+ RHSA-2020:5350 Important: net-snmp security update
https://access.redhat.com/errata/RHSA-2020:5350
CVE-2020-15862
+ Prenotification Security Advisory for Adobe Acrobat and Reader | APSB20-75
https://helpx.adobe.com/security/products/acrobat/apsb20-75.html
+ Security Updates Available for Adobe Lightroom | APSB20-74
https://helpx.adobe.com/security/products/lightroom/apsb20-74.html
CVE-2020-24447
+ Security updates available for Adobe Experience Manager | APSB20-72
https://helpx.adobe.com/security/products/experience-manager/apsb20-72.html
CVE-2020-24444
CVE-2020-24445
+ Security Updates Available for Adobe Prelude | APSB20-70
https://helpx.adobe.com/security/products/prelude/apsb20-70.html
CVE-2020-24440
+ VU#815128 Embedded TCP/IP stacks have memory corruption vulnerabilities
https://www.kb.cert.org/vuls/id/815128
CVE-2020-13984
CVE-2020-13985
CVE-2020-13986
CVE-2020-13987
CVE-2020-13988
CVE-2020-17437
CVE-2020-17438
CVE-2020-17439
CVE-2020-17440
CVE-2020-17441
CVE-2020-17442
CVE-2020-17443
CVE-2020-17444
CVE-2020-17445
CVE-2020-17467
CVE-2020-17468
CVE-2020-17469
CVE-2020-17470
CVE-2020-24334
CVE-2020-24336
CVE-2020-24337
CVE-2020-24338
CVE-2020-24339
CVE-2020-24340
CVE-2020-24340
CVE-2020-24341
CVE-2020-24383
CVE-2020-25107
CVE-2020-25108
CVE-2020-25109
CVE-2020-25110
CVE-2020-25111
CVE-2020-25112
+ Linux kernel 5.9.13, 5.4.82, 4.19.162, 4.14.211 released
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.13
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.82
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.162
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.211
+ OpenSSL 1.1.1i released
https://www.openssl.org/
+ OpenSSL Security Advisory [08 December 2020]
https://www.openssl.org/news/secadv/20201208.txt
CVE-2020-1971
+ UPDATE: Oracle Critical Patch Update Advisory - October 2020
https://www.oracle.com/security-alerts/cpuoct2020.html
+ 2020 年 12 月のセキュリティ更新プログラム
https://msrc.microsoft.com/update-guide/releaseNote/2020-Dec
+ Apache Struts 2.5.26 released
https://struts.apache.org/announce.html#a20201206
+ S2-061 Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution - similar to S2-059
https://cwiki.apache.org/confluence/display/WW/S2-061
CVE-2020-17530
+ OpenSSLの脆弱性情報(High: CVE-2020-1971)
https://security.sios.com/vulnerability/openssl-security-vulnerability-20201209.html
CVE-2020-1971
+ Struts 2のリモートコード実行の脆弱性情報(Important: CVE-2020-17530)
https://security.sios.com/vulnerability/struts-security-vulnerability-20201208.html
CVE-2020-17530
+ マルチテナントクラスタに影響するKubernetesのMan-In-the-Middle 脆弱性情報(Moderate: CVE-2020-8554)
https://security.sios.com/vulnerability/kubernetes-security-vulnerability-20201208.html
CVE-2020-8554
+ Apache 2 HTTP2 Module Concurrent Pool Usage
https://cxsecurity.com/issue/WLB-2020120049
CVE-2020-11993
Unboundの脆弱性情報が公開されました(CVE-2020-28935)
https://jprs.jp/tech/security/2020-12-08-unbound.html
CentOS Project shifts focus to CentOS Stream
https://blog.centos.org/2020/12/future-is-centos-stream/?utm_source=rss&utm_medium=rss&utm_campaign=future-is-centos-stream
iPhoneのカレンダー機能を悪用 不審な通知に慌てると窮地に
https://xtech.nikkei.com/atcl/nxt/mag/nc/18/052100113/112700044/?ST=nxt_thmit_security
どちらを実施すべき?似て非なる脆弱性診断とペネトレーションテスト
https://xtech.nikkei.com/atcl/nxt/column/18/01493/120400002/?ST=nxt_thmit_security