+ cross-proxy Digest auth state leak
https://curl.se/docs/CVE-2026-7168.html
CVE-2026-7168
+ OCSP stapling bypass with Apple SecTrust
https://curl.se/docs/CVE-2026-7009.html
CVE-2026-7009
+ netrc credential leak with reused proxy connection
https://curl.se/docs/CVE-2026-6429.html
CVE-2026-6429
+ stale custom cookie host causes cookie leak
https://curl.se/docs/CVE-2026-6276.html
CVE-2026-6276
+ proxy credentials leak over redirect-to proxy
https://curl.se/docs/CVE-2026-6253.html
CVE-2026-6253
+ wrong reuse of SMB connection
https://curl.se/docs/CVE-2026-5773.html
CVE-2026-5773
+ wrong reuse of HTTP Negotiate connection
https://curl.se/docs/CVE-2026-5545.html
CVE-2026-5545
+ connection reuse ignores TLS requirement
https://curl.se/docs/CVE-2026-4873.html
CVE-2026-4873
+ RHSA-2026:11692 Important: xorg-x11-server security update
https://access.redhat.com/errata/RHSA-2026:11692
VE-2026-33999
CVE-2026-34001
CVE-2026-34003
+ RHSA-2026:11656 Important: xorg-x11-server-Xwayland security update
https://access.redhat.com/errata/RHSA-2026:11656
CVE-2026-33999
CVE-2026-34001
CVE-2026-34003
+ RHSA-2026:11635 Important: PackageKit security update
https://access.redhat.com/errata/RHSA-2026:11635
CVE-2026-41651
+ RHSA-2026:11521 Important: sudo security update
https://access.redhat.com/errata/RHSA-2026:11521
CVE-2026-35535
+ RHSA-2026:11514 Important: grafana-pcp security update
https://access.redhat.com/errata/RHSA-2026:11514
CVE-2026-32280
CVE-2026-32282
CVE-2026-32283
+ RHSA-2026:11507 Important: grafana security update
https://access.redhat.com/errata/RHSA-2026:11507
CVE-2026-32280
CVE-2026-32282
CVE-2026-32283
+ RHSA-2026:11349 Moderate: libxml2 security update
https://access.redhat.com/errata/RHSA-2026:11349
CVE-2025-9714
+ RHSA-2026:11704 Important: grafana-pcp security update
https://access.redhat.com/errata/RHSA-2026:11704
CVE-2026-32282
CVE-2026-32283
+ RHSA-2026:11510 Important: vim security update
https://access.redhat.com/errata/RHSA-2026:11510
CVE-2026-34982
+ RHSA-2026:11504 Important: PackageKit security update
https://access.redhat.com/errata/RHSA-2026:11504
CVE-2026-41651
+ RHSA-2026:7885 Moderate: Red Hat OpenStack Services on OpenShift 18.0.18 (golang-github-openstack-k8s-operators-os-diff) security update
https://access.redhat.com/errata/RHSA-2026:7885
CVE-2025-65637
CVE-2025-68121
+ RHSA-2026:11388 Important: xorg-x11-server security update
https://access.redhat.com/errata/RHSA-2026:11388
CVE-2026-33999
CVE-2026-34001
CVE-2026-34003
+ RHSA-2026:11360 Important: LibRaw security update
https://access.redhat.com/errata/RHSA-2026:11360
CVE-2026-21413
CVE-2026-24450
+ Google Chrome 148.0.7778.96/.97, 147.0.7727.137/138, 146.0.7680.216 released
https://chromereleases.googleblog.com/2026/04/early-stable-update-for-desktop_29.html
https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html
https://chromereleases.googleblog.com/2026/04/extended-stable-updates-for-desktop_28.html
+ Mozilla Firefox 150.0.1 released
https://www.firefox.com/en-US/firefox/150.0.1/releasenotes/
+ Mozilla Foundation Security Advisory 2026-35 Security Vulnerabilities fixed in Firefox 150.0.1
https://www.mozilla.org/en-US/security/advisories/mfsa2026-35/
CVE-2026-7320
CVE-2026-7322
CVE-2026-7323
CVE-2026-7324
+ Mozilla Foundation Security Advisory 2026-37 Security Vulnerabilities fixed in Firefox ESR 115.35.1
https://www.mozilla.org/en-US/security/advisories/mfsa2026-37/
+ Mozilla Foundation Security Advisory 2026-36 Security Vulnerabilities fixed in Firefox ESR 140.10.1
https://www.mozilla.org/en-US/security/advisories/mfsa2026-36/
+ FreeBSD-SA-26:17.libnv Heap overflow in libnv
https://www.freebsd.org/security/advisories/FreeBSD-SA-26:17.libnv.asc
CVE-2026-35547
+ FreeBSD-SA-26:16.libnv Stack overflow via select() file descriptor set overflow
https://www.freebsd.org/security/advisories/FreeBSD-SA-26:16.libnv.asc
CVE-2026-39457
+ FreeBSD-SA-26:15.dhclient Remotely triggerable out-of-bounds heap write in dhclient
https://www.freebsd.org/security/advisories/FreeBSD-SA-26:15.dhclient.asc
CVE-2026-42512
+ FreeBSD-SA-26:14.pf pf can overflow the stack parsing crafted SCTP packets
https://www.freebsd.org/security/advisories/FreeBSD-SA-26:14.pf.asc
CVE-2026-7164
+ FreeBSD-SA-26:13.exec Local privilege escalation via execve()
https://www.freebsd.org/security/advisories/FreeBSD-SA-26:13.exec.asc
CVE-2026-7270
+ FreeBSD-SA-26:12.dhclient Remote code execution via malicious DHCP options
https://www.freebsd.org/security/advisories/FreeBSD-SA-26:12.dhclient.asc
CVE-2026-42511
+ PostgreSQL JDBC Driver 42.7.11 released
https://jdbc.postgresql.org/changelogs/2026-04-28-42/
+ ProFTPD 1.3.9a released
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.9a
ニュース&リポート
「Claude Mythos」の衝撃 数千の脆弱性を発見、攻撃コードも生成
一般公開せず、IT・金融大手などに限定公開
https://xtech.nikkei.com/atcl/nxt/mag/nc/18/020800017/042101423/?ST=nxt_thmit_security
ニュース&リポート
Mythosに「対応せざるを得ない」 身構える日本の金融業界
ITベンダー任せのシステムに攻撃の懸念
https://xtech.nikkei.com/atcl/nxt/mag/nc/18/020800017/042201429/?ST=nxt_thmit_security
ニュース&リポート
フォーティネット、SSL-VPNを見直し トンネルモードの技術サポート1年延長
Webモードは名称変更し継続
https://xtech.nikkei.com/atcl/nxt/mag/nc/18/020800017/042201427/?ST=nxt_thmit_security
認証の転換点
パスキーで不正ログイン対策はどう変わるか
https://xtech.nikkei.com/atcl/nxt/mag/nnw/18/041700244/041700001/?ST=nxt_thmit_security
セキュリティー担当者 1年目の教科書
「侵入型」が主流に ランサム攻撃の基礎 [Part 3]
https://xtech.nikkei.com/atcl/nxt/mag/nc/18/042200546/042200003/?ST=nxt_thmit_security
セキュリティー担当者 1年目の教科書
基本は「境界」を重視 重要な保護対象は3つ [Part 2]
https://xtech.nikkei.com/atcl/nxt/mag/nc/18/042200546/042200002/?ST=nxt_thmit_security
セキュリティー担当者 1年目の教科書
情報やシステム守る 基本の3つの視点 [Part 1]
https://xtech.nikkei.com/atcl/nxt/mag/nc/18/042200546/042200001/?ST=nxt_thmit_security
データは語る
エンジニア職新卒の初任給希望 25万以上~28万円未満が最多
https://xtech.nikkei.com/atcl/nxt/mag/nc/18/020600010/042200223/?ST=nxt_thmit_security
NEWS close-up
日医大武蔵小杉病院がランサムウエア被害
VPN装置から侵入され約13万件の個人情報流出 ベンダー任せのセキュリティー対策だった
https://xtech.nikkei.com/atcl/nxt/mag/nnw/18/041800012/041700322/?ST=nxt_thmit_security
日経NETWORK 特別リポート
数千の脆弱性見つける「Claude Mythos」の衝撃
セキュリティーの常識が覆るか
https://xtech.nikkei.com/atcl/nxt/mag/nnw/18/041800013/041700102/?ST=nxt_thmit_security
0 件のコメント:
コメントを投稿