2026年1月13日火曜日

13日 火曜日、大安

+ libssh key passphrase bypass without agent set
https://curl.se/docs/CVE-2025-15224.html
CVE-2025-15224

+ libssh global known_hosts override
https://curl.se/docs/CVE-2025-15079.html
CVE-2025-15079

+ OpenSSL partial chain store policy bypass
https://curl.se/docs/CVE-2025-14819.html
CVE-2025-14819

+ bearer token leak on cross-protocol redirect
https://curl.se/docs/CVE-2025-14524.html
CVE-2025-14524

+ broken TLS options for threaded LDAPS
https://curl.se/docs/CVE-2025-14017.html
CVE-2025-14017

+ No QUIC certificate pinning with GnuTLS
https://curl.se/docs/CVE-2025-13034.html
CVE-2025-13034

+ RHSA-2026:0444 Important: kernel security update
https://access.redhat.com/errata/RHSA-2026:0444
CVE-2025-39993
CVE-2025-40240
CVE-2025-68285

+ RHSA-2026:0421 Important: libsoup security update
https://access.redhat.com/errata/RHSA-2026:0421
CVE-2025-14523

+ RHSA-2026:0470 Important: podman security update
https://access.redhat.com/errata/RHSA-2026:0470
CVE-2025-47913

+ RHSA-2026:0458 Moderate: libpq security update
https://access.redhat.com/errata/RHSA-2026:0458
CVE-2025-12818

+ RHSA-2026:0445 Moderate: kernel security update
https://access.redhat.com/errata/RHSA-2026:0445
CVE-2025-39806
CVE-2025-39840
CVE-2025-39883
CVE-2025-40240

+ RHSA-2026:0422 Important: libsoup security update
https://access.redhat.com/errata/RHSA-2026:0422
CVE-2025-14523

+ Apache Tomcat Native 2.0.12, 1.3.4 released
https://tomcat.apache.org/native-doc/miscellaneous/changelog.html
https://tomcat.apache.org/native-1.3-doc/miscellaneous/changelog.html

+ libpng versions 1.6.26 through 1.6.53 have one or both of a pair of recently discovered security vulnerabilities:
https://www.libpng.org/pub/png/libpng.html
CVE-2026-22695
CVE-2026-22801

+ libpng 1.6.54 released
https://www.libpng.org/pub/png/src/libpng-1.6.54-README.txt

+ Apache StrutsのXXE脆弱性(CVE-2025-68493)
https://security.sios.jp/vulnerability/struts-security-vulnerability-20260112/
CVE-2025-68493

VU#361400 BeeS Software Solutions BeeS Examination Tool (BET) portal contains SQL injection vulnerability
https://www.kb.cert.org/vuls/id/361400

JVN#12770174 RICOH Streamline NXにおける不適切な認可処理の脆弱性
https://jvn.jp/jp/JVN12770174/index.html

ネットワーク図の描き方入門 第2回
見よう見まねはもう卒業、ネットワーク図を悩まず描ける基本の6ステップ
https://xtech.nikkei.com/atcl/nxt/column/18/03451/122200002/?ST=nxt_thmit_security

ランサムウエアに負けない、今すぐやるべき「緊急点検10項目」第1回
待ったなしのランサム対策、事業を守る「緊急点検10項目」を一挙公開
https://xtech.nikkei.com/atcl/nxt/column/18/03461/010700002/?ST=nxt_thmit_security

piyokangoの週刊システムトラブル
島根の公益財団で個人情報漏洩、同時ログインが不具合誘発しメール誤送信
https://xtech.nikkei.com/atcl/nxt/column/18/00598/010900347/?ST=nxt_thmit_security

ラベル:

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)