:: IT Security Neophyte Investigator's MEMO ::: 13日水曜日、先負

2015年5月13日水曜日

13日水曜日、先負

+ 2015 年 5 月のマイクロソフトセキュリティ情報の概要
https://technet.microsoft.com/ja-jp/library/security/ms15-may

+ MS15-043 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (3049563)
https://technet.microsoft.com/library/security/MS15-043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1658
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1684
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1686
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1694
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1706
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1708
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1711
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1712
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1713
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1714
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1718

+ MS15-044 - 緊急 Microsoft フォントドライバーの脆弱性により、リモートでコードが実行される (3057110)
https://technet.microsoft.com/library/security/MS15-044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1670
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1671

+ MS15-045 - 緊急 Windows Journal の脆弱性により、リモートでコードが実行される (3046002)
https://technet.microsoft.com/library/security/MS15-045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1675
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1695
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1696
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1697
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1698
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1699

+ MS15-046 - 重要 Microsoft Office の脆弱性により、リモートでコードが実行される (3057181)
https://technet.microsoft.com/library/security/MS15-046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1682
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1683

+ MS15-047 - 重要 Microsoft SharePoint Server の脆弱性により、リモートでコードが実行される (3058083)
https://technet.microsoft.com/library/security/MS15-047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1700

+ MS15-048 - 重要 .NET Framework の脆弱性により、特権が昇格される (3057134)
https://technet.microsoft.com/library/security/MS15-048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1672
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1673

+ MS15-049 - 重要 Silverlight の脆弱性により、特権が昇格される (3058985)
https://technet.microsoft.com/library/security/MS15-049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1715

+ MS15-050 - 重要サービスコントロールマネージャーの脆弱性により、特権が昇格される (3055642)
https://technet.microsoft.com/library/security/MS15-050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1702

+ MS15-051 - 重要 Windows カーネルモードドライバーの脆弱性により、特権が昇格される (3057191)
https://technet.microsoft.com/library/security/MS15-051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1676
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1677
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1701

+ MS15-052 - 重要 Windows カーネルの脆弱性により、セキュリティ機能のバイパスが起こる (3050514)
https://technet.microsoft.com/library/security/MS15-052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1674

+ MS15-053 - 重要 JScript および VBScript スクリプトエンジンの脆弱性により、セキュリティ機能のバイパスが起こる (3057263)
https://technet.microsoft.com/library/security/MS15-053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1684
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1686

+ MS15-054 - 重要 Microsoft 管理コンソールのファイル形式の脆弱性により、サービス拒否が起こる (3051768)
https://technet.microsoft.com/library/security/MS15-054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1681

+ MS15-055 - 重要 Schannel の脆弱性により、情報漏えいが起こる (3061518)
https://technet.microsoft.com/library/security/MS15-055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1716

+ マイクロソフトセキュリティアドバイザリ 3042058 既定の暗号スイートの優先度の設定の更新プログラム
https://technet.microsoft.com/ja-jp/library/security/3042058

+ UPDATE: マイクロソフトセキュリティアドバイザリ (2755801) Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2755801

+ RHSA-2015:0988 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2015-0988.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2708
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2713
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716

+ RHSA-2015:0991 Moderate: tomcat6 security and bug fix update
https://rhn.redhat.com/errata/RHSA-2015-0991.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227

+ RHSA-2015:0987 Important: kernel security and bug fix update
https://rhn.redhat.com/errata/RHSA-2015-0987.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3331

+ RHSA-2015:0983 Moderate: tomcat security update
https://rhn.redhat.com/errata/RHSA-2015-0983.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227

+ RHSA-2015:0986 Moderate: kexec-tools security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2015-0986.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0267

+ Google Chrome 42.0.2311.152 released
http://googlechromereleases.blogspot.jp/2015/05/stable-channel-update.html

+ Mozilla Firefox 38.0 released
https://www.mozilla.org/en-US/firefox/38.0/releasenotes/

+ MFSA 2015-58 Mozilla Windows updater can be run outside of application directory
https://www.mozilla.org/en-US/security/advisories/mfsa2015-58/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0833

+ MFSA 2015-57 Privilege escalation through IPC channel messages
https://www.mozilla.org/en-US/security/advisories/mfsa2015-57/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3079

+ MFSA 2015-56 Untrusted site hosting trusted page can intercept webchannel responses
https://www.mozilla.org/en-US/security/advisories/mfsa2015-56/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2718

+ MFSA 2015-55 Buffer overflow and out-of-bounds read while parsing MP4 video metadata
https://www.mozilla.org/en-US/security/advisories/mfsa2015-55/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2717

+ MFSA 2015-54 Buffer overflow when parsing compressed XML
https://www.mozilla.org/en-US/security/advisories/mfsa2015-54/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716

+ MFSA 2015-53 Use-after-free due to Media Decoder Thread creation during shutdown
https://www.mozilla.org/en-US/security/advisories/mfsa2015-53/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2715

+ MFSA 2015-52 Sensitive URL encoded information written to Android logcat
https://www.mozilla.org/en-US/security/advisories/mfsa2015-52/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2714

+ MFSA 2015-51 Use-after-free during text processing with vertical text enabled
https://www.mozilla.org/en-US/security/advisories/mfsa2015-51/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2713

+ MFSA 2015-50 Out-of-bounds read and write in asm.js validation
https://www.mozilla.org/en-US/security/advisories/mfsa2015-50/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2712

+ MFSA 2015-49 Referrer policy ignored when links opened by middle-click and context menu
https://www.mozilla.org/en-US/security/advisories/mfsa2015-49/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2711

+ MFSA 2015-48 Buffer overflow with SVG content and CSS
https://www.mozilla.org/en-US/security/advisories/mfsa2015-48/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2710

+ MFSA 2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
https://www.mozilla.org/en-US/security/advisories/mfsa2015-47/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0797

+ MFSA 2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)
https://www.mozilla.org/en-US/security/advisories/mfsa2015-46/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2709

+ APSB15-10 Security Updates available for Adobe Reader and Acrobat
https://helpx.adobe.com/security/products/reader/apsb15-10.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3076

+ APSB15-09 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb15-09.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3093

+ Mozilla Thunderbird 31.7 released
https://www.mozilla.org/en-US/thunderbird/

+ Wireshark 1.12.5 released
https://www.wireshark.org/docs/relnotes/wireshark-1.12.5.html

+ HPSBMU03330 rev.1 - HP Matrix Operating Environment (MOE) running glibc on Linux, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04674742&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235

+ Apache Tomcat 6.0.44 released
http://tomcat.apache.org/tomcat-6.0-doc/changelog.html

+ Wireshark DEC DNA Routing Protocol Processing Error Lets Remote Users Deny Service
http://www.securitytracker.com/id/1032279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3182

+ Apache Struts 2.3.20.1 released
http://struts.apache.org/announce.html#a20150506

pgBadger 7.0 released !
http://www.postgresql.org/about/news/1585/

JVNDB-2015-000063 メールディーラーにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000063.html

チェックしておきたい脆弱性情報＜2015.05.13＞
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/051000057/?ST=security

人工知能で要注意社員をあぶり出し　情報漏洩対策に新手法
http://itpro.nikkeibp.co.jp/atcl/news/15/051201565/?ST=security

JVNTA#98308086 End-to-End 通信の保護
http://jvn.jp/ta/JVNTA98308086/index.html

:: IT Security Neophyte Investigator's MEMO ::

2015年5月13日水曜日

13日水曜日、先負

0 件のコメント:

コメントを投稿

2015年5月13日水曜日

13日 水曜日、先負

0 件のコメント:

コメントを投稿

13日水曜日、先負