2026年7月13日月曜日

13日 月曜日、先負

+ Apache PDFBox 3.0.8 released
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310760&version=12356674

VU#564823 GNU Wget enables SSRF via unvalidated FTP PASV IPs
https://www.kb.cert.org/vuls/id/564823

JVNVU#91295052 Siemens製品に対するアップデート(2026年7月)
https://jvn.jp/vu/JVNVU91295052/index.html

JVNVU#94281476 CISA ICS Advisory / ICS Medical Advisory(2026年07月09日)
https://jvn.jp/vu/JVNVU94281476/index.html

決算調査で判明、企業を襲うサイバー詐欺とサイバー攻撃 第3回
サイバー攻撃の損失を新たに28社が計上、アサヒらの影響で総額は236億円に
https://xtech.nikkei.com/atcl/nxt/column/18/03678/070800003/?ST=nxt_thmit_security

2026年7月10日金曜日

10日 金曜日、赤口

+ gawk 5.4.1 released
https://ftp.gnu.org/gnu/gawk/?C=M;O=D

+ RHSA-2026:37282 Important: unbound security update
https://access.redhat.com/errata/RHSA-2026:37282
CVE-2026-40622
CVE-2026-41292
CVE-2026-42534
CVE-2026-44390

+ RHSA-2026:37130 Important: gstreamer1-plugins-bad-free security update
https://access.redhat.com/errata/RHSA-2026:37130
CVE-2026-52720
CVE-2026-52722

+ RHSA-2026:37435 Important: golang security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2026:37435
CVE-2026-39821
CVE-2026-39822

+ RHSA-2026:37410 Important: buildah security update
https://access.redhat.com/errata/RHSA-2026:37410
CVE-2026-39832
CVE-2026-39835

+ RHSA-2026:37207 Important: freerdp security update
https://access.redhat.com/errata/RHSA-2026:37207
CVE-2026-45700

+ RHSA-2026:37123 Important: podman security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2026:37123
CVE-2026-25681
CVE-2026-27136
CVE-2026-39829
CVE-2026-39832
CVE-2026-39835
CVE-2026-42508
CVE-2026-57231

+ RHSA-2026:36957 Important: kernel security update
https://access.redhat.com/errata/RHSA-2026:36957
CVE-2025-71066
CVE-2026-46113
CVE-2026-53359

+ Wireshark 4.6.7, 4.4.17 released
https://www.wireshark.org/docs/relnotes/wireshark-4.6.7.html
https://www.wireshark.org/docs/relnotes/wireshark-4.4.17.html

VU#152953 PayRange Android app version 7.0.7 contains multiple vulnerabilities
https://www.kb.cert.org/vuls/id/152953

VU#734812 Xerte Online Toolkit contains an authentication bypass that allows for RCE
https://www.kb.cert.org/vuls/id/734812

決算調査で判明、企業を襲うサイバー詐欺とサイバー攻撃 第2回
サイバー詐欺で18社が損失を計上 海外拠点で頻発、支払い統制がカギか
https://xtech.nikkei.com/atcl/nxt/column/18/03678/070800002/?ST=nxt_thmit_security

JVNVU#99220646 Adalo App Builderにおける複数の脆弱性
https://jvn.jp/vu/JVNVU99220646/index.html

JVN#48718197 リコー製Web Image Monitorを実装している複数のレーザープリンタおよび複合機(MFP)における反射型クロスサイトスクリプティングの脆弱性
https://jvn.jp/jp/JVN48718197/index.html

2026年7月9日木曜日

9日 木曜日、大安

+ RHSA-2026:36774 Important: gstreamer1-plugins-good security update
https://access.redhat.com/errata/RHSA-2026:36774
CVE-2026-53705

+ RHSA-2026:36732 Moderate: python-urllib3 security update
https://access.redhat.com/errata/RHSA-2026:36732
CVE-2026-44431

+ RHSA-2026:36734 Low: libxml2 security update
https://access.redhat.com/errata/RHSA-2026:36734
CVE-2025-6170

+ RHSA-2026:36733 Moderate: cups security update
https://access.redhat.com/errata/RHSA-2026:36733
CVE-2026-34980

+ RHSA-2026:36728 Low: libtasn1 security update
https://access.redhat.com/errata/RHSA-2026:36728
CVE-2025-13151

+ RHSA-2026:36530 Important: kpatch-patch-4_18_0-553_109_1, kpatch-patch-4_18_0-553_125_1, kpatch-patch-4_18_0-553_53_1, kpatch-patch-4_18_0-553_72_1, and kpatch-patch-4_18_0-553_85_1 security update
https://access.redhat.com/errata/RHSA-2026:36530
CVE-2026-23401
CVE-2026-31402
CVE-2026-31419

+ RHSA-2026:36879 Important: tomcat security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2026:36879
CVE-2026-29146
CVE-2026-34486

+ RHSA-2026:36832 Important: libreoffice security update
https://access.redhat.com/errata/RHSA-2026:36832
CVE-2026-8357

+ RHSA-2026:36777 Important: unbound security update
https://access.redhat.com/errata/RHSA-2026:36777
CVE-2026-40622
CVE-2026-41292
CVE-2026-42534
CVE-2026-44390

+ RHSA-2026:36674 Moderate: gstreamer1-plugins-ugly-free security update
https://access.redhat.com/errata/RHSA-2026:36674
CVE-2026-53703
CVE-2026-53704

+ RHSA-2026:36617 Important: oci-seccomp-bpf-hook security update
https://access.redhat.com/errata/RHSA-2026:36617
CVE-2026-33811

+ Google Chrome 150.0.7871.114/.115 released
https://chromereleases.googleblog.com/2026/07/stable-channel-update-for-desktop_01162222768.html

+ Apache Tomcat 11.0.24, 10.1.57 Released
https://tomcat.apache.org/tomcat-11.0-doc/changelog.html#Tomcat_11.0.24_(markt)
https://tomcat.apache.org/tomcat-10.1-doc/changelog.html#Tomcat_10.1.57_(schultz)

+ ProFTPD 1.3.9c released
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.9c
http://www.proftpd.org/docs/NEWS-1.3.9c

+ OpenSSHの脆弱性(Moderate: CVE-2026-59995, CVE-2026-59996, CVE-2026-59997, CVE-2026-59998, CVE-2026-59999)とOpenSSH 10.4/10.4p1リリース
https://security.sios.jp/vulnerability/openssh-security-vulnerability-20260709/
CVE-2026-59995
CVE-2026-59996
CVE-2026-59997
CVE-2026-59998
CVE-2026-59999

VU#849433 Adalo Database API Enables Cross-App User Data Extraction via Over-Fetching and Missing Authorization Controls
https://www.kb.cert.org/vuls/id/849433

JVN#62347140 富士電機製Pupsmanのインストーラにおける複数の脆弱性
https://jvn.jp/jp/JVN62347140/index.html

JVNVU#92734392 CISA ICS Advisory / ICS Medical Advisory(2026年07月07日)
https://jvn.jp/vu/JVNVU92734392/index.html

決算調査で判明、企業を襲うサイバー詐欺とサイバー攻撃 第1回
出光は36億円を損失か、ランサム並みに深刻な「サイバー詐欺」の実態
https://xtech.nikkei.com/atcl/nxt/column/18/03678/070800001/?ST=nxt_thmit_security

3分でわかる必修ワード IT
万全の対策は難しい「シャドーAI」、企業はガバナンスやルール整備を進める
https://xtech.nikkei.com/atcl/nxt/keyword/18/00002/070600320/?ST=nxt_thmit_security