The latest snapshot for the stable Linux kernel tree is: 2.6.30-rc1-git1
http://www.kernel.org/
2008年下半期,ネット・ユーザーの脅威のトップは偽セキュリティ・ソフト
http://itpro.nikkeibp.co.jp/article/Research/20090409/328062/?ST=security
Solution 256728 : Multiple Security Vulnerabilities in the Solaris Kerberos 'Mech' Libraries May Lead To Execution of Arbitrary Code, Unauthorized Access to Data or a Denial of Service (DoS) Condition
http://sunsolve.sun.com/search/document.do?assetkey=1-66-256728-1
JVNDB-2009-001130 Autonomy KeyView SDK の wp6sr.dll における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001130.html
JVNDB-2009-001129 PostgreSQL のエラーメッセージの変換処理に関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001129.html
JVNDB-2009-001128 一太郎における任意のコードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001128.html
JVNDB-2009-001127 curl および libcurl の redirect 実装における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001127.html
JVNDB-2009-001060 Apache HTTP Server の mod-auth-mysql モジュールにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001060.html
JVNDB-2009-001024 RealVNC VNC Viewer コンポーネントにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001024.html
53361 : GOM Player srt2smi.exe SRT File Handling Overflow
http://osvdb.org/show/osvdb/53361
Tor Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/33713
Tor Unspecified Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/33399
Tor Security Bypass And Privilege Escalation Weaknesses
http://www.securityfocus.com/bid/32648
+ MIT Kerberos 'NegTokenInit' Token Handling Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34257
http://sunsolve.sun.com/search/document.do?assetkey=1-66-256728-1
+ MIT Kerberos 'asn1_decode_generaltime()' Uninitialized Pointer Memory Corruption Vulnerability
http://www.securityfocus.com/bid/34409
http://sunsolve.sun.com/search/document.do?assetkey=1-66-256728-1
+ MIT Kerberos SPNEGO and ASN.1 Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/34408
http://sunsolve.sun.com/search/document.do?assetkey=1-66-256728-1
Avahi 'avahi-core/server.c' Multicast DNS Denial Of Service Vulnerability
http://www.securityfocus.com/bid/33946
FFmpeg 'libavformat/4xm.c' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/33502
PHP 'imageRotate()' Uninitialized Memory Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33002
Net-SNMP 'snmpUDPDomain.c' Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33755
Gretech GOM Player '.srt' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34427
Joomla! 'com_mailto' Component 'article' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/34433
Joomla! cmimarketplace Component 'viewit' Parameter Directory Traversal Vulnerability
http://www.securityfocus.com/bid/34431
Ots Labs OtsTurntables OFL File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/33257
Horde Products Local File Include and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/33491
Horde Turba 'services/obrowser/index.php' HTML Injection Vulnerability
http://www.securityfocus.com/bid/29745
Horde XSS Filter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/33367
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34240
+ Linux Kernel 'exit_notify()' CAP_KILL Verification Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34405
Bugzilla 'attachment.cgi' Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/34308
LinPHA 1.3.4 Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34422
Xplode 'module_wrapper.asp' SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34419
Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33846
Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/33113
Linux Kernel 'seccomp' System Call Security Bypass Vulnerability
http://www.securityfocus.com/bid/33948
Linux Kernel '/ipc/shm.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/34020
Linux Kernel 'dell_rbu' Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/33428
Linux Kernel Audit System 'audit_syscall_entry()' System Call Security Bypass Vulnerability
http://www.securityfocus.com/bid/33951
Linux Kernel Cloned Process 'CLONE_PARENT' Local Origin Validation Weakness
http://www.securityfocus.com/bid/33906
PHP 5.2.9-2 (Windows) released
http://www.php.net/archive/2009.php#id2009-04-08-1
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances
http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml
InterScan for Domino 3.0 AIX版 Patch3 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1232
Trend Micro LeakProof 3.1 公開とサポート開始のお知らせhttp://www.trendmicro.co.jp/support/news.asp?id=1175
Veritas Storage Foundation (4.3, 5.0, and 5.1) for Windows High Availability (Veritas Cluster Server - VCS) Agent for WebSphere MQ Installation and Configuration Guide
http://seer.entsupport.symantec.com/docs/322889.htm
Veritas Storage Foundation 5.1 for Windows High Availability (Veritas Cluster Server - VCS) Agent for WebSphere Application Server Installation and Configuration Guide
http://seer.entsupport.symantec.com/docs/322888.htm
DSA 1765-1: New horde3 packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28906
Bkis-06-2009: GOM Player Subtitle Buffer Overflow Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28913
PeterConnects-SA-04/08/2009: PeterConnects Web Server Traversal Arbitrary File Access
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28914
SSA:2009-098-02: php
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28902
SSA:2009-098-03: xine-lib
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28903
SSA:2009-098-01: openssl
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28904
Apache-SA-04/07/2009: Apache Tomcat mod_jk information disclosure vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28920
DSA 1764-1: New tunapie packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28905
熊本の地図を表示する「Excelウイルス」出現、国内ユーザーが標的
ファイルを開くだけで感染、パソコン中の重要情報を盗まれる恐れ
http://itpro.nikkeibp.co.jp/article/NEWS/20090408/328100/?ST=security
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00075.html
OTSTurntables 1.00.027 (.ofl file) Local universal SOF Exploit
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00076.html
[SECURITY] [DSA 1765-1] New horde3 packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00066.html
SASPCMS Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00074.html
[Bkis-06-2009] GOM Player Subtitle Buffer Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00070.html
Adgregate ShopAd widget validation is vulnerable to replay attack
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00073.html
[USN-755-1] Kerberos vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00072.html
[SECURITY] [DSA 1764-1] New tunapie packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00065.html
rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00069.html
53351 : Novell Client NetIdentity Agent xtagent.exe RPC Message Handling Arbitrary Code Execution
http://osvdb.org/show/osvdb/53351
Linux Kernel "CIFSTCon()" Buffer Overflow Vulnerability
http://secunia.com/advisories/34644/
Cisco ASA Bug Lets Remote Users Bypass Access Control List Implicit Deny Feature
http://securitytracker.com/alerts/2009/Apr/1022017.html
Cisco ASA account-override-ignore Bug Lets Remote Users Bypass VPN Authentication
http://securitytracker.com/alerts/2009/Apr/1022016.html
Cisco ASA HTTP, TCP, H.323, and SQL*Net Processing Bugs Let Remote Users Deny Service
http://securitytracker.com/alerts/2009/Apr/1022015.html
XScreenSaver May Allow Pop-up Windows to Bypass the Screen Lock
http://securitytracker.com/alerts/2009/Apr/1022009.html
Snort 2.8.4 リリース
http://www.snort.org/
+ Linux Kernel "CIFSTCon()" Tree Connect Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/0974
http://secunia.com/advisories/34644/
Apache Tomcat JK Connector Information Disclosure Vulnerability
http://www.vupen.com/english/advisories/2009/0973
Tunapie Command Injection and Insecure Temporary File Issues
http://www.vupen.com/english/advisories/2009/0972
Pulse-Java Pulse Audio Source Data Line Integer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/0965
OpenJDK Little cms Monochrome Profiles Transform DoS Vulnerability
http://www.vupen.com/english/advisories/2009/0964
Little cms Monochrome Profiles Transform Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/0963
Kerberos Remote Code Execution and Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2009/0960
Linux Kernel SPARC 'mremap()' Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/33836
Ots Labs OtsTurntables OFL File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/33257
Linux Kernel 'locks_remove_flock()' Local Race Condition Vulnerability
http://www.securityfocus.com/bid/33237
Linux Kernel 64 Bit ABI System Call Parameter Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/33275
Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34412
Tunapie Stream URI Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/34418
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34240
Tunapie Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/34417
Lanius CMS 'upload.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/34415
+ Cisco PIX and ASA Multiple Denial of Service, ACL Bypass, and Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/34429
SASPCMS SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34430
OpenGoo Cross Site Scripting And HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/34428
OpenAFS Unix Cache Manager Heap-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34407
OpenAFS Error Codes Remote Denial of Service Vulnerabiliy
http://www.securityfocus.com/bid/34404
MIT Kerberos 'asn1_decode_generaltime()' Uninitialized Pointer Memory Corruption Vulnerability
http://www.securityfocus.com/bid/34409
MIT Kerberos SPNEGO and ASN.1 Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/34408
MIT Kerberos 'NegTokenInit' Token Handling Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34257
RETIRED: vBulletin Admin Control Panel Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/34393
FFmpeg 'libavformat/4xm.c' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/33502
multipath-tools 'multipathd' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/34410
PHP 'imageRotate()' Uninitialized Memory Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33002
Little CMS Monochrome Profiles Null Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/34411
RETIRED: Little CMS Monochrome Profiles Null Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/34420
OpenSSL PKCS Padding RSA Signature Forgery Vulnerability
http://www.securityfocus.com/bid/19849
OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/34256
Net-SNMP 'snmpUDPDomain.c' Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33755
Mozilla SeaMonkey/Thunderbird Newsgroup Cancel Message Handling Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/31411
Mozilla Firefox 2.0.0.14 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/30038
Horde Products Local File Include and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/33491
Horde Turba 'services/obrowser/index.php' HTML Injection Vulnerability
http://www.securityfocus.com/bid/29745
Horde XSS Filter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/33367
Mozilla Firefox/SeaMonkey UTF-8 Stack-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/31397
Mozilla Firefox/Thunderbird/Seamokey Arbitrary Image Cross Domain Security Bypass Vulnerability
http://www.securityfocus.com/bid/32351
Mozilla Firefox URI Splitting Security Bypass Vulnerability
http://www.securityfocus.com/bid/30242
Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/32281
Mozilla Firefox CSSValue Array Data Structure Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/29802
Mozilla Firefox '.url' Shortcut Processing Information Disclosure Vulnerability
http://www.securityfocus.com/bid/31747
Mozilla Firefox Mac OS X GIF Rendering Memory Corruption Vulnerability
http://www.securityfocus.com/bid/30266
Sun Java System Access Manager Username Enumeration Weakness
http://www.securityfocus.com/bid/33489
Sun Java System Identity Manager Multiple Vulnerabilities
http://www.securityfocus.com/bid/34191
+ Sun Solaris 'xscreensaver(1)' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34421
Bugzilla 'attachment.cgi' Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/34308
Joomla! 'com_mailto' Component 'article' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/34433
Maian Music Joomla! Component 'category' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/34432
Joomla! cmimarketplace Component 'viewit' Parameter Directory Traversal Vulnerability
http://www.securityfocus.com/bid/34431
Gretech GOM Player '.srt' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34427
LinPHA 1.3.4 Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34422
0 件のコメント:
コメントを投稿