:: IT Security Neophyte Investigator's MEMO ::: 20日水曜日、友引

2025年8月20日水曜日

20日水曜日、友引

+ RHSA-2025:14075 Moderate: xterm security update

https://access.redhat.com/errata/RHSA-2025:14075

CVE-2022-24130

+ Google Chrome 139.0.7258.138/.139, 138.0.7204.243 released

https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_19.html

https://chromereleases.googleblog.com/2025/08/extended-stable-updates-for-desktop_19.html

+ Mozilla Firefox 142.0 released

https://www.firefox.com/en-US/firefox/142.0/releasenotes/

+ Mozilla Foundation Security Advisory 2025-64 Security Vulnerabilities fixed in Firefox 142

https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/

CVE-2025-9179

CVE-2025-9180

CVE-2025-9181

CVE-2025-9186

CVE-2025-9182

CVE-2025-9183

CVE-2025-9187

CVE-2025-9184

CVE-2025-9185

+ Zabbix 7.2.12, 6.0.41 released

https://www.zabbix.com/rn/rn7.2.12

https://www.zabbix.com/rn/rn6.0.41

+ watchOS 11.6.1 released

https://support.apple.com/ja-jp/100100

+ Mozilla Foundation Security Advisory 2025-70 Security Vulnerabilities fixed in Thunderbird 142

https://www.mozilla.org/en-US/security/advisories/mfsa2025-70/

CVE-2025-9179

CVE-2025-9180

CVE-2025-9181

CVE-2025-9182

CVE-2025-9187

CVE-2025-9184

CVE-2025-9185

+ Mozilla Thunderbird 142.0 released

https://www.thunderbird.net/en-US/thunderbird/142.0/releasenotes/

+ Postfix stable release 3.10.4 and legacy releases 3.9.5, 3.8.11, 3.7.16

https://www.postfix.org/announcements/postfix-3.10.4.html

+ JVNVU#95006047 Apache TomcatのRewrite Valve機能におけるセッション固定の脆弱性（CVE-2025-55668）

https://jvn.jp/vu/JVNVU95006047/index.html

CVE-2025-55668

+ Linux Kernelの脆弱性（CVE-2025-38948?CVE-2025-38615）

https://security.sios.jp/vulnerability/kernel-security-vulnerability-20250820/

CVE-2025-38498

CVE-2025-38499

CVE-2025-38500

CVE-2025-38501

CVE-2025-38502

CVE-2025-38503

CVE-2025-38504

CVE-2025-38505

CVE-2025-38506

CVE-2025-38507

CVE-2025-38508

CVE-2025-38509

CVE-2025-38510

CVE-2025-38511

CVE-2025-38512

CVE-2025-38513

CVE-2025-38514

CVE-2025-38515

CVE-2025-38516

CVE-2025-38517

CVE-2025-38518

CVE-2025-38519

CVE-2025-38520

CVE-2025-38521

CVE-2025-38522

CVE-2025-38523

CVE-2025-38524

CVE-2025-38525

CVE-2025-38526

CVE-2025-38527

CVE-2025-38528

CVE-2025-38529

CVE-2025-38530

CVE-2025-38531

CVE-2025-38532

CVE-2025-38533

CVE-2025-38534

CVE-2025-38535

CVE-2025-38536

CVE-2025-38537

CVE-2025-38538

CVE-2025-38539

CVE-2025-38540

CVE-2025-38541

CVE-2025-38542

CVE-2025-38543

CVE-2025-38544

CVE-2025-38545

CVE-2025-38546

CVE-2025-38547

CVE-2025-38548

CVE-2025-38549

CVE-2025-38550

CVE-2025-38551

CVE-2025-38552

CVE-2025-38553

CVE-2025-38554

CVE-2025-38555

CVE-2025-38556

CVE-2025-38557

CVE-2025-38558

CVE-2025-38559

CVE-2025-38560

CVE-2025-38561

CVE-2025-38562

CVE-2025-38563

CVE-2025-38564

CVE-2025-38565

CVE-2025-38566

CVE-2025-38567

CVE-2025-38568

CVE-2025-38569

CVE-2025-38570

CVE-2025-38571

CVE-2025-38572

CVE-2025-38573

CVE-2025-38574

CVE-2025-38575

CVE-2025-38576

CVE-2025-38577

CVE-2025-38578

CVE-2025-38579

CVE-2025-38580

CVE-2025-38581

CVE-2025-38582

CVE-2025-38583

CVE-2025-38584

CVE-2025-38585

CVE-2025-38586

CVE-2025-38587

CVE-2025-38588

CVE-2025-38589

CVE-2025-38590

CVE-2025-38591

CVE-2025-38592

CVE-2025-38593

CVE-2025-38594

CVE-2025-38595

CVE-2025-38596

CVE-2025-38597

CVE-2025-38598

CVE-2025-38599

CVE-2025-38600

CVE-2025-38601

CVE-2025-38602

CVE-2025-38603

CVE-2025-38604

CVE-2025-38605

CVE-2025-38606

CVE-2025-38607

CVE-2025-38608

CVE-2025-38609

CVE-2025-38610

CVE-2025-38611

CVE-2025-38612

CVE-2025-38613

CVE-2025-38614

CVE-2025-38615

VU#706118 Workhorse Software Services, Inc. software prior to version 1.9.4.48019, default deployment is vulnerable to multiple issues.

https://www.kb.cert.org/vuls/id/706118

勝村幸博の「今日も誰かが狙われる」

スマホアプリの画面表示を「透明」に偽装、ユーザーを危険な操作に誘導する新手口

https://xtech.nikkei.com/atcl/nxt/column/18/00676/080400203/?ST=nxt_thmit_security

ニュース解説

AIコード生成の幻覚は「エージェント型」で減少、トレンドマイクロが調査

https://xtech.nikkei.com/atcl/nxt/column/18/00001/10987/?ST=nxt_thmit_security

Black Hat USA 2025現地リポート

第2回

AIエージェント神話にセキュリティー専門家が反論、Black HatのAI特化イベントで

https://xtech.nikkei.com/atcl/nxt/column/18/03295/081500003/?ST=nxt_thmit_security

基礎から分かるローカルブレークアウト

第1回

じわり広がる「ローカルブレークアウト」とは何なのか、誰がいつ導入すべきか

https://xtech.nikkei.com/atcl/nxt/column/18/03293/080800001/?ST=nxt_thmit_security

JVN#89385114 Seagate Toolkitにおける引用符で囲まれていないファイルパスの脆弱性

https://jvn.jp/jp/JVN89385114/index.html

:: IT Security Neophyte Investigator's MEMO ::

2025年8月20日水曜日

20日水曜日、友引

0 件のコメント:

コメントを投稿

2025年8月20日水曜日

20日 水曜日、友引

0 件のコメント:

コメントを投稿

20日水曜日、友引