世界のパソコンの4%がConfickerに感染,IBMのセキュリティ部門が推測
http://itpro.nikkeibp.co.jp/article/NEWS/20090406/327802/?ST=security
JVNDB-2009-001116 Sun Solaris の NFSv4 Server モジュールにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001116.html
JVNDB-2008-002306 NetBSD ICMPv6 におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002306.html
JVNDB-2008-002305 NetBSD におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002305.html
JVNDB-2008-002286 JasPer における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002286.html
JVNDB-2008-002160 Java Runtime Environment (JRE) における任意のファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002160.html
JVNDB-2008-002147 Sun Java Web Start および Java Plug-in における任意のファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002147.html
JVNDB-2008-002146 Sun Java Web Start および Java Plug-in における HTTP セッションをハイジャックされる脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002146.html
JVNDB-2008-002145 Sun Java Web Start および Java Plug-in 用 BasicService におけるローカルファイルの内容が別のシステムに送信される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002145.html
JVNDB-2008-002144 Sun Java Web Start および Java Plug-in における JWS キャッシュのパス名およびアプリケーションのユーザ名を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002144.html
JVNDB-2008-002143 Sun Java Web Start および Java Plug-in におけるローカルファイルまたはアプリケーションへのアクセス権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002143.html
JVNDB-2008-002142 Sun Java Web Start および Java Plug-in における認証されていないホストへのネットーワーク接続をされる脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002142.html
JVNDB-2008-002141 Sun Java Web Start および Java Plug-in における jnlp ファイルの処理に関する任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002141.html
JVNDB-2007-000573 JasPer JPEG-2000 ライブラリの jpc_qcx_getcompparms() 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000573.html
53258 : Atlassian JIRA DWR Library XSS
http://osvdb.org/show/osvdb/53258
53257 : Atlassian JIRA Unspecified XSS
http://osvdb.org/show/osvdb/53257
53256 : Charting Plugin for Atlassian JIRA View Actions Function XSS
http://osvdb.org/show/osvdb/53256
ContentKeeper Bugs Let Remote Users Execute Arbitrary Commands and Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2009/Apr/1021972.html
FreeBSD 7.2-BETA1 Available
http://lists.freebsd.org/pipermail/freebsd-stable/2009-April/049233.html
[Dovecot-news] v1.2.rc1 released
http://www.dovecot.org/list/dovecot-news/2009-April/000107.html
[Dovecot-news] v1.2.rc2 released
http://www.dovecot.org/list/dovecot-news/2009-April/000108.html
+ OpenLDAP 2.4.16 Release
http://www.openldap.org/software/release/announce.html
http://www.openldap.org/software/release/changes.html
The latest snapshot for the stable Linux kernel tree is: 2.6.29-git12
http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.29-git12.log
Postfix 2.6 Snapshot 20090404
http://mirror.postfix.jp/postfix-release/experimental/postfix-2.6-20090404.RELEASE_NOTES
+ [Security-announce] VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues
http://lists.vmware.com/pipermail/security-announce/2009/000054.html
DSA 1761-1: New moodle packages fix file disclosure
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28855
GLSA 200904-02: GLib: Execution of arbitrary code
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28862
GLSA 200904-03: Gnumeric: Untrusted search path
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28863
rPSA-2009-0057-1: m2crypto openssl openssl-scripts
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28864
SUSE-SA:2009:015: security-announce SUSE Security Announcement: Linux kernel
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28852
SUSE-SA:2009:016: security-announce SUSE Security Announcement: Sun Java
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28853
SUSE-SA:2009:017: security-announce SUSE Security Announcement: Linux kernel
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28854
AST-2009-003: SIP responses expose valid usernames
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28859
Asbru-SA-04/02/2009: Asbru Web Content Management Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28868
ConnX-SA-04/02/2009: Q2 Solutions ConnX - SQL Injection Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28869
ContentKeeper-SA-04/02/2009: ContentKeeper - Remote command execution and privilege escalation
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28870
Virtual Machine Communication Interface (VMCI) privilege escalation on Windows-based Workstation, Player, ACE and Server
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1009826&sliceId=1&docTypeID=DT_KB_1_1
Resolve two passive servers
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1009791&sliceId=1&docTypeID=DT_KB_1_1
Backing up the System State from the Primary server and restoring it to the Secondary server on Windows Server 2000 and 2003
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1009790&sliceId=1&docTypeID=DT_KB_1_1
Configuring VMware vCenter Server Heartbeat to delay automatic failover (manual failover)
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1009772&sliceId=1&docTypeID=DT_KB_1_1
Performing a server restart or shutdown when VMware vCenter Server Heartbeat is installed
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1009746&sliceId=1&docTypeID=DT_KB_1_1
VMware vCenter Server Heartbeat interoperability with anti-virus scanners
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1009723&sliceId=1&docTypeID=DT_KB_1_1
Specifying the License Server used by VMware vCenter Server
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1009696&sliceId=1&docTypeID=DT_KB_1_1
VMware vCenter Server Heartbeat Plug-in ? Feature List
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1009689&sliceId=1&docTypeID=DT_KB_1_1
シマンテック、デスクトップ仮想化使うセキュリティ新技術など発表
http://itpro.nikkeibp.co.jp/article/NEWS/20090403/327741/?ST=security
PowerPointの新たな脆弱性を突く攻撃、修正パッチは未公開
http://itpro.nikkeibp.co.jp/article/NEWS/20090403/327782/?ST=security
Family Connections <= 1.8.2 - Remote Shell Upload Exploit http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00030.html
Family Connections 1.8.2 Arbitrary File Upload
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00028.html
[ GLSA 200904-03 ] Gnumeric: Untrusted search path
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00032.html
[ GLSA 200904-02 ] GLib: Execution of arbitrary code
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00031.html
[SECURITY] [DSA 1761-1] New moodle packages fix file disclosure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00024.html
Family Connections 1.8.2 Blind SQL Injection (Correct Version)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00035.html
glFusion <= 1.1.2 COM_applyFilter()/cookies remote blind sql injection exploit http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00026.html
rPSA-2009-0057-1 m2crypto openssl openssl-scripts
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00029.html
Vulnerability Note VU#627331 Microsoft Office PowerPoint code execution vulnerability
http://www.kb.cert.org/vuls/id/627331
IBM WebSphere Application Server Interim Fix File Permissions May Let Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2009/Apr/1021971.html
Asterisk SIP Responses Let Remote Users Determine Valid Usernames on the Target System
http://securitytracker.com/alerts/2009/Apr/1021970.html
Autodesk i-drop ActiveX Control Heap Corruption Bugs Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Apr/1021969.html
Ghostscript Buffer Overflow in pdf_base_font_alloc() Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Apr/1021968.html
Microsoft Office PowerPoint Invalid Object Access Bug Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Apr/1021967.html
FortiClient Format String Bug in VPN Connection Name Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2009/Apr/1021966.html
UltraISO Format String Bugs Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Apr/1021965.html
UltraISO Buffer Overflows in Processing CIF, C2D, and GI Files Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Apr/1021964.html
RHBA-2009:0407 pidgin bug fix update
http://rhn.redhat.com/errata/RHBA-2009-0407.html
WeeChat IRC Message Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34148
osCommerce 'oscid' Session Fixation Vulnerability
http://www.securityfocus.com/bid/34348
GStreamer QuickTime Media File Parsing Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/33405
VMware Hosted Products VMSA-2009-0005 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/34373
Mozilla Firefox 'DesignMode' Denial of Service Vulnerability
http://www.securityfocus.com/bid/34372
Asterisk Authentication SIP Response Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34353
XBMC Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34334
OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/34256
Gnumeric 'PySys_SetArgv' Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/33438
BlogMan 'Title' HTML Injection Vulnerability
http://www.securityfocus.com/bid/34359
TinyPHPForum Avatar Upload Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/34356
Family Connections 'fcms/upload.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/34368
OpenSSL 'EVP_VerifyFinal' Function Signature Verification Vulnerability
http://www.securityfocus.com/bid/33150
Libpng Library Uninitialized Pointer Arrays Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/33827
Openfire Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/32189
Libpng Library Unknown Chunk Handler Vulnerability
http://www.securityfocus.com/bid/28770
Openfire 'muc-room-edit-form.jsp' HTML Injection Vulnerability
http://www.securityfocus.com/bid/32944
Openfire 'log.jsp' Directory Traversal Vulnerability
http://www.securityfocus.com/bid/32945
Openfire 'group-summary.jsp' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/32937
Openfire 'logviewer.jsp' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/32935
Openfire 'user-properties.jsp' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/32938
Openfire 'audit-policy.jsp' Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/32939
Openfire 'server-properties.jsp' HTML Injection Vulnerability
http://www.securityfocus.com/bid/32943
Openfire 'log.jsp' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/32940
4CMS SQL Injection and Local File Include Vulnerabilities
http://www.securityfocus.com/bid/34355
ContentKeeper Versions 125.09 and Prior Multiple Remote Vulnerabilites
http://www.securityfocus.com/bid/34354
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34240
glFusion 'SESS_getUserIdFromSession()' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34361
Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33846
Microsoft PowerPoint File Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34351
Linux Kernel 'dell_rbu' Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/33428
Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/33113
Linux Kernel Cloned Process 'CLONE_PARENT' Local Origin Validation Weakness
http://www.securityfocus.com/bid/33906
The Tricky.net Joomla! Messaging Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/34365
Moodle TeX Filter Remote File Disclosure Vulnerability
http://www.securityfocus.com/bid/34278
UltraISO CCD and IMG File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34363
Joomla! RD-Autos Component 'makeid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/34364
Joomla! Prior to 1.5.10 Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34360
IBM TXSeries for Multiplatforms 'forcepurge' Unspecified Security Vulnerability
http://www.securityfocus.com/bid/33883
Opera XML Parser Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/34298
ClamAV Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/34357
GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34100
Autodesk IDrop ActiveX Control 'IDrop.ocx' Multiple Heap Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/34352
Mozilla Firefox '_moveToEdgeShift' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34181
IBM DB2 Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/33258
IBM WebSphere Application Server File Permission Vulnerability
http://www.securityfocus.com/bid/34358
AdaptBB 'topic_id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/34371
Gravity Board X Multiple SQL Injection Vulnerabilities and Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/34370
Family Connections 'fcms_login_id' Cookie Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/34367
form2list 'page.php' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/34366
ActiveKB 'Panel' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/34362
RHBA-2009:0407 pidgin bug fix update
http://rhn.redhat.com/errata/RHBA-2009-0407.html
0 件のコメント:
コメントを投稿