shia's note - security

情報収集 20251017
Published: Fri 17 October 2025
By shia

In security.

tags: news

673
1. CVE-2025-41254｜Spring Framework STOMP
2. CVE-2025-61955｜F5OS
read more
情報収集 20251015
Published: Wed 15 October 2025
By shia

In security.

tags: news

745 Patch Tuesday。さよならWindows 10。 AdobeはChatGPTにまとめてもらってみたが果たして。
1. CVE-2025-11756｜Chrome
  - https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_14.html
  - Use after free。
2. CVE-2025-24990｜Windows Agere Modem Driver
read more
生成AIに特定の脆弱性情報をまとめてもらってみた

Published: Wed 15 October 2025
By shia

In security.

tags: news

日頃の脆弱性情報収集で、一部企業がまとめて公開する複数の脆弱性を良い感じにまとめたい。 MicrosoftとかAppleとかAdobeとかSAPとかFortinetとか。HPとかDellとかIBMは頻度が多いのでいったん除外。試しにChatGPTに頼んでみた結果を残しておく。今回は …
read more
情報収集 20251014
Published: Tue 14 October 2025
By shia

In security.

tags: news
1. CVE-2025-61884｜Oracle E-Business Suite
  - https://www.oracle.com/security-alerts/alert-cve-2025-61884.html
  - https://nvd.nist.gov/vuln/detail/CVE-2025-61884
  - 機密リソースへのアクセス。
2. CVE-2025-59978｜Junos Space
3. CVE-2025-59957 …
read more
情報収集 20251008
Published: Wed 08 October 2025
By shia

In security.

tags: news

828
1. CVE-2025-25017｜Kibana
  - https://discuss.elastic.co/t/kibana-8-18-8-8-19-4-9-0-7-9-1-4-security-update-esa-2025-16/382450
  - XSS。他にもいくつか(Stored含む)。
2. CVE-2025-11458｜Chrome
  - https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop.html
  - https://www.security-next.com/175455
  - Heap Buffer Overflow。
3. CVE-2023-6215｜HP Sure Start IFD Protection
  - https://support.hp.com/us-en/document/ish_13064666-13064688-16 …
read more
情報収集 20251006
Published: Mon 06 October 2025
By shia

In security.

tags: news

1k+ 毎日やれと...
1. CVE-2025-61882｜Oracle E-Business Suite
2. CVE-2025-27237｜Zabbix Agent
  - https://support.zabbix.com/browse/ZBX-27061
  - https://nvd.nist.gov/vuln/detail/CVE-2025-27237
  - DLLインジェクション。Windows限定。OpenSSLの構成ファイルに権限の問題があった模様。
3. CVE-2024-58260 …
read more
情報収集 20251002
Published: Thu 02 October 2025
By shia

In security.

tags: news

1k+ Appleきてた疲れたのでいくつか持ち越し
1. CVE-2025-43400｜macOS/iOS/iPadOS/visionOS
read more
情報収集 20250926
Published: Fri 26 September 2025
By shia

In security.

tags: news

241
1. CVE-2025-20333｜Cisco Secure Firewall
  - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB
  - https://www.bleepingcomputer.com/news/security/cisco-warns-of-asa-firewall-zero-days-exploited-in-attacks/
  - RCE。他にもいくつか。関連性はあったりなかったり。
2. CVE-2025-10858｜GitLab
  - https://about.gitlab.com/releases …
read more
情報収集 20250925
Published: Thu 25 September 2025
By shia

In security.

tags: news

167
1. CVE-2025-20352｜Cisco IOS XE
  - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte
  - https://nvd.nist.gov/vuln/detail/CVE-2025-20352
  - RCE。SNMPに問題が見つかった模様。条件あり。悪用を確認しているとのこと。他にもいろいろ。
2. CVE-2025-59828｜Claude …
read more
情報収集 20250924
Published: Wed 24 September 2025
By shia

In security.

tags: news

1k+
1. CVE-2025-23348｜NVIDIA Megatron-LM
  - https://nvidia.custhelp.com/app/answers/detail/a_id/5698
  - https://nvd.nist.gov/vuln/detail/CVE-2025-23348
  - コード実行など。他にもいくつか。Megatron自体はOSSでGitHubに公開されている。
2. CVE-2025-10892｜Chrome
  - https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_23.html
  - https://nvd.nist.gov/vuln …
read more

links

social