:: IT Security Neophyte Investigator's MEMO ::: 7月 2016

2016年7月29日金曜日

29日金曜日、先勝

+ SA71829 Wireshark Multiple Denial of Service Vulnerabilities
https://secunia.com/advisories/71829/

+ MySQL 5.7.14, 5.5.51 released
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-14.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-51.html

攻撃者目線を防御に生かす、「サイバーレンジ」での実践型育成広がる
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/072700589/?ST=security

日本は攻撃の対象となるインフラが多い、デロイトトーマツが調査
http://itpro.nikkeibp.co.jp/atcl/news/16/072802256/?ST=security

2016年7月28日木曜日

28日木曜日、赤口

+ RHSA-2016:1504 Important: java-1.7.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2016-1504.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3610

+ Cisco Email Security Appliance File Type Filtering Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-esa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1461

+ Cisco Videoscape Session Resource Manager Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-vsrm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1467

+ Cisco Wireless LAN Controller Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-wlc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1460

+ Cisco FireSIGHT System Software Snort Rule Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-firesight
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1463

+ Cisco Prime Service Catalog Reflected Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-psc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1462

+ Cisco Nexus 1000v Application Virtual Switch Cisco Discovery Protocol Packet Processing Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-avs
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1465

+ Linux kernel 4.7, 4.6.5, 4.4.16, 3.14.74 released
https://www.kernel.org/
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.5
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.16
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.74

+ Tcl/Tk 8.6.6 released
http://www.tcl.tk/software/tcltk/8.6.html

自動車をサイバー攻撃から守るソフトウエア、シマンテックが発表
http://itpro.nikkeibp.co.jp/atcl/news/16/072702251/?ST=security

レコモットが端末にデータを残さないビジネスチャット投入、情報漏洩リスク低減
http://itpro.nikkeibp.co.jp/atcl/news/16/072702238/?ST=security

2016年7月27日水曜日

27日水曜日、大安

+ RHSA-2016:1487 Moderate: samba4 security update
https://rhn.redhat.com/errata/RHSA-2016-1487.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2119

+ RHSA-2016:1486 Moderate: samba security and bug fix update
https://rhn.redhat.com/errata/RHSA-2016-1486.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2119

+ UPDATE: JVN#65273415 Android OS が CRIME 攻撃による影響を受けてしまう問題
http://jvn.jp/jp/JVN65273415/index.html

+ Kerberos KDC Null Pointer Dereference in validate_as_request() Lets Remote Authenticated Users Deny Service
http://www.securitytracker.com/id/1036442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3120

+ Perl Includes Directory Bug Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1036440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1238

2016年7月26日火曜日

26日火曜日、仏滅

+ FreeBSD-SA-16:25.bspatch Heap vulnerability in bspatch
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:25.bspatch.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9862

+ UPDATE: JVN#65273415 Android OS が CRIME 攻撃による影響を受けてしまう問題
http://jvn.jp/jp/JVN65273415/index.html

+ UPDATE: JVN#06212291 Android OS の電話帳アプリにおけるアクセス制限不備の脆弱性
http://jvn.jp/jp/JVN06212291/index.html

+ FreeBSD bsdiff Heap Overflow in Processing Patch Files Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1036438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9862

+ Linux Kernel Memory Leak in Airspy USB Device Driver Lets Local Users Deny Service
http://www.securitytracker.com/id/1036432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5400

「ビジネス主導型」のセキュリティ戦略が重要に、RSAのシンガポールイベント
http://itpro.nikkeibp.co.jp/atcl/news/16/072502208/?ST=security

2016年7月25日月曜日

25日月曜日、先負

+ Zabbix 3.0.4, 2.2.14 released
http://www.zabbix.com/rn3.0.4.php
http://www.zabbix.com/rn2.2.13.php

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl

+ SA71734 Apache OpenOffice Impress Memory Corruption Vulnerability
https://secunia.com/advisories/71734/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1513

+ SA71719 MIT Kerberos 5 (krb5) KDC Denial of Service Vulnerability
https://secunia.com/advisories/71719/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3120

+ UPDATE: JVNDB-2016-000129 Android OS が CRIME 攻撃による影響を受けてしまう問題
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000129.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929

+ UPDATE: JVNDB-2016-000128 Android OS の電話帳アプリにおけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000128.html

+ UPDATE: JVNVU#91485132 CGI ウェブサーバがヘッダ Proxy の値を環境変数 HTTP_PROXY に設定する脆弱性
http://jvn.jp/vu/JVNVU91485132/

+ PHP Multiple Flaws Let Remote and Local Users Obtain Potentially Sensitive Information and Execute Arbitrary Code
http://www.securitytracker.com/id/1036430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5399

JVNDB-2016-000130 EC-CUBE 用プラグイン「割引クーポンプラグイン」における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000130.html

日本企業のデータ保護の現状は世界水準より低いことが明らかに、EMC調査
http://itpro.nikkeibp.co.jp/atcl/news/16/072202195/?ST=security

ネットワン、パケット分析でマルウエアを検出して対策を提案するサービス
http://itpro.nikkeibp.co.jp/atcl/news/16/072202187/?ST=security

2016年7月22日金曜日

About the security content of iOS 9.3.3

About the security content of iOS 9.3.3
https://support.apple.com/ja-jp/HT206902

上記 URL の iOS のセキュリティアップデートの翻訳

1) Calender

　拡張させたメモリの取り扱いに NULL ポインタ逆参照の欠陥が存在することが原因で、悪意のあるカレンダーが装置を原因不明の再起動を引き起こす脆弱性。(CVE-2016-4605)

2) CoreGraphics

　拡張されたメモリの取り扱いにメモリ破壊の欠陥が存在することが原因で、リモートの攻撃者が任意のコードを実行できる脆弱性。(CVE-2016-4637)

3) FaceTime

　リレイされた呼び出しの取り扱いにユーザインターフェイスの不一致が存在することが原因で、ネットワークの特権を持つ攻撃者が通話が終了しても音声を送信し続けられる脆弱性。(CVE-2016-4635)

4) ImageIO

　拡張されたメモリの取り扱いにメモリ破壊の欠陥が存在することが原因で、リモートの攻撃者が DoS 攻撃できる脆弱性。(CVE-2016-4632)

5) ImageIO

　拡張されたメモリの取り扱いに複数のメモリ破壊の欠陥が存在することが原因で、リモートの攻撃者が任意のコードを実行できる脆弱性。(CVE-2016-4631)

6) IOAcceleratorFamily

　拡張された境界チェックに境界外の読み込みの欠陥が存在することが原因で、ローカルの利用者がカーネルメモリを読み込める脆弱性。(CVE-2016-4628)

7) IOAcceleratorFamily

　拡張された検証処理に NULL ポインタ逆参照が存在することが原因で、ローカルの利用者がカーネル権限で任意のコードを実行できる脆弱性。(CVE-2016-4627)

8) IOHIDFamily

　拡張された入力検証処理に NULL ポインタ逆参照が存在することが原因で、ローカルの利用者がカーネル権限で任意のコードを実行できる脆弱性。(CVE-2016-4626)

9) Kernel

　拡張されたメモリの取り扱いに複数のメモリ破壊が存在することが原因で、ローカルの利用者がカーネル権限で任意のコードを実行できる脆弱性。(CVE-2016-1863, CVE-2016-4653, CVE-2016-4582)

10) Kernel

　拡張された入力検証処理に NULL ポインタ逆参照が存在することが原因で、ローカルの利用者が DoS 攻撃できる脆弱性。(CVE-20161865)

11) libxml2

　拡張されたメモリの取り扱いに複数のメモリ破壊が存在することが原因である libxml2 の複数の脆弱性。(CVE-2016-1836, CVE-2016-4447, CVE-2016-4448, CVE-2016-4483, CVE-2016-4614, CVE-2016-4615, CVE-2016-4616, CVE-2016-4619)

12) libxml2

　XML ファイルの解析処理にアクセスの問題が存在することが原因で、悪意のある XML ドキュメントを解析することでユーザ情報を漏洩する脆弱性。(CVE-2016-4449)

13) libxslt

　拡張されたメモリの取り扱いに複数のメモリ破壊が存在することが原因である libxslt の複数の脆弱性。(CVE-2016-1684, CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, CVE-2016-4612)

14) Safari

　任意のコンテンツを表示している間に任意のドメインを表示する Web サイトにリダイレクトした応答を不正なポートに許すことが原因で、悪意のある Web サイトを閲覧することでユーザ情報をだます脆弱性。(CVW-2016-4604)

15) Sandbox Profiles

　特権を持つ API の呼び出しにアクセスの問題が存在することが原因で、ローカルのアプリケーションがプロセスリストにアクセスできる脆弱性。(CVE-2016-4594)

16) Siri Contracts

　コントラクトカードの取り扱いにプライバシー問題が存在することが原因で、装置に物理的にアクセスできる利用者がプライベートなコントラクト情報を参照できる脆弱性。(CVE-2016-4593)

17) Web Media

　Safari View Controller でのユーザデータの取り扱いにプライバシー問題が存在することが原因で、Safari の Private Browsing モードでビデオを再生することで Private Browsing モードが外のビデオの URL を表示できる脆弱性。(CVE-2016-4603)

18) WebKit

　拡張されたメモリの取り扱いにメモリ初期化問題が存在することが下で、悪意のある Web サイトを閲覧することでプロセス・メモリの漏洩を引き起こす脆弱性。(CVE-2016-4587)

19) WebKit

　SVG の処理に時刻問題が存在することが原因で、悪意のある Web サイトを閲覧することで他の Web サイトからデータを取得できる脆弱性。(CVE-2016-4583)

20) WebKit

　ローカル変数の取り扱いに権限問題が存在することが原因で、悪意のある Web サイトを閲覧することでファイルシステムのユーザ情報を漏らす脆弱性。(CVE-2016-4591)

21) WebKit

　拡張されたメモリの取り扱いに複数のメモリ破壊が存在することが原因で、悪意のある Web サイトを閲覧することで任意のコードを実行できる脆弱性。(CVE-2016-4589, CVE-2016-4622, CVE-2016-4623, CVE-2016-4624)

22) WebKit

　about: URL の解析処理にオリジン継承の問題が存在することが原因で、悪意のある Web サイトを閲覧することでユーザインターフェイスになりすます脆弱性。(CVE-2016-4590)

23) WebKit

　拡張されたメモリの取り扱いにメモリリーク問題が存在することが原因で、悪意のある Web ページを閲覧することで DoS を引き起こす脆弱性。(CVE-2016-4592)

24) WebKit JavaScript Bindings

　Safari にクロスサイトスクリプテイング問題が存在することが原因で、悪意のある Web サイトを閲覧することでスクリプトを実行できる脆弱性。(CVE-2016-4651)

25) WebKit Page Loading

　Safari の URL リダイレクトのクロスサイトスクリプティング問題が存在することが原因で、悪意のある Web サイトがクロスオリジンのデータから脱出する脆弱性。(CVE-2016-4585)

26) WebKit Page Loading

　拡張されたメモリの取り扱いに複数のメモリ破壊が存在することが原因で、悪意のある Web サイトを閲覧することで任意のコードを実行される脆弱性。(CVE-2016-4584)

22日金曜日、赤口

+ Google Chrome 52.0.2743.82 released
http://googlechromereleases.blogspot.jp/2016/07/stable-channel-update.html

+ CESA-2016:1458 Critical CentOS 6 java-1.8.0-openjdk Security Update
http://lwn.net/Alerts/695079/

+ CESA-2016:1458 Critical CentOS 7 java-1.8.0-openjdk Security Update
http://lwn.net/Alerts/695078/

+ UPDATE: Cisco Adaptive Security Appliance Access Control List ICMP Echo Request Code Filtering Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160711-asa

+ Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160721-asn1c
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5080

+ Linux kernel 3.12.62 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.62

+ PHP 7.0.9, 5.6.24, 5.5.38 released
http://www.php.net/ChangeLog-7.php#7.0.9
http://www.php.net/ChangeLog-5.php#5.6.24
http://php.net/ChangeLog-5.php#5.5.38

+ UPDATE: JVNVU#94410990 NTP.org の ntpd にサービス運用妨害 (DoS) など複数の脆弱性
http://jvn.jp/vu/JVNVU94410990/index.html

+ PHP 7.0.8, 5.6.23 and 5.5.37 out-of-bounds write in bzread()
https://cxsecurity.com/issue/WLB-2016070165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5399

記者の眼
自衛隊と喜多方ラーメンとイオンカードに共通する「手作業」という悪手
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/072000625/?ST=security

JVNVU#99625371 Objective Systems ASN1C で生成したソースコードにバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU99625371/index.html

2016年7月21日木曜日

21日木曜日、大安

+ RHSA-2016:1458 Critical: java-1.8.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2016-1458.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3610

+ Cisco Unified Computing System Performance Manager Input Validation Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160720-ucsperf
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1374

+ Java SE 8u101, 8u102, 7u111, 6u121 released
http://www.oracle.com/technetwork/java/javase/8u101-relnotes-3021761.html
http://www.oracle.com/technetwork/java/javase/8u102-relnotes-3021767.html
http://www.oracle.com/technetwork/java/javaseproducts/documentation/javase7supportreleasenotes-1601161.html#R170_111
http://www.oracle.com/technetwork/java/javase/overview-156328.html#R160_121

+ JVNVU#91485132 CGI ウェブサーバがヘッダ Proxy の値を環境変数 HTTP_PROXY に設定する脆弱性
http://jvn.jp/vu/JVNVU91485132/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000110

+ Apache HTTP Server 2.4.23 redirect an application's outbound HTTP traffic
https://cxsecurity.com/issue/WLB-2016070163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387

JVNDB-2016-000126 Vtiger CRM におけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000126.html

JVNDB-2016-000125 WordPressプラグイン「Nofollow Links」におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000125.html

JVNVU#99625371 Objective Systems ASN1C で生成したソースコードにバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU99625371/

JVNVU#97432392 Misys FusionCapital Opics Plus に複数の脆弱性
http://jvn.jp/vu/JVNVU97432392/

Twitterの認証済みアカウント、著名人以外でもオンライン申請可能に
http://itpro.nikkeibp.co.jp/atcl/news/16/072002143/?ST=security

2016年7月20日水曜日

20日水曜日、仏滅

+ CESA-2016:1422 Important CentOS 7 httpd Security Update
http://lwn.net/Alerts/694836/

+ CESA-2016:1421 Important CentOS 5 httpd Security Update
http://lwn.net/Alerts/694834/

+ CESA-2016:1421 Important CentOS 6 httpd Security Update
http://lwn.net/Alerts/694835/

+ CVE-2016-2775: A query name which is too long can cause a segmentation fault in lwresd
https://kb.isc.org/article/AA-01393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2775

+ Oracle Critical Patch Update Advisory - July 2016
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3489
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3488
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3586
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE
-2016-3574
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3575
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3577
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3578
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3579
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3581
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3582
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3596
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3564
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3544
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3608
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE
-2016-0635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3496
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3535
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE
-2016-3491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3536
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3528
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3524
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3525
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3545
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3523
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3527
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3526
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3561
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3539
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3530
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3529
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE
-2016-3560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE
-2016-5451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3514
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9708
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE
-2015-7501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE
-2016-5474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3611
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE
-2016-3587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3610
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3503
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3498
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE
-2016-5449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3588
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5436
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE
-2016-3459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5439
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3452

+ Oracle Solaris Third Party Bulletin - July 2016
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5699
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8025

+ Oracle Linux Bulletin - July 2016
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8869
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109

+ Oracle VM Server for x86 Bulletin - July 2016
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE
-2016-0800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1620
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1620
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5722
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1667
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2730
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5526
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8555

+ SA71648 ISC BIND Lightweight Resolver Protocol Denial of Service Vulnerability
https://secunia.com/advisories/71648/
VE-2016-2775

+ JVNVU#93856717 ISC BIND 9 にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU93856717/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2775

+ JVNVU#94844193 複数の Apple 製品の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU94844193/index.html

+ BIND Lightweight Resolution Bug in Processing Long Queries Lets Remote Users Cause the Target Service to Crash
http://www.securitytracker.com/id/1036360
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2775

UPDATE: JVNVU#91485132 CGI ウェブサーバがヘッダ Proxy の値を環境変数 HTTP_PROXY に設定する脆弱性
http://jvn.jp/vu/JVNVU91485132/index.html

VU#682704 Misys FusionCapital Opics Plus contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/682704

VU#790839 Objective Systems ASN1C generates code that contains a heap overlow vulnerability
http://www.kb.cert.org/vuls/id/790839

2016年7月19日火曜日

19日火曜日、先負

+ 2016 年 7 月のマイクロソフトセキュリティ情報の概要
https://technet.microsoft.com/ja-jp/library/security/ms16-Jul

+ MS16-084 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (3169991)
https://technet.microsoft.com/library/security/MS16-084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3240
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3274
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3276

+ MS16-085 - 緊急 Microsoft Edge 用の累積的なセキュリティ更新プログラム (3169999)
https://technet.microsoft.com/library/security/MS16-085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3274
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3276
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3277

+ MS16-086 - 緊急 JScript および VBScript 用の累積的なセキュリティ更新プログラム (3169996)
https://technet.microsoft.com/library/security/MS16-086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3204

+ MS16-087 - 緊急 Windows 印刷スプーラーコンポーネント用のセキュリティ更新プログラム (3170005)
https://technet.microsoft.com/library/security/MS16-087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3239

+ MS16-088 - 緊急 Microsoft Office 用のセキュリティ更新プログラム (3170008)
https://technet.microsoft.com/library/security/MS16-088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3280
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3281
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3282
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3283
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3284
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3279

+ MS16-089 - 重要 Windows 保護カーネルモード用のセキュリティ更新プログラム (3170050)
https://technet.microsoft.com/library/security/MS16-089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3256

+ MS16-090 - 重要 Windows カーネルモードドライバー用のセキュリティ更新プログラム (3171481)
https://technet.microsoft.com/library/security/MS16-090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3254
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3251

+ MS16-091 - 重要 .NET Framework 用のセキュリティ更新プログラム (3170048)
https://technet.microsoft.com/library/security/MS16-091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3255

+ MS16-092 - 重要 Windows カーネル用のセキュリティ更新プログラム (3171910)
https://technet.microsoft.com/library/security/MS16-092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3258

+ MS16-093 - 緊急 Adobe Flash Player のセキュリティ更新プログラム (3174060)
https://technet.microsoft.com/library/security/MS16-093

+ MS16-094 - 重要セキュアブート用のセキュリティ更新プログラム (3177404)
https://technet.microsoft.com/library/security/MS16-094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3287

+ RHSA-2016:1421 Important: httpd security update
https://rhn.redhat.com/errata/RHSA-2016-1421.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387

+ RHSA-2016:1292 Important: libxml2 security update
https://rhn.redhat.com/errata/RHSA-2016-1292.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449

+ RHSA-2016:1237 Important: ImageMagick security update
https://rhn.redhat.com/errata/RHSA-2016-1237.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8897
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8898
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5239
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5240

+ RHSA-2016:1421 Important: httpd security update
https://rhn.redhat.com/errata/RHSA-2016-1421.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387

+ RHSA-2016:1422 Important: httpd security and bug fix update
https://rhn.redhat.com/errata/RHSA-2016-1422.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387

+ RHSA-2016:1237 Important: ImageMagick security update
https://rhn.redhat.com/errata/RHSA-2016-1237.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8897
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8898
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5239
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5240

+ RHSA-2016:1292 Important: libxml2 security update
https://rhn.redhat.com/errata/RHSA-2016-1292.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449

+ About the security content of iCloud for Windows 5.2.1
https://support.apple.com/ja-jp/HT206899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1684
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4608
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4610
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4612

+ About the security content of iTunes 12.4.2 for Windows
https://support.apple.com/ja-jp/HT206901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1684
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4608
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4610
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4612

+ About the security content of Safari 9.1.2
https://support.apple.com/ja-jp/HT206900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4622
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4623
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4586
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4584

+ About the security content of tvOS 9.2.1
https://support.apple.com/ja-jp/HT206905
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4631
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4582
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1865
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1684
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4608
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4610
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4586
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4588
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4622
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4623
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4585

+ About the security content of watchOS 2.2.2
https://support.apple.com/ja-jp/HT206904
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4631
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4582
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1865
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1684
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4608
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4610
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4622
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4623

+ About the security content of iOS 9.3.3
https://support.apple.com/ja-jp/HT206902
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4631
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4582
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1865
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1684
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4608
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4610
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4604
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4603
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4622
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4623
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4584

+ About the security content of OS X El Capitan v10.11.6 and Security Update 2016-004
https://support.apple.com/ja-jp/HT206903
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9862
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE
-2016-4634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4630
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4631
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4633
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4582
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1865
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1684
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4608
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4610
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4596
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4602
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4594

+ APSB16-24 Security update available for Adobe XMP Toolkit for Java
https://helpx.adobe.com/security/products/xmpcore/apsb16-24.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4216

+ APSB16-25 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb16-25.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4217
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4220
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4222
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4228
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4229
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4233
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4236
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4239
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4240
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4247
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4249

+ APSB16-26 Security updates available for Adobe Acrobat and Reader
https://helpx.adobe.com/security/products/acrobat/apsb16-26.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4200
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4254
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4255

+ CESA-2016:1406 Important CentOS 6 kernel Security Update
http://lwn.net/Alerts/694362/

+ CESA-2016:1392 Important CentOS 5 thunderbird Security Update
http://lwn.net/Alerts/694214/

+ CESA-2016:1392 Important CentOS 7 thunderbird Security Update
http://lwn.net/Alerts/694216/

+ CESA-2016:1392 Important CentOS 6 thunderbird Security Update
http://lwn.net/Alerts/694215/

+ Wireshark 2.1.1 released
https://www.wireshark.org/docs/relnotes/wireshark-2.1.1.html

+ ISC BIND 9.10.4-P2, 9.9.9-P2 released
ftp://ftp.isc.org/isc/bind9/9.10.4-P2/RELEASE-NOTES-bind-9.10.4-P2.pdf
ftp://ftp.isc.org/isc/bind9/9.9.9-P2/RELEASE-NOTES-bind-9.9.9-P2.html

+ UPDATE: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd

+ Cisco IOS and IOS XE Software Border Gateway Protocol Message Processing Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160715-bgp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1459

+ UPDATE: Cisco IOS Software Link Layer Discovery Protocol Processing Code Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160616-ios1

+ Cisco Meeting Server Persistent Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160714-ms
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1451

+ Cisco WebEx Meetings Server Administrator Interface SQL Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160714-wms
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1446

+ Cisco WebEx Meetings Server Administrator Interface Cross-Site Request Forgery Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160714-wms2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1448

+ Cisco WebEx Meetings Server Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160714-wms4
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1450

+ Cisco IOS XR Software Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160714-ios-xr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1456

+ Cisco ASR 5000 Series SNMP Community String Disclosure Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160713-asr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1452

+ Cisco IOS XR for NCS 6000 Packet Timer Leak Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160713-ncs6k
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1426

+ UPDATE: Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6

+ Linux kernel 4.1.28, 3.18.37 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.28
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.37

+ Oracle Critical Patch Update Pre-Release Announcement - July 2016
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

+ Apache Struts 2.5.2, 2.3.30 released
http://struts.apache.org/announce.html#a20160707
http://struts.apache.org/announce.html#a20160707-2

+ Apache Tomcat 8.5.4 Released
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.3_(markt)

+ JVNVU#707943 Windows プログラムの DLL 読み込みに脆弱性
http://jvn.jp/vu/JVNVU707943/

+ SA71530 Linux Kernel OverlayFS Upper Dentry Denial of Service Vulnerability
https://secunia.com/advisories/71530/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6197

+ PHP "Proxy:" Header Processing Flaw Lets Remote Users Redirect the Target Application Requests to an Arbitrary Web Proxy in Certain Cases
http://www.securitytracker.com/id/1036335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385

+ Apache Tomcat CGI Application "Proxy:" Header Processing Flaw Lets Remote Users Redirect the Target CGI Application Requests to an Arbitrary Web Proxy in Certain Cases
http://www.securitytracker.com/id/1036331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5388

+ Apache HTTPD CGI Application "Proxy:" Header Processing Flaw Lets Remote Users Redirect the Target CGI Application Requests to an Arbitrary Web Proxy in Certain Cases
http://www.securitytracker.com/id/1036330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387

+ OpenSSH Lets Remote Users Determine Valid Usernames on the Target System
http://www.securitytracker.com/id/1036319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6210

+ Linux Kernel xfsoverlay Rename Bugs Let Local Users Cause Denial of Service Conditions on the Target System
http://www.securitytracker.com/id/1036273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6198

+ Open SSHD 7.2p2 User Enumeration
https://cxsecurity.com/issue/WLB-2016070136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6210

VU#797896 CGI web servers assign Proxy header values from client requests to internal HTTP_PROXY environment variables
https://www.kb.cert.org/vuls/id/797896

VU#665280 Accela Civic Platform Citizen Access portal contains multiple vulnerabilities
https://www.kb.cert.org/vuls/id/665280

VU#123799 libbpg contains a type confusion vulnerability that leads to out of bounds write
https://www.kb.cert.org/vuls/id/123799

JVNDB-2016-000124 Android アプリ「WAONサービスアプリ」における SSL サーバ証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000124.html

JVNVU#92578172 Accela Civic Platform Citizen Access portal に複数の脆弱性
http://jvn.jp/vu/JVNVU92578172/

JVNVU#96627087 libbpg にメモリ境界外への書き込みを行う脆弱性
http://jvn.jp/vu/JVNVU96627087/

JVN#55428526 Deep Discovery Inspector において任意のコードが実行可能な脆弱性
http://jvn.jp/jp/JVN55428526/

ポケモンGO、チートツールがGitHubに続々、自動ポケモン捕獲ツールも「時間の問題」
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/071500581/?ST=security

ポケモンGO偽アプリに遠隔操作ツール、チェックポイントが動画を公開
http://itpro.nikkeibp.co.jp/atcl/news/16/071502112/?ST=security

ソニーがデザインした「落し物発見器」が欲しくなった
傘もカギもすぐ見つかる
http://itpro.nikkeibp.co.jp/atcl/column/14/255608/071100215/?ST=security

実践、セキュリティ事故対応
［第18回］見抜きにくくなったリスト型攻撃　四つの対策で攻撃を封じ込める
http://itpro.nikkeibp.co.jp/atcl/column/15/110900259/052600018/?ST=security

佐賀県中高不正アクセスの手口は、無線LAN突破とID・パスワードの不正入手
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/071400579/?ST=security

［データは語る］2016年度第1四半期のインシデント報告件数は10％減―JPCERT/CC
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/071400683/?ST=security

大日本印刷、スマホを活用した生体認証サービスをクラウドで提供
http://itpro.nikkeibp.co.jp/atcl/news/16/071402100/?ST=security

PwCコンサルティング、EUデータ保護規則への対応支援サービス
http://itpro.nikkeibp.co.jp/atcl/news/16/071402098/?ST=security

自動車大手のFiat Chryslerがバグ報奨プログラムを導入、1件あたり最高1500ドル
http://itpro.nikkeibp.co.jp/atcl/news/16/071402093/?ST=security

2016年7月12日火曜日

12日火曜日、友引

+ RHSA-2016:1392 Important: thunderbird security update
https://rhn.redhat.com/errata/RHSA-2016-1392.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2818

+ Cisco Adaptive Security Appliance Access Control List ICMP Echo Request Code Filtering Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160711-asa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1445

+ Linux kernel 4.6.4, 4.4.15 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.4
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.15

+ SA71505 Linux Kernel "apparmor_setprocattr()" Privilege Escalation Vulnerability
https://secunia.com/advisories/71505/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6187

+ HS16-017 Information Disclosure Vulnerability in Hitachi Command Suite
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-017/index.html

+ HS16-017 Hitachi Command Suite製品における情報露出の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-017/index.html

実践、セキュリティ事故対応
［第15回］脆弱性をパッチで適切に塞ぐ　適用には慎重さ必要
http://itpro.nikkeibp.co.jp/atcl/column/15/110900259/041900015/?ST=security

記者の眼
マイナンバーカード普及のために仕様の公開を

富士通ネットワークソリューションズ、標的型攻撃への対策サービスを体系化
http://itpro.nikkeibp.co.jp/atcl/news/16/071102060/?ST=security

2016年7月11日月曜日

11日月曜日、先勝

+ MantisBT 1.3.0 (stable) Released
http://www.mantisbt.org/blog/?p=440

+ UPDATE: Oracle Solaris Third Party Bulletin - April 2016
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

+ SA71523 ISC BIND DNS Zone Transfer Handling Denial of Service Vulnerability
https://secunia.com/advisories/71523/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6170

+ Operational Notification: A party that is allowed control over zone data can overwhelm a server by transferring huge quantities of data.
https://kb.isc.org/article/AA-01390/0/Operational-Notification%3A-A-party-that-is-allowed-control-over-zone-data-can-overwhelm-a-server-by-transferring-huge-quantities-of-data.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6170

+ Apache Log4j 2.6.2 released
http://logging.apache.org/log4j/2.x/changes-report.html#a2.6.2

+ Symantec Endpoint Protection CIDS Driver Memory Corruption Error in Processing PE Files Lets Remote Users Cause the Target System to Crash
http://www.securitytracker.com/id/1036265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5308

+ Perl XSLoader Relative Path Error Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1036260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6185

+ Python 3.5.2 DLL Hijacking
https://cxsecurity.com/issue/WLB-2016070067

+ MS16-016 mrxdav.sys WebDav Local Privilege Escalation
https://cxsecurity.com/issue/WLB-2016070065

JVNDB-2016-000123 LINE PC版（Windows版）における DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000123.html

実践、セキュリティ事故対応
［第14回］脆弱性の公開日から攻撃は始まる　不断の情報収集で事故を未然防止
http://itpro.nikkeibp.co.jp/atcl/column/15/110900259/031800014/?ST=security

「熟練警備員の判断をAIで自動化していく」、ALSOK青山社長基調講演
http://itpro.nikkeibp.co.jp/atcl/news/16/070802037/?ST=security

「“悪の世界”もデジタルイノベーションを繰り返している」、トレンドマイクロの大三川副社長
http://itpro.nikkeibp.co.jp/atcl/news/16/070802040/?ST=security

Googleが「ポスト量子暗号」をChromeの実験版に搭載、量子コンピュータへの備え
http://itpro.nikkeibp.co.jp/atcl/news/16/070802038/?ST=security

「業界上位10社4割近くが、5年以内に市場から脱落する」、シスコシステムズ鈴木氏
http://itpro.nikkeibp.co.jp/atcl/news/16/070802034/?ST=security

2016年7月8日金曜日

8日金曜日、仏滅

+ Samba 4.4.5, 4.3.11 and 4.2.14 Security Releases Available for Download
https://www.samba.org/samba/history/samba-4.4.5.html
https://www.samba.org/samba/history/samba-4.3.11.html
https://www.samba.org/samba/history/samba-4.2.14.html

+ Client side SMB2/3 required signing can be downgraded
https://www.samba.org/samba/security/CVE-2016-2119.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2119

+ SA71453 Fujitsu Multiple Interstage Products Apache Commons Denial of Service Vulnerability
https://secunia.com/advisories/71453/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092

+ SA71483 Google Nexus Multiple Vulnerabilities
https://secunia.com/advisories/71483/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3742
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3744
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3753
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3755
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3818

+ SA71388 Samba SMB2/3 Client Connection Signing Security Bypass Vulnerability
https://secunia.com/advisories/71388/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2119

+ UPDATE: JVN#65044642 Apache Struts 1 における入力値検証機能に関する脆弱性
http://jvn.jp/jp/JVN65044642/index.html

+ PowerDNS AXFR/IXFR Response Processing Bug Lets Remote DNS Servers Cause the Target DNS Service to Crash
http://www.securitytracker.com/id/1036242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6172

+ BIND AXFR/IXFR Response Processing Flaw Lets Remote DNS Servers to Cause the Target DNS Service to Crash
http://www.securitytracker.com/id/1036241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6170

+ PuTTY DLL Loading Error Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1036236
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6167

+ GNU Wget Arbitrary File Upload / Potential Remote Code Execution
https://cxsecurity.com/issue/WLB-2016070042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4971

UPDATE: JVN#89379547 Apache Commons FileUpload におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN89379547/

UPDATE: JVN#55545372 EC-CUBE 用プラグイン「管理画面表示制御プラグイン」における SQL インジェクションの脆弱性
http://jvn.jp/jp/JVN55545372/

Suicaが鍵になるスマートロック「Akerun Pro」を発表
http://itpro.nikkeibp.co.jp/atcl/news/16/070702030/?ST=security

キヤノンITソリューションズ、メール無害化サービス評価版の無償提供を開始
http://itpro.nikkeibp.co.jp/atcl/news/16/070602006/?ST=security

2016年7月7日木曜日

7日木曜日、先負

+ Cisco AMP Threat Grid Unauthorized Clean IP Access Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-tg
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1443

+ Cisco Prime Infrastructure Administrative Web Interface HTML Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-pi
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1442

+ UPDATE: Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6

+ Cisco Video Communication Server and Expressway Trusted Certificate Authentication Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1444

+ JVNTA#99096686 Symantec および Norton 製品に複数の脆弱性
http://jvn.jp/ta/JVNTA99096686/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3646

+ JVNVU#97485903 Apache HTTPD の HTTP/2 通信における X.509 クライアント証明書の認証処理の問題
http://jvn.jp/vu/JVNVU97485903/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4979

+ JVNVU#95848898 Acer Portal app for Android における SSL サーバ証明書の検証不備の脆弱性
http://jvn.jp/vu/JVNVU95848898/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5648

+ Linux 4.6 Double-Fetch Race Condition / Buffer Overflow
https://cxsecurity.com/issue/WLB-2016070029

+ Linux 4.6 auditsc.c Double-Fetch
https://cxsecurity.com/issue/WLB-2016070028
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6136

+ Apache 2.4.20 X509 Authentication Bypass
https://cxsecurity.com/issue/WLB-2016070024

UPDATE: JVN#89379547 Apache Commons FileUpload におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN89379547/

「クラウドでも使い慣れた環境を」、日本オラクル社長兼CEO杉原氏
http://itpro.nikkeibp.co.jp/atcl/news/16/070602005/?ST=security

イスラエル政府、テロ行為の責任の一端はFacebookにあると強く非難
http://itpro.nikkeibp.co.jp/atcl/news/16/070501979/?ST=security

2016年7月6日水曜日

6日水曜日、友引

+ nginx 1.11.2 released
http://nginx.org/en/CHANGES

+ VU#690343 Acer Portal app for Android does not properly validate SSL certificates
https://www.kb.cert.org/vuls/id/690343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5648

+ SA71282 Linux Kernel "hiddev_ioctl_usage()" Buffer Overflow Vulnerability
https://secunia.com/advisories/71282/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5829

+ SA71381 Linux Kernel "ec_device_ioctl_xcmd()" Buffer Overflow Vulnerability
https://secunia.com/advisories/71381/

+ SA71284 Linux Kernel PowerPC Transactions Denial of Service Vulnerability
https://secunia.com/advisories/71284/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5828

+ UPDATE: JVN#07710476 Apache Struts において任意のコードを実行可能な脆弱性
http://jvn.jp/jp/JVN07710476/index.html

+ Apache HTTPD HTTP/2 Certificate Validation Flaw Lets Remote Users Bypass Client Certificate Authentication on the Target System
http://www.securitytracker.com/id/1036225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4979

+ Apple Safari for Mac OS X SVG local XXE PoC
https://cxsecurity.com/issue/WLB-2016070019

セレブ画像流出事件、容疑者がハッキングの罪を認める
http://itpro.nikkeibp.co.jp/atcl/news/16/070501976/?ST=security

2016年7月5日火曜日

5日火曜日、先勝

+ SA71452 Linux Kernel "sclp_ctl_ioctl_sccb()" Double Fetch Vulnerability
https://secunia.com/advisories/71452/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6130

+ SA71418 Mozilla Thunderbird Multiple Vulnerabilities
https://secunia.com/advisories/71418/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2818

+ Apache HTTP Server 2.4.23 Released
http://www.apache.org/dist/httpd/Announcement2.4.html
http://www.apache.org/dist/httpd/CHANGES_2.4.23

+ Apache Tomcat Native 1.2.8 Released
http://tomcat.apache.org/native-doc/miscellaneous/changelog.html

チェックしておきたい脆弱性情報＜2016.7.5＞
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/062000120/?ST=security

統計＆調査
［データは語る］セキュリティの取り組みで日本企業の最大の懸念はかかり過ぎるコストで21％に──ガートナー
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/070400669/?ST=security

富士通SSL、インターネットアクセスを分離して情報漏洩を防ぐコンテナソフトを販売
http://itpro.nikkeibp.co.jp/atcl/news/16/070401970/?ST=security

2016年7月4日月曜日

4日月曜日、赤口

+ Mozilla Thunderbird 45.2.0 released
https://www.mozilla.org/en-US/thunderbird/45.2.0/releasenotes/

+ Squid 3.5.20 released
http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.20-RELEASENOTES.html

+ UPDATE: Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6

+ SA71439 Meinberg NTP Multiple Vulnerabilities
https://secunia.com/advisories/71439/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957

+ Dovecot 2.2.25 released
http://www.dovecot.org/list/dovecot-news/2016-July/000324.html

+ Ubuntu 16.04 local root exploit - netfilter target_offset OOB
https://cxsecurity.com/issue/WLB-2016070013

「経営課題という認識が不足」、679万人のJTB情報漏洩可能性が残す教訓
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/062900564/?ST=security

UPDATE: JVN#89379547 Apache Commons FileUpload におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN89379547/index.html

JVNVU#95113461 ManageEngine Password Manager Pro にクロスサイトリクエストフォージェリの脆弱性
http://jvn.jp/vu/JVNVU95113461/index.html

2016年7月1日金曜日

1日金曜日、先勝

+ Selenium Standalone Server 2.53.1 released
http://docs.seleniumhq.org/download/

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl

+ Cisco Configuration Assistant Request Processing Unauthorized Access Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160630-cca
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1441

+ Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-piauthbypass
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1289

+ UPDATE: Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-piauthbypass

+ UPDATE: Cisco Prime Central for HCS Multiple Cross-Site Request Forgery Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150520-CVE-2015-0741

+ UPDATE: JVN#45093481 Apache Struts における複数の脆弱性
http://jvn.jp/jp/JVN45093481/

+ LibreOffice RTF File Processing Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1036209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4324

+ Windows 7 SP1 x86 Privilege Escalation
https://cxsecurity.com/issue/WLB-2016060227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0400

JVNDB-2016-000121 Apache Commons FileUpload におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000121.html

松村太郎の生搾りアップル情報
Googleと何が違う？ Appleの「Differential Privacy」とは
http://itpro.nikkeibp.co.jp/atcl/column/14/110600091/062900064/?ST=security

［ITpro EXPO 2016 in 札幌］ICTの最新トレンドを網羅した総合展、札幌で初開催
http://itpro.nikkeibp.co.jp/atcl/news/16/062801877/?ST=security

登録: 投稿 (Atom)