:: IT Security Neophyte Investigator's MEMO ::: 8日火曜日、赤口

2015年12月8日火曜日

8日火曜日、赤口

+ RHSA-2015:2549 Moderate: libxml2 security update
https://rhn.redhat.com/errata/RHSA-2015-2549.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317

+ RHSA-2015:2550 Moderate: libxml2 security update
https://rhn.redhat.com/errata/RHSA-2015-2550.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317

+ UPDATE: Cisco Web Security Appliance Native FTP Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-wsa

+ Cisco Prime Service Catalog Web Interface Unauthorized Access Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151207-psc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6395

+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp

+ UPDATE: Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd

+ HS15-032 Vulnerability in JP1/Automatic Job Management System 3
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-032/index.html

+ HS15-031 Multiple Vulnerabilities in Hitachi Command Suite
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-031/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570

+ HS15-030 Multiple Cross-site Scripting Vulnerabilities in EUR
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-030/index.html

+ HS15-032 JP1/Automatic Job Management System 3における脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-032/index.html

+ HS15-031 Hitachi Command Suite製品における複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-031/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570

+ HS15-030 EURにおける複数のクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-030/index.html

+ Apache Tomcat 8.0.30 Released
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.30_(markt)

+ Dovecot 2.2.20 released
http://www.dovecot.org/list/dovecot-news/2015-December/000303.html

+ MySQL 5.7.10, 5.5.47 released
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-10.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html

+ JVNVU#95113540 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU95113540/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1794

+ JVNVU#99160787 OpenSSL に証明書チェーンの検証不備の脆弱性
http://jvn.jp/vu/JVNVU99160787/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1793

+ JVNVU#95877131 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU95877131/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0290
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286

+ Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code, Bypass Security Restrictions, and Spoof Content
http://www.securitytracker.com/id/1034298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6765
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6779
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6787

JVNDB-2015-000191 iOS アプリ「GANMA！」における SSL サーバ証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000191.html

マイナンバー対応、企業の実情
マイナンバー対応、ベンダーの“セキュリティ危機煽り”に悩むユーザー企業
http://itpro.nikkeibp.co.jp/atcl/column/15/120300275/120300002/?ST=security

マイナンバー対応、企業の実情
三井化学のマイナンバー対応、委託や改修後倒しでコスト最少化
http://itpro.nikkeibp.co.jp/atcl/column/15/120300275/120300001/?ST=security

セールスフォース向けセキュアファイル共有ツール「S-Cube for Chatter」、Coreが発売
http://itpro.nikkeibp.co.jp/atcl/news/15/120703995/?ST=security

A10、同社初のファイアウォール機「Thunder CFW」を2016年1Qに出荷
http://itpro.nikkeibp.co.jp/atcl/news/15/120703993/?ST=security

JVN#70083512 「アクセス解析」におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN70083512/

:: IT Security Neophyte Investigator's MEMO ::

2015年12月8日火曜日

8日火曜日、赤口

0 件のコメント:

コメントを投稿

2015年12月8日火曜日

8日 火曜日、赤口

0 件のコメント:

コメントを投稿

8日火曜日、赤口