015:1012 Important CentOS 5 thunderbird Security Update
http://lwn.net/Alerts/645028/
+ CESA-2015:1012 Important CentOS 6 thunderbird Security Update
http://lwn.net/Alerts/645027/
+ HPSBPI03322 rev.1 - HP Access Control Software, Local Unauthorized Access
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04649315&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2118
+ VU#177092 KCodes NetUSB kernel driver is vulnerable to buffer overflow
http://www.kb.cert.org/vuls/id/177092
+ Apple Safari Browser Vulnerable to URL Spoofing Vulnerability
http://cxsecurity.com/issue/WLB-2015050124
+ Samba 3.0.37 EnumPrinters memory corruption
http://cxsecurity.com/issue/WLB-2015050123
+ SA64589 Dell SonicWALL Multiple Products Multiple Vulnerabilities
http://secunia.com/advisories/64589/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3990
JVNDB-2015-000066 BGA32.DLL および QBga32.DLL における複数の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000066.html
パソコンを標準型攻撃から守れ パロアルトが新ソフト
http://itpro.nikkeibp.co.jp/atcl/news/15/051901655/?ST=security
統計&調査
[データは語る]2014年度のソフトウェア・トークン市場は52.0%増と高成長―ITR
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/051900179/?ST=security
https://support.apple.com/ja-jp/HT204870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1067
+ Google Chrome 43.0.2357.65 released
http://googlechromereleases.blogspot.jp/2015/05/stable-channel-update_19.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1254
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1256
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1265
+ CESA-2015:1012 Important CentOS 5 thunderbird Security Update
http://lwn.net/Alerts/645028/
+ CESA-2015:1012 Important CentOS 6 thunderbird Security Update
http://lwn.net/Alerts/645027/
+ HPSBPI03322 rev.1 - HP Access Control Software, Local Unauthorized Access
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04649315&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2118
+ VU#177092 KCodes NetUSB kernel driver is vulnerable to buffer overflow
http://www.kb.cert.org/vuls/id/177092
+ Apple Safari Browser Vulnerable to URL Spoofing Vulnerability
http://cxsecurity.com/issue/WLB-2015050124
+ Samba 3.0.37 EnumPrinters memory corruption
http://cxsecurity.com/issue/WLB-2015050123
+ SA64589 Dell SonicWALL Multiple Products Multiple Vulnerabilities
http://secunia.com/advisories/64589/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3990
JVNDB-2015-000066 BGA32.DLL および QBga32.DLL における複数の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000066.html
パソコンを標準型攻撃から守れ パロアルトが新ソフト
http://itpro.nikkeibp.co.jp/atcl/news/15/051901655/?ST=security
統計&調査
[データは語る]2014年度のソフトウェア・トークン市場は52.0%増と高成長―ITR
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/051900179/?ST=security
2015年5月19日火曜日
19日 火曜日、大安
+ RHSA-2015:1012 Important: thunderbird security update
https://rhn.redhat.com/errata/RHSA-2015-1012.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2708
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2713
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716
+ CESA-2015:1012 Important CentOS 7 thunderbird Security Update
http://lwn.net/Alerts/644850/
+ PHP 5.6.8 str_repeat() sign mismatch based memory corruption
http://cxsecurity.com/issue/WLB-2015050117
チェックしておきたい脆弱性情報<2015.05.19>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/051000059/?ST=security
ソフォスがLinux用ウイルス対策ソフトの無料版、個人向けに提供開始
http://itpro.nikkeibp.co.jp/atcl/news/15/051801631/?ST=security
2015年5月18日月曜日
18日 月曜日、仏滅
+ phpMyAdmin 4.4.7 released
https://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.4.7/phpMyAdmin-4.4.7-notes.html/view
+ Linux kernel 4.0.4, 3.14.43, 3.10.79 released
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.4
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.43
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.79
+ UPDATE: Oracle Solaris Third Party Bulletin - April 2015
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
+ Oracle Security Alert for CVE-2015-3456
http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-345
+ HS15-023 Vulnerability related to JSF in Cominexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-023/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4358
+ HS15-022 Information Disclosure Vulnerability in JP1/Integrated Management - Universal CMDB
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-022/index.html
+ HS15-021 Problem with directory permissions in JP1/Automatic Operation
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-021/index.html
+ HS15-023 CosminexusにおけるJSFに関する脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-023/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4358
+ HS15-022 JP1/Integrated Management - Universal CMDBにおける情報漏えいの問題
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-022/index.html
+ HS15-021 JP1/Automatic Operationのディレクトリパーミッションの問題
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-021/index.html
+ Apache log4j 2.3 released
http://logging.apache.org/log4j/2.x/changes-report.html#a2.3
+ Apache Tomcat 7.0.62 Released
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
+ Dovecot 2.2.18 released
http://www.dovecot.org/list/dovecot-news/2015-May/000294.html
+ PHP 5.6.9, 5.5.25, 5.4.41 released
http://www.php.net/ChangeLog-5.php#5.6.9
http://www.php.net/ChangeLog-5.php#5.5.25
http://www.php.net/ChangeLog-5.php#5.4.41
+ JVNDB-2015-000065 Android 版アプリ「Honda Moto LINC」における SSL サーバ証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000065.html
+ UPDATE: JVNVU#95993136 NTP daemon (ntpd) に複数の脆弱性
http://jvn.jp/vu/JVNVU95993136/
+ openssh 6.8p1 heap buffer overflow
http://cxsecurity.com/issue/WLB-2015050105
+ NTP Potential issue in -A option
http://cxsecurity.com/issue/WLB-2015050102
+ SA64245 Linux Kernel User Namespaces MNT_LOCKED Security Bypass Security Issue
http://secunia.com/advisories/64245/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9717
+ SA64576 Hitachi JP1/Integrated Management (IM) UD Probe Data Security Bypass Vulnerability
http://secunia.com/advisories/64576/
+ SA64605 Hitachi Multiple Cosminexus / uCosminexus Products JSF Security Bypass Vulnerability
http://secunia.com/advisories/64605/
+ SA64585 Apache Tomcat Expression Language Security Bypass Vulnerability
http://secunia.com/advisories/64585/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7810
+ SA64604 Hitachi JP1/Automatic Operation Transfer Directory Security Bypass Security Issue
http://secunia.com/advisories/64604/
ITproまとめ
SIEM
http://itpro.nikkeibp.co.jp/atcl/column/14/494329/051400097/?ST=security
https://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.4.7/phpMyAdmin-4.4.7-notes.html/view
+ Linux kernel 4.0.4, 3.14.43, 3.10.79 released
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.4
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.43
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.79
+ UPDATE: Oracle Solaris Third Party Bulletin - April 2015
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
+ Oracle Security Alert for CVE-2015-3456
http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-345
+ HS15-023 Vulnerability related to JSF in Cominexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-023/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4358
+ HS15-022 Information Disclosure Vulnerability in JP1/Integrated Management - Universal CMDB
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-022/index.html
+ HS15-021 Problem with directory permissions in JP1/Automatic Operation
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-021/index.html
+ HS15-023 CosminexusにおけるJSFに関する脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-023/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4358
+ HS15-022 JP1/Integrated Management - Universal CMDBにおける情報漏えいの問題
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-022/index.html
+ HS15-021 JP1/Automatic Operationのディレクトリパーミッションの問題
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-021/index.html
+ Apache log4j 2.3 released
http://logging.apache.org/log4j/2.x/changes-report.html#a2.3
+ Apache Tomcat 7.0.62 Released
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
+ Dovecot 2.2.18 released
http://www.dovecot.org/list/dovecot-news/2015-May/000294.html
+ PHP 5.6.9, 5.5.25, 5.4.41 released
http://www.php.net/ChangeLog-5.php#5.6.9
http://www.php.net/ChangeLog-5.php#5.5.25
http://www.php.net/ChangeLog-5.php#5.4.41
+ JVNDB-2015-000065 Android 版アプリ「Honda Moto LINC」における SSL サーバ証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000065.html
+ UPDATE: JVNVU#95993136 NTP daemon (ntpd) に複数の脆弱性
http://jvn.jp/vu/JVNVU95993136/
+ openssh 6.8p1 heap buffer overflow
http://cxsecurity.com/issue/WLB-2015050105
+ NTP Potential issue in -A option
http://cxsecurity.com/issue/WLB-2015050102
+ SA64245 Linux Kernel User Namespaces MNT_LOCKED Security Bypass Security Issue
http://secunia.com/advisories/64245/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9717
+ SA64576 Hitachi JP1/Integrated Management (IM) UD Probe Data Security Bypass Vulnerability
http://secunia.com/advisories/64576/
+ SA64605 Hitachi Multiple Cosminexus / uCosminexus Products JSF Security Bypass Vulnerability
http://secunia.com/advisories/64605/
+ SA64585 Apache Tomcat Expression Language Security Bypass Vulnerability
http://secunia.com/advisories/64585/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7810
+ SA64604 Hitachi JP1/Automatic Operation Transfer Directory Security Bypass Security Issue
http://secunia.com/advisories/64604/
ITproまとめ
SIEM
http://itpro.nikkeibp.co.jp/atcl/column/14/494329/051400097/?ST=security
2015年5月15日金曜日
15日 金曜日、大安
+ Mozilla Firefox 38.0.1 released
https://www.mozilla.org/en-US/firefox/38.0.1/releasenotes/
+ CESA-2015:0988 Critical CentOS 5 firefox Security Update
http://lwn.net/Alerts/644458/
+ CESA-2015:0987 Important CentOS 7 kernel Security Update
http://lwn.net/Alerts/644459/
+ CESA-2015:1003 Important CentOS 5 kvm Security Update
http://lwn.net/Alerts/644460/
+ CESA-2015:0999 Important CentOS 7 qemu-kvm Security Update
http://lwn.net/Alerts/644461/
+ CESA-2015:0998 Important CentOS 6 qemu-kvm Security Update
http://lwn.net/Alerts/644462/
+ CESA-2015:1002 Important CentOS 5 xen Security Update
http://lwn.net/Alerts/644463/
+ UPDATE: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl
+ UPDATE: Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd
+ Wireshark LBMR/WebSocket/WCP/X11/802.11/Android Logcat Dissector Bugs Let Remote Users Deny Service
http://www.securitytracker.com/id/1032332
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3810
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3811
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3815
+ Apache Tomcat Security Manager Can Be Bypassed By Remote Users in Certain Cases
http://www.securitytracker.com/id/1032330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7810
+ phpMyAdmin 4.4.6 Man-In-the-Middle to API Github
http://cxsecurity.com/issue/WLB-2015050095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903
+ SA64529 PHP Two Memory Corruption Vulnerabilities
http://secunia.com/advisories/64529/
+ SA64568 phpMyAdmin GitHub API SSL Verification Security Issue
http://secunia.com/advisories/64568/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903
JVNDB-2015-000064 Cacti における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000064.html
チェックしておきたい脆弱性情報<2015.05.15>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/051000058/?ST=security
林 伸夫のLong and Winding Mac
安全なMac運用は英語じゃなきゃダメ!? 追い付かない公式ドキュメントの日本語化
http://itpro.nikkeibp.co.jp/atcl/column/15/051100119/051200001/?ST=security
PCI DSS準拠のために必要な作業を洗い出せ、ベライゾンが提言
http://itpro.nikkeibp.co.jp/atcl/news/15/051401593/?ST=security
https://www.mozilla.org/en-US/firefox/38.0.1/releasenotes/
+ CESA-2015:0988 Critical CentOS 5 firefox Security Update
http://lwn.net/Alerts/644458/
+ CESA-2015:0987 Important CentOS 7 kernel Security Update
http://lwn.net/Alerts/644459/
+ CESA-2015:1003 Important CentOS 5 kvm Security Update
http://lwn.net/Alerts/644460/
+ CESA-2015:0999 Important CentOS 7 qemu-kvm Security Update
http://lwn.net/Alerts/644461/
+ CESA-2015:0998 Important CentOS 6 qemu-kvm Security Update
http://lwn.net/Alerts/644462/
+ CESA-2015:1002 Important CentOS 5 xen Security Update
http://lwn.net/Alerts/644463/
+ UPDATE: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl
+ UPDATE: Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd
+ Wireshark LBMR/WebSocket/WCP/X11/802.11/Android Logcat Dissector Bugs Let Remote Users Deny Service
http://www.securitytracker.com/id/1032332
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3810
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3811
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3815
+ Apache Tomcat Security Manager Can Be Bypassed By Remote Users in Certain Cases
http://www.securitytracker.com/id/1032330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7810
+ phpMyAdmin 4.4.6 Man-In-the-Middle to API Github
http://cxsecurity.com/issue/WLB-2015050095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903
+ SA64529 PHP Two Memory Corruption Vulnerabilities
http://secunia.com/advisories/64529/
+ SA64568 phpMyAdmin GitHub API SSL Verification Security Issue
http://secunia.com/advisories/64568/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903
JVNDB-2015-000064 Cacti における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000064.html
チェックしておきたい脆弱性情報<2015.05.15>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/051000058/?ST=security
林 伸夫のLong and Winding Mac
安全なMac運用は英語じゃなきゃダメ!? 追い付かない公式ドキュメントの日本語化
http://itpro.nikkeibp.co.jp/atcl/column/15/051100119/051200001/?ST=security
PCI DSS準拠のために必要な作業を洗い出せ、ベライゾンが提言
http://itpro.nikkeibp.co.jp/atcl/news/15/051401593/?ST=security
2015年5月14日木曜日
14日 木曜日、仏滅
+ RHSA-2015:1002 Important: xen security update
https://rhn.redhat.com/errata/RHSA-2015-1002.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456
+ RHSA-2015:0998 Important: qemu-kvm security update
https://rhn.redhat.com/errata/RHSA-2015-0998.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456
+ RHSA-2015:0999 Important: qemu-kvm security update
https://rhn.redhat.com/errata/RHSA-2015-0999.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456
+ CESA-2015:0988 Critical CentOS 7 firefox Security Update
http://lwn.net/Alerts/644216/
+ CESA-2015:0988 Critical CentOS 6 firefox Security Update
http://lwn.net/Alerts/644215/
+ CESA-2015:0986 Moderate CentOS 7 kexec-tools Security Update
http://lwn.net/Alerts/644217/
+ CESA-2015:0980 Important CentOS 7 pcs Security Update
http://lwn.net/Alerts/644219/
+ CESA-2015:0983 Moderate CentOS 7 tomcat Security Update
http://lwn.net/Alerts/644220/
+ CESA-2015:0990 Important CentOS 6 pcs Security Update
http://lwn.net/Alerts/644218/
+ CESA-2015:0991 Moderate CentOS 6 tomcat6 Security Update
http://lwn.net/Alerts/644221/
+ phpMyAdmin 4.4.6.1 released
https://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.4.6.1/phpMyAdmin-4.4.6.1-notes.html/view
+ PMASA-2015-3 Vulnerability allowing man-in-the-middle attack on API call to GitHub
http://www.phpmyadmin.net/home_page/security/PMASA-2015-3.php
+ Multiple Vulnerabilities in Cisco TelePresence TC and TE Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0722
+ Command Injection Vulnerability in Multiple Cisco TelePresence Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0713
+ Linux kernel 4.0.3, 3.14.42, 3.10.78 released
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.42
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.78
+ Citrix Security Advisory for CVE-2015-3456
http://support.citrix.com/article/CTX201078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456
+ Apache Struts 2.3.24 released
http://struts.apache.org/announce.html#a20150507
+ Dovecot 2.2.17 released
http://www.dovecot.org/list/dovecot-news/2015-May/000292.html
Adobe Reader および Acrobat の脆弱性 (APSB15-10) に関する注意喚起
http://www.jpcert.or.jp/at/2015/at150014.html
Adobe Flash Player の脆弱性 (APSB15-09) に関する注意喚起
http://www.jpcert.or.jp/at/2015/at150013.html
2015年5月 Microsoft セキュリティ情報 (緊急 3件含) に関する注意喚起
http://www.jpcert.or.jp/at/2015/at150012.html
チェックしておきたい脆弱性情報<2015.05.13>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/051000057/?ST=security
https://rhn.redhat.com/errata/RHSA-2015-1002.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456
+ RHSA-2015:0998 Important: qemu-kvm security update
https://rhn.redhat.com/errata/RHSA-2015-0998.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456
+ RHSA-2015:0999 Important: qemu-kvm security update
https://rhn.redhat.com/errata/RHSA-2015-0999.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456
+ CESA-2015:0988 Critical CentOS 7 firefox Security Update
http://lwn.net/Alerts/644216/
+ CESA-2015:0988 Critical CentOS 6 firefox Security Update
http://lwn.net/Alerts/644215/
+ CESA-2015:0986 Moderate CentOS 7 kexec-tools Security Update
http://lwn.net/Alerts/644217/
+ CESA-2015:0980 Important CentOS 7 pcs Security Update
http://lwn.net/Alerts/644219/
+ CESA-2015:0983 Moderate CentOS 7 tomcat Security Update
http://lwn.net/Alerts/644220/
+ CESA-2015:0990 Important CentOS 6 pcs Security Update
http://lwn.net/Alerts/644218/
+ CESA-2015:0991 Moderate CentOS 6 tomcat6 Security Update
http://lwn.net/Alerts/644221/
+ phpMyAdmin 4.4.6.1 released
https://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.4.6.1/phpMyAdmin-4.4.6.1-notes.html/view
+ PMASA-2015-3 Vulnerability allowing man-in-the-middle attack on API call to GitHub
http://www.phpmyadmin.net/home_page/security/PMASA-2015-3.php
+ Multiple Vulnerabilities in Cisco TelePresence TC and TE Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0722
+ Command Injection Vulnerability in Multiple Cisco TelePresence Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0713
+ Linux kernel 4.0.3, 3.14.42, 3.10.78 released
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.42
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.78
+ Citrix Security Advisory for CVE-2015-3456
http://support.citrix.com/article/CTX201078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456
+ Apache Struts 2.3.24 released
http://struts.apache.org/announce.html#a20150507
+ Dovecot 2.2.17 released
http://www.dovecot.org/list/dovecot-news/2015-May/000292.html
Adobe Reader および Acrobat の脆弱性 (APSB15-10) に関する注意喚起
http://www.jpcert.or.jp/at/2015/at150014.html
Adobe Flash Player の脆弱性 (APSB15-09) に関する注意喚起
http://www.jpcert.or.jp/at/2015/at150013.html
2015年5月 Microsoft セキュリティ情報 (緊急 3件含) に関する注意喚起
http://www.jpcert.or.jp/at/2015/at150012.html
チェックしておきたい脆弱性情報<2015.05.13>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/051000057/?ST=security
2015年5月13日水曜日
13日 水曜日、先負
+ 2015 年 5 月のマイクロソフト セキュリティ情報の概要
https://technet.microsoft.com/ja-jp/library/security/ms15-may
+ MS15-043 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (3049563)
https://technet.microsoft.com/library/security/MS15-043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1658
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1684
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1686
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1694
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1706
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1708
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1711
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1712
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1713
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1714
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1718
+ MS15-044 - 緊急 Microsoft フォント ドライバーの脆弱性により、リモートでコードが実行される (3057110)
https://technet.microsoft.com/library/security/MS15-044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1670
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1671
+ MS15-045 - 緊急 Windows Journal の脆弱性により、リモートでコードが実行される (3046002)
https://technet.microsoft.com/library/security/MS15-045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1675
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1695
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1696
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1697
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1698
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1699
+ MS15-046 - 重要 Microsoft Office の脆弱性により、リモートでコードが実行される (3057181)
https://technet.microsoft.com/library/security/MS15-046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1682
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1683
+ MS15-047 - 重要 Microsoft SharePoint Server の脆弱性により、リモートでコードが実行される (3058083)
https://technet.microsoft.com/library/security/MS15-047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1700
+ MS15-048 - 重要 .NET Framework の脆弱性により、特権が昇格される (3057134)
https://technet.microsoft.com/library/security/MS15-048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1672
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1673
+ MS15-049 - 重要 Silverlight の脆弱性により、特権が昇格される (3058985)
https://technet.microsoft.com/library/security/MS15-049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1715
+ MS15-050 - 重要 サービス コントロール マネージャーの脆弱性により、特権が昇格される (3055642)
https://technet.microsoft.com/library/security/MS15-050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1702
+ MS15-051 - 重要 Windows カーネルモード ドライバーの脆弱性により、特権が昇格される (3057191)
https://technet.microsoft.com/library/security/MS15-051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1676
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1677
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1701
+ MS15-052 - 重要 Windows カーネルの脆弱性により、セキュリティ機能のバイパスが起こる (3050514)
https://technet.microsoft.com/library/security/MS15-052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1674
+ MS15-053 - 重要 JScript および VBScript スクリプト エンジンの脆弱性により、セキュリティ機能のバイパスが起こる (3057263)
https://technet.microsoft.com/library/security/MS15-053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1684
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1686
+ MS15-054 - 重要 Microsoft 管理コンソールのファイル形式の脆弱性により、サービス拒否が起こる (3051768)
https://technet.microsoft.com/library/security/MS15-054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1681
+ MS15-055 - 重要 Schannel の脆弱性により、情報漏えいが起こる (3061518)
https://technet.microsoft.com/library/security/MS15-055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1716
+ マイクロソフト セキュリティ アドバイザリ 3042058 既定の暗号スイートの優先度の設定の更新プログラム
https://technet.microsoft.com/ja-jp/library/security/3042058
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2755801
+ RHSA-2015:0988 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2015-0988.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2708
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2713
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716
+ RHSA-2015:0991 Moderate: tomcat6 security and bug fix update
https://rhn.redhat.com/errata/RHSA-2015-0991.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227
+ RHSA-2015:0987 Important: kernel security and bug fix update
https://rhn.redhat.com/errata/RHSA-2015-0987.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3331
+ RHSA-2015:0983 Moderate: tomcat security update
https://rhn.redhat.com/errata/RHSA-2015-0983.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227
+ RHSA-2015:0986 Moderate: kexec-tools security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2015-0986.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0267
+ Google Chrome 42.0.2311.152 released
http://googlechromereleases.blogspot.jp/2015/05/stable-channel-update.html
+ Mozilla Firefox 38.0 released
https://www.mozilla.org/en-US/firefox/38.0/releasenotes/
+ MFSA 2015-58 Mozilla Windows updater can be run outside of application directory
https://www.mozilla.org/en-US/security/advisories/mfsa2015-58/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0833
+ MFSA 2015-57 Privilege escalation through IPC channel messages
https://www.mozilla.org/en-US/security/advisories/mfsa2015-57/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3079
+ MFSA 2015-56 Untrusted site hosting trusted page can intercept webchannel responses
https://www.mozilla.org/en-US/security/advisories/mfsa2015-56/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2718
+ MFSA 2015-55 Buffer overflow and out-of-bounds read while parsing MP4 video metadata
https://www.mozilla.org/en-US/security/advisories/mfsa2015-55/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2717
+ MFSA 2015-54 Buffer overflow when parsing compressed XML
https://www.mozilla.org/en-US/security/advisories/mfsa2015-54/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716
+ MFSA 2015-53 Use-after-free due to Media Decoder Thread creation during shutdown
https://www.mozilla.org/en-US/security/advisories/mfsa2015-53/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2715
+ MFSA 2015-52 Sensitive URL encoded information written to Android logcat
https://www.mozilla.org/en-US/security/advisories/mfsa2015-52/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2714
+ MFSA 2015-51 Use-after-free during text processing with vertical text enabled
https://www.mozilla.org/en-US/security/advisories/mfsa2015-51/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2713
+ MFSA 2015-50 Out-of-bounds read and write in asm.js validation
https://www.mozilla.org/en-US/security/advisories/mfsa2015-50/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2712
+ MFSA 2015-49 Referrer policy ignored when links opened by middle-click and context menu
https://www.mozilla.org/en-US/security/advisories/mfsa2015-49/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2711
+ MFSA 2015-48 Buffer overflow with SVG content and CSS
https://www.mozilla.org/en-US/security/advisories/mfsa2015-48/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2710
+ MFSA 2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
https://www.mozilla.org/en-US/security/advisories/mfsa2015-47/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0797
+ MFSA 2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)
https://www.mozilla.org/en-US/security/advisories/mfsa2015-46/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2709
+ APSB15-10 Security Updates available for Adobe Reader and Acrobat
https://helpx.adobe.com/security/products/reader/apsb15-10.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3076
+ APSB15-09 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb15-09.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3093
+ Mozilla Thunderbird 31.7 released
https://www.mozilla.org/en-US/thunderbird/
+ Wireshark 1.12.5 released
https://www.wireshark.org/docs/relnotes/wireshark-1.12.5.html
+ HPSBMU03330 rev.1 - HP Matrix Operating Environment (MOE) running glibc on Linux, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04674742&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235
+ Apache Tomcat 6.0.44 released
http://tomcat.apache.org/tomcat-6.0-doc/changelog.html
+ Wireshark DEC DNA Routing Protocol Processing Error Lets Remote Users Deny Service
http://www.securitytracker.com/id/1032279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3182
+ Apache Struts 2.3.20.1 released
http://struts.apache.org/announce.html#a20150506
pgBadger 7.0 released !
http://www.postgresql.org/about/news/1585/
JVNDB-2015-000063 メールディーラーにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000063.html
チェックしておきたい脆弱性情報<2015.05.13>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/051000057/?ST=security
人工知能で要注意社員をあぶり出し 情報漏洩対策に新手法
http://itpro.nikkeibp.co.jp/atcl/news/15/051201565/?ST=security
JVNTA#98308086 End-to-End 通信の保護
http://jvn.jp/ta/JVNTA98308086/index.html
2015年5月12日火曜日
12日 火曜日、友引
+ Linux kernel 3.19.8 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.8
+ HPSBGN03329 rev.1 - HP SDN VAN Controller, Remote Denial of Service (DoS), Distributed Denial of Service (DDoS)
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04657823&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2122
+ Apache POI 3.12 released
http://poi.apache.org/changes.html
ソフトバンク・テクノロジーのサンドボックス型標的型メール対策、メアド1個なら年額6万円
http://itpro.nikkeibp.co.jp/atcl/news/15/051101552/?ST=security
JVNVU#94699739 Subrion CMS に SQL インジェクションの脆弱性
http://jvn.jp/vu/JVNVU94699739/
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.8
+ HPSBGN03329 rev.1 - HP SDN VAN Controller, Remote Denial of Service (DoS), Distributed Denial of Service (DDoS)
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04657823&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2122
+ Apache POI 3.12 released
http://poi.apache.org/changes.html
ソフトバンク・テクノロジーのサンドボックス型標的型メール対策、メアド1個なら年額6万円
http://itpro.nikkeibp.co.jp/atcl/news/15/051101552/?ST=security
JVNVU#94699739 Subrion CMS に SQL インジェクションの脆弱性
http://jvn.jp/vu/JVNVU94699739/
2015年5月11日月曜日
11日 月曜日、先勝
+ UPDATE: Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150320-openssl
+ HPSBGN03256 rev.1 - HP Network Node Manager i (NNMi) and Smart Plugins (iSPIs) for HP-UX, Linux, Solaris, and Windows running SSLv3, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04567918&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+ HPSBGN03328 rev.1 - Network Virtualization for HP LoadRunner and Performance Center, Remote Information Disclosure
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04657310&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2121
+ HPSBHF03331 rev.1 - HP Integrity Superdome X and HP ConvergedSystem 900 for SAP HANA, Remote Code Execution
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04674535&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235
+ Linux kernel 3.2.69 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.69
+ SA64468 McAfee Firewall Enterprise FreeBSD IPv6 Neighbour Discovery Denial of Service Vulnerability
http://secunia.com/advisories/64468/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2923
+ SA64369 Apache Struts Exclude Patterns Vulnerabilities
http://secunia.com/advisories/64369/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1831
+ Oracle Business Intelligence Mobile HD 11.x Script Insertion
http://cxsecurity.com/issue/WLB-2015050056
JVNTA#99041988 標的型攻撃に使用されるリスクの高い脆弱性 Top 30
http://jvn.jp/ta/JVNTA99041988/
UPDATE: JVNVU#95993136 NTP daemon (ntpd) に複数の脆弱性
http://jvn.jp/vu/JVNVU95993136/
マイナンバーで遂に住基ネット接続、国に反旗を翻した東北の町の13年
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/050100262/?ST=security
名古屋大学の学生261人の成績情報がWebサーバーで公開状態に
http://itpro.nikkeibp.co.jp/atcl/news/15/050801531/?ST=security
VU#110532 Subrion CMS vulnerable to SQL injection by an authenticated user
http://www.kb.cert.org/vuls/id/110532
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150320-openssl
+ HPSBGN03256 rev.1 - HP Network Node Manager i (NNMi) and Smart Plugins (iSPIs) for HP-UX, Linux, Solaris, and Windows running SSLv3, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04567918&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+ HPSBGN03328 rev.1 - Network Virtualization for HP LoadRunner and Performance Center, Remote Information Disclosure
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04657310&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2121
+ HPSBHF03331 rev.1 - HP Integrity Superdome X and HP ConvergedSystem 900 for SAP HANA, Remote Code Execution
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04674535&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235
+ Linux kernel 3.2.69 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.69
+ SA64468 McAfee Firewall Enterprise FreeBSD IPv6 Neighbour Discovery Denial of Service Vulnerability
http://secunia.com/advisories/64468/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2923
+ SA64369 Apache Struts Exclude Patterns Vulnerabilities
http://secunia.com/advisories/64369/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1831
+ Oracle Business Intelligence Mobile HD 11.x Script Insertion
http://cxsecurity.com/issue/WLB-2015050056
JVNTA#99041988 標的型攻撃に使用されるリスクの高い脆弱性 Top 30
http://jvn.jp/ta/JVNTA99041988/
UPDATE: JVNVU#95993136 NTP daemon (ntpd) に複数の脆弱性
http://jvn.jp/vu/JVNVU95993136/
マイナンバーで遂に住基ネット接続、国に反旗を翻した東北の町の13年
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/050100262/?ST=security
名古屋大学の学生261人の成績情報がWebサーバーで公開状態に
http://itpro.nikkeibp.co.jp/atcl/news/15/050801531/?ST=security
VU#110532 Subrion CMS vulnerable to SQL injection by an authenticated user
http://www.kb.cert.org/vuls/id/110532
2015年5月8日金曜日
8日 金曜日、仏滅
+ APSB15-10 Prenotification Security Advisory for Adobe Reader
https://helpx.adobe.com/security/products/reader/apsb15-10.html
+ UPDATE: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle
+ Apache Tomcat 8.0.22 Released
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.22_(markt)
+ Apple Safari Multiple WebKit Bugs Let Remote Users Execute Arbitrary Code, Access Files, and Spoof Interface Elements
http://www.securitytracker.com/id/1032270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1156
+ Adobe Flash Player NetConnection Type Confusion
http://cxsecurity.com/issue/WLB-2015050033
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0336
+ SA64409 Apple Safari Multiple Vulnerabilities
http://secunia.com/advisories/64409/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1156
JVNVU#94416388 Apple Safari における複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU94416388/
JVNVU#98387218 Bomgar Remote Support に信頼していないデータをデシリアライズする脆弱性
http://jvn.jp/vu/JVNVU98387218/
JVNVU#97322697 ICU4C ライブラリに複数の脆弱性
http://jvn.jp/vu/JVNVU97322697/
https://helpx.adobe.com/security/products/reader/apsb15-10.html
+ UPDATE: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle
+ Apache Tomcat 8.0.22 Released
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.22_(markt)
+ Apple Safari Multiple WebKit Bugs Let Remote Users Execute Arbitrary Code, Access Files, and Spoof Interface Elements
http://www.securitytracker.com/id/1032270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1156
+ Adobe Flash Player NetConnection Type Confusion
http://cxsecurity.com/issue/WLB-2015050033
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0336
+ SA64409 Apple Safari Multiple Vulnerabilities
http://secunia.com/advisories/64409/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1156
JVNVU#94416388 Apple Safari における複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU94416388/
JVNVU#98387218 Bomgar Remote Support に信頼していないデータをデシリアライズする脆弱性
http://jvn.jp/vu/JVNVU98387218/
JVNVU#97322697 ICU4C ライブラリに複数の脆弱性
http://jvn.jp/vu/JVNVU97322697/
2015年5月7日木曜日
7日 木曜日、先負
+ About the security content of Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6
https://support.apple.com/ja-jp/HT204826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1156
+ phpMyAdmin 4.4.5 released
https://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.4.5/phpMyAdmin-4.4.5-notes.html/view
+ squid 3.5.4, 3.4.13, 3.3.14, 3.2.14 released
http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.4-RELEASENOTES.html
http://www.squid-cache.org/Versions/v3/3.4/squid-3.4.13-RELEASENOTES.html
http://www.squid-cache.org/Versions/v3/3.3/RELEASENOTES.html
http://www.squid-cache.org/Versions/v3/3.2/RELEASENOTES.html
+ VMware Player 6.0.6 released
https://www.vmware.com/support/player60/doc/player-606-release-notes.html
+ Cisco UCS Central Software Arbitrary Command Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0701
+ UPDATE: Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd
+ UPDATE: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl
+ UPDATE: Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150320-openssl
+ Linux kernel 4.0.2, 3.19.7, 3.18.13, 3.14.41, 3.12.42, 3.10.77 released
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.2
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.13
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.41
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.42
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.77
+ Samba 4.2.1, 4.0.26 released
http://news.samba.org/
+ McAfee ePolicy Orchestrator Deep Command Unquoted Executable Path Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1032244
+ Google Chrome Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1032234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1250
+ libcurl CURLOPT_HTTPHEADER Option Discloses Potentially Sensitive Information to Remote Users
http://www.securitytracker.com/id/1032233
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3153
+ libcurl Bugs Let Remote Users Deny Service and Execute Arbitrary Code
http://www.securitytracker.com/id/1032232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148
+ Squid SSL-Bump Certificate Validation Flaw Lets Remote Servers Bypass Client-side Certificate Validation
http://www.securitytracker.com/id/1032221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3455
+ Apache Tomcat Connection Swallow Denial Of Service
http://cxsecurity.com/issue/WLB-2015050029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0230
+ Dell SonicWALL Secure Remote Access 7.5 / 8.0 CSRF
http://cxsecurity.com/issue/WLB-2015050023
+ Windows 8.1 Console Driver Job Object Process Limit Bypass
http://cxsecurity.com/issue/WLB-2015050018
+ PHP logic error and some == wonkiness
http://cxsecurity.com/issue/WLB-2015050010
+ Chrome 42.0.2311.87 MutationObserver::disconnect Use-after-free
http://cxsecurity.com/issue/WLB-2015050005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1243
+ Linux Kernel ipv4 Missing sk_nulls_node_init() in ping_unhash()
http://cxsecurity.com/issue/WLB-2015050004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3636
+ Adobe Flash Player UncompressViaZlibVariant Uninitialized Memory
http://cxsecurity.com/issue/WLB-2015050003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1243
+ net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability
http://cxsecurity.com/issue/WLB-2015040064
+ PHP 5.6.7 Exception Type Confusion / Heap Overflow
http://cxsecurity.com/issue/WLB-2015040209
+ PHP 5.6.7 SoapFault Type Confusion
http://cxsecurity.com/issue/WLB-2015040208
+ SA64411 SonicWALL SSL-VPN SRA Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/64411/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2248
+ SA64043 Hitachi Cosminexus Products Denial of Service Vulnerability
http://secunia.com/advisories/64043/
+ SA64405 Apache Tomcat Request Body Swallow Denial of Service Vulnerability
http://secunia.com/advisories/64405/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0230
+SA64291 Apache Tomcat Chunked Request Handling Vulnerability
http://secunia.com/advisories/64291/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227
+ SA64282 OpenStack Keystone Cache Backend Information Disclosure Weakness
http://secunia.com/advisories/64282/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3646
+ SA64351 McAfee Firewall Enterprise ISC BIND Trusted Anchor Management Denial of Service Vulnerability
http://secunia.com/advisories/64351/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1349
+ SA64360 Squid Server Certificate Validation Security Issue
http://secunia.com/advisories/64360/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3455
+ SA64359 libssh "ssh_packet_kexdh_init()" Denial of Service Vulnerability
http://secunia.com/advisories/64359/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3146
Barman 1.4.1 released
http://www.postgresql.org/about/news/1583/
JVNDB-2015-000062 EasyCTF におけるセッション管理不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000062.html
JVNDB-2015-000061 EasyCTF におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000061.html
JVNDB-2015-000060 EasyCTF における任意のファイルを作成される脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000060.html
JVNVU#94201974 EMC AutoStart に任意のコマンド実行が可能な脆弱性
http://jvn.jp/vu/JVNVU94201974/
VU#978652 Bomgar Remote Support Portal deserializes untrusted data
http://www.kb.cert.org/vuls/id/978652
VU#602540 ICU Project ICU4C library contains multiple overflow vulnerabilities
http://www.kb.cert.org/vuls/id/602540
https://support.apple.com/ja-jp/HT204826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1156
+ phpMyAdmin 4.4.5 released
https://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.4.5/phpMyAdmin-4.4.5-notes.html/view
+ squid 3.5.4, 3.4.13, 3.3.14, 3.2.14 released
http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.4-RELEASENOTES.html
http://www.squid-cache.org/Versions/v3/3.4/squid-3.4.13-RELEASENOTES.html
http://www.squid-cache.org/Versions/v3/3.3/RELEASENOTES.html
http://www.squid-cache.org/Versions/v3/3.2/RELEASENOTES.html
+ VMware Player 6.0.6 released
https://www.vmware.com/support/player60/doc/player-606-release-notes.html
+ Cisco UCS Central Software Arbitrary Command Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0701
+ UPDATE: Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd
+ UPDATE: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl
+ UPDATE: Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150320-openssl
+ Linux kernel 4.0.2, 3.19.7, 3.18.13, 3.14.41, 3.12.42, 3.10.77 released
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.2
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.13
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.41
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.42
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.77
+ Samba 4.2.1, 4.0.26 released
http://news.samba.org/
+ McAfee ePolicy Orchestrator Deep Command Unquoted Executable Path Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1032244
+ Google Chrome Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1032234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1250
+ libcurl CURLOPT_HTTPHEADER Option Discloses Potentially Sensitive Information to Remote Users
http://www.securitytracker.com/id/1032233
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3153
+ libcurl Bugs Let Remote Users Deny Service and Execute Arbitrary Code
http://www.securitytracker.com/id/1032232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148
+ Squid SSL-Bump Certificate Validation Flaw Lets Remote Servers Bypass Client-side Certificate Validation
http://www.securitytracker.com/id/1032221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3455
+ Apache Tomcat Connection Swallow Denial Of Service
http://cxsecurity.com/issue/WLB-2015050029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0230
+ Dell SonicWALL Secure Remote Access 7.5 / 8.0 CSRF
http://cxsecurity.com/issue/WLB-2015050023
+ Windows 8.1 Console Driver Job Object Process Limit Bypass
http://cxsecurity.com/issue/WLB-2015050018
+ PHP logic error and some == wonkiness
http://cxsecurity.com/issue/WLB-2015050010
+ Chrome 42.0.2311.87 MutationObserver::disconnect Use-after-free
http://cxsecurity.com/issue/WLB-2015050005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1243
+ Linux Kernel ipv4 Missing sk_nulls_node_init() in ping_unhash()
http://cxsecurity.com/issue/WLB-2015050004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3636
+ Adobe Flash Player UncompressViaZlibVariant Uninitialized Memory
http://cxsecurity.com/issue/WLB-2015050003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1243
+ net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability
http://cxsecurity.com/issue/WLB-2015040064
+ PHP 5.6.7 Exception Type Confusion / Heap Overflow
http://cxsecurity.com/issue/WLB-2015040209
+ PHP 5.6.7 SoapFault Type Confusion
http://cxsecurity.com/issue/WLB-2015040208
+ SA64411 SonicWALL SSL-VPN SRA Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/64411/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2248
+ SA64043 Hitachi Cosminexus Products Denial of Service Vulnerability
http://secunia.com/advisories/64043/
+ SA64405 Apache Tomcat Request Body Swallow Denial of Service Vulnerability
http://secunia.com/advisories/64405/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0230
+SA64291 Apache Tomcat Chunked Request Handling Vulnerability
http://secunia.com/advisories/64291/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227
+ SA64282 OpenStack Keystone Cache Backend Information Disclosure Weakness
http://secunia.com/advisories/64282/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3646
+ SA64351 McAfee Firewall Enterprise ISC BIND Trusted Anchor Management Denial of Service Vulnerability
http://secunia.com/advisories/64351/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1349
+ SA64360 Squid Server Certificate Validation Security Issue
http://secunia.com/advisories/64360/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3455
+ SA64359 libssh "ssh_packet_kexdh_init()" Denial of Service Vulnerability
http://secunia.com/advisories/64359/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3146
Barman 1.4.1 released
http://www.postgresql.org/about/news/1583/
JVNDB-2015-000062 EasyCTF におけるセッション管理不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000062.html
JVNDB-2015-000061 EasyCTF におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000061.html
JVNDB-2015-000060 EasyCTF における任意のファイルを作成される脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000060.html
JVNVU#94201974 EMC AutoStart に任意のコマンド実行が可能な脆弱性
http://jvn.jp/vu/JVNVU94201974/
VU#978652 Bomgar Remote Support Portal deserializes untrusted data
http://www.kb.cert.org/vuls/id/978652
VU#602540 ICU Project ICU4C library contains multiple overflow vulnerabilities
http://www.kb.cert.org/vuls/id/602540
2015年5月1日金曜日
1日 金曜日、先負
+ UPDATE: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl
+ UPDATE: Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd
+ gawk 4.1.2 released
http://ftp.gnu.org/gnu/gawk/?C=M;O=D
+ HPSBGN03323 rev.1 - HP Business Service Automation Essentials Core with JBOSS, Remote Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04649560&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4810
+ HPSBMU03241 rev.1 - HP Network Automation running SSLv3, Remote Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04539690&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+ HPSBUX03320 SSRT101952 rev.1 - HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04636672&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
+ Linux kernel 3.12.41 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.41
+ RSA Identity Management and Governance Password Reset Weakness Lets Remote Users Gain Privileged Access
http://www.securitytracker.com/id/1032218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0532
+ MySQL '--ssl' Client Option Lets Remote Users Downgrade SSL/TLS Connections
http://www.securitytracker.com/id/1032216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3152
+ MacOS X 0day fontd buffer overflow
http://cxsecurity.com/issue/WLB-2015050001
+ SA64315 ClamAV Multiple Denial of Service Vulnerabilities
http://secunia.com/advisories/64315/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2222
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2668
FreeBSD: January?March, 2015 Status Report
https://www.freebsd.org/news/status/report-2015-01-2015-03.html
アスタリスク・リサーチ、米Cigitalと提携し開発者向けセキュリティ・サービスを国内で提供
http://itpro.nikkeibp.co.jp/atcl/news/15/043001486/?ST=security
JVNVU#99597998 Barracuda Web Filter にサーバ証明書を適切に検証しない脆弱性
http://jvn.jp/vu/JVNVU99597998/
VU#581276 EMC AutoStart is vulnerable to remote code execution via specially crafted packets
http://www.kb.cert.org/vuls/id/581276
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl
+ UPDATE: Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd
+ gawk 4.1.2 released
http://ftp.gnu.org/gnu/gawk/?C=M;O=D
+ HPSBGN03323 rev.1 - HP Business Service Automation Essentials Core with JBOSS, Remote Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04649560&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4810
+ HPSBMU03241 rev.1 - HP Network Automation running SSLv3, Remote Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04539690&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+ HPSBUX03320 SSRT101952 rev.1 - HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04636672&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
+ Linux kernel 3.12.41 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.41
+ RSA Identity Management and Governance Password Reset Weakness Lets Remote Users Gain Privileged Access
http://www.securitytracker.com/id/1032218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0532
+ MySQL '--ssl' Client Option Lets Remote Users Downgrade SSL/TLS Connections
http://www.securitytracker.com/id/1032216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3152
+ MacOS X 0day fontd buffer overflow
http://cxsecurity.com/issue/WLB-2015050001
+ SA64315 ClamAV Multiple Denial of Service Vulnerabilities
http://secunia.com/advisories/64315/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2222
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2668
FreeBSD: January?March, 2015 Status Report
https://www.freebsd.org/news/status/report-2015-01-2015-03.html
アスタリスク・リサーチ、米Cigitalと提携し開発者向けセキュリティ・サービスを国内で提供
http://itpro.nikkeibp.co.jp/atcl/news/15/043001486/?ST=security
JVNVU#99597998 Barracuda Web Filter にサーバ証明書を適切に検証しない脆弱性
http://jvn.jp/vu/JVNVU99597998/
VU#581276 EMC AutoStart is vulnerable to remote code execution via specially crafted packets
http://www.kb.cert.org/vuls/id/581276
登録:
投稿 (Atom)