:: IT Security Neophyte Investigator's MEMO ::

2026年5月22日金曜日

22日金曜日、先負

+ Mozilla Firefox 151.0.1 released

https://www.firefox.com/en-US/firefox/151.0.1/releasenotes/

+ JVNVU#99225456 ISC BINDにおける複数の脆弱性（2026年5月）

https://jvn.jp/vu/JVNVU99225456/index.html

CVE-2026-3039

CVE-2026-3592

CVE-2026-3593

CVE-2026-5947

CVE-2026-5946

CVE-2026-5950

日経コンピュータ勝村幸博の「今日も誰かが狙われる」

Mythosの「脆弱性の嵐」に備えよ　専門家250人が対策を提言

https://xtech.nikkei.com/atcl/nxt/mag/nc/18/052100113/051500186/?ST=nxt_thmit_security

ネットワーク図の描き方入門第9回

設計の検証に向くネットワーク図を描くコツ　物理構成図に論理構成を合成

https://xtech.nikkei.com/atcl/nxt/column/18/03451/042700009/?ST=nxt_thmit_security

ニュース解説

IT大手、地銀にセキュリティー総合サービス相次ぎ提供　Mythosで高まる需要

https://xtech.nikkei.com/atcl/nxt/column/18/00001/11757/?ST=nxt_thmit_security

8分野で導入率を解説、第3回セキュリティー製品利用実態調査第2回

SIEMやSASEの人気ベンダーはどこだ、「統合型製品」の導入率も初調査

https://xtech.nikkei.com/atcl/nxt/column/18/03622/051900002/?ST=nxt_thmit_security

JVNVU#90583059 トレンドマイクロ製企業向けエンドポイントセキュリティ製品における複数の脆弱性（2026年5月）

https://jvn.jp/vu/JVNVU90583059/index.html

2026年5月21日木曜日

21日木曜日、友引

+ Red Hat Enterprise Linux 10.2 released

https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/html/10.2_release_notes/index

+ Red Hat Enterprise Linux 9.8 released

https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.8_release_notes/index

+ RHSA-2026:19666 Important: kernel security update

https://access.redhat.com/errata/RHSA-2026:19666

CVE-2026-46300

CVE-2026-46333

+ RHSA-2026:19588 Important: firefox security update

https://access.redhat.com/errata/RHSA-2026:19588

CVE-2026-7320

CVE-2026-7321

CVE-2026-7322

CVE-2026-7323

+ RHSA-2026:19559 Important: libsndfile security update

https://access.redhat.com/errata/RHSA-2026:19559

CVE-2026-37555

+ RHSA-2026:19610 Important: libsndfile security update

https://access.redhat.com/errata/RHSA-2026:19610

CVE-2026-37555

+ Google Chrome 149.0.7827.22/.23 released

https://chromereleases.googleblog.com/2026/05/early-stable-update-for-desktop.html

+ Mozilla Thunderbird 151.0 released

https://www.thunderbird.net/en-US/thunderbird/151.0/releasenotes/

+ ISC BIND 9.20.23, 8.18.49 released

https://downloads.isc.org/isc/bind9/9.20.23/doc/arm/html/notes.html

https://downloads.isc.org/isc/bind9/9.18.49/doc/arm/html/notes.html

+ FreeBSD-SA-26:24.cap_net Incorrect libcap_net limitation list manipulation

https://www.freebsd.org/security/advisories/FreeBSD-SA-26:24.cap_net.asc

CVE-2026-45254

+ FreeBSD-SA-26:23.bsdinstall Remote code execution via installer Wi-Fi access point scans

https://www.freebsd.org/security/advisories/FreeBSD-SA-26:23.bsdinstall.asc

CVE-2026-45255

+ FreeBSD-SA-26:22.libcasper select(2) file descriptor set overflow causes stack overflow

https://www.freebsd.org/security/advisories/FreeBSD-SA-26:22.libcasper.asc

CVE-2026-39461

+ FreeBSD-SA-26:21.ptrace Missing validation in ptrace(PT_SC_REMOTE)

https://www.freebsd.org/security/advisories/FreeBSD-SA-26:21.ptrace.asc

CVE-2026-45253

+ FreeBSD-SA-26:20.fusefs Heap overflow in FUSE_LISTXATTR

https://www.freebsd.org/security/advisories/FreeBSD-SA-26:20.fusefs.asc

CVE-2026-45252

+ FreeBSD-SA-26:19.file Kernel use-after-free via file descriptor syscalls

https://www.freebsd.org/security/advisories/FreeBSD-SA-26:19.file.asc

CVE-2026-45251

+ FreeBSD-SA-26:18.setcred Stack buffer overflow via setcred(2)

https://www.freebsd.org/security/advisories/FreeBSD-SA-26:18.setcred.asc

CVE-2026-45250

+ VU#980487 Local privilege escalation in Linux Kernel (Dirty Frag)

https://www.kb.cert.org/vuls/id/980487

CVE-2026-43284

CVE-2026-43500

+ BIND9の脆弱性(High: CVE-2026-3039, CVE-2026-3593, CVE-2026-5946, CVE-2026-5947, Medium: CVE-206-3592, CVE-206-5950)と9.18.49, 9.20.23, 9.21.22公開

https://security.sios.jp/vulnerability/bind-security-vulnerability-20260520/

CVE-2026-3039

CVE-2026-3593

CVE-2026-5946

CVE-2026-5947

CVE-206-3592

CVE-206-5950

ネットワーク図の描き方入門第8回

良い物理構成図を描くコツ　ラックやフロアごとに標準的な構成を設計

https://xtech.nikkei.com/atcl/nxt/column/18/03451/042700008/?ST=nxt_thmit_security

8分野で導入率を解説、第3回セキュリティー製品利用実態調査第1回

EDRやIDaaSのベンダー別導入率を独自調査、海外勢に割り込む国内ベンダー

https://xtech.nikkei.com/atcl/nxt/column/18/03622/051900001/?ST=nxt_thmit_security

JVN#56484285 Movable Typeにおける権限チェックの欠如の脆弱性

https://jvn.jp/jp/JVN56484285/index.html

JVNVU#93461473 Androidアプリ「パスワード管理ロボフォーム」のintent処理における検証不備の脆弱性

https://jvn.jp/vu/JVNVU93461473/index.html

JVNVU#93294524 CISA ICS Advisory / ICS Medical Advisory（2026年05月19日）

https://jvn.jp/vu/JVNVU93294524/index.html

2026年5月20日水曜日

20日水曜日、先勝

+ RHSA-2026:19372 Critical: nginx:1.26 security update

https://access.redhat.com/errata/RHSA-2026:19372

CVE-2026-42945

+ RHSA-2026:19373 Important: dnsmasq security update

https://access.redhat.com/errata/RHSA-2026:19373

CVE-2026-2291

CVE-2026-4890

CVE-2026-4891

CVE-2026-4892

CVE-2026-4893

+ RHSA-2026:19374 Critical: nginx security update

https://access.redhat.com/errata/RHSA-2026:19374

CVE-2026-42945

+ RHSA-2026:19369 Important: rhc security update

https://access.redhat.com/errata/RHSA-2026:19369

CVE-2026-32282

CVE-2026-32283

+ RHSA-2026:19371 Critical: nginx:1.24 security update

https://access.redhat.com/errata/RHSA-2026:19371

CVE-2026-42945

+ RHSA-2026:19370 Important: firefox security update

https://access.redhat.com/errata/RHSA-2026:19370

CVE-2026-7320

CVE-2026-7321

CVE-2026-7322

CVE-2026-7323

+ RHSA-2026:19368 Important: rsync security update

https://access.redhat.com/errata/RHSA-2026:19368

CVE-2024-12086

CVE-2026-41035

+ RHSA-2026:19367 Important: giflib update

https://access.redhat.com/errata/RHSA-2026:19367

CVE-2026-23868

+ RHSA-2026:19366 Important: python-markdown security update

https://access.redhat.com/errata/RHSA-2026:19366

CVE-2025-69534

+ RHSA-2026:19364 Important: dovecot security update

https://access.redhat.com/errata/RHSA-2026:19364

CVE-2025-59032

CVE-2026-27857

CVE-2026-27858

+ RHSA-2026:19365 Important: jq security update

https://access.redhat.com/errata/RHSA-2026:19365

CVE-2026-39979

CVE-2026-40164

+ RHSA-2026:19359 Important: openexr security update

https://access.redhat.com/errata/RHSA-2026:19359

CVE-2026-34588

+ RHSA-2026:19361 Moderate: glib2 security update

https://access.redhat.com/errata/RHSA-2026:19361

CVE-2025-14087

CVE-2025-14512

+ RHSA-2026:18958 Moderate: python3.12 security update

https://access.redhat.com/errata/RHSA-2026:18958

CVE-2026-0865

+ RHSA-2026:18039 Important: ruby security update

https://access.redhat.com/errata/RHSA-2026:18039

CVE-2026-41316

+ RHSA-2026:18030 Important: ruby:3.3 security update

https://access.redhat.com/errata/RHSA-2026:18030

CVE-2026-41316

+ RHSA-2026:18029 Critical: nginx security update

https://access.redhat.com/errata/RHSA-2026:18029

CVE-2026-42945

+ RHSA-2026:18028 Moderate: libpng security update

https://access.redhat.com/errata/RHSA-2026:18028

CVE-2026-33416

+ Google Chrome 148.0.7778.178/179 released

https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0841193308.html

+ Mozilla Firefox 151.0 released

https://www.firefox.com/en-US/firefox/151.0/releasenotes/

+ Mozilla Foundation Security Advisory 2026-46 Security Vulnerabilities fixed in Firefox 151

https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/

CVE-2026-8945

CVE-2026-8946

CVE-2026-8947

CVE-2026-8948

CVE-2026-8949

CVE-2026-8950

CVE-2026-8951

CVE-2026-8952

CVE-2026-8953

CVE-2026-8954

CVE-2026-8955

CVE-2026-8956

CVE-2026-8957

CVE-2026-8958

CVE-2026-8959

CVE-2026-8960

CVE-2026-8961

CVE-2026-8962

CVE-2026-8963

CVE-2026-8964

CVE-2026-8965

CVE-2026-8966

CVE-2026-8967

CVE-2026-8968

CVE-2026-8969

CVE-2026-8970

CVE-2026-8971

CVE-2026-8972

CVE-2026-8973

CVE-2026-8974

CVE-2026-8975

+ Mozilla Foundation Security Advisory 2026-48 Security Vulnerabilities fixed in Firefox ESR 140.11

https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/

+ Mozilla Foundation Security Advisory 2026-47 Security Vulnerabilities fixed in Firefox ESR 115.36

https://www.mozilla.org/en-US/security/advisories/mfsa2026-47/

+ Mozilla Foundation Security Advisory 2026-50 Security Vulnerabilities fixed in Thunderbird 151

https://www.mozilla.org/en-US/security/advisories/mfsa2026-50/

+ Mozilla Foundation Security Advisory 2026-51 Security Vulnerabilities fixed in Thunderbird 140.11

https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/

+ Wireshark 4.6.6, 4.4.16 Released

https://www.wireshark.org/docs/relnotes/wireshark-4.6.6.html

https://www.wireshark.org/docs/relnotes/wireshark-4.4.16.html

+ Linux KernelのLPE脆弱性(PinTheft: CVE未アサイン:RDSモジュール)

https://security.sios.jp/vulnerability/kernel-security-vulnerability-20260520/

+ Windows Snipping Tool NTLMv2 Hash Hijack

https://cxsecurity.com/issue/WLB-2026050011

CVE-2026-33829

ネットワーク図の描き方入門第7回

良い論理構成図を描くコツ　セグメントを太線で表し、ノードを細線でつなぐ

https://xtech.nikkei.com/atcl/nxt/column/18/03451/042700007/?ST=nxt_thmit_security

JVN#03037325 エレコム製無線LANルーターおよび無線アクセスポイントにおける複数の脆弱性（2026年5月）

https://jvn.jp/jp/JVN03037325/index.html

登録: 投稿 (Atom)

2026年5月22日金曜日

22日 金曜日、先負

2026年5月21日木曜日

21日 木曜日、友引

2026年5月20日水曜日

20日 水曜日、先勝

22日金曜日、先負

21日木曜日、友引

20日水曜日、先勝