東京都デジタルサービス局から以下の製品に関する注意喚起がありました。
配信日は8/6~9/3です。
概要
・QNAP製品の脆弱性に関する注意喚起
https://www.qnap.com/ja-jp/security-advisory/qsa-25-21
https://www.qnap.com/ja-jp/security-advisory/qsa-25-22
https://www.qnap.com/ja-jp/security-advisory/qsa-25-25
https://www.qnap.com/ja-jp/security-advisory/qsa-25-27
https://www.qnap.com/ja-jp/security-advisory/qsa-25-29
https://www.qnap.com/ja-jp/security-advisory/qsa-25-31
・F5製品の脆弱性に関する注意喚起
https://my.f5.com/manage/s/article/K000153130
https://my.f5.com/manage/s/article/K000153074
https://my.f5.com/manage/s/article/K000153042
https://my.f5.com/manage/s/article/K000153040
https://my.f5.com/manage/s/article/K000152635
https://my.f5.com/manage/s/article/K000152944
https://my.f5.com/manage/s/article/K000152932
https://my.f5.com/manage/s/article/K000152930
https://my.f5.com/manage/s/article/K000152049
https://my.f5.com/manage/s/article/K000152001
https://my.f5.com/manage/s/article/K000151782
https://my.f5.com/manage/s/article/K000151546
https://my.f5.com/manage/s/article/K000141436
・NVIDIA製品の脆弱性に関する注意喚起
https://nvidia.custhelp.com/app/answers/detail/a_id/5655
https://nvidia.custhelp.com/app/answers/detail/a_id/5674
https://nvidia.custhelp.com/app/answers/detail/a_id/5690
https://nvidia.custhelp.com/app/answers/detail/a_id/5689
https://nvidia.custhelp.com/app/answers/detail/a_id/5658
https://nvidia.custhelp.com/app/answers/detail/a_id/5680
https://nvidia.custhelp.com/app/answers/detail/a_id/5681
https://nvidia.custhelp.com/app/answers/detail/a_id/5683
https://nvidia.custhelp.com/app/answers/detail/a_id/5685
https://nvidia.custhelp.com/app/answers/detail/a_id/5686
https://nvidia.custhelp.com/app/answers/detail/a_id/5687
・Broadcom製品(旧Vmware)の脆弱性に関する注意喚起
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36077
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36076
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36075
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36038
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36037
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36036
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36035
・Cisco製品の脆弱性に関する注意喚起
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-vkvmorv-CnKrV7HK
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-radius-rce-TNBKf79
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-SvKhtjgt
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fp2k-IPsec-dos-tjwgdZCO
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-html-inj-MqjrZrny
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpnwebs-dos-hjBhmBsX
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpn-dos-mfPekA6e
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssltls-dos-eHw76vZe
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-nat-dns-dos-bqhynHTM
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-http-file-hUyX2jL4
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ios-dos-DOESHWHy
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-buffer-overflow-PyRUhWBC
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3100_4200_tlsdos-2yNSCd54
https://sec.cloudapps.cisco.com/security/center/publicationListing.x
・GitLabの脆弱性に関する注意喚起
https://about.gitlab.com/releases/2025/08/27/patch-release-gitlab-18-3-1-released/
・Google Chrome、Chrome OSの脆弱性に関する注意喚起
https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html
・WordPress用プラグインRingCentral Communicationsの脆弱性に関する注意喚起
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/rccp-free/ringcentral-communications-15-168-missing-serverside-verification-to-authentication-bypass-via-ringcentral-admin-login-2fa-verify-function
・IBM製品の脆弱性に関する注意喚起
https://www.ibm.com/support/pages/node/7243596
https://www.ibm.com/support/pages/node/7242019
https://www.ibm.com/support/pages/node/7241943
https://www.ibm.com/support/pages/node/7241994
https://www.ibm.com/support/pages/bulletin/
・ImageMagickの脆弱性に関する注意喚起
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mxvv-97wh-cfmm
・Acronis製品の脆弱性に関する注意喚起
https://security-advisory.acronis.com/advisories/SEC-9107
・Dell Technologies製品の脆弱性に関する注意喚起
https://www.dell.com/support/kbdoc/en-us/000359619/dsa-2025-331
https://www.dell.com/support/kbdoc/ja-jp/000351190/dsa-2025-290-security-update-for-dell-apex-cloud-platform-for-red-hat-openshift-for-multiple-third-party-component-vulnerabilities
https://www.dell.com/support/kbdoc/ja-jp/000351152/dsa-2025-293-security-update-for-dell-avamar-dell-networker-virtual-edition-nve-and-dell-powerprotect-dp-series-appliance-dell-integrated-data-protection-appliance-idpa-multiple-third-party-vulnerabilities
https://www.dell.com/support/security/ja-jp
・Microsoft Edgeの脆弱性に関する注意喚起
https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#august-28-2025
・i-フィルター製品(有害サイトフィルタリングソフト)の脆弱性に関する注意喚起
https://jvn.jp/jp/JVN55678602/
・Jira(プロジェクト管理ツール)の脆弱性に関する注意喚起
https://ja.confluence.atlassian.com/security/security-bulletin-august-19-2025-1621491738.html
・Tableau(データ分析ツール)の脆弱性に関する注意喚起
https://help.salesforce.com/s/articleView?id=005132575&type=1
・Citrix製品の脆弱性に関する注意喚起
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938
https://www.ipa.go.jp/security/security-alert/2025/alert20250827.html
・Movable Type(CMS)の脆弱性に関する注意喚起
https://jvn.jp/jp/JVN76729865/
・Mozilla Firefox、Mozilla Thunderbirdの脆弱性に関する注意喚起
https://www.mozilla.org/en-US/security/advisories/mfsa2025-72/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-70/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-67/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-66/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-65/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/
・Apple製品の脆弱性に関する注意喚起
https://support.apple.com/en-us/124925
https://support.apple.com/en-us/124926
https://support.apple.com/en-us/124927
https://support.apple.com/en-us/124928
https://support.apple.com/en-us/124929
・リコー製品の脆弱性に関する注意喚起
https://jvn.jp/vu/JVNVU91819309/
・Intel製品の脆弱性に関する注意喚起
https://jvn.jp/vu/JVNVU90372902/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01367.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01335.html
https://www.intel.com/content/www/us/en/security-center/default.html
・PostgreSQL(データベース管理システム)の脆弱性に関する注意喚起
https://www.postgresql.org/about/news/postgresql-176-1610-1514-1419-1322-and-18-beta-3-released-3118/
・Broadcom製Spring Frameworkの脆弱性に関する注意喚起
https://spring.io/security/cve-2025-41242
・Apache Tomcatの脆弱性に関する注意喚起
https://tomcat.apache.org/tomcat-11.0-doc/changelog.html#Tomcat_11.0.10_(markt)
https://tomcat.apache.org/tomcat-10.1-doc/changelog.html#Tomcat_10.1.44_(schultz)
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.108_(remm)
https://lists.apache.org/thread/9ydfg0xr0tchmglcprhxgwhj0hfwxlyf
・Amazon EMR(ビッグデータプラットフォーム)の脆弱性に関する注意喚起
https://aws.amazon.com/jp/security/security-bulletins/AWS-2025-017/
・Fortinet製品の脆弱性に関する注意喚起
https://www.fortiguard.com/psirt/FG-IR-24-042
https://www.fortiguard.com/psirt/FG-IR-25-152
https://www.fortiguard.com/psirt/FG-IR-25-448
・Splunk製品の脆弱性に関する注意喚起
https://advisory.splunk.com/advisories/SVD-2025-0801
https://advisory.splunk.com/advisories/SVD-2025-0802
https://advisory.splunk.com/advisories/SVD-2025-0713
https://advisory.splunk.com/advisories/SVD-2025-0714
https://advisory.splunk.com/advisories/SVD-2025-0715
・HPE製品の脆弱性に関する注意喚起
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04906en_us&docLocale=en_US
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbux04909en_us&docLocale=en_US
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04904en_us&docLocale=en_US
・Zoomの脆弱性に関する注意喚起
https://www.zoom.com/en/trust/security-bulletin/zsb-25030/
・Adobe製品の脆弱性に関する注意喚起
https://helpx.adobe.com/security.html
https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html
・Juniper製品の脆弱性に関する注意喚起
https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-U12-IF03?language=en_US
https://supportportal.juniper.net/s/article/2025-08-Reference-Advisory-Session-Smart-Router-Multiple-CVEs-reported-through-Qualys-scans?language=en_US
・Google Pixelの脆弱性に関する注意喚起
https://source.android.com/docs/security/bulletin/pixel/2025-08-01?hl=ja
・SAP製品の脆弱性に関する注意喚起
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/august-2025.html
・Ivanti製品の脆弱性に関する注意喚起
https://forums.ivanti.com/s/article/August-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-Multiple-CVEs?language=en_US
https://forums.ivanti.com/s/article/August-Security-Advisory-Ivanti-Virtual-Application-Delivery-Controller-vADC-previously-vTM-CVE-2025-8310?language=en_US
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-CVE-2025-8296-CVE-2025-8297?language=en_US
・WordPress用プラグインPost SMTPの脆弱性に関する注意喚起
https://jvn.jp/jp/JVN21048820
・2025年8月のマイクロソフトセキュリティ更新プログラムに関する注意喚起
https://msrc.microsoft.com/blog/2025/08/202508-security-update/
・Microsoft Exchange Serverの脆弱性に関する注意喚起
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53786
https://www.cisa.gov/news-events/alerts/2025/08/06/microsoft-releases-guidance-high-severity-vulnerability-cve-2025-53786-hybrid-exchange-deployments
・WordPress用プラグインPost SMTPの脆弱性に関する注意喚起
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/post-smtp/post-smtp-320-missing-authorization-to-authenticated-subscriber-account-takeover-via-email-log-exposure
https://patchstack.com/articles/account-takeover-vulnerability-affecting-over-400k-installations-patched-in-post-smtp-plugin/
・TP-Link製ルーターArcher C50の脆弱性に関する注意喚起
https://jvn.jp/vu/JVNVU97735345/
・Palo Alto Networks製品の脆弱性に関する注意喚起
https://security.paloaltonetworks.com/CVE-2025-2179
・Squid(プロキシサーバ、ウェブキャッシュサーバ用ソフト)の脆弱性に関する注意喚起
https://nvd.nist.gov/vuln/detail/CVE-2025-54574
・PowerCMSの脆弱性に関する注意喚起
https://jvn.jp/vu/JVNVU93412964/
・SonicWall製品の脆弱性に関する注意喚起
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0013
